scripts/keygeneration/increment_kernel_subkey_and_key.sh - mirrors/cros/chromiumos/platform/vboot_reference - Git at Google

 #!/bin/bash
 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Script to increment kernel subkey and datakey for firmware updates.
 # Used when revving versions for a firmware update.

 # Load common constants and variables.
 . "$(dirname "$0")/common.sh"

 # Abort on errors.
 set -e

 # File to read current versions from.
 VERSION_FILE="key.versions"

 # ARGS: <version_type>
 get_version() {
   local version_type=$1
   version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE})
   echo $version
 }

 # Make backups of existing keys and keyblocks that will be revved.
 # Backup format:
 # for keys: <key_name>.v<version>
 # for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>
 # Args: SUBKEY_VERSION DATAKEY_VERSION
 backup_existing_kernel_keys() {
   subkey_version=$1
   datakey_version=$2
   # --no-clobber to prevent accidentally overwriting existing
   # backups.
   mv --no-clobber kernel_subkey.vbprivk{,".v${subkey_version}"}
   mv --no-clobber kernel_subkey.vbpubk{,".v${subkey_version}"}
   mv --no-clobber kernel_data_key.vbprivk{,".v${datakey_version}"}
   mv --no-clobber kernel_data_key.vbpubk{,".v${datakey_version}"}
   mv --no-clobber kernel.keyblock{,".v${datakey_version}.v${subkey_version}"}
 }

 # Write new key version file with the updated key versions.
 # Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION
 write_updated_version_file() {
   local firmware_key_version=$1
   local firmware_version=$2
   local kernel_key_version=$3
   local kernel_version=$4

   cat > ${VERSION_FILE} <<EOF
 firmware_key_version=${firmware_key_version}
 firmware_version=${firmware_version}
 kernel_key_version=${kernel_key_version}
 kernel_version=${kernel_version}
 EOF
 }


 main() {
   current_fkey_version=$(get_version "firmware_key_version")
   # Firmware version is the kernel subkey version.
   current_ksubkey_version=$(get_version "firmware_version")
   # Kernel data key version is the kernel key version.
   current_kdatakey_version=$(get_version "kernel_key_version")
   current_kernel_version=$(get_version "kernel_version")

   cat <<EOF
 Current Firmware key version: ${current_fkey_version}
 Current Firmware version: ${current_ksubkey_version}
 Current Kernel key version: ${current_kdatakey_version}
 Current Kernel version: ${current_kernel_version}
 EOF

   backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version

   new_ksubkey_version=$(( current_ksubkey_version + 1 ))
   new_kdatakey_version=$(( current_kdatakey_version + 1 ))

   if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ];
   then
     echo "Version overflow!"
     exit 1
   fi

   cat <<EOF
 Generating new kernel subkey, data keys and new kernel keyblock.

 New Firmware version (due to kernel subkey change): ${new_ksubkey_version}.
 New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}.
 EOF
   make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version
   make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version
   make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey

   write_updated_version_file $current_fkey_version $new_ksubkey_version \
     $new_kdatakey_version $current_kernel_version
 }

 main $@
	#!/bin/bash
	# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Script to increment kernel subkey and datakey for firmware updates.
	# Used when revving versions for a firmware update.

	# Load common constants and variables.
	. "$(dirname "$0")/common.sh"

	# Abort on errors.
	set -e

	# File to read current versions from.
	VERSION_FILE="key.versions"

	# ARGS: <version_type>
	get_version() {
	local version_type=$1
	version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE})
	echo $version
	}

	# Make backups of existing keys and keyblocks that will be revved.
	# Backup format:
	# for keys: <key_name>.v<version>
	# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>
	# Args: SUBKEY_VERSION DATAKEY_VERSION
	backup_existing_kernel_keys() {
	subkey_version=$1
	datakey_version=$2
	# --no-clobber to prevent accidentally overwriting existing
	# backups.
	mv --no-clobber kernel_subkey.vbprivk{,".v${subkey_version}"}
	mv --no-clobber kernel_subkey.vbpubk{,".v${subkey_version}"}
	mv --no-clobber kernel_data_key.vbprivk{,".v${datakey_version}"}
	mv --no-clobber kernel_data_key.vbpubk{,".v${datakey_version}"}
	mv --no-clobber kernel.keyblock{,".v${datakey_version}.v${subkey_version}"}
	}

	# Write new key version file with the updated key versions.
	# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION
	write_updated_version_file() {
	local firmware_key_version=$1
	local firmware_version=$2
	local kernel_key_version=$3
	local kernel_version=$4

	cat > ${VERSION_FILE} <<EOF
	firmware_key_version=${firmware_key_version}
	firmware_version=${firmware_version}
	kernel_key_version=${kernel_key_version}
	kernel_version=${kernel_version}
	EOF
	}


	main() {
	current_fkey_version=$(get_version "firmware_key_version")
	# Firmware version is the kernel subkey version.
	current_ksubkey_version=$(get_version "firmware_version")
	# Kernel data key version is the kernel key version.
	current_kdatakey_version=$(get_version "kernel_key_version")
	current_kernel_version=$(get_version "kernel_version")

	cat <<EOF
	Current Firmware key version: ${current_fkey_version}
	Current Firmware version: ${current_ksubkey_version}
	Current Kernel key version: ${current_kdatakey_version}
	Current Kernel version: ${current_kernel_version}
	EOF

	backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version

	new_ksubkey_version=$(( current_ksubkey_version + 1 ))
	new_kdatakey_version=$(( current_kdatakey_version + 1 ))

	if [ $new_kdatakey_version -gt 65535 ] \|\| [ $new_kdatakey_version -gt 65535 ];
	then
	echo "Version overflow!"
	exit 1
	fi

	cat <<EOF
	Generating new kernel subkey, data keys and new kernel keyblock.

	New Firmware version (due to kernel subkey change): ${new_ksubkey_version}.
	New Kernel key version (due to kernel datakey change): ${new_kdatakey_version}.
	EOF
	make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version
	make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version
	make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey

	write_updated_version_file $current_fkey_version $new_ksubkey_version \
	$new_kdatakey_version $current_kernel_version
	}

	main $@