Add a script to generate a keypair for signing accessory RW firmware.
BUG=b:35587169
TEST=None
BRANCH=None
Change-Id: Ibb309c34ca22d30138cb62d698eafb6ee77add8c
Reviewed-on: https://chromium-review.googlesource.com/520368
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/scripts/keygeneration/accessory/create_new_hammer_keys.sh b/scripts/keygeneration/accessory/create_new_hammer_keys.sh
new file mode 100644
index 0000000..684c0d3
--- /dev/null
+++ b/scripts/keygeneration/accessory/create_new_hammer_keys.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Copyright 2017 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Load common constants and functions.
+. "$(dirname "$0")/../common.sh"
+
+usage() {
+ cat <<EOF
+Usage: ${PROG} DIR
+
+DIR: To generate a keypair from an RSA 3072 key (.pem file) for Hammer at DIR
+
+EOF
+
+ if [[ $# -ne 0 ]]; then
+ die "$*"
+ else
+ exit 0
+ fi
+}
+
+# Generate a keypair at the given directory.
+generate_key() {
+ local dir=$1
+
+ # Generate RSA key.
+ openssl genrsa -3 -out "${dir}/temp.pem" 3072
+
+ # Create a keypair from an RSA .pem file generated above.
+ futility create "${dir}/temp.pem" "${dir}/key_hammer"
+
+ # Best attempt to securely delete the temp.pem file.
+ shred --remove "${dir}/temp.pem"
+}
+
+main() {
+ set -e
+
+ local dir
+
+ while [[ $# -gt 0 ]]; do
+ case $1 in
+ -h|--help)
+ usage
+ ;;
+ -*)
+ usage "Unknown option: $1"
+ ;;
+ *)
+ break
+ ;;
+ esac
+ done
+
+ if [[ $# -ne 1 ]]; then
+ usage "Missing output directory"
+ fi
+ dir="$1"
+
+ generate_key "${dir}"
+}
+
+main "$@"
