blob: 1031af539650a47b02dcce86e02ad9a0340d2ae9 [file] [log] [blame]
#!/bin/bash -u
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
if [ -z "$*" ]; then
cat <<EOF 1>&2
Usage: vbutil_what_keys [-v|-V] IMAGE [IMAGE...]
Given a ChromiumOS disk (or BIOS) image, try to figure out how it's signed.
Note that this does not verify the signature, it just reports which keyblock
was used to create the signature.
With the -v option, it will attempt to mount any rootfs partitions from disk
images (using sudo), extract the BIOS from /usr/sbin/chromeos-firmwareupdate,
and process it as well. Use -V to display the shellball -V message too.
that.
EOF
exit 1
fi
# We'll look up the known sha1sums right here. Obtain them by running this
# script on images you know have been signed correctly (since the keys
# themselves are inside the HSM).
#
# KERNEL keys
#
# e78ce746a037837155388a1096212ded04fb86eb recovery dev-key
# d6170aa480136f1f29cf339a5ab1b960585fa444 normal dev-key
#
# 03172b08f0b99172c73d947f51e8ca23d418bcbf recovery Alex MP
# af24e46b6c3805869616e71c002c9a2a847ad266 normal Alex MP
#
# 934e38b44b11eb892d1edc32cb3ba87c558232d9 recovery Butterfly Pre-MP
# 24fcff70ef3d834451384452bd9bc64c4d01c559 normal Butterfly Pre-MP
#
# 10d73c2b24b35c0ea387babd72e9b242f2d79c9f recovery Kiev MP
# f82f08a5953b688b078f465731f1077fdf0d97cf normal Kiev MP
#
# e8c4e66b00df5468e4d7ec9757347842cfd6c1da recovery Link MP
# d5927774fc14bb18a38c27fef47a36517a089d04 normal Link MP
#
# 93e0ecffb36199071a3d995f6726770e799dcd0e recovery Link Pre-MP
# 7cb50f352af15f807f4bf3eaaede62d2f9c70d27 normal Link Pre-MP
#
# 49d40533b0812d3f31232c5eedd47e7e11acc293 recovery Lumpy MP
# cc887372ac2d1c415eac93fc11e753629c387358 normal Lumpy MP v2
#
# cb45bc04a932e4bcac41b44d31afd9516ca0fe24 recovery Lumpy PVT
# fa55cba16857a49270fb1561f87343c00959eb19 normal Lumpy PVT
#
# f6fadd7e31eebf4bcc4eb8d2dd512e3a2313627f recovery Mario MP
# a1454fcecb98a6f33b38638564bdfc20161a7b04 normal Mario MP v2
#
# cfa1a4a784a90cc7c1df6859fa226b89e6afbeb5 recovery Parrot MP
# 8975d168123d5cfc7cebf674627958445f0d2a52 normal Parrot MP v2
#
# f32b5f6b6cfb6d77136ac0d8ed0cdf67e6df7b91 recovery Snow MP
# c5120666c642f031e76edab8a2b45dd32232f80d normal Snow MP v2
#
# fa4497f70968a1820ceb0ac4364d8e9ec0abc0b2 recovery Stout MP
# 09cb9b45c2cd4ca674861fe484aa758ba5568be0 normal Stout MP
#
# 6f6d6df4e328633904990cf8c60baa18b8cf6fc7 recovery Stumpy MP
# de0b76af3caa55a8e7aa34c805e4248ad03b18e7 normal Stumpy MP
# f7e48006982a0ad4a41c0ca6610f062adb0eec44 normal Stumpy MP v2
#
# 057a03c1526a1be7f42d29095c5a583231a75b35 recovery Stumpy PVT
# 04dd63e835c979b57f87fd74e99af68e0cd39ad7 normal Stumpy PVT
#
# de11a604715a920d7371ceefda75a5b1b062443f recovery Tegra2-Kaen PVT
# 5c626cd8a684e470e74d3ceaf518aae745fe15dc normal Tegra2-Kaen PVT
#
# 20f3e8b77da6577706c91feefb203f98ee20d479 recovery ZGB MP
# 7b7ae8652775ad7305f565161b3acc00fcc8ea22 normal ZGB MP v2
#
#
# FIRMWARE keys
#
# BTW, the default H2C HWIDs are fixed for each platform:
# {97A1FBD6-FDE1-4FC5-BB81-286608B90FCE} Alex H2C
# {9D799111-A88A-439E-9E1F-FBBB41B00A9A} Mario H2C
# {24B107F2-BA6A-4EBD-8CDD-E768438CE0F0} Stumpy H2C
# {FA42644C-CF3A-4692-A9D3-1A667CB232E9} ZGB H2C
#
#
# b11d74edd286c144e1135b49e7f0bc20cf041f10 root dev-key
# c14bd720b70d97394257e3e826bd8f43de48d4ed recovery dev-key
#
# 00f77be2a0c013343db84fc6259da09e558b8318 root Alex MP
# 5c5776bf7574e5601c25042e0748b6844cfdd1dc recovery Alex MP
#
# 12a2c88b58cbd9eef6b777a3af440f611ea4f561 root Butterfly Pre-MP
# 8a22e18a91e89f46f1f59b44a7887ab3821cb18d recovery Butterfly Pre-MP
#
# 4c5067795ddbbf100d19f9ba08928af1c1ef37c6 root Kiev MP
# d81c751df76a7d53a6d3c2f58987562c87416735 recovery Kiev MP
#
# 9c138273527db0a0797233e2345ee39e46c0df95 root Kiev PreMP
# 02601fcbcac953f043a53eac6fed7a5367a7189c recovery Kiev PreMP
#
# 7b5c520ceabce86f13e02b7ca363cfb509fc5b98 root Link MP
# 7e74cd6d66f361da068c0419d2e0946b4d091e1c recovery Link MP
#
# e63058bf4b86b6fb1f148bc7acea9c71fe51675f root Link Pre-MP
# 08b2d19bc87d05d860a1c274f874bc9fa9ab7dfb recovery Link Pre-MP
#
# 4e92f07efd4a920c4e4f1ed97cf47b7b04ee1428 root Lumpy MP
# 0d800afb53cdd05dd849addee0143ca1d96e893c recovery Lumpy MP
#
# c9fc61f331b34e00a148e657bde5fb6b0b576c0a root Lumpy PVT
# ebcac421fbf411bee99ee90672a3add17f5a967b recovery Lumpy PVT
#
# 541f467a7d8747f55ae9087ee4e34155f5ee3cd7 root Mario MP
# 5d0d163b824cab5ae4f23fb2cc012e2a4124f4fe recovery Mario MP
#
# (See http://crosbug.com/p/14846) root Parrot MP
# 7f03c648d2bb4ab3979cb87633da51ed90267f03 recovery Parrot MP
#
# a026a7a4a0bf0fa32d6b7aa90a80d5ef01a3b799 root Snow MP
# 13b0ddf343bb0c325b178e5be138d4969a9e02be recovery Snow MP
#
# 952dd6852c11fd8b36b4fb88f3335ecae722e0e6 root Stout MP
# 5cb31faf8c524672a15fd4628c585af79eca0247 recovery Stout MP
#
# 4ec4ba0a746b37b1c6286ab807c2a5b1e7ab4ab0 root Stumpy MP
# 37e7bad73449f782f280b1668fed48d1132137fa recovery Stumpy MP
#
# 06939c65797eadfe6be1b3343a2e339800a34108 root Stumpy PVT
# 8540f56f87d91c5403704c960c1f385705201e20 recovery Stumpy PVT
#
# 9f59876c7f7dc881f02d934786c6b7c2c17dcaac root ZGB MP
# 9bd99a594c45b6739899a17ec29ac2289ee75463 recovery ZGB MP
set -o pipefail
# args?
unpack_it=
verbose=
if [ "${1:-}" = "-v" ]; then
unpack_it=yes
shift
fi
if [ "${1:-}" = "-V" ]; then
unpack_it=yes
verbose=yes
shift
fi
# clean up on exit
cleanup() {
[ -n "${CLEAN_UM:-}" ] && sudo umount $CLEAN_UM
[ -n "${CLEAN_RM:-}" ] && rm -rf $CLEAN_RM
}
trap cleanup EXIT
# temp stuff
TMPFILE=$(mktemp /tmp/keyblock_XXXXXXXXX)
CLEAN_RM="$TMPFILE"
if [ -n "$unpack_it" ]; then
TMPMNT=$(mktemp -d /tmp/mountdir_XXXXXXXXX)
TMPDIR=$(mktemp -d /tmp/extractdir_XXXXXXXXX)
CLEAN_RM="$CLEAN_RM $TMPDIR $TMPMNT"
fi
showbios() {
local file="$1" space="$2"
local hwid matchh rootkey matchn recoverykey matchr
hwid=$(gbb_utility --hwid "$file" | sed -e 's/^.*: *//') || return
matchh=$(grep "$hwid" "$0" 2>/dev/null | sed -e 's/^# //')
gbb_utility --rootkey="$TMPFILE" "$file" >/dev/null
rootkey=$(vbutil_key --unpack "$TMPFILE" | grep sha1sum | \
sed -e 's/^.*: *//')
matchn=$(grep "$rootkey" "$0" 2>/dev/null | \
sed -e 's/^# //' | sed -e 's/ \+root / /')
gbb_utility --recoverykey="$TMPFILE" "$file" >/dev/null
recoverykey=$(vbutil_key --unpack "$TMPFILE" | grep sha1sum | \
sed -e 's/^.*: *//')
matchr=$(grep "$recoverykey" "$0" 2>/dev/null | \
sed -e 's/^# //' | sed -e 's/ \+recovery / /')
echo "$space hwid: ${matchh:-$hwid}"
echo "$space root key: ${matchn:-$rootkey}"
echo "$space recovery key: ${matchr:-$recoverykey}"
}
# handle one input file
dofile() {
file="$1"
size=$(stat -c %s "$file")
if [ -f "$file" ] && [ "$size" -le 8388608 ]; then
echo -e "\nBIOS: $file"
showbios "$file" ""
else
echo -e "\nIMAGE: $file"
for pnum in $(cgpt find -n -t kernel "$file" 2>/dev/null); do
psize=$(cgpt show -s -i "$pnum" "$file")
if [ "$psize" -ge 128 ]; then
pstart=$(cgpt show -b -i "$pnum" "$file")
dd if="$file" of="$TMPFILE" bs=512 count=128 skip="$pstart" 2>/dev/null
psum=$(vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \
grep sha1sum | sed -e 's/^.*: *//')
if [ -n "$psum" ]; then
match=$(grep "$psum" "$0" 2>/dev/null | sed -e 's/^# //')
flags=$(vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \
grep Flags: | sed -e 's/^.*:[ 0-9]*//')
else
match=""
psum="--invalid--"
flags=""
fi
echo " part $pnum kernel: ${match:-$psum} ($flags)"
fi
done
if [ -n "$unpack_it" ]; then
for pnum in $(cgpt find -n -t rootfs "$file" 2>/dev/null); do
psize=$(cgpt show -s -i "$pnum" "$file")
if [ "$psize" -ge 128 ]; then
pstart=$(cgpt show -b -i "$pnum" "$file")
echo " part $pnum shellball:"
sudo mount -o loop,ro,offset=$(( $pstart * 512 )) "$file" "$TMPMNT"
CLEAN_UM="$TMPMNT"
[ -n "$verbose" ] && "$TMPMNT/usr/sbin/chromeos-firmwareupdate" -V
"$TMPMNT/usr/sbin/chromeos-firmwareupdate" \
--sb_extract "$TMPDIR" > /dev/null
sudo umount "$TMPMNT"
CLEAN_UM=
showbios "$TMPDIR/bios.bin" " "
fi
done
fi
fi
}
for file in "$@"; do
dofile $file
done
echo ""