blob: 4cf8f4caeaabaa0e46e8a63bc45ce1cbf5ed7998 [file] [log] [blame]
#!/bin/bash
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Load common constants and functions.
. "$(dirname "$0")/common.sh"
usage() {
cat <<EOF
Usage: ${PROG} <number of loem keys to add>
If the existing keyset is not set up for loem usage, it will be converted.
Note: Use 0 if you want to just convert an existing keyset.
EOF
exit ${1:-0}
}
convert_keyset_to_loem() {
local f
printf "Converting to loem keyset; continue? (y/N) "
read f
[[ ${f} == [yY] ]]
for f in {firmware_data,root}_key.vb{pub,priv}k firmware.keyblock; do
if [[ ${f} == "root_key.vbprivk" && ! -e ${f} ]]; then
# For official keys, we won't have the private half of the root key.
echo "Skipping ${f} for official keys"
continue
fi
if [[ ${f} == *.vbprivk && ! -e ${f} ]]; then
# For official keys, will be gpg wrapped.
f+=".gpg"
fi
mv -i "${f}" "${f/./.loem1.}"
done
echo "[loem]" > loem.ini
}
main() {
set -e -u
if [[ $# -ne 1 || $1 == -* ]]; then
usage
fi
# Keep `local` and assignment split so return values are checked.
local firmware_key_version
local num_keys highest_key k
if [[ ! -e ${VERSION_FILE} ]]; then
die "missing ${VERSION_FILE} in ${PWD}; please create one"
fi
firmware_key_version=$(get_version "firmware_key_version")
# See if we need to convert the keyset first.
if [[ -e root_key.vbpubk ]]; then
convert_keyset_to_loem
fi
num_keys=$1
highest_key=$(printf '%s\n' firmware.loem*.keyblock |
sed -r 's:firmware.loem(.*).keyblock:\1:' |
sort -n | tail -1)
echo "There are ${highest_key} loem keys; adding ${num_keys} more"
for ((k = highest_key + 1; k < highest_key + 1 + num_keys; ++k)); do
echo "Generating LOEM ${k}"
make_pair root_key.loem${k} ${ROOT_KEY_ALGOID}
make_pair firmware_data_key.loem${k} ${FIRMWARE_DATAKEY_ALGOID} \
${firmware_key_version}
make_keyblock firmware.loem${k} ${FIRMWARE_KEYBLOCK_MODE} \
firmware_data_key.loem${k} root_key.loem${k}
done
echo
echo "Don't forget to update loem.ini to allocate the keys!"
}
main "$@"