increment_kernel_subkey_and_key.sh revision 7b3e34a23645749f6e3ea9deb7427be21f2d181e
141f444a11b267285a41a22a996a86a249c99549cGaurav Shah#!/bin/bash 241f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 341f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Use of this source code is governed by a BSD-style license that can be 441f444a11b267285a41a22a996a86a249c99549cGaurav Shah# found in the LICENSE file. 541f444a11b267285a41a22a996a86a249c99549cGaurav Shah 641f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Script to increment kernel subkey and datakey for firmware updates. 741f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Used when revving versions for a firmware update. 841f444a11b267285a41a22a996a86a249c99549cGaurav Shah 941f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Load common constants and variables. 107b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah. "${0%/*}"/common.sh 1141f444a11b267285a41a22a996a86a249c99549cGaurav Shah 1241f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Abort on errors. 1341f444a11b267285a41a22a996a86a249c99549cGaurav Shahset -e 1441f444a11b267285a41a22a996a86a249c99549cGaurav Shah 157b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shahif [ $# -ne 1 ]; then 167b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah cat <<EOF 177b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav ShahUsage: $0 <keyset directory> 187b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah 197b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav ShahIncrements the kernel subkey, data key and firmware version in the 207b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shahspecified keyset. 217b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav ShahEOF 227b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah exit 1 237b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shahfi 247b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah 257b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav ShahKEY_DIR=$1 267b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah 2741f444a11b267285a41a22a996a86a249c99549cGaurav Shah# File to read current versions from. 2841f444a11b267285a41a22a996a86a249c99549cGaurav ShahVERSION_FILE="key.versions" 2941f444a11b267285a41a22a996a86a249c99549cGaurav Shah 3041f444a11b267285a41a22a996a86a249c99549cGaurav Shah# ARGS: <version_type> 3141f444a11b267285a41a22a996a86a249c99549cGaurav Shahget_version() { 3241f444a11b267285a41a22a996a86a249c99549cGaurav Shah local version_type=$1 3341f444a11b267285a41a22a996a86a249c99549cGaurav Shah version=$(sed -n "s#^${version_type}=\(.*\)#\1#pg" ${VERSION_FILE}) 3441f444a11b267285a41a22a996a86a249c99549cGaurav Shah echo $version 3541f444a11b267285a41a22a996a86a249c99549cGaurav Shah} 3641f444a11b267285a41a22a996a86a249c99549cGaurav Shah 3741f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Make backups of existing keys and keyblocks that will be revved. 3841f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Backup format: 397b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah# for keys: <key_name>.v<version>.vb{pub|priv}k 407b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah# for keyblocks: <keyblock_name>.v<datakey version>.v<subkey version>.keyblock 4141f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Args: SUBKEY_VERSION DATAKEY_VERSION 4241f444a11b267285a41a22a996a86a249c99549cGaurav Shahbackup_existing_kernel_keys() { 4341f444a11b267285a41a22a996a86a249c99549cGaurav Shah subkey_version=$1 4441f444a11b267285a41a22a996a86a249c99549cGaurav Shah datakey_version=$2 4541f444a11b267285a41a22a996a86a249c99549cGaurav Shah # --no-clobber to prevent accidentally overwriting existing 4641f444a11b267285a41a22a996a86a249c99549cGaurav Shah # backups. 477b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_version}.vbprivk"} 487b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_version}.vbpubk"} 497b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_version}.vbprivk"} 507b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_version}.vbpubk"} 517b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah mv --no-clobber kernel.{keyblock,"v${datakey_version}.v${subkey_version}.keyblock"} 5241f444a11b267285a41a22a996a86a249c99549cGaurav Shah} 5341f444a11b267285a41a22a996a86a249c99549cGaurav Shah 5441f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Write new key version file with the updated key versions. 5541f444a11b267285a41a22a996a86a249c99549cGaurav Shah# Args: FIRMWARE_KEY_VERSION FIRMWARE_VERSION KERNEL_KEY_VERSION KERNEL_VERSION 5641f444a11b267285a41a22a996a86a249c99549cGaurav Shahwrite_updated_version_file() { 5741f444a11b267285a41a22a996a86a249c99549cGaurav Shah local firmware_key_version=$1 5841f444a11b267285a41a22a996a86a249c99549cGaurav Shah local firmware_version=$2 5941f444a11b267285a41a22a996a86a249c99549cGaurav Shah local kernel_key_version=$3 6041f444a11b267285a41a22a996a86a249c99549cGaurav Shah local kernel_version=$4 6141f444a11b267285a41a22a996a86a249c99549cGaurav Shah 6241f444a11b267285a41a22a996a86a249c99549cGaurav Shah cat > ${VERSION_FILE} <<EOF 6341f444a11b267285a41a22a996a86a249c99549cGaurav Shahfirmware_key_version=${firmware_key_version} 6441f444a11b267285a41a22a996a86a249c99549cGaurav Shahfirmware_version=${firmware_version} 6541f444a11b267285a41a22a996a86a249c99549cGaurav Shahkernel_key_version=${kernel_key_version} 6641f444a11b267285a41a22a996a86a249c99549cGaurav Shahkernel_version=${kernel_version} 6741f444a11b267285a41a22a996a86a249c99549cGaurav ShahEOF 6841f444a11b267285a41a22a996a86a249c99549cGaurav Shah} 6941f444a11b267285a41a22a996a86a249c99549cGaurav Shah 7041f444a11b267285a41a22a996a86a249c99549cGaurav Shah 7141f444a11b267285a41a22a996a86a249c99549cGaurav Shahmain() { 727b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah local key_dir=$1 737b3e34a23645749f6e3ea9deb7427be21f2d181eGaurav Shah cd "${key_dir}" 7441f444a11b267285a41a22a996a86a249c99549cGaurav Shah current_fkey_version=$(get_version "firmware_key_version") 7541f444a11b267285a41a22a996a86a249c99549cGaurav Shah # Firmware version is the kernel subkey version. 7641f444a11b267285a41a22a996a86a249c99549cGaurav Shah current_ksubkey_version=$(get_version "firmware_version") 7741f444a11b267285a41a22a996a86a249c99549cGaurav Shah # Kernel data key version is the kernel key version. 7841f444a11b267285a41a22a996a86a249c99549cGaurav Shah current_kdatakey_version=$(get_version "kernel_key_version") 7941f444a11b267285a41a22a996a86a249c99549cGaurav Shah current_kernel_version=$(get_version "kernel_version") 8041f444a11b267285a41a22a996a86a249c99549cGaurav Shah 8141f444a11b267285a41a22a996a86a249c99549cGaurav Shah cat <<EOF 8241f444a11b267285a41a22a996a86a249c99549cGaurav ShahCurrent Firmware key version: ${current_fkey_version} 8341f444a11b267285a41a22a996a86a249c99549cGaurav ShahCurrent Firmware version: ${current_ksubkey_version} 8441f444a11b267285a41a22a996a86a249c99549cGaurav ShahCurrent Kernel key version: ${current_kdatakey_version} 8541f444a11b267285a41a22a996a86a249c99549cGaurav ShahCurrent Kernel version: ${current_kernel_version} 8641f444a11b267285a41a22a996a86a249c99549cGaurav ShahEOF 8741f444a11b267285a41a22a996a86a249c99549cGaurav Shah 8841f444a11b267285a41a22a996a86a249c99549cGaurav Shah backup_existing_kernel_keys $current_ksubkey_version $current_kdatakey_version 8941f444a11b267285a41a22a996a86a249c99549cGaurav Shah 9041f444a11b267285a41a22a996a86a249c99549cGaurav Shah new_ksubkey_version=$(( current_ksubkey_version + 1 )) 9141f444a11b267285a41a22a996a86a249c99549cGaurav Shah new_kdatakey_version=$(( current_kdatakey_version + 1 )) 9241f444a11b267285a41a22a996a86a249c99549cGaurav Shah 9341f444a11b267285a41a22a996a86a249c99549cGaurav Shah if [ $new_kdatakey_version -gt 65535 ] || [ $new_kdatakey_version -gt 65535 ]; 9441f444a11b267285a41a22a996a86a249c99549cGaurav Shah then 9541f444a11b267285a41a22a996a86a249c99549cGaurav Shah echo "Version overflow!" 9641f444a11b267285a41a22a996a86a249c99549cGaurav Shah exit 1 9741f444a11b267285a41a22a996a86a249c99549cGaurav Shah fi 9841f444a11b267285a41a22a996a86a249c99549cGaurav Shah 9941f444a11b267285a41a22a996a86a249c99549cGaurav Shah cat <<EOF 10041f444a11b267285a41a22a996a86a249c99549cGaurav ShahGenerating new kernel subkey, data keys and new kernel keyblock. 10141f444a11b267285a41a22a996a86a249c99549cGaurav Shah 10241f444a11b267285a41a22a996a86a249c99549cGaurav ShahNew Firmware version (due to kernel subkey change): ${new_ksubkey_version}. 10341f444a11b267285a41a22a996a86a249c99549cGaurav ShahNew Kernel key version (due to kernel datakey change): ${new_kdatakey_version}. 10441f444a11b267285a41a22a996a86a249c99549cGaurav ShahEOF 10541f444a11b267285a41a22a996a86a249c99549cGaurav Shah make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID $new_ksubkey_version 10641f444a11b267285a41a22a996a86a249c99549cGaurav Shah make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID $new_kdatakey_version 10741f444a11b267285a41a22a996a86a249c99549cGaurav Shah make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey 10841f444a11b267285a41a22a996a86a249c99549cGaurav Shah 10941f444a11b267285a41a22a996a86a249c99549cGaurav Shah write_updated_version_file $current_fkey_version $new_ksubkey_version \ 11041f444a11b267285a41a22a996a86a249c99549cGaurav Shah $new_kdatakey_version $current_kernel_version 11141f444a11b267285a41a22a996a86a249c99549cGaurav Shah} 11241f444a11b267285a41a22a996a86a249c99549cGaurav Shah 11341f444a11b267285a41a22a996a86a249c99549cGaurav Shahmain $@ 114