blob: 71a88cf8d2f37f5360ec1f994c61668066e32816 (
plain) (
tree)
|
|
#!/bin/bash
# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
KEYBLOCK="keyblock"
VBPRIVK="vbprivk"
VBPUBK="vbpubk"
ARCH="arch"
CMDLINE="cmdline"
BOOTLOADER="bootloader"
KERNEL="kernel"
ITS="its"
FIT="fit"
IMG="img"
usage() {
printf "$executable [action] [kernel files|kernel image] [medium]\n" >&2
printf "\nActions:\n" >&2
printf " pack - Pack kernel files to a medium-specific image\n" >&2
printf " sign - Sign kernel image\n" >&2
printf " verify - Very kernel image signatures\n" >&2
printf "\nMedium:\n" >&2
printf " usb - External USB storage\n" >&2
printf " mmc - External SD card storage\n" >&2
printf " emmc - Internal storage\n" >&2
printf "\nEnvironment variables:\n" >&2
printf " VBOOT_KEYS_PATH - Path to the vboot keys\n" >&2
printf " VBOOT_TOOLS_PATH - Path to vboot tools\n" >&2
}
pack() {
local kernel_files_path=$1
local medium=$2
local arch_path="$kernel_files_path/$ARCH"
local arch=$( cat "$arch_path" )
local cmdline_path="$kernel_files_path/$CMDLINE-$medium"
local bootloader_path="$kernel_files_path/$BOOTLOADER"
local kernel_its_path="$kernel_files_path/$KERNEL.$ITS"
local kernel_fit_path="$kernel_files_path/$KERNEL.$FIT"
local kernel_image_path="$kernel_files_path/$KERNEL-$medium.$IMG"
mkimage -f "$kernel_its_path" "$kernel_fit_path"
futility vbutil_kernel --pack "$kernel_image_path" --version 1 --arch "$arch" --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --config "$cmdline_path" --vmlinuz "$kernel_fit_path" --bootloader "$bootloader_path"
printf "\nPacked kernel image $kernel_image_path\n"
}
sign() {
local kernel_image_path=$1
futility vbutil_kernel --repack "$kernel_image_path" --version 1 --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --oldblob "$kernel_image_path"
printf "\nSigned kernel image $kernel_image_path\n"
}
verify() {
local kernel_image_path=$1
futility vbutil_kernel --verify "$kernel_image_path" --signpubkey "$VBOOT_KEYS_PATH/kernel_subkey.$VBPUBK"
printf "\nVerified kernel image $kernel_image_path\n"
}
requirements() {
local requirement
local requirement_path
for requirement in "$@"
do
requirement_path=$( which "$requirement" || true )
if [ -z "$requirement_path" ]
then
printf "Missing requirement: $requirement\n" >&2
exit 1
fi
done
}
setup() {
root=$( realpath "$( dirname "$0" )" )
executable=$( basename "$0" )
if ! [ -z "$VBOOT_TOOLS_PATH" ]
then
PATH="$PATH:$VBOOT_TOOLS_PATH"
fi
if [ -z "$VBOOT_KEYS_PATH" ]
then
if ! [ -z "$VBOOT_TOOLS_PATH" ] && [ -d "$VBOOT_TOOLS_PATH/devkeys" ]
then
VBOOT_KEYS_PATH="$VBOOT_TOOLS_PATH/devkeys"
else
VBOOT_KEYS_PATH="/usr/share/vboot/devkeys"
fi
fi
}
cros_kernel_prepare() {
local action=$1
local kernel_files_path=$2
local kernel_image_path=$2
local medium=$3
set -e
setup "$@"
if [ -z "$action" ] || [ -z "$kernel_files_path" ] || [ -z "$kernel_image_path" ]
then
usage
exit 1
fi
case $action in
"pack")
if [ -z "$medium" ]
then
usage
exit 1
fi
requirements "mkimage" "futility"
pack "$kernel_files_path" "$medium"
;;
"sign")
requirements "futility"
sign "$kernel_image_path"
;;
"verify")
requirements "futility"
verify "$kernel_image_path"
;;
*)
usage
exit 1
;;
esac
}
cros_kernel_prepare "$@"
|