cros-scripts: Introduce cros-firmware-prepare script to prepare firmware

Signed-off-by: Paul Kocialkowski <contact@paulk.fr>

2 files changed, 124 insertions, 0 deletions

diff --git a/projects/cros-scripts/install/cros-firmware-prepare b/projects/cros-scripts/install/cros-firmware-prepare
new file mode 100755
index 00000000..ec443b86
--- /dev/null
+++ b/projects/cros-scripts/install/cros-firmware-prepare
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+KEYBLOCK="keyblock"
+VBPRIVK="vbprivk"
+VBPUBK="vbpubk"
+
+usage() {
+	printf "$executable [action] [firmware image path]\n" >&2
+
+	printf "\nActions:\n" >&2
+	printf "  sign - Sign firmware image\n" >&2
+	printf "  verify - Verify firmware image\n" >&2
+
+	printf "\nEnvironment variables:\n" >&2
+	printf "  VBOOT_KEYS_PATH - Path to the vboot keys\n" >&2
+	printf "  VBOOT_TOOLS_PATH - Path to vboot tools\n" >&2
+}
+
+sign() {
+	local firmware_image_path=$1
+
+	futility sign --signprivate="$VBOOT_KEYS_PATH/firmware_data_key.$VBPRIVK" --keyblock "$VBOOT_KEYS_PATH/firmware.$KEYBLOCK" --kernelkey "$VBOOT_KEYS_PATH/kernel_subkey.$VBPUBK" --infile "$firmware_image_path"
+	futility gbb_utility -s --recoverykey="$VBOOT_KEYS_PATH/recovery_key.$VBPUBK" --rootkey="$VBOOT_KEYS_PATH/root_key.$VBPUBK" "$firmware_image_path" "$firmware_image_path"
+
+	printf "\nSigned firmwares image $firmware_image_path\n"
+}
+
+verify() {
+	local firmware_image_path=$1
+
+	futility verify -k "$VBOOT_KEYS_PATH/root_key.$VBPUBK" "$firmware_image_path" || ( printf "\nBad firmware image signature!\n" >&2 && return 1 )
+
+	printf "\nVerified firmware image $firmware_image_path\n"
+}
+
+requirements() {
+	local requirement
+	local requirement_path
+
+	for requirement in "$@"
+	do
+		requirement_path=$( which "$requirement" || true )
+
+		if [ -z "$requirement_path" ]
+		then
+			printf "Missing requirement: $requirement\n" >&2
+			exit 1
+		fi
+	done
+}
+
+setup() {
+	root=$( realpath "$( dirname "$0" )" )
+	executable=$( basename "$0" )
+
+	if ! [ -z "$VBOOT_TOOLS_PATH" ]
+	then
+		PATH="$PATH:$VBOOT_TOOLS_PATH"
+	fi
+
+	if [ -z "$VBOOT_KEYS_PATH" ]
+	then
+		if ! [ -z "$VBOOT_TOOLS_PATH" ] && [ -d "$VBOOT_TOOLS_PATH/devkeys" ]
+		then
+			VBOOT_KEYS_PATH="$VBOOT_TOOLS_PATH/devkeys"
+		else
+			VBOOT_KEYS_PATH="/usr/share/vboot/devkeys"
+		fi
+	fi
+}
+
+cros_firmware_prepare() {
+	local action=$1
+	local firmware_image_path=$2
+
+	set -e
+
+	setup "$@"
+
+	if [ -z "$action" ] || [ -z "$firmware_image_path" ]
+	then
+		usage
+		exit 1
+	fi
+
+	case $action in
+		"sign")
+			if ! [ -f "$firmware_image_path" ]
+			then
+				usage
+				exit 1
+			fi
+
+			requirements "futility"
+			sign "$firmware_image_path"
+			;;
+		"verify")
+			requirements "futility"
+			verify "$firmware_image_path"
+			;;
+		*)
+			usage
+			exit 1
+			;;
+	esac
+}
+
+cros_firmware_prepare "$@"
diff --git a/projects/cros-scripts/install/install b/projects/cros-scripts/install/install
index c6720e6e..5e1e68b8 100644
--- a/projects/cros-scripts/install/install
+++ b/projects/cros-scripts/install/install
@@ -1,3 +1,4 @@
 cros-boot-keys:cros-boot-keys
+cros-firmware-prepare:cros-firmware-prepare
 cros-kernel-prepare:cros-kernel-prepare
 cros-medium-setup:cros-medium-setup