aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Kocialkowski <contact@paulk.fr>2016-12-25 21:27:41 +0100
committerLeah Rowe <info@minifree.org>2017-01-15 14:24:46 +0000
commitbfa02282620cdeca363bdafd18d68670e151e5a5 (patch)
tree0f03a02ab785d95e9b050a795d4c5e9a133494d2
parent0466ef18ef6748753b2f205a2169e85c73ae2d8e (diff)
downloadlibrebootfr-bfa02282620cdeca363bdafd18d68670e151e5a5.tar.gz
librebootfr-bfa02282620cdeca363bdafd18d68670e151e5a5.zip
tools: Add boot-keys tool to handle keys and images verification
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
-rwxr-xr-xtools/boot-keys/boot-keys117
-rwxr-xr-xtools/boot-keys/boot-keys-helper72
-rw-r--r--tools/boot-keys/configs/coreboot/depthcharge/type1
-rw-r--r--tools/boot-keys/configs/coreboot/targets1
l---------tools/boot-keys/configs/linux-cros1
-rw-r--r--tools/boot-keys/configs/linux/nyan/type1
-rw-r--r--tools/boot-keys/configs/linux/targets2
-rw-r--r--tools/boot-keys/configs/linux/veyron/type1
-rw-r--r--tools/boot-keys/configs/targets3
9 files changed, 199 insertions, 0 deletions
diff --git a/tools/boot-keys/boot-keys b/tools/boot-keys/boot-keys
new file mode 100755
index 00000000..c446bd44
--- /dev/null
+++ b/tools/boot-keys/boot-keys
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+usage() {
+ tool_usage_actions "$tool" "generate" "sign" "verify"
+}
+
+generate() {
+ local type=$( boot_keys_type "$@" )
+
+ if [ -z "$type" ]
+ then
+ printf "Unable to determine keys type\n" >&2
+ return 1
+ fi
+
+ case $type in
+ "cros"*)
+ boot_keys_cros "cros-boot-keys" "generate"
+ ;;
+ esac
+}
+
+sign() {
+ local project=$1
+
+ local prepare_files=$( boot_keys_files "$@" )
+ local type=$( boot_keys_type "$@" )
+ local install_path
+ local firmware_path
+ local kernel_path
+ local media
+
+ if [ -z "$type" ]
+ then
+ printf "Unable to determine keys type\n" >&2
+ return 1
+ fi
+
+ echo "$prepare_files" | while read install_path
+ do
+ case $type in
+ "cros-firmware")
+ firmware_path="$install_path/$project.$ROM"
+
+ boot_keys_cros "$type-prepare" "sign" "$firmware_path"
+ ;;
+ "cros-kernel")
+ media=$( project_action "media" "$@" )
+
+ for medium in $media
+ do
+ kernel_path="$install_path/$KERNEL-$medium.$IMG"
+
+ if [ -f "$kernel_path" ]
+ then
+ boot_keys_cros "$type-prepare" "sign" "$kernel_path"
+ else
+ boot_keys_cros "$type-prepare" "pack" "$install_path" "$medium"
+ fi
+ done
+ ;;
+ esac
+ done
+}
+
+verify() {
+ local project=$1
+
+ local prepare_files=$( boot_keys_files "$@" )
+ local type=$( boot_keys_type "$@" )
+ local install_path
+ local firmware_path
+ local kernel_path
+ local media
+
+ if [ -z "$type" ]
+ then
+ printf "Unable to determine keys type\n" >&2
+ return 1
+ fi
+
+ echo "$prepare_files" | while read install_path
+ do
+ case $type in
+ "cros-firmware")
+ firmware_path="$install_path/$project.$ROM"
+
+ boot_keys_cros "$type-prepare" "verify" "$firmware_path"
+ ;;
+ "cros-kernel")
+ media=$( project_action "media" "$@" )
+
+ for medium in $media
+ do
+ kernel_path="$install_path/$KERNEL-$medium.$IMG"
+
+ boot_keys_cros "$type-prepare" "verify" "$kernel_path"
+ done
+ ;;
+ esac
+ done
+}
diff --git a/tools/boot-keys/boot-keys-helper b/tools/boot-keys/boot-keys-helper
new file mode 100755
index 00000000..5046cbfb
--- /dev/null
+++ b/tools/boot-keys/boot-keys-helper
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+KERNEL="kernel"
+TYPE="type"
+ROM="rom"
+IMG="img"
+
+boot_keys_cros() {
+ local cros_script=$1
+ shift
+
+ local vboot_tools_path=$( project_install_path "vboot" "tools" )
+ local cros_scripts_path=$( project_install_path "cros-scripts" )
+ local cros_script_path="$cros_scripts_path/$cros_script"
+
+ if ! [ -x "$cros_script_path" ]
+ then
+ printf "$cros_script script missing from cros-scripts install" >&2
+ return 1
+ fi
+
+ VBOOT_KEYS_PATH=$VBOOT_KEYS_PATH VBOOT_TOOLS_PATH=$vboot_tools_path $cros_script_path "$@"
+}
+
+boot_keys_type() {
+ tool_file_contents "$tool" "$CONFIGS" "$TYPE" "$@"
+}
+
+boot_keys_files_install_path() {
+ local project=$1
+ shift
+
+ local helper_arguments
+ local argument
+ local ifs_save
+
+ helper_arguments=$( project_action_helper "arguments" "$project" "$@" )
+
+
+ if [ $? -ne 0 ] || [ -z "$helper_arguments" ]
+ then
+ project_install_path "$project" "$@"
+ else
+ # This it to allow space characters in arguments.
+ ifs_save=$IFS
+ IFS=$'\n'
+
+ for argument in $( echo "$helper_arguments" )
+ do
+ (
+ IFS=$ifs_save
+
+ # Only a single argument at a time is returned by the helper.
+ boot_keys_files_install_path "$project" "$@" "$argument"
+ )
+ done
+
+ IFS=$ifs_save
+ fi
+}
+
+boot_keys_files() {
+ local project=$1
+ shift
+
+ local cros_scripts_path=$( project_install_path "cros-scripts" )
+ local cros_boot_keys="$cros_scripts_path/cros-boot-keys"
+
+ project_action_arguments_verify_recursive "install" "$project" "$@"
+
+ boot_keys_files_install_path "$project" "$@"
+}
diff --git a/tools/boot-keys/configs/coreboot/depthcharge/type b/tools/boot-keys/configs/coreboot/depthcharge/type
new file mode 100644
index 00000000..470d2844
--- /dev/null
+++ b/tools/boot-keys/configs/coreboot/depthcharge/type
@@ -0,0 +1 @@
+cros-firmware
diff --git a/tools/boot-keys/configs/coreboot/targets b/tools/boot-keys/configs/coreboot/targets
new file mode 100644
index 00000000..d7e90413
--- /dev/null
+++ b/tools/boot-keys/configs/coreboot/targets
@@ -0,0 +1 @@
+depthcharge
diff --git a/tools/boot-keys/configs/linux-cros b/tools/boot-keys/configs/linux-cros
new file mode 120000
index 00000000..9c52cb36
--- /dev/null
+++ b/tools/boot-keys/configs/linux-cros
@@ -0,0 +1 @@
+linux \ No newline at end of file
diff --git a/tools/boot-keys/configs/linux/nyan/type b/tools/boot-keys/configs/linux/nyan/type
new file mode 100644
index 00000000..adb275f4
--- /dev/null
+++ b/tools/boot-keys/configs/linux/nyan/type
@@ -0,0 +1 @@
+cros-kernel
diff --git a/tools/boot-keys/configs/linux/targets b/tools/boot-keys/configs/linux/targets
new file mode 100644
index 00000000..792768c4
--- /dev/null
+++ b/tools/boot-keys/configs/linux/targets
@@ -0,0 +1,2 @@
+nyan
+veyron
diff --git a/tools/boot-keys/configs/linux/veyron/type b/tools/boot-keys/configs/linux/veyron/type
new file mode 100644
index 00000000..adb275f4
--- /dev/null
+++ b/tools/boot-keys/configs/linux/veyron/type
@@ -0,0 +1 @@
+cros-kernel
diff --git a/tools/boot-keys/configs/targets b/tools/boot-keys/configs/targets
new file mode 100644
index 00000000..019b149f
--- /dev/null
+++ b/tools/boot-keys/configs/targets
@@ -0,0 +1,3 @@
+coreboot
+linux
+linux-cros