aboutsummaryrefslogtreecommitdiff
path: root/i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys
diff options
context:
space:
mode:
authorLibreboot Contributor <contributor@libreboot.org>2020-03-18 17:20:14 +0100
committerLibreboot Contributor <contributor@libreboot.org>2020-03-18 17:20:27 +0100
commit0f6ea1c9e0a25a9b7546f96f27cef8841f0d09b5 (patch)
treea28b9403123dd6204eb2dd8cb44eada12c169f4b /i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys
parent6e5bdd1271059a9c61c80b21001fd3d14ff25045 (diff)
downloadlibrebootfr-0f6ea1c9e0a25a9b7546f96f27cef8841f0d09b5.tar.gz
librebootfr-0f6ea1c9e0a25a9b7546f96f27cef8841f0d09b5.zip
Creation of i18n folder containing translations of the libreboot project. Added french one, not finished.
Diffstat (limited to 'i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys')
-rwxr-xr-xi18n/fr_FR/projects/cros-scripts/install/cros-boot-keys210
1 files changed, 210 insertions, 0 deletions
diff --git a/i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys b/i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys
new file mode 100755
index 00000000..53db579f
--- /dev/null
+++ b/i18n/fr_FR/projects/cros-scripts/install/cros-boot-keys
@@ -0,0 +1,210 @@
+#!/usr/bin/env bash
+
+# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+REGEXP="\([^[:space:]]*\)[[:space:]]\(.*\)"
+
+KEYBLOCK="keyblock"
+VBPRIVK="vbprivk"
+VBPUBK="vbpubk"
+KEYB="keyb"
+PEM="pem"
+CRT="crt"
+
+KEYS="ec_root_key ec_data_key root_key firmware_data_key kernel_subkey kernel_data_key recovery_key recovery_kernel_data_key installer_kernel_data_key"
+KEYBLOCKS="firmware ec recovery_kernel kernel installer_kernel"
+SUBKEYS="firmware_data_key root_key ec_data_key ec_root_key recovery_kernel_data_key recovery_key kernel_data_key kernel_subkey installer_kernel_data_key recovery_key"
+ALGORITHMS="7 7 11 7 7 4 11 11 11"
+MODES="7 7 11 7 10"
+
+usage() {
+ printf 1>&2 '%s\n' "$executable [action]"
+
+ printf 1>&2 '\n%s\n' 'Actions:'
+ printf 1>&2 '%s\n' ' generate - Generate a set of keys'
+ printf 1>&2 '%s\n' ' verify - Verify keyblocks'
+
+ printf 1>&2 '\n%s\n' 'Environment variables:'
+ printf 1>&2 '%s\n' ' KEYS_VERSION - Version to give the keys'
+ printf 1>&2 '%s\n' ' VBOOT_KEYS_PATH - Path to the vboot keys'
+ printf 1>&2 '%s\n' ' VBOOT_TOOLS_PATH - Path to vboot tools'
+}
+
+keys_override_confirm() {
+ local override=0
+ local confirm
+
+ for key in $KEYS
+ do
+ if [ -f "$VBOOT_KEYS_PATH/$key.$VBPUBK" ] || [ -f "$VBOOT_KEYS_PATH/$key.$VBPRIVK" ]
+ then
+ override=1
+ fi
+ done
+
+ for keyblock in $KEYBLOCKS
+ do
+ if [ -f "$VBOOT_KEYS_PATH/$keyblock.$KEYBLOCK" ]
+ then
+ override=1
+ fi
+ done
+
+ if [ $override -ne 1 ]
+ then
+ return 0
+ fi
+
+ printf '%s\n' 'This is going to override keys stored in the following directory:'
+ printf '%s\n' " $VBOOT_KEYS_PATH"
+ printf '%s' 'Press enter to confirm: '
+
+ read confirm
+}
+
+generate() {
+ local algorithms=$ALGORITHMS
+ local subkeys=$SUBKEYS
+ local modes=$MODES
+ local keyblock
+ local algorithm
+ local pubkey
+ local privkey
+ local mode
+
+ keys_override_confirm
+
+ for key in $KEYS
+ do
+ algorithm=$( printf '%s\n' "$algorithms" | sed "s/$REGEXP/\1/g" )
+ algorithms=$( printf '%s\n' "$algorithms" | sed "s/$REGEXP/\2/g" )
+
+ key_length=$(( 1 << (10 + ($algorithm / 3)) ))
+
+ openssl genrsa -F4 -out "$VBOOT_KEYS_PATH/$key.$PEM" "$key_length"
+ openssl req -batch -new -x509 -key "$VBOOT_KEYS_PATH/$key.$PEM"
+ openssl req -batch -new -x509 -key "$VBOOT_KEYS_PATH/$key.$PEM" -out "$VBOOT_KEYS_PATH/$key.$CRT"
+ dumpRSAPublicKey -cert "$VBOOT_KEYS_PATH/$key.$CRT" > "$VBOOT_KEYS_PATH/$key.$KEYB"
+ futility vbutil_key --pack "$VBOOT_KEYS_PATH/$key.$VBPUBK" --key "$VBOOT_KEYS_PATH/$key.$KEYB" --version "$KEYS_VERSION" --algorithm "$algorithm"
+ futility vbutil_key --pack "$VBOOT_KEYS_PATH/$key.$VBPRIVK" --key "$VBOOT_KEYS_PATH/$key.$PEM" --algorithm "$algorithm"
+
+ rm -f "$VBOOT_KEYS_PATH/$key.$PEM" "$VBOOT_KEYS_PATH/$key.$CRT" "$VBOOT_KEYS_PATH/$key.$KEYB"
+ done
+
+ printf '\n%s\n' "Generated keys $KEYS"
+
+ for keyblock in $KEYBLOCKS
+ do
+ pubkey=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\1/g" )
+ subkeys=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\2/g" )
+ privkey=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\1/g" )
+ subkeys=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\2/g" )
+
+ mode=$( printf '%s\n' "$modes" | sed "s/$REGEXP/\1/g" )
+ modes=$( printf '%s\n' "$modes" | sed "s/$REGEXP/\2/g" )
+
+ futility vbutil_keyblock --pack "$VBOOT_KEYS_PATH/$keyblock.$KEYBLOCK" --flags "$mode" --datapubkey "$VBOOT_KEYS_PATH/$pubkey.$VBPUBK" --signprivate "$VBOOT_KEYS_PATH/$privkey.$VBPRIVK"
+ futility vbutil_keyblock --unpack "$VBOOT_KEYS_PATH/$keyblock.$KEYBLOCK" --signpubkey "$VBOOT_KEYS_PATH/$privkey.$VBPUBK"
+ done
+
+ printf '\n%s\n' "Generated keyblocks $KEYBLOCKS"
+}
+
+verify() {
+ local subkeys=$SUBKEYS
+ local pubkey
+ local privkey
+
+ for keyblock in $KEYBLOCKS
+ do
+ pubkey=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\1/g" )
+ subkeys=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\2/g" )
+ privkey=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\1/g" )
+ subkeys=$( printf '%s\n' "$subkeys" | sed "s/$REGEXP/\2/g" )
+
+ futility vbutil_keyblock --unpack "$VBOOT_KEYS_PATH/$keyblock.$KEYBLOCK" --signpubkey "$VBOOT_KEYS_PATH/$privkey.$VBPUBK"
+ done
+
+ printf '\n%s\n' "Verified keyblocks $KEYBLOCKS"
+}
+
+requirements() {
+ local requirement
+ local requirement_path
+
+ for requirement in "$@"
+ do
+ requirement_path=$( which "$requirement" || true )
+
+ if [ -z "$requirement_path" ]
+ then
+ printf 1>&2 '%s\n' "Missing requirement: $requirement"
+ exit 1
+ fi
+ done
+}
+
+setup() {
+ root=$(readlink -f "$( dirname "$0" )" )
+ executable=$( basename "$0" )
+
+ if [ -z "$KEYS_VERSION" ]
+ then
+ KEYS_VERSION=1
+ fi
+
+ if ! [ -z "$VBOOT_TOOLS_PATH" ]
+ then
+ PATH="$PATH:$VBOOT_TOOLS_PATH"
+ fi
+
+ if [ -z "$VBOOT_KEYS_PATH" ]
+ then
+ VBOOT_KEYS_PATH="$root/keys"
+ mkdir -p "$VBOOT_KEYS_PATH"
+ fi
+}
+
+cros_boot_keys() {
+ local action=$1
+
+ set -e
+
+ setup "$@"
+
+ if [ -z "$action" ]
+ then
+ usage
+ exit 1
+ fi
+
+ case $action in
+ "generate")
+ requirements "openssl" "dumpRSAPublicKey" "futility"
+ generate
+ ;;
+ "verify")
+ requirements "futility"
+ verify
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+ esac
+}
+
+cros_boot_keys "$@"