From 08f4d448c94904f9193099570345742c7aeff22a Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski Date: Sun, 25 Dec 2016 21:25:13 +0100 Subject: cros-scripts: Introduce cros-firmware-prepare script to prepare firmware Signed-off-by: Paul Kocialkowski --- .../cros-scripts/install/cros-firmware-prepare | 123 +++++++++++++++++++++ projects/cros-scripts/install/install | 1 + 2 files changed, 124 insertions(+) create mode 100755 projects/cros-scripts/install/cros-firmware-prepare diff --git a/projects/cros-scripts/install/cros-firmware-prepare b/projects/cros-scripts/install/cros-firmware-prepare new file mode 100755 index 00000000..ec443b86 --- /dev/null +++ b/projects/cros-scripts/install/cros-firmware-prepare @@ -0,0 +1,123 @@ +#!/bin/bash + +# Copyright (C) 2016 Paul Kocialkowski +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +KEYBLOCK="keyblock" +VBPRIVK="vbprivk" +VBPUBK="vbpubk" + +usage() { + printf "$executable [action] [firmware image path]\n" >&2 + + printf "\nActions:\n" >&2 + printf " sign - Sign firmware image\n" >&2 + printf " verify - Verify firmware image\n" >&2 + + printf "\nEnvironment variables:\n" >&2 + printf " VBOOT_KEYS_PATH - Path to the vboot keys\n" >&2 + printf " VBOOT_TOOLS_PATH - Path to vboot tools\n" >&2 +} + +sign() { + local firmware_image_path=$1 + + futility sign --signprivate="$VBOOT_KEYS_PATH/firmware_data_key.$VBPRIVK" --keyblock "$VBOOT_KEYS_PATH/firmware.$KEYBLOCK" --kernelkey "$VBOOT_KEYS_PATH/kernel_subkey.$VBPUBK" --infile "$firmware_image_path" + futility gbb_utility -s --recoverykey="$VBOOT_KEYS_PATH/recovery_key.$VBPUBK" --rootkey="$VBOOT_KEYS_PATH/root_key.$VBPUBK" "$firmware_image_path" "$firmware_image_path" + + printf "\nSigned firmwares image $firmware_image_path\n" +} + +verify() { + local firmware_image_path=$1 + + futility verify -k "$VBOOT_KEYS_PATH/root_key.$VBPUBK" "$firmware_image_path" || ( printf "\nBad firmware image signature!\n" >&2 && return 1 ) + + printf "\nVerified firmware image $firmware_image_path\n" +} + +requirements() { + local requirement + local requirement_path + + for requirement in "$@" + do + requirement_path=$( which "$requirement" || true ) + + if [ -z "$requirement_path" ] + then + printf "Missing requirement: $requirement\n" >&2 + exit 1 + fi + done +} + +setup() { + root=$( realpath "$( dirname "$0" )" ) + executable=$( basename "$0" ) + + if ! [ -z "$VBOOT_TOOLS_PATH" ] + then + PATH="$PATH:$VBOOT_TOOLS_PATH" + fi + + if [ -z "$VBOOT_KEYS_PATH" ] + then + if ! [ -z "$VBOOT_TOOLS_PATH" ] && [ -d "$VBOOT_TOOLS_PATH/devkeys" ] + then + VBOOT_KEYS_PATH="$VBOOT_TOOLS_PATH/devkeys" + else + VBOOT_KEYS_PATH="/usr/share/vboot/devkeys" + fi + fi +} + +cros_firmware_prepare() { + local action=$1 + local firmware_image_path=$2 + + set -e + + setup "$@" + + if [ -z "$action" ] || [ -z "$firmware_image_path" ] + then + usage + exit 1 + fi + + case $action in + "sign") + if ! [ -f "$firmware_image_path" ] + then + usage + exit 1 + fi + + requirements "futility" + sign "$firmware_image_path" + ;; + "verify") + requirements "futility" + verify "$firmware_image_path" + ;; + *) + usage + exit 1 + ;; + esac +} + +cros_firmware_prepare "$@" diff --git a/projects/cros-scripts/install/install b/projects/cros-scripts/install/install index c6720e6e..5e1e68b8 100644 --- a/projects/cros-scripts/install/install +++ b/projects/cros-scripts/install/install @@ -1,3 +1,4 @@ cros-boot-keys:cros-boot-keys +cros-firmware-prepare:cros-firmware-prepare cros-kernel-prepare:cros-kernel-prepare cros-medium-setup:cros-medium-setup -- cgit v1.2.3-70-g09d2