From bfa02282620cdeca363bdafd18d68670e151e5a5 Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski Date: Sun, 25 Dec 2016 21:27:41 +0100 Subject: tools: Add boot-keys tool to handle keys and images verification Signed-off-by: Paul Kocialkowski --- tools/boot-keys/boot-keys | 117 ++++++++++++++++++++++ tools/boot-keys/boot-keys-helper | 72 +++++++++++++ tools/boot-keys/configs/coreboot/depthcharge/type | 1 + tools/boot-keys/configs/coreboot/targets | 1 + tools/boot-keys/configs/linux-cros | 1 + tools/boot-keys/configs/linux/nyan/type | 1 + tools/boot-keys/configs/linux/targets | 2 + tools/boot-keys/configs/linux/veyron/type | 1 + tools/boot-keys/configs/targets | 3 + 9 files changed, 199 insertions(+) create mode 100755 tools/boot-keys/boot-keys create mode 100755 tools/boot-keys/boot-keys-helper create mode 100644 tools/boot-keys/configs/coreboot/depthcharge/type create mode 100644 tools/boot-keys/configs/coreboot/targets create mode 120000 tools/boot-keys/configs/linux-cros create mode 100644 tools/boot-keys/configs/linux/nyan/type create mode 100644 tools/boot-keys/configs/linux/targets create mode 100644 tools/boot-keys/configs/linux/veyron/type create mode 100644 tools/boot-keys/configs/targets (limited to 'tools') diff --git a/tools/boot-keys/boot-keys b/tools/boot-keys/boot-keys new file mode 100755 index 00000000..c446bd44 --- /dev/null +++ b/tools/boot-keys/boot-keys @@ -0,0 +1,117 @@ +#!/bin/bash + +# Copyright (C) 2016 Paul Kocialkowski +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +usage() { + tool_usage_actions "$tool" "generate" "sign" "verify" +} + +generate() { + local type=$( boot_keys_type "$@" ) + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + case $type in + "cros"*) + boot_keys_cros "cros-boot-keys" "generate" + ;; + esac +} + +sign() { + local project=$1 + + local prepare_files=$( boot_keys_files "$@" ) + local type=$( boot_keys_type "$@" ) + local install_path + local firmware_path + local kernel_path + local media + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + echo "$prepare_files" | while read install_path + do + case $type in + "cros-firmware") + firmware_path="$install_path/$project.$ROM" + + boot_keys_cros "$type-prepare" "sign" "$firmware_path" + ;; + "cros-kernel") + media=$( project_action "media" "$@" ) + + for medium in $media + do + kernel_path="$install_path/$KERNEL-$medium.$IMG" + + if [ -f "$kernel_path" ] + then + boot_keys_cros "$type-prepare" "sign" "$kernel_path" + else + boot_keys_cros "$type-prepare" "pack" "$install_path" "$medium" + fi + done + ;; + esac + done +} + +verify() { + local project=$1 + + local prepare_files=$( boot_keys_files "$@" ) + local type=$( boot_keys_type "$@" ) + local install_path + local firmware_path + local kernel_path + local media + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + echo "$prepare_files" | while read install_path + do + case $type in + "cros-firmware") + firmware_path="$install_path/$project.$ROM" + + boot_keys_cros "$type-prepare" "verify" "$firmware_path" + ;; + "cros-kernel") + media=$( project_action "media" "$@" ) + + for medium in $media + do + kernel_path="$install_path/$KERNEL-$medium.$IMG" + + boot_keys_cros "$type-prepare" "verify" "$kernel_path" + done + ;; + esac + done +} diff --git a/tools/boot-keys/boot-keys-helper b/tools/boot-keys/boot-keys-helper new file mode 100755 index 00000000..5046cbfb --- /dev/null +++ b/tools/boot-keys/boot-keys-helper @@ -0,0 +1,72 @@ +#!/bin/bash + +KERNEL="kernel" +TYPE="type" +ROM="rom" +IMG="img" + +boot_keys_cros() { + local cros_script=$1 + shift + + local vboot_tools_path=$( project_install_path "vboot" "tools" ) + local cros_scripts_path=$( project_install_path "cros-scripts" ) + local cros_script_path="$cros_scripts_path/$cros_script" + + if ! [ -x "$cros_script_path" ] + then + printf "$cros_script script missing from cros-scripts install" >&2 + return 1 + fi + + VBOOT_KEYS_PATH=$VBOOT_KEYS_PATH VBOOT_TOOLS_PATH=$vboot_tools_path $cros_script_path "$@" +} + +boot_keys_type() { + tool_file_contents "$tool" "$CONFIGS" "$TYPE" "$@" +} + +boot_keys_files_install_path() { + local project=$1 + shift + + local helper_arguments + local argument + local ifs_save + + helper_arguments=$( project_action_helper "arguments" "$project" "$@" ) + + + if [ $? -ne 0 ] || [ -z "$helper_arguments" ] + then + project_install_path "$project" "$@" + else + # This it to allow space characters in arguments. + ifs_save=$IFS + IFS=$'\n' + + for argument in $( echo "$helper_arguments" ) + do + ( + IFS=$ifs_save + + # Only a single argument at a time is returned by the helper. + boot_keys_files_install_path "$project" "$@" "$argument" + ) + done + + IFS=$ifs_save + fi +} + +boot_keys_files() { + local project=$1 + shift + + local cros_scripts_path=$( project_install_path "cros-scripts" ) + local cros_boot_keys="$cros_scripts_path/cros-boot-keys" + + project_action_arguments_verify_recursive "install" "$project" "$@" + + boot_keys_files_install_path "$project" "$@" +} diff --git a/tools/boot-keys/configs/coreboot/depthcharge/type b/tools/boot-keys/configs/coreboot/depthcharge/type new file mode 100644 index 00000000..470d2844 --- /dev/null +++ b/tools/boot-keys/configs/coreboot/depthcharge/type @@ -0,0 +1 @@ +cros-firmware diff --git a/tools/boot-keys/configs/coreboot/targets b/tools/boot-keys/configs/coreboot/targets new file mode 100644 index 00000000..d7e90413 --- /dev/null +++ b/tools/boot-keys/configs/coreboot/targets @@ -0,0 +1 @@ +depthcharge diff --git a/tools/boot-keys/configs/linux-cros b/tools/boot-keys/configs/linux-cros new file mode 120000 index 00000000..9c52cb36 --- /dev/null +++ b/tools/boot-keys/configs/linux-cros @@ -0,0 +1 @@ +linux \ No newline at end of file diff --git a/tools/boot-keys/configs/linux/nyan/type b/tools/boot-keys/configs/linux/nyan/type new file mode 100644 index 00000000..adb275f4 --- /dev/null +++ b/tools/boot-keys/configs/linux/nyan/type @@ -0,0 +1 @@ +cros-kernel diff --git a/tools/boot-keys/configs/linux/targets b/tools/boot-keys/configs/linux/targets new file mode 100644 index 00000000..792768c4 --- /dev/null +++ b/tools/boot-keys/configs/linux/targets @@ -0,0 +1,2 @@ +nyan +veyron diff --git a/tools/boot-keys/configs/linux/veyron/type b/tools/boot-keys/configs/linux/veyron/type new file mode 100644 index 00000000..adb275f4 --- /dev/null +++ b/tools/boot-keys/configs/linux/veyron/type @@ -0,0 +1 @@ +cros-kernel diff --git a/tools/boot-keys/configs/targets b/tools/boot-keys/configs/targets new file mode 100644 index 00000000..019b149f --- /dev/null +++ b/tools/boot-keys/configs/targets @@ -0,0 +1,3 @@ +coreboot +linux +linux-cros -- cgit v1.2.3-70-g09d2