Enhance 'cgpt find' command to match keyblocks if desired.

utility/dev_sign_file.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Developer file-signing utility
  */
 
 #include <errno.h>
 #include <getopt.h>
 #include <inttypes.h>  /* For PRIu64 */
@@ skipping 49 matching lines @@
           "      Private key to sign file data, in .vbprivk format\n"
           "    --vblock <file>           Output signature in .vblock format\n"
           "\n",
           progname);
   fprintf(stderr,
           "OR\n\n"
           "Usage:  %s --verify <file> [PARAMETERS]\n"
           "\n"
           "  Required parameters:\n"
           "    --vblock <file>           Signature file in .vblock format\n"
+          "\n"
+          "  Optional parameters:\n"
+          "    --keyblock <file>"
+          "         Extract .keyblock to file if verification succeeds\n"
           "\n",
           progname);
   return 1;
 }
 
 static void Debug(const char *format, ...) {
   if (!opt_debug)
     return;
 
   va_list ap;
@@ skipping 78 matching lines @@
   Free(preamble);
   Free(body_sig);
   Free(signing_key);
   Free(key_block);
   Free(file_data);
 
   /* Success */
   return 0;
 }
 
-static int Verify(const char* filename, const char* vblock_file) {
+static int Verify(const char* filename, const char* vblock_file,
+                  const char* keyblock_file) {
   uint8_t* file_data;
   uint64_t file_size;
   uint8_t* buf;
   uint64_t buf_size;
   VbKeyBlockHeader* key_block;
   VbKernelPreambleHeader* preamble;
   VbPublicKey* data_key;
   RSAPublicKey* rsa;
   uint64_t current_buf_offset = 0;
 
@@ skipping 70 matching lines @@
          preamble->bootloader_address);
   printf("  Bootloader size:     0x%" PRIx64 "\n", preamble->bootloader_size);
 
   /* Verify body */
   if (0 != VerifyData(file_data, file_size, &preamble->body_signature, rsa)) {
     error("Error verifying kernel body.\n");
     return 1;
   }
   printf("Body verification succeeded.\n");
 
+  if (keyblock_file) {
+    if (0 != WriteFile(keyblock_file, key_block, key_block->key_block_size)) {
+      error("Unable to export keyblock file\n");
+      return 1;
+    }
+    printf("Key block exported to %s\n", keyblock_file);
+  }
+
   return 0;
 }
 
 
 int main(int argc, char* argv[]) {
   char* filename = NULL;
   char* keyblock_file = NULL;
   char* signprivate_file = NULL;
   char* vblock_file = NULL;
   int mode = 0;
@@ skipping 53 matching lines @@
         fprintf(stderr, "Some required options are missing\n");
         return PrintHelp(progname);
       }
       return Sign(filename, keyblock_file, signprivate_file, vblock_file);
 
     case OPT_MODE_VERIFY:
       if (!vblock_file) {
         fprintf(stderr, "Some required options are missing\n");
         return PrintHelp(progname);
       }
-      return Verify(filename, vblock_file);
+      return Verify(filename, vblock_file, keyblock_file);
 
     default:
       fprintf(stderr,
               "You must specify either --sign or --verify\n");
       return PrintHelp(progname);
   }
 
   /* NOTREACHED */
   return 1;
 }