| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should | 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should |
| 7 # be exactly like the real keys except that the private keys aren't secret. | 7 # be exactly like the real keys except that the private keys aren't secret. |
| 8 | 8 |
| 9 | 9 |
| 10 # 0 = (RSA1024 SHA1) | 10 # 0 = (RSA1024 SHA1) |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 } | 90 } |
| 91 | 91 |
| 92 | 92 |
| 93 | 93 |
| 94 # Create the normal keypairs | 94 # Create the normal keypairs |
| 95 make_pair root_key 11 | 95 make_pair root_key 11 |
| 96 make_pair firmware_data_key 7 | 96 make_pair firmware_data_key 7 |
| 97 make_pair kernel_subkey 7 | 97 make_pair kernel_subkey 7 |
| 98 make_pair kernel_data_key 4 | 98 make_pair kernel_data_key 4 |
| 99 | 99 |
| 100 # Create the recovery keypairs | 100 # Create the recovery and factory installer keypairs |
| 101 make_pair recovery_key 11 | 101 make_pair recovery_key 11 |
| 102 make_pair recovery_kernel_data_key 11 | 102 make_pair recovery_kernel_data_key 11 |
| 103 | 103 make_pair installer_kernel_data_key 11 |
| 104 | 104 |
| 105 # Create the firmware keyblock for use only in Normal mode. This is redundant, | 105 # Create the firmware keyblock for use only in Normal mode. This is redundant, |
| 106 # since it's never even checked during Recovery mode. | 106 # since it's never even checked during Recovery mode. |
| 107 make_keyblock firmware 7 firmware_data_key root_key | 107 make_keyblock firmware 7 firmware_data_key root_key |
| 108 | 108 |
| 109 # Create the recovery kernel keyblock for use only in Recovery mode. | 109 # Create the recovery kernel keyblock for use only in Recovery mode. |
| 110 make_keyblock recovery_kernel 11 recovery_kernel_data_key recovery_key | 110 make_keyblock recovery_kernel 11 recovery_kernel_data_key recovery_key |
| 111 | 111 |
| 112 # Create the normal kernel keyblock for use only in Normal mode. | 112 # Create the normal kernel keyblock for use only in Normal mode. |
| 113 make_keyblock kernel 7 kernel_data_key kernel_subkey | 113 make_keyblock kernel 7 kernel_data_key kernel_subkey |
| 114 | 114 |
| 115 # Create the installer keyblock for use in Developer + Recovery mode | 115 # Create the installer keyblock for use in Developer + Recovery mode |
| 116 # For use in Factory Install and Developer Mode install shims. | 116 # For use in Factory Install and Developer Mode install shims. |
| 117 make_keyblock installer_kernel 10 recovery_kernel_data_key recovery_key | 117 make_keyblock installer_kernel 10 installer_kernel_data_key recovery_key |
| 118 | 118 |
| 119 # CAUTION: The public parts of most of these blobs must be compiled into the | 119 # CAUTION: The public parts of most of these blobs must be compiled into the |
| 120 # firmware, which is built separately (and some of which can't be changed after | 120 # firmware, which is built separately (and some of which can't be changed after |
| 121 # manufacturing). If you update these keys, you must coordinate the changes | 121 # manufacturing). If you update these keys, you must coordinate the changes |
| 122 # with the BIOS people or you'll be unable to boot the resulting images. | 122 # with the BIOS people or you'll be unable to boot the resulting images. |
| 123 | 123 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3824005:
Make the factory installer keyblock use a different kernel key than the recovery key. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git