| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should | 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should |
| 7 # be exactly like the real keys except that the private keys aren't secret. | 7 # be exactly like the real keys except that the private keys aren't secret. |
| 8 | 8 |
| 9 | 9 |
| 10 # 0 = (RSA1024 SHA1) | 10 # 0 = (RSA1024 SHA1) |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 local len=$(alg_to_keylen $alg) | 35 local len=$(alg_to_keylen $alg) |
| 36 | 36 |
| 37 echo "creating $base keypair..." | 37 echo "creating $base keypair..." |
| 38 | 38 |
| 39 # make the RSA keypair | 39 # make the RSA keypair |
| 40 openssl genrsa -F4 -out "${base}_${len}.pem" $len | 40 openssl genrsa -F4 -out "${base}_${len}.pem" $len |
| 41 # create a self-signed certificate | 41 # create a self-signed certificate |
| 42 openssl req -batch -new -x509 -key "${base}_${len}.pem" \ | 42 openssl req -batch -new -x509 -key "${base}_${len}.pem" \ |
| 43 -out "${base}_${len}.crt" | 43 -out "${base}_${len}.crt" |
| 44 # generate pre-processed RSA public key | 44 # generate pre-processed RSA public key |
| 45 dumpRSAPublicKey "${base}_${len}.crt" > "${base}_${len}.keyb" | 45 dumpRSAPublicKey -cert "${base}_${len}.crt" > "${base}_${len}.keyb" |
| 46 | 46 |
| 47 # wrap the public key | 47 # wrap the public key |
| 48 vbutil_key \ | 48 vbutil_key \ |
| 49 --pack "${base}.vbpubk" \ | 49 --pack "${base}.vbpubk" \ |
| 50 --key "${base}_${len}.keyb" \ | 50 --key "${base}_${len}.keyb" \ |
| 51 --version 1 \ | 51 --version 1 \ |
| 52 --algorithm $alg | 52 --algorithm $alg |
| 53 | 53 |
| 54 # wrap the private key | 54 # wrap the private key |
| 55 vbutil_key \ | 55 vbutil_key \ |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 | 114 |
| 115 # Create the installer keyblock for use in Developer + Recovery mode | 115 # Create the installer keyblock for use in Developer + Recovery mode |
| 116 # For use in Factory Install and Developer Mode install shims. | 116 # For use in Factory Install and Developer Mode install shims. |
| 117 make_keyblock installer_kernel 10 installer_kernel_data_key recovery_key | 117 make_keyblock installer_kernel 10 installer_kernel_data_key recovery_key |
| 118 | 118 |
| 119 # CAUTION: The public parts of most of these blobs must be compiled into the | 119 # CAUTION: The public parts of most of these blobs must be compiled into the |
| 120 # firmware, which is built separately (and some of which can't be changed after | 120 # firmware, which is built separately (and some of which can't be changed after |
| 121 # manufacturing). If you update these keys, you must coordinate the changes | 121 # manufacturing). If you update these keys, you must coordinate the changes |
| 122 # with the BIOS people or you'll be unable to boot the resulting images. | 122 # with the BIOS people or you'll be unable to boot the resulting images. |
| 123 | 123 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4215006:
Make dumpRSAPublicKey also accept a public key in PEM format (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git