OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Script to resign a firmware image using a different set of keys | 7 # Script to resign a firmware image using a different set of keys |
8 # for use on signing servers. | 8 # for use on signing servers. |
9 # | 9 # |
10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock | 10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at | 47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at |
48 # offset 0x00008000 and size 0x00002000). | 48 # offset 0x00008000 and size 0x00002000). |
49 | 49 |
50 # Load common constants and variables. | 50 # Load common constants and variables. |
51 . "$(dirname "$0")/common_minimal.sh" | 51 . "$(dirname "$0")/common_minimal.sh" |
52 | 52 |
53 # Abort on error | 53 # Abort on error |
54 set -e | 54 set -e |
55 | 55 |
56 # Check arguments | 56 # Check arguments |
57 if [ $# -lt 5 ] || [ $# -gt 6 ]; then | 57 if [ $# -lt 7 ] || [ $# -gt 8 ]; then |
58 echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\ | 58 echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\ |
59 "kernel_subkey [version]" | 59 "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version]" |
60 exit 1 | 60 exit 1 |
61 fi | 61 fi |
62 | 62 |
63 # Make sure the tools we need are available. | 63 # Make sure the tools we need are available. |
64 for prog in mosys vbutil_firmware; do | 64 for prog in mosys vbutil_firmware; do |
65 type "${prog}" &>/dev/null || \ | 65 type "${prog}" &>/dev/null || \ |
66 { echo "${prog} tool not found."; exit 1; } | 66 { echo "${prog} tool not found."; exit 1; } |
67 done | 67 done |
68 | 68 |
69 SRC_FD=$1 | 69 SRC_FD=$1 |
70 DST_FD=$2 | 70 DST_FD=$2 |
71 FIRMWARE_DATAKEY=$3 | 71 FIRMWARE_DATAKEY=$3 |
72 FIRMWARE_KEYBLOCK=$4 | 72 FIRMWARE_KEYBLOCK=$4 |
73 KERNEL_SUBKEY=$5 | 73 DEV_FIRMWARE_DATAKEY=$5 |
74 VERSION=$6 | 74 DEV_FIRMWARE_KEYBLOCK=$6 |
| 75 KERNEL_SUBKEY=$7 |
| 76 VERSION=$8 |
75 | 77 |
76 if [ -z $VERSION ]; then | 78 if [ -z $VERSION ]; then |
77 VERSION=1 | 79 VERSION=1 |
78 fi | 80 fi |
79 echo "Using firmware version: $VERSION" | 81 echo "Using firmware version: $VERSION" |
80 | 82 |
81 # Parse offsets and size of firmware data and vblocks | 83 # Parse offsets and size of firmware data and vblocks |
82 for i in "A" "B" | 84 for i in "A" "B" |
83 do | 85 do |
84 line=$(mosys -f -k eeprom map $1 | grep "$i Key") || | 86 line=$(mosys -f -k eeprom map $1 | grep "$i Key") || |
(...skipping 13 matching lines...) Expand all Loading... |
98 | 100 |
99 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" | 101 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" |
100 eval fw${i}_offset=$((offset)) | 102 eval fw${i}_offset=$((offset)) |
101 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" | 103 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" |
102 eval fw${i}_size=$((size)) | 104 eval fw${i}_size=$((size)) |
103 done | 105 done |
104 | 106 |
105 temp_fwimage=$(make_temp_file) | 107 temp_fwimage=$(make_temp_file) |
106 temp_out_vb=$(make_temp_file) | 108 temp_out_vb=$(make_temp_file) |
107 | 109 |
108 # Extract out Firmware A data and generate signature using the right keys | 110 # Extract out Firmware A data and generate signature using the right keys. |
| 111 # Firmware A is the dev firmware. |
109 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \ | 112 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \ |
110 count="${fwA_size}" | 113 count="${fwA_size}" |
111 | 114 |
112 echo "Re-calculating Firmware A vblock" | 115 echo "Re-calculating Firmware A vblock" |
113 vbutil_firmware \ | 116 vbutil_firmware \ |
114 --vblock "${temp_out_vb}" \ | 117 --vblock "${temp_out_vb}" \ |
115 --keyblock "${FIRMWARE_KEYBLOCK}" \ | 118 --keyblock "${DEV_FIRMWARE_KEYBLOCK}" \ |
116 --signprivate "${FIRMWARE_DATAKEY}" \ | 119 --signprivate "${DEV_FIRMWARE_DATAKEY}" \ |
117 --version "${VERSION}" \ | 120 --version "${VERSION}" \ |
118 --fv "${temp_fwimage}" \ | 121 --fv "${temp_fwimage}" \ |
119 --kernelkey "${KERNEL_SUBKEY}" | 122 --kernelkey "${KERNEL_SUBKEY}" |
120 | 123 |
121 # Create a copy of the input image and put in the new vblock for firmware A | 124 # Create a copy of the input image and put in the new vblock for firmware A |
122 cp "${SRC_FD}" "${DST_FD}" | 125 cp "${SRC_FD}" "${DST_FD}" |
123 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwA_vblock_offset}" bs=1 \ | 126 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwA_vblock_offset}" bs=1 \ |
124 count="${fwA_vblock_size}" conv=notrunc | 127 count="${fwA_vblock_size}" conv=notrunc |
125 | 128 |
126 # Repeat for firmware B | 129 # Firmware B is the normal firmware. |
127 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \ | 130 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \ |
128 count="${fwB_size}" | 131 count="${fwB_size}" |
129 echo "Re-calculating Firmware B vblock" | 132 echo "Re-calculating Firmware B vblock" |
130 vbutil_firmware \ | 133 vbutil_firmware \ |
131 --vblock "${temp_out_vb}" \ | 134 --vblock "${temp_out_vb}" \ |
132 --keyblock "${FIRMWARE_KEYBLOCK}" \ | 135 --keyblock "${FIRMWARE_KEYBLOCK}" \ |
133 --signprivate "${FIRMWARE_DATAKEY}" \ | 136 --signprivate "${FIRMWARE_DATAKEY}" \ |
134 --version "${VERSION}" \ | 137 --version "${VERSION}" \ |
135 --fv "${temp_fwimage}" \ | 138 --fv "${temp_fwimage}" \ |
136 --kernelkey "${KERNEL_SUBKEY}" | 139 --kernelkey "${KERNEL_SUBKEY}" |
137 | 140 |
138 # Destination image has already been created. | 141 # Destination image has already been created. |
139 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwB_vblock_offset}" bs=1 \ | 142 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwB_vblock_offset}" bs=1 \ |
140 count="${fwB_vblock_size}" conv=notrunc | 143 count="${fwB_vblock_size}" conv=notrunc |
141 | 144 |
142 echo "New signed image was output to ${DST_FD}" | 145 echo "New signed image was output to ${DST_FD}" |
OLD | NEW |