OLD | NEW |
(Empty) | |
| 1 #!/bin/bash |
| 2 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. |
| 5 # |
| 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should |
| 7 # be exactly like the real keys except that the private keys aren't secret. |
| 8 |
| 9 # Load common constants and functions. |
| 10 . "$(dirname "$0")/common.sh" |
| 11 |
| 12 # Mapping are in common.sh. |
| 13 ROOT_KEY_ALGOID=11 |
| 14 RECOVERY_KEY_ALGOID=11 |
| 15 |
| 16 FIRMWARE_DATAKEY_ALGOID=7 |
| 17 DEV_FIRMWARE_DATAKEY_ALGOID=7 |
| 18 |
| 19 RECOVERY_KERNEL_ALGOID=11 |
| 20 INSTALLER_KERNEL_ALGOID=11 |
| 21 KERNEL_SUBKEY_ALGOID=7 |
| 22 KERNEL_DATAKEY_ALGOID=4 |
| 23 |
| 24 # Keyblock modes determine which boot modes a signing key is valid for use |
| 25 # in verification. |
| 26 FIRMWARE_KEYBLOCK_MODE=7 |
| 27 DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode. |
| 28 RECOVERY_KERNEL_KEYBLOCK_MODE=11 |
| 29 KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery. |
| 30 INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery. |
| 31 |
| 32 # Create the normal keypairs |
| 33 make_pair root_key $ROOT_KEY_ALGOID |
| 34 make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID |
| 35 make_pair dev_firmware_data_key $DEV_FIRMWARE_DATAKEY_ALGOID |
| 36 make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID |
| 37 make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID |
| 38 |
| 39 # Create the recovery and factory installer keypairs |
| 40 make_pair recovery_key $RECOVERY_KEY_ALGOID |
| 41 make_pair recovery_kernel_data_key $RECOVERY_KERNEL_ALGOID |
| 42 make_pair installer_kernel_data_key $INSTALLER_KERNEL_ALGOID |
| 43 |
| 44 # Create the firmware keyblock for use only in Normal mode. This is redundant, |
| 45 # since it's never even checked during Recovery mode. |
| 46 make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key |
| 47 |
| 48 # Create the dev firmware keyblock for use only in Developer mode. |
| 49 make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key roo
t_key |
| 50 |
| 51 # Create the recovery kernel keyblock for use only in Recovery mode. |
| 52 make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_dat
a_key recovery_key |
| 53 |
| 54 # Create the normal kernel keyblock for use only in Normal mode. |
| 55 make_keyblock kernel $KERNEL_KEYBLOCK_MODE kernel_data_key kernel_subkey |
| 56 |
| 57 # Create the installer keyblock for use in Developer + Recovery mode |
| 58 # For use in Factory Install and Developer Mode install shims. |
| 59 make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_
data_key recovery_key |
| 60 |
| 61 # CAUTION: The public parts of most of these blobs must be compiled into the |
| 62 # firmware, which is built separately (and some of which can't be changed after |
| 63 # manufacturing). If you update these keys, you must coordinate the changes |
| 64 # with the BIOS people or you'll be unable to boot the resulting images. |
| 65 |
OLD | NEW |