Issue 6824059: Add a script to increment kernel subkey and data key.

Issue 6824059: Add a script to increment kernel subkey and data key. (Closed)

Created:
9 years, 8 months ago by gauravsh

Modified:
9 years, 6 months ago

Reviewers:
Randall Spangler

CC:
chromium-os-reviews_chromium.org, Randall Spangler, gauravsh, Luigi Semenzato, Bill Richardson

Base URL:
ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master

Visibility:
Public.

Description

Add a script to increment kernel subkey and data key. When we do perform firmware updates, we'd like to change the kernel subkey to ensure that new firmware and Chrome OS image stay in sync. This CL adds a scripts which makes it possible to do this revving in an automated manner. The current versions rollback versions corresponding to the keyset are stored in key.versions. If we change the kernel subkey (to enforce firmware/Chrome OS lockstep), we must also update the firmware version. Similarly, since we modify the kernel subkey, we also generate a new set of kernel data keys. Thus, we also increment the kernel key version. Change-Id: I364ab50bda115991dd4f69331d37291f66abbf36 BUG=chrome-os-partner:3274, chromium-os:8016 TEST=Manually tested using a newly generated keyset. Committed: http://chrome-svn/viewvc/chromeos?view=rev&revision=41f444a

Patch Set 1 #

Patch Set 2 : Add missing create_new_keys #

Patch Set 3 : add missing versions #

Total comments: 1

Patch Set 4 : add overflow check #

Created: 9 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+127 lines, -22 lines)			Patch
M	scripts/keygeneration/common.sh	View	1	3 chunks	+24 lines, -2 lines	0 comments	Download
M	scripts/keygeneration/create_new_keys.sh	View	1	1 chunk	+0 lines, -20 lines	0 comments	Download
A	scripts/keygeneration/increment_kernel_subkey_and_key.sh	View	1 2 3	1 chunk	+99 lines, -0 lines	0 comments	Download
A	scripts/keygeneration/key.versions	View		1 chunk	+4 lines, -0 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

Randall Spangler

LGTM with one suggestion http://codereview.chromium.org/6824059/diff/2006/scripts/keygeneration/increment_kernel_subkey_and_key.sh File scripts/keygeneration/increment_kernel_subkey_and_key.sh (right): http://codereview.chromium.org/6824059/diff/2006/scripts/keygeneration/increment_kernel_subkey_and_key.sh#newcode77 scripts/keygeneration/increment_kernel_subkey_and_key.sh:77: new_kdatakey_version=$(( current_kdatakey_version + 1 )) ...

9 years, 8 months ago (2011-04-12 21:21:43 UTC) #2

gauravsh

9 years, 8 months ago (2011-04-13 00:06:10 UTC) #3

Address the suggestion and pushed.

On Tue, Apr 12, 2011 at 2:21 PM, <rspangler@chromium.org> wrote:

> LGTM with one suggestion
>
>
>
>
http://codereview.chromium.org/6824059/diff/2006/scripts/keygeneration/increm...
> File scripts/keygeneration/increment_kernel_subkey_and_key.sh (right):
>
>
>
http://codereview.chromium.org/6824059/diff/2006/scripts/keygeneration/increm...
> scripts/keygeneration/increment_kernel_subkey_and_key.sh:77:
> new_kdatakey_version=$(( current_kdatakey_version + 1 ))
> Paranoia: check for wraparound?  (if current version >= 65535, panic)


Done.


>
>
> http://codereview.chromium.org/6824059/
>



-- 
-g

Expand Messages | Collapse Messages