| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should | 6 # Generate .vbpubk and .vbprivk pairs for use by developer builds. These should |
| 7 # be exactly like the real keys except that the private keys aren't secret. | 7 # be exactly like the real keys except that the private keys aren't secret. |
| 8 | 8 |
| 9 # Load common constants and functions. | 9 # Load common constants and functions. |
| 10 . "$(dirname "$0")/common.sh" | 10 . "$(dirname "$0")/common.sh" |
| 11 | 11 |
| 12 # Mapping are in common.sh. | |
| 13 ROOT_KEY_ALGOID=11 | |
| 14 RECOVERY_KEY_ALGOID=11 | |
| 15 | |
| 16 FIRMWARE_DATAKEY_ALGOID=7 | |
| 17 DEV_FIRMWARE_DATAKEY_ALGOID=7 | |
| 18 | |
| 19 RECOVERY_KERNEL_ALGOID=11 | |
| 20 INSTALLER_KERNEL_ALGOID=11 | |
| 21 KERNEL_SUBKEY_ALGOID=7 | |
| 22 KERNEL_DATAKEY_ALGOID=4 | |
| 23 | |
| 24 # Keyblock modes determine which boot modes a signing key is valid for use | |
| 25 # in verification. | |
| 26 FIRMWARE_KEYBLOCK_MODE=7 | |
| 27 DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode. | |
| 28 RECOVERY_KERNEL_KEYBLOCK_MODE=11 | |
| 29 KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery. | |
| 30 INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery. | |
| 31 | |
| 32 # Create the normal keypairs | 12 # Create the normal keypairs |
| 33 make_pair root_key $ROOT_KEY_ALGOID | 13 make_pair root_key $ROOT_KEY_ALGOID |
| 34 make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID | 14 make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID |
| 35 make_pair dev_firmware_data_key $DEV_FIRMWARE_DATAKEY_ALGOID | 15 make_pair dev_firmware_data_key $DEV_FIRMWARE_DATAKEY_ALGOID |
| 36 make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID | 16 make_pair kernel_subkey $KERNEL_SUBKEY_ALGOID |
| 37 make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID | 17 make_pair kernel_data_key $KERNEL_DATAKEY_ALGOID |
| 38 | 18 |
| 39 # Create the recovery and factory installer keypairs | 19 # Create the recovery and factory installer keypairs |
| 40 make_pair recovery_key $RECOVERY_KEY_ALGOID | 20 make_pair recovery_key $RECOVERY_KEY_ALGOID |
| 41 make_pair recovery_kernel_data_key $RECOVERY_KERNEL_ALGOID | 21 make_pair recovery_kernel_data_key $RECOVERY_KERNEL_ALGOID |
| (...skipping 14 matching lines...) Expand all Loading... |
| 56 | 36 |
| 57 # Create the installer keyblock for use in Developer + Recovery mode | 37 # Create the installer keyblock for use in Developer + Recovery mode |
| 58 # For use in Factory Install and Developer Mode install shims. | 38 # For use in Factory Install and Developer Mode install shims. |
| 59 make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_
data_key recovery_key | 39 make_keyblock installer_kernel $INSTALLER_KERNEL_KEYBLOCK_MODE installer_kernel_
data_key recovery_key |
| 60 | 40 |
| 61 # CAUTION: The public parts of most of these blobs must be compiled into the | 41 # CAUTION: The public parts of most of these blobs must be compiled into the |
| 62 # firmware, which is built separately (and some of which can't be changed after | 42 # firmware, which is built separately (and some of which can't be changed after |
| 63 # manufacturing). If you update these keys, you must coordinate the changes | 43 # manufacturing). If you update these keys, you must coordinate the changes |
| 64 # with the BIOS people or you'll be unable to boot the resulting images. | 44 # with the BIOS people or you'll be unable to boot the resulting images. |
| 65 | 45 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6824059:
Add a script to increment kernel subkey and data key. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master