scripts/keygeneration/common.sh - Issue 6824059: Add a script to increment kernel subkey and data key.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: scripts/keygeneration/common.sh

Issue 6824059: Add a script to increment kernel subkey and data key. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master

Patch Set: add overflow check Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: scripts/keygeneration/common.sh

diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh

index 0e1a6dfd54552710314b158ba17430fc609bfea3..1d08fdbe38206b7a76ae526fab20e602d47b01f5 100755

--- a/scripts/keygeneration/common.sh

+++ b/scripts/keygeneration/common.sh

@@ -23,6 +23,27 @@ function alg_to_keylen {

echo $(( 1 << (10 + ($1 / 3)) ))

}

+# Default alrogithms.

+ROOT_KEY_ALGOID=11

+RECOVERY_KEY_ALGOID=11

+FIRMWARE_DATAKEY_ALGOID=7

+DEV_FIRMWARE_DATAKEY_ALGOID=7

+RECOVERY_KERNEL_ALGOID=11

+INSTALLER_KERNEL_ALGOID=11

+KERNEL_SUBKEY_ALGOID=7

+KERNEL_DATAKEY_ALGOID=4

+# Keyblock modes determine which boot modes a signing key is valid for use

+# in verification.

+FIRMWARE_KEYBLOCK_MODE=7

+DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode.

+RECOVERY_KERNEL_KEYBLOCK_MODE=11

+KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery.

+INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery.

# Emit .vbpubk and .vbprivk using given basename and algorithm

# NOTE: This function also appears in ../../utility/dev_make_keypair. Making

# the two implementations the same would require some common.sh, which is more

@@ -32,9 +53,10 @@ function alg_to_keylen {

function make_pair {

local base=$1

local alg=$2

+ local key_version=${3:-1}

local len=$(alg_to_keylen $alg)

- echo "creating $base keypair..."

+ echo "creating $base keypair (version = $key_version)..."

# make the RSA keypair

openssl genrsa -F4 -out "${base}_${len}.pem" $len

@@ -48,7 +70,7 @@ function make_pair {

vbutil_key \

--pack "${base}.vbpubk" \

--key "${base}_${len}.keyb" \

- --version 1 \

+ --version "${key_version}" \

--algorithm $alg

# wrap the private key

« no previous file with comments | « no previous file | scripts/keygeneration/create_new_keys.sh » ('j') | no next file with comments »