| Index: utility/vbutil_kernel.c
|
| diff --git a/utility/vbutil_kernel.c b/utility/vbutil_kernel.c
|
| index 893f889cb39b9a8b15fc8fba22b43ed5deadfdf2..eeae96e13d1ea160c818ccd5e63380e14300c6f8 100644
|
| --- a/utility/vbutil_kernel.c
|
| +++ b/utility/vbutil_kernel.c
|
| @@ -76,7 +76,8 @@ static int PrintHelp(char *progname) {
|
| "\n"
|
| " Required parameters:\n"
|
| " --keyblock <file> Key block in .keyblock format\n"
|
| - " --signprivate <file> Signing private key in .pem format\n"
|
| + " --signprivate <file>"
|
| + " Private key to sign kernel data, in .vbprivk format\n"
|
| " --version <number> Kernel version\n"
|
| " --vmlinuz <file> Linux kernel bzImage file\n"
|
| " --bootloader <file> Bootloader stub\n"
|
| @@ -93,7 +94,8 @@ static int PrintHelp(char *progname) {
|
| " Required parameters (of --keyblock and --config at least "
|
| "one is required):\n"
|
| " --keyblock <file> Key block in .keyblock format\n"
|
| - " --signprivate <file> Signing private key in .pem format\n"
|
| + " --signprivate <file>"
|
| + " Private key to sign kernel data, in .vbprivk format\n"
|
| " --oldblob <file> Previously packed kernel blob\n"
|
| " --config <file> New command line file\n"
|
| "\n"
|
| @@ -105,10 +107,9 @@ static int PrintHelp(char *progname) {
|
| "\nOR\n\n"
|
| "Usage: %s --verify <file> [PARAMETERS]\n"
|
| "\n"
|
| - " Required parameters:\n"
|
| - " --signpubkey <file> Signing public key in .vbpubk format\n"
|
| - "\n"
|
| " Optional:\n"
|
| + " --signpubkey <file>"
|
| + " Public key to verify kernel keyblock, in .vbpubk format\n"
|
| " --verbose Print a more detailed report\n"
|
| "\n",
|
| progname);
|
| @@ -611,22 +612,24 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) {
|
| VbKeyBlockHeader* key_block;
|
| VbKernelPreambleHeader* preamble;
|
| VbPublicKey* data_key;
|
| - VbPublicKey* sign_key;
|
| + VbPublicKey* sign_key = NULL;
|
| RSAPublicKey* rsa;
|
| blob_t* bp;
|
| uint64_t now;
|
| int rv = 1;
|
|
|
| - if (!infile || !signpubkey) {
|
| - error("Must specify filename and signpubkey\n");
|
| + if (!infile) {
|
| + error("Must specify filename\n");
|
| return 1;
|
| }
|
|
|
| /* Read public signing key */
|
| - sign_key = PublicKeyRead(signpubkey);
|
| - if (!sign_key) {
|
| - error("Error reading signpubkey.\n");
|
| - return 1;
|
| + if (signpubkey) {
|
| + sign_key = PublicKeyRead(signpubkey);
|
| + if (!sign_key) {
|
| + error("Error reading signpubkey.\n");
|
| + return 1;
|
| + }
|
| }
|
|
|
| /* Read blob */
|
| @@ -646,6 +649,8 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) {
|
|
|
| printf("Key block:\n");
|
| data_key = &key_block->data_key;
|
| + if (verbose)
|
| + printf(" Signature: %s\n", sign_key ? "valid" : "ignored");
|
| printf(" Size: 0x%" PRIx64 "\n", key_block->key_block_size);
|
| printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,
|
| (data_key->algorithm < kNumAlgorithms ?
|
| @@ -662,7 +667,7 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) {
|
| /* Verify preamble */
|
| preamble = bp->preamble;
|
| if (0 != VerifyKernelPreamble(
|
| - preamble, bp->blob_size - key_block->key_block_size, rsa)) {
|
| + preamble, bp->blob_size - key_block->key_block_size, rsa)) {
|
| error("Error verifying preamble.\n");
|
| goto verify_exit;
|
| }
|
| @@ -737,6 +742,10 @@ int main(int argc, char* argv[]) {
|
| parse_error = 1;
|
| break;
|
|
|
| + case 0:
|
| + /* silently handled option */
|
| + break;
|
| +
|
| case OPT_MODE_PACK:
|
| case OPT_MODE_REPACK:
|
| case OPT_MODE_VERIFY:
|
|
|
Chromium Code Reviews
Issue 3124004:
Changes to allow user-signed kernels to be generated. (Closed)
Base URL: ssh://gitrw.chromium.org/vboot_reference.git