libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit bfa02282620cdeca363bdafd18d68670e151e5a5
parent 0466ef18ef6748753b2f205a2169e85c73ae2d8e
Author: Paul Kocialkowski <contact@paulk.fr>
Date:   Sun, 25 Dec 2016 21:27:41 +0100

tools: Add boot-keys tool to handle keys and images verification

Signed-off-by: Paul Kocialkowski <contact@paulk.fr>

Diffstat:
tools/boot-keys/boot-keys | 117+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/boot-keys/boot-keys-helper | 72++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/boot-keys/configs/coreboot/depthcharge/type | 1+
tools/boot-keys/configs/coreboot/targets | 1+
tools/boot-keys/configs/linux-cros | 2++
tools/boot-keys/configs/linux/nyan/type | 1+
tools/boot-keys/configs/linux/targets | 2++
tools/boot-keys/configs/linux/veyron/type | 1+
tools/boot-keys/configs/targets | 3+++
9 files changed, 200 insertions(+), 0 deletions(-)

diff --git a/tools/boot-keys/boot-keys b/tools/boot-keys/boot-keys @@ -0,0 +1,117 @@ +#!/bin/bash + +# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +usage() { + tool_usage_actions "$tool" "generate" "sign" "verify" +} + +generate() { + local type=$( boot_keys_type "$@" ) + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + case $type in + "cros"*) + boot_keys_cros "cros-boot-keys" "generate" + ;; + esac +} + +sign() { + local project=$1 + + local prepare_files=$( boot_keys_files "$@" ) + local type=$( boot_keys_type "$@" ) + local install_path + local firmware_path + local kernel_path + local media + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + echo "$prepare_files" | while read install_path + do + case $type in + "cros-firmware") + firmware_path="$install_path/$project.$ROM" + + boot_keys_cros "$type-prepare" "sign" "$firmware_path" + ;; + "cros-kernel") + media=$( project_action "media" "$@" ) + + for medium in $media + do + kernel_path="$install_path/$KERNEL-$medium.$IMG" + + if [ -f "$kernel_path" ] + then + boot_keys_cros "$type-prepare" "sign" "$kernel_path" + else + boot_keys_cros "$type-prepare" "pack" "$install_path" "$medium" + fi + done + ;; + esac + done +} + +verify() { + local project=$1 + + local prepare_files=$( boot_keys_files "$@" ) + local type=$( boot_keys_type "$@" ) + local install_path + local firmware_path + local kernel_path + local media + + if [ -z "$type" ] + then + printf "Unable to determine keys type\n" >&2 + return 1 + fi + + echo "$prepare_files" | while read install_path + do + case $type in + "cros-firmware") + firmware_path="$install_path/$project.$ROM" + + boot_keys_cros "$type-prepare" "verify" "$firmware_path" + ;; + "cros-kernel") + media=$( project_action "media" "$@" ) + + for medium in $media + do + kernel_path="$install_path/$KERNEL-$medium.$IMG" + + boot_keys_cros "$type-prepare" "verify" "$kernel_path" + done + ;; + esac + done +} diff --git a/tools/boot-keys/boot-keys-helper b/tools/boot-keys/boot-keys-helper @@ -0,0 +1,72 @@ +#!/bin/bash + +KERNEL="kernel" +TYPE="type" +ROM="rom" +IMG="img" + +boot_keys_cros() { + local cros_script=$1 + shift + + local vboot_tools_path=$( project_install_path "vboot" "tools" ) + local cros_scripts_path=$( project_install_path "cros-scripts" ) + local cros_script_path="$cros_scripts_path/$cros_script" + + if ! [ -x "$cros_script_path" ] + then + printf "$cros_script script missing from cros-scripts install" >&2 + return 1 + fi + + VBOOT_KEYS_PATH=$VBOOT_KEYS_PATH VBOOT_TOOLS_PATH=$vboot_tools_path $cros_script_path "$@" +} + +boot_keys_type() { + tool_file_contents "$tool" "$CONFIGS" "$TYPE" "$@" +} + +boot_keys_files_install_path() { + local project=$1 + shift + + local helper_arguments + local argument + local ifs_save + + helper_arguments=$( project_action_helper "arguments" "$project" "$@" ) + + + if [ $? -ne 0 ] || [ -z "$helper_arguments" ] + then + project_install_path "$project" "$@" + else + # This it to allow space characters in arguments. + ifs_save=$IFS + IFS=$'\n' + + for argument in $( echo "$helper_arguments" ) + do + ( + IFS=$ifs_save + + # Only a single argument at a time is returned by the helper. + boot_keys_files_install_path "$project" "$@" "$argument" + ) + done + + IFS=$ifs_save + fi +} + +boot_keys_files() { + local project=$1 + shift + + local cros_scripts_path=$( project_install_path "cros-scripts" ) + local cros_boot_keys="$cros_scripts_path/cros-boot-keys" + + project_action_arguments_verify_recursive "install" "$project" "$@" + + boot_keys_files_install_path "$project" "$@" +} diff --git a/tools/boot-keys/configs/coreboot/depthcharge/type b/tools/boot-keys/configs/coreboot/depthcharge/type @@ -0,0 +1 @@ +cros-firmware diff --git a/tools/boot-keys/configs/coreboot/targets b/tools/boot-keys/configs/coreboot/targets @@ -0,0 +1 @@ +depthcharge diff --git a/tools/boot-keys/configs/linux-cros b/tools/boot-keys/configs/linux-cros @@ -0,0 +1 @@ +linux+ \ No newline at end of file diff --git a/tools/boot-keys/configs/linux/nyan/type b/tools/boot-keys/configs/linux/nyan/type @@ -0,0 +1 @@ +cros-kernel diff --git a/tools/boot-keys/configs/linux/targets b/tools/boot-keys/configs/linux/targets @@ -0,0 +1,2 @@ +nyan +veyron diff --git a/tools/boot-keys/configs/linux/veyron/type b/tools/boot-keys/configs/linux/veyron/type @@ -0,0 +1 @@ +cros-kernel diff --git a/tools/boot-keys/configs/targets b/tools/boot-keys/configs/targets @@ -0,0 +1,3 @@ +coreboot +linux +linux-cros