common.sh - OpenGrok cross reference for /external/vboot_reference/scripts/keygeneration/common.sh

Lines Matching +full:existing +full:- +full:versions +full:- +full:check
3 # Use of this source code is governed by a BSD-style license that can be
8 SCRIPT_DIR="$(dirname "$(readlink -f -- "$0")")"
69 ARV_ROOT_DIR="ApRoV1Signing-PreMP"
78 # Only allow RW firmware in non-recovery + non-miniOS.
80 # Only allow in dev mode + non-recovery + non-miniOS.
82 # Only allow in recovery mode + non-miniOS.
86 # Only allow in non-recovery + non-miniOS.
88 # Only allow in dev + recovery + non-miniOS.
90 # Only allow in non-recovery + non-miniOS, does not mean much for AP RO keys.
98 # you feel the need to change this file, check the history of that other file
103   local key_version=${3:-1}
109   openssl genrsa -F4 -out "${base}_${len}.pem" $len
110   # create a self-signed certificate
111   openssl req -batch -new -x509 -key "${base}_${len}.pem" \
112     -out "${base}_${len}.crt"
113   # generate pre-processed RSA public key
114   dumpRSAPublicKey -cert "${base}_${len}.crt" > "${base}_${len}.keyb"
118     --pack "${base}.vbpubk" \
119     --key "${base}_${len}.keyb" \
120     --version  "${key_version}" \
121     --algorithm $alg
125     --pack "${base}.vbprivk" \
126     --key "${base}_${len}.pem" \
127     --algorithm $alg
130   rm -f "${base}_${len}.pem" "${base}_${len}.crt" "${base}_${len}.keyb"
137   local pub="${dir}/update-payload-key-pub.pem"
138   openssl genrsa -out "${priv}" 2048
139   openssl rsa -pubout -in "${priv}" -out "${pub}"
155   # This is required, since the public key (as specified with --signpubkey)
164   if [[ -n "${signkey_uri}" ]]; then
172     --pack "${base}.keyblock" \
173     --flags $flags \
174     --datapubkey "${pubkey}.vbpubk" \
175     --signprivate "${signkey_priv}"
179     --unpack "${base}.keyblock" \
180     --signpubkey "${signkey_path}.vbpubk"
183 # File to read current versions from.
184 VERSION_FILE="key.versions"
189   local file="${2:-${VERSION_FILE}}"
190   awk -F= -vkey="${key}" '$1 == key { print $NF }' "${file}"
193 # Loads the current versions prints them to stdout and sets the global version
198   if [[ ! -f ${VERSION_FILE} ]]; then
216 # Make backups of existing kernel subkeys and keyblocks that will be revved.
221   if [[ ! -e kernel.keyblock ]]; then
224   mv --no-clobber kernel.{keyblock,"v$2.v$1.keyblock"}
227 # Make backups of existing kernel subkeys and keyblocks that will be revved.
235   # --no-clobber to prevent accidentally overwriting existing
237   mv --no-clobber kernel_subkey.{vbprivk,"v${subkey_ver}.vbprivk"}
238   mv --no-clobber kernel_subkey.{vbpubk,"v${subkey_ver}.vbpubk"}
242 # Make backups of existing kernel data keys and keyblocks that will be revved.
250   # --no-clobber to prevent accidentally overwriting existing
252   mv --no-clobber kernel_data_key.{vbprivk,"v${datakey_ver}.vbprivk"}
253   mv --no-clobber kernel_data_key.{vbpubk,"v${datakey_ver}.vbpubk"}
257 # Make backups of existing firmware keys and keyblocks that will be revved.
265   mv --no-clobber firmware_data_key.{vbprivk,"v${subkey_ver}.vbprivk"}
266   mv --no-clobber firmware_data_key.{vbpubk,"v${subkey_ver}.vbpubk"}
267   mv --no-clobber firmware.{keyblock,"v${datakey_ver}.v${subkey_ver}.keyblock"}
271 # Write new key version file with the updated key versions.
298   if [[ ${new_version} -gt 0xffff ]]; then
313   openssl genpkey -algorithm Ed25519 -out "${base}.priv.pem"
314   openssl pkey -in "${base}.priv.pem" -pubout -text_pub -out "${base}.pub.pem"