cros-kernel-prepare 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. #!/usr/bin/env bash
  2. # Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
  3. #
  4. # This program is free software: you can redistribute it and/or modify
  5. # it under the terms of the GNU General Public License as published by
  6. # the Free Software Foundation, either version 3 of the License, or
  7. # (at your option) any later version.
  8. #
  9. # This program is distributed in the hope that it will be useful,
  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. # GNU General Public License for more details.
  13. #
  14. # You should have received a copy of the GNU General Public License
  15. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  16. KEYBLOCK="keyblock"
  17. VBPRIVK="vbprivk"
  18. VBPUBK="vbpubk"
  19. ARCH="arch"
  20. CMDLINE="cmdline"
  21. BOOTLOADER="bootloader"
  22. KERNEL="kernel"
  23. ITS="its"
  24. FIT="fit"
  25. IMG="img"
  26. usage() {
  27. printf '%s\n' "$executable [action] [kernel files|kernel image] [medium]" >&2
  28. printf '\n%s\n' 'Actions:' >&2
  29. printf '%s\n' ' pack - Pack kernel files to a medium-specific image' >&2
  30. printf '%s\n' ' sign - Sign kernel image' >&2
  31. printf '%s\n' ' verify - Very kernel image signatures' >&2
  32. printf '\n%s\n' 'Medium:' >&2
  33. printf '%s\n' ' usb - External USB storage' >&2
  34. printf '%s\n' ' mmc - External SD card storage' >&2
  35. printf '%s\n' ' emmc - Internal storage' >&2
  36. printf '\n%s\n' 'Environment variables:' >&2
  37. printf '%s\n' ' VBOOT_KEYS_PATH - Path to the vboot keys' >&2
  38. printf '%s\n' ' VBOOT_TOOLS_PATH - Path to vboot tools' >&2
  39. }
  40. pack() {
  41. local kernel_files_path=$1
  42. local medium=$2
  43. local arch_path="$kernel_files_path/$ARCH"
  44. local arch=$( cat "$arch_path" )
  45. local cmdline_path="$kernel_files_path/$CMDLINE-$medium"
  46. local bootloader_path="$kernel_files_path/$BOOTLOADER"
  47. local kernel_its_path="$kernel_files_path/$KERNEL.$ITS"
  48. local kernel_fit_path="$kernel_files_path/$KERNEL.$FIT"
  49. local kernel_image_path="$kernel_files_path/$KERNEL-$medium.$IMG"
  50. mkimage -f "$kernel_its_path" "$kernel_fit_path"
  51. futility vbutil_kernel --pack "$kernel_image_path" --version 1 --arch "$arch" --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --config "$cmdline_path" --vmlinuz "$kernel_fit_path" --bootloader "$bootloader_path"
  52. printf '\n%s\n' "Packed kernel image $kernel_image_path"
  53. }
  54. sign() {
  55. local kernel_image_path=$1
  56. futility vbutil_kernel --repack "$kernel_image_path" --version 1 --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --oldblob "$kernel_image_path"
  57. printf '\n%s\n' "Signed kernel image $kernel_image_path"
  58. }
  59. verify() {
  60. local kernel_image_path=$1
  61. futility vbutil_kernel --verify "$kernel_image_path" --signpubkey "$VBOOT_KEYS_PATH/kernel_subkey.$VBPUBK"
  62. printf '\n%s\n' "Verified kernel image $kernel_image_path"
  63. }
  64. requirements() {
  65. local requirement
  66. local requirement_path
  67. for requirement in "$@"
  68. do
  69. requirement_path=$( which "$requirement" || true )
  70. if [ -z "$requirement_path" ]
  71. then
  72. printf '%s\n' "Missing requirement: $requirement" >&2
  73. exit 1
  74. fi
  75. done
  76. }
  77. setup() {
  78. root=$(readlink -f "$( dirname "$0" )" )
  79. executable=$( basename "$0" )
  80. if ! [ -z "$VBOOT_TOOLS_PATH" ]
  81. then
  82. PATH="$PATH:$VBOOT_TOOLS_PATH"
  83. fi
  84. if [ -z "$VBOOT_KEYS_PATH" ]
  85. then
  86. if ! [ -z "$VBOOT_TOOLS_PATH" ] && [ -d "$VBOOT_TOOLS_PATH/devkeys" ]
  87. then
  88. VBOOT_KEYS_PATH="$VBOOT_TOOLS_PATH/devkeys"
  89. else
  90. VBOOT_KEYS_PATH="/usr/share/vboot/devkeys"
  91. fi
  92. fi
  93. }
  94. cros_kernel_prepare() {
  95. local action=$1
  96. local kernel_files_path=$2
  97. local kernel_image_path=$2
  98. local medium=$3
  99. set -e
  100. setup "$@"
  101. if [ -z "$action" ] || [ -z "$kernel_files_path" ] || [ -z "$kernel_image_path" ]
  102. then
  103. usage
  104. exit 1
  105. fi
  106. case $action in
  107. "pack")
  108. if [ -z "$medium" ]
  109. then
  110. usage
  111. exit 1
  112. fi
  113. requirements "mkimage" "futility"
  114. pack "$kernel_files_path" "$medium"
  115. ;;
  116. "sign")
  117. requirements "futility"
  118. sign "$kernel_image_path"
  119. ;;
  120. "verify")
  121. requirements "futility"
  122. verify "$kernel_image_path"
  123. ;;
  124. *)
  125. usage
  126. exit 1
  127. ;;
  128. esac
  129. }
  130. cros_kernel_prepare "$@"