qmastery
/
libreboot
разклонено от libreboot/obsolete-repository-preserved-for-historical-purposes


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
							#!/usr/bin/env bash

# Copyright (C) 2016 Paul Kocialkowski <contact@paulk.fr>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

KEYBLOCK="keyblock"
VBPRIVK="vbprivk"
VBPUBK="vbpubk"
ARCH="arch"
CMDLINE="cmdline"
BOOTLOADER="bootloader"
KERNEL="kernel"
ITS="its"
FIT="fit"
IMG="img"

usage() {
	printf 1>&2 '%s\n' "$executable [action] [kernel files|kernel image] [medium]"

	printf 1>&2 '\n%s\n' 'Actions:'
	printf 1>&2 '%s\n' '  pack - Pack kernel files to a medium-specific image'
	printf 1>&2 '%s\n' '  sign - Sign kernel image'
	printf 1>&2 '%s\n' '  verify - Very kernel image signatures'

	printf 1>&2 '\n%s\n' 'Medium:'
	printf 1>&2 '%s\n' '  usb - External USB storage'
	printf 1>&2 '%s\n' '  mmc - External SD card storage'
	printf 1>&2 '%s\n' '  emmc - Internal storage'

	printf 1>&2 '\n%s\n' 'Environment variables:'
	printf 1>&2 '%s\n' '  VBOOT_KEYS_PATH - Path to the vboot keys'
	printf 1>&2 '%s\n' '  VBOOT_TOOLS_PATH - Path to vboot tools'
}

pack() {
	local kernel_files_path=$1
	local medium=$2

	local arch_path="$kernel_files_path/$ARCH"
	local arch=$( cat "$arch_path" )
	local cmdline_path="$kernel_files_path/$CMDLINE-$medium"
	local bootloader_path="$kernel_files_path/$BOOTLOADER"
	local kernel_its_path="$kernel_files_path/$KERNEL.$ITS"
	local kernel_fit_path="$kernel_files_path/$KERNEL.$FIT"
	local kernel_image_path="$kernel_files_path/$KERNEL-$medium.$IMG"

	mkimage -f "$kernel_its_path" "$kernel_fit_path"
	futility vbutil_kernel --pack "$kernel_image_path" --version 1 --arch "$arch" --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --config "$cmdline_path" --vmlinuz "$kernel_fit_path" --bootloader "$bootloader_path"

	printf '\n%s\n' "Packed kernel image $kernel_image_path"
}

sign() {
	local kernel_image_path=$1

	futility vbutil_kernel --repack "$kernel_image_path" --version 1 --keyblock "$VBOOT_KEYS_PATH/kernel.$KEYBLOCK" --signprivate "$VBOOT_KEYS_PATH/kernel_data_key.$VBPRIVK" --oldblob "$kernel_image_path"

	printf '\n%s\n' "Signed kernel image $kernel_image_path"
}

verify() {
	local kernel_image_path=$1

	futility vbutil_kernel --verify "$kernel_image_path" --signpubkey "$VBOOT_KEYS_PATH/kernel_subkey.$VBPUBK"

	printf '\n%s\n' "Verified kernel image $kernel_image_path"
}

requirements() {
	local requirement
	local requirement_path

	for requirement in "$@"
	do
		requirement_path=$( which "$requirement" || true )

		if [ -z "$requirement_path" ]
		then
			printf 1>&2 '%s\n' "Missing requirement: $requirement"
			exit 1
		fi
	done
}

setup() {
	root=$(readlink -f "$( dirname "$0" )" )
	executable=$( basename "$0" )

	if ! [ -z "$VBOOT_TOOLS_PATH" ]
	then
		PATH="$PATH:$VBOOT_TOOLS_PATH"
	fi

	if [ -z "$VBOOT_KEYS_PATH" ]
	then
		if ! [ -z "$VBOOT_TOOLS_PATH" ] && [ -d "$VBOOT_TOOLS_PATH/devkeys" ]
		then
			VBOOT_KEYS_PATH="$VBOOT_TOOLS_PATH/devkeys"
		else
			VBOOT_KEYS_PATH="/usr/share/vboot/devkeys"
		fi
	fi
}

cros_kernel_prepare() {
	local action=$1
	local kernel_files_path=$2
	local kernel_image_path=$2
	local medium=$3

	set -e

	setup "$@"

	if [ -z "$action" ] || [ -z "$kernel_files_path" ] || [ -z "$kernel_image_path" ]
	then
		usage
		exit 1
	fi

	case $action in
		"pack")
			if [ -z "$medium" ]
			then
				usage
				exit 1
			fi

			requirements "mkimage" "futility"
			pack "$kernel_files_path" "$medium"
			;;
		"sign")
			requirements "futility"
			sign "$kernel_image_path"
			;;
		"verify")
			requirements "futility"
			verify "$kernel_image_path"
			;;
		*)
			usage
			exit 1
			;;
	esac
}

cros_kernel_prepare "$@"