1#!/bin/bash 2# Copyright 2018 The ChromiumOS Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6# Script to increment UEFI DB key. 7 8# Load common constants and variables. 9# shellcheck source=uefi_common.sh 10. "$(dirname "$0")/uefi_common.sh" 11 12# Abort on errors. 13set -e 14 15if [ $# -ne 1 ]; then 16 cat <<EOF 17 Usage: $0 <keyset directory> 18 19 Increments the UEFI DB key in the specified keyset. 20EOF 21 exit 1 22fi 23 24KEY_DIR="$1" 25 26main() { 27 check_uefi_key_dir_name "${KEY_DIR}" 28 29 load_current_uefi_key_versions "${KEY_DIR}" 30 new_db_key_ver=$(increment_uefi_version "${KEY_DIR}" "db_key_version") 31 new_db_child_key_ver=1 32 33 cd "${KEY_DIR}" 34 backup_db_keypair_and_children "${CURR_DB_KEY_VER}" 35 36 cat <<EOF 37Generating new UEFI DB key version. 38 39New DB key version: ${new_db_key_ver}. 40EOF 41 make_db_keypair "${new_db_key_ver}" 42 make_db_child_keypair "${new_db_key_ver}" "${new_db_child_key_ver}" 43 write_updated_uefi_version_file "${CURR_PK_KEY_VER}" "${CURR_KEK_KEY_VER}" \ 44 "${new_db_key_ver}" "${new_db_child_key_ver}" 45} 46 47main "$@" 48