Lines Matching +full:- +full:- +full:option
3 * Use of this source code is governed by a BSD-style license that can be
65 } option = { variable
77 fprintf(stderr, "Missing --%s option\n", optname); in no_opt_if()
86 VbPublicKey *data_key = (VbPublicKey *)state->my_area->buf; in futil_cb_sign_pubkey()
89 if (option.pem_signpriv) { in futil_cb_sign_pubkey()
90 if (option.pem_external) { in futil_cb_sign_pubkey()
94 option.pem_signpriv, in futil_cb_sign_pubkey()
95 option.pem_algo, option.flags, in futil_cb_sign_pubkey()
96 option.pem_external); in futil_cb_sign_pubkey()
98 option.signprivate = PrivateKeyReadPem( in futil_cb_sign_pubkey()
99 option.pem_signpriv, option.pem_algo); in futil_cb_sign_pubkey()
100 if (!option.signprivate) { in futil_cb_sign_pubkey()
106 vblock = KeyBlockCreate(data_key, option.signprivate, in futil_cb_sign_pubkey()
107 option.flags); in futil_cb_sign_pubkey()
111 vblock = KeyBlockCreate(data_key, option.signprivate, in futil_cb_sign_pubkey()
112 option.flags); in futil_cb_sign_pubkey()
116 return WriteSomeParts(option.outfile, in futil_cb_sign_pubkey()
117 vblock, vblock->key_block_size, in futil_cb_sign_pubkey()
123 * The data in state->my_area is just the RW firmware blob, so there's nothing
129 state->my_area->_flags |= AREA_IS_VALID; in futil_cb_sign_fw_main()
140 VbKeyBlockHeader *key_block = (VbKeyBlockHeader *)state->my_area->buf; in futil_cb_sign_fw_vblock()
141 uint32_t len = state->my_area->len; in futil_cb_sign_fw_vblock()
151 state->name); in futil_cb_sign_fw_vblock()
155 RSAPublicKey *rsa = PublicKeyToRSA(&key_block->data_key); in futil_cb_sign_fw_vblock()
159 state->name); in futil_cb_sign_fw_vblock()
162 uint32_t more = key_block->key_block_size; in futil_cb_sign_fw_vblock()
164 (VbFirmwarePreambleHeader *)(state->my_area->buf + more); in futil_cb_sign_fw_vblock()
165 uint32_t fw_size = preamble->body_signature.data_size; in futil_cb_sign_fw_vblock()
168 switch (state->component) { in futil_cb_sign_fw_vblock()
170 fw_body_area = &state->cb_area[CB_FMAP_FW_MAIN_A]; in futil_cb_sign_fw_vblock()
172 if (!option.flags_specified) in futil_cb_sign_fw_vblock()
173 option.flags = preamble->flags; in futil_cb_sign_fw_vblock()
176 fw_body_area = &state->cb_area[CB_FMAP_FW_MAIN_B]; in futil_cb_sign_fw_vblock()
182 if (fw_size > fw_body_area->len) { in futil_cb_sign_fw_vblock()
185 state->name); in futil_cb_sign_fw_vblock()
190 fw_body_area->len = fw_size; in futil_cb_sign_fw_vblock()
193 state->my_area->_flags |= AREA_IS_VALID; in futil_cb_sign_fw_vblock()
204 vmlinuz_data = state->my_area->buf; in futil_cb_create_kernel_part()
205 vmlinuz_size = state->my_area->len; in futil_cb_create_kernel_part()
209 option.arch, option.kloadaddr, in futil_cb_create_kernel_part()
210 option.config_data, option.config_size, in futil_cb_create_kernel_part()
211 option.bootloader_data, option.bootloader_size, in futil_cb_create_kernel_part()
219 vblock_data = SignKernelBlob(kblob_data, kblob_size, option.padding, in futil_cb_create_kernel_part()
220 option.version, option.kloadaddr, in futil_cb_create_kernel_part()
221 option.keyblock, option.signprivate, in futil_cb_create_kernel_part()
222 option.flags, &vblock_size); in futil_cb_create_kernel_part()
232 if (!option.create_new_outfile) in futil_cb_create_kernel_part()
235 if (option.vblockonly) in futil_cb_create_kernel_part()
236 rv = WriteSomeParts(option.outfile, in futil_cb_create_kernel_part()
240 rv = WriteSomeParts(option.outfile, in futil_cb_create_kernel_part()
257 kpart_data = state->my_area->buf; in futil_cb_resign_kernel_part()
258 kpart_size = state->my_area->len; in futil_cb_resign_kernel_part()
261 kblob_data = UnpackKPart(kpart_data, kpart_size, option.padding, in futil_cb_resign_kernel_part()
270 * We don't let --kloadaddr change when resigning, because the original in futil_cb_resign_kernel_part()
272 * ever noticed, we'll maintain bug-compatibility by just not allowing in futil_cb_resign_kernel_part()
276 option.kloadaddr = preamble->body_load_address; in futil_cb_resign_kernel_part()
279 if (option.config_data && in futil_cb_resign_kernel_part()
281 option.config_data, in futil_cb_resign_kernel_part()
282 option.config_size)) { in futil_cb_resign_kernel_part()
288 if (!option.version_specified) in futil_cb_resign_kernel_part()
289 option.version = preamble->kernel_version; in futil_cb_resign_kernel_part()
293 if (option.flags_specified == 0) in futil_cb_resign_kernel_part()
294 option.flags = preamble->flags; in futil_cb_resign_kernel_part()
298 if (option.keyblock) in futil_cb_resign_kernel_part()
299 keyblock = option.keyblock; in futil_cb_resign_kernel_part()
302 vblock_data = SignKernelBlob(kblob_data, kblob_size, option.padding, in futil_cb_resign_kernel_part()
303 option.version, option.kloadaddr, in futil_cb_resign_kernel_part()
304 keyblock, option.signprivate, in futil_cb_resign_kernel_part()
305 option.flags, &vblock_size); in futil_cb_resign_kernel_part()
312 if (option.create_new_outfile) { in futil_cb_resign_kernel_part()
314 if (option.vblockonly) in futil_cb_resign_kernel_part()
315 rv = WriteSomeParts(option.outfile, in futil_cb_resign_kernel_part()
319 rv = WriteSomeParts(option.outfile, in futil_cb_resign_kernel_part()
340 body_sig = CalculateSignature(state->my_area->buf, state->my_area->len, in futil_cb_sign_raw_firmware()
341 option.signprivate); in futil_cb_sign_raw_firmware()
347 preamble = CreateFirmwarePreamble(option.version, in futil_cb_sign_raw_firmware()
348 option.kernel_subkey, in futil_cb_sign_raw_firmware()
350 option.signprivate, in futil_cb_sign_raw_firmware()
351 option.flags); in futil_cb_sign_raw_firmware()
358 rv = WriteSomeParts(option.outfile, in futil_cb_sign_raw_firmware()
359 option.keyblock, option.keyblock->key_block_size, in futil_cb_sign_raw_firmware()
360 preamble, preamble->preamble_size); in futil_cb_sign_raw_firmware()
371 if (state->in_type == FILE_TYPE_UNKNOWN) { in futil_cb_sign_begin()
373 state->in_filename); in futil_cb_sign_begin()
388 body_sig = CalculateSignature(fw_body->buf, fw_body->len, signkey); in write_new_preamble()
394 preamble = CreateFirmwarePreamble(option.version, in write_new_preamble()
395 option.kernel_subkey, in write_new_preamble()
398 option.flags); in write_new_preamble()
406 uint32_t more = keyblock->key_block_size; in write_new_preamble()
407 memcpy(vblock->buf, keyblock, more); in write_new_preamble()
409 memcpy(vblock->buf + more, preamble, preamble->preamble_size); in write_new_preamble()
422 option.loemdir ? option.loemdir : ".", in write_loem()
423 ab, option.loemid); in write_loem()
436 if (1 != fwrite(vblock->buf, vblock->len, 1, fp)) { in write_loem()
454 struct cb_area_s *vblock_a = &state->cb_area[CB_FMAP_VBLOCK_A]; in sign_bios_at_end()
455 struct cb_area_s *vblock_b = &state->cb_area[CB_FMAP_VBLOCK_B]; in sign_bios_at_end()
456 struct cb_area_s *fw_a = &state->cb_area[CB_FMAP_FW_MAIN_A]; in sign_bios_at_end()
457 struct cb_area_s *fw_b = &state->cb_area[CB_FMAP_FW_MAIN_B]; in sign_bios_at_end()
460 if (state->errors || in sign_bios_at_end()
461 !(vblock_a->_flags & AREA_IS_VALID) || in sign_bios_at_end()
462 !(vblock_b->_flags & AREA_IS_VALID) || in sign_bios_at_end()
463 !(fw_a->_flags & AREA_IS_VALID) || in sign_bios_at_end()
464 !(fw_b->_flags & AREA_IS_VALID)) { in sign_bios_at_end()
470 if (fw_a->len != fw_b->len || in sign_bios_at_end()
471 memcmp(fw_a->buf, fw_b->buf, fw_a->len)) { in sign_bios_at_end()
473 if (!option.devsignprivate || !option.devkeyblock) { in sign_bios_at_end()
479 option.devsignprivate, in sign_bios_at_end()
480 option.devkeyblock); in sign_bios_at_end()
483 option.signprivate, in sign_bios_at_end()
484 option.keyblock); in sign_bios_at_end()
489 option.signprivate, in sign_bios_at_end()
490 option.keyblock); in sign_bios_at_end()
495 if (option.loemid) { in sign_bios_at_end()
505 switch (state->in_type) { in futil_cb_sign_end()
515 return state->errors; in futil_cb_sign_end()
530 "-----------------------------------------------------------------\n"
534 " [--datapubkey] INFILE The public key to wrap\n"
535 " [--outfile] OUTFILE The resulting keyblock\n"
539 " -s|--signprivate FILE.vbprivk Signing key in .vbprivk format\n"
541 " --pem_signpriv FILE.pem Signing key in PEM format...\n"
542 " --pem_algo NUM AND the algorithm to use (0 - %d)\n"
547 " -f|--flags NUM Flags specifying use conditions\n"
548 " --pem_external PROGRAM"
553 "-----------------------------------------------------------------\n"
557 " -s|--signprivate FILE.vbprivk The private firmware data key\n"
558 " -b|--keyblock FILE.keyblock The keyblock containing the\n"
560 " -k|--kernelkey FILE.vbpubk The public kernel subkey\n"
561 " -v|--version NUM The firmware version number\n"
562 " [--fv] INFILE"
564 " [--outfile] OUTFILE Output VBLOCK_A/B\n"
567 " -f|--flags NUM The preamble flags value"
571 "-----------------------------------------------------------------\n"
575 " -s|--signprivate FILE.vbprivk The private firmware data key\n"
576 " -b|--keyblock FILE.keyblock The keyblock containing the\n"
578 " -k|--kernelkey FILE.vbpubk The public kernel subkey\n"
579 " [--infile] INFILE Input firmware image (modified\n"
583 " -S|--devsign FILE.vbprivk The DEV private firmware data key\n"
584 " -B|--devkeyblock FILE.keyblock The keyblock containing the\n"
588 " -v|--version NUM The firmware version number"
590 " -f|--flags NUM The preamble flags value"
593 " -d|--loemdir DIR Local OEM output vblock directory\n"
594 " -l|--loemid STRING Local OEM vblock suffix\n"
595 " [--outfile] OUTFILE Output firmware image\n";
598 "-----------------------------------------------------------------\n"
602 " -s|--signprivate FILE.vbprivk"
604 " -b|--keyblock FILE.keyblock The keyblock containing the public\n"
606 " -v|--version NUM The kernel version number\n"
607 " --bootloader FILE Bootloader stub\n"
608 " --config FILE The kernel commandline file\n"
609 " --arch ARCH The CPU architecture (one of\n"
611 " [--vmlinuz] INFILE Linux kernel bzImage file\n"
612 " [--outfile] OUTFILE Output kernel partition or vblock\n"
615 " --kloadaddr NUM"
618 " --pad NUM The vblock padding size in bytes\n"
620 " --vblockonly Emit just the vblock (requires a\n"
622 " -f|--flags NUM The preamble flags value\n";
625 "-----------------------------------------------------------------\n"
629 " -s|--signprivate FILE.vbprivk"
631 " [--infile] INFILE Input kernel partition (modified\n"
635 " -b|--keyblock FILE.keyblock The keyblock containing the public\n"
637 " -v|--version NUM The kernel version number\n"
638 " --config FILE The kernel commandline file\n"
639 " --pad NUM The vblock padding size in bytes\n"
641 " [--outfile] OUTFILE Output kernel partition or vblock\n"
642 " --vblockonly Emit just the vblock (requires a\n"
644 " -f|--flags NUM The preamble flags value\n"
650 printf(usage_pubkey, kNumAlgorithms - 1); in print_help()
652 printf(usage_bios, option.version); in print_help()
653 printf(usage_new_kpart, option.kloadaddr, option.padding); in print_help()
654 printf(usage_old_kpart, option.padding); in print_help()
659 OPT_INFILE, /* aka "--vmlinuz" */
671 static const struct option long_opts[] = {
695 {"vblockonly", 0, &option.vblockonly, 1},
705 int ifd = -1; in do_sign()
716 while ((i = getopt_long(argc, argv, short_opts, long_opts, 0)) != -1) { in do_sign()
719 option.signprivate = PrivateKeyRead(optarg); in do_sign()
720 if (!option.signprivate) { in do_sign()
726 option.keyblock = KeyBlockRead(optarg); in do_sign()
727 if (!option.keyblock) { in do_sign()
733 option.kernel_subkey = PublicKeyRead(optarg); in do_sign()
734 if (!option.kernel_subkey) { in do_sign()
740 option.devsignprivate = PrivateKeyRead(optarg); in do_sign()
741 if (!option.devsignprivate) { in do_sign()
747 option.devkeyblock = KeyBlockRead(optarg); in do_sign()
748 if (!option.devkeyblock) { in do_sign()
754 option.version_specified = 1; in do_sign()
755 option.version = strtoul(optarg, &e, 0); in do_sign()
758 "Invalid --version \"%s\"\n", optarg); in do_sign()
764 option.flags_specified = 1; in do_sign()
765 option.flags = strtoul(optarg, &e, 0); in do_sign()
768 "Invalid --flags \"%s\"\n", optarg); in do_sign()
773 option.loemdir = optarg; in do_sign()
776 option.loemid = optarg; in do_sign()
779 option.fv_specified = 1; in do_sign()
781 case OPT_INFILE: /* aka "--vmlinuz" */ in do_sign()
787 option.outfile = optarg; in do_sign()
790 option.bootloader_data = ReadFile( in do_sign()
791 optarg, &option.bootloader_size); in do_sign()
792 if (!option.bootloader_data) { in do_sign()
799 option.bootloader_size); in do_sign()
802 option.config_data = ReadConfigFile( in do_sign()
803 optarg, &option.config_size); in do_sign()
804 if (!option.config_data) { in do_sign()
815 option.arch = ARCH_X86; in do_sign()
818 option.arch = ARCH_ARM; in do_sign()
820 option.arch = ARCH_MIPS; in do_sign()
829 option.kloadaddr = strtoul(optarg, &e, 0); in do_sign()
832 "Invalid --kloadaddr \"%s\"\n", optarg); in do_sign()
837 option.padding = strtoul(optarg, &e, 0); in do_sign()
840 "Invalid --padding \"%s\"\n", optarg); in do_sign()
845 option.pem_signpriv = optarg; in do_sign()
848 option.pem_algo_specified = 1; in do_sign()
849 option.pem_algo = strtoul(optarg, &e, 0); in do_sign()
851 (option.pem_algo >= kNumAlgorithms)) { in do_sign()
853 "Invalid --pem_algo \"%s\"\n", optarg); in do_sign()
858 option.pem_external = optarg; in do_sign()
863 fprintf(stderr, "Unrecognized option: -%c\n", in do_sign()
866 fprintf(stderr, "Unrecognized option: %s\n", in do_sign()
867 argv[optind - 1]); in do_sign()
871 fprintf(stderr, "Missing argument to -%c\n", optopt); in do_sign()
874 case 0: /* handled option */ in do_sign()
884 if (argc - optind <= 0) { in do_sign()
895 if (!option.outfile && argc - optind > 0) { in do_sign()
897 option.outfile = argv[optind++]; in do_sign()
908 if (option.bootloader_data || option.config_data in do_sign()
909 || option.arch != ARCH_UNSPECIFIED) in do_sign()
911 else if (option.kernel_subkey || option.fv_specified) in do_sign()
925 option.create_new_outfile = 1; in do_sign()
926 if (option.signprivate && option.pem_signpriv) { in do_sign()
928 "Only one of --signprivate and --pem_signpriv" in do_sign()
932 if ((option.signprivate && option.pem_algo_specified) || in do_sign()
933 (option.pem_signpriv && !option.pem_algo_specified)) { in do_sign()
934 fprintf(stderr, "--pem_algo must be used with" in do_sign()
935 " --pem_signpriv\n"); in do_sign()
938 if (option.pem_external && !option.pem_signpriv) { in do_sign()
939 fprintf(stderr, "--pem_external must be used with" in do_sign()
940 " --pem_signpriv\n"); in do_sign()
962 errorcnt += no_opt_if(!option.signprivate, "signprivate"); in do_sign()
963 errorcnt += no_opt_if(!option.keyblock, "keyblock"); in do_sign()
964 errorcnt += no_opt_if(!option.kernel_subkey, "kernelkey"); in do_sign()
967 errorcnt += no_opt_if(!option.signprivate, "signprivate"); in do_sign()
968 if (option.vblockonly || inout_file_count > 1) in do_sign()
969 option.create_new_outfile = 1; in do_sign()
972 option.create_new_outfile = 1; in do_sign()
973 errorcnt += no_opt_if(!option.signprivate, "signprivate"); in do_sign()
974 errorcnt += no_opt_if(!option.keyblock, "keyblock"); in do_sign()
975 errorcnt += no_opt_if(!option.kernel_subkey, "kernelkey"); in do_sign()
976 errorcnt += no_opt_if(!option.version_specified, "version"); in do_sign()
979 option.create_new_outfile = 1; in do_sign()
980 errorcnt += no_opt_if(!option.signprivate, "signprivate"); in do_sign()
981 errorcnt += no_opt_if(!option.keyblock, "keyblock"); in do_sign()
982 errorcnt += no_opt_if(!option.version_specified, "version"); in do_sign()
983 errorcnt += no_opt_if(!option.bootloader_data, "bootloader"); in do_sign()
984 errorcnt += no_opt_if(!option.config_data, "config"); in do_sign()
985 errorcnt += no_opt_if(option.arch == ARCH_UNSPECIFIED, "arch"); in do_sign()
998 Debug("option.create_new_outfile=%d\n", option.create_new_outfile); in do_sign()
1001 if (!option.outfile) { in do_sign()
1002 if (option.create_new_outfile) { in do_sign()
1007 option.outfile = infile; in do_sign()
1011 Debug("option.outfile=%s\n", option.outfile); in do_sign()
1013 if (argc - optind > 0) { in do_sign()
1024 if (option.create_new_outfile) { in do_sign()
1025 /* The input is read-only, the output is write-only. */ in do_sign()
1037 /* We'll read-modify-write the output file */ in do_sign()
1039 state.in_filename = option.outfile; in do_sign()
1041 futil_copy_file_or_die(infile, option.outfile); in do_sign()
1042 Debug("open RW %s\n", option.outfile); in do_sign()
1043 ifd = open(option.outfile, O_RDWR); in do_sign()
1047 option.outfile, strerror(errno)); in do_sign()
1068 if (option.signprivate) in do_sign()
1069 free(option.signprivate); in do_sign()
1070 if (option.keyblock) in do_sign()
1071 free(option.keyblock); in do_sign()
1072 if (option.kernel_subkey) in do_sign()
1073 free(option.kernel_subkey); in do_sign()
1076 fprintf(stderr, "Use --help for usage instructions\n"); in do_sign()