-
Notifications
You must be signed in to change notification settings - Fork 1
/
unlockbl.sh
135 lines (111 loc) · 2.37 KB
/
unlockbl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
#
# Author: [email protected]
#
# secureboot avb2.0: sign identifier
#
# Need environment
# bash
# awk
#
# Command usage:
#./unlockbl.sh IDENTIFIER PRIVATE_KEY SIGNATURE
#
# **************** #
# input parameters #
# **************** #
IDENTIFIER=$1
PRIVATE_KEY=$2
SIGNATURE=$3
# *************** #
# var declaration #
# *************** #
IDENTIFIER_TXT=identifier.txt
IDENTIFIER_BIN=identifier.bin
PADDING_BIN=padding.bin
IDENTIFIER_BIN_MAX_SIZE=64
# *************** #
# functions #
# *************** #
doInit()
{
if [ $# -ne 3 ]; then
echo "Parameter input error"
echo "Usage:"
echo "./unlockbl.sh identifier private_key signature"
return 1
fi
if [ ! -f $PRIVATE_KEY ]; then
echo "Private key file is not existed"
return 1
fi
if [ "$IDENTIFIER" = "" ]; then
echo "Identifier empty"
return 1
fi
if [ "$SIGNATURE" = " " ]; then
echo "Not specify file that save signature"
return 1
fi
if [ -f $SIGNATURE ]; then
rm -rf $SIGNATURE
fi
}
doStringToBinary()
{
if [ -f $IDENTIFIER_TXT ]; then
rm -rf $IDENTIFIER_TXT
fi
if [ -f $IDENTIFIER_BIN ]; then
rm -rf $IDENTIFIER_BIN
fi
echo $IDENTIFIER > $IDENTIFIER_TXT
while read line
do
#echo "line:$(line)"
echo -e -n "`echo "${line}" | cut -d: -f 2 | sed 's/ //g' | sed 's/../\\\x&/g'`\c" >> $IDENTIFIER_BIN
done < $IDENTIFIER_TXT
identifier_bin_size=`ls -l $IDENTIFIER_BIN | awk '{print $5}'`
if [ $identifier_bin_size -gt $IDENTIFIER_BIN_MAX_SIZE ]; then
echo "Identifier string too long"
return 1
fi
let padding_len=$IDENTIFIER_BIN_MAX_SIZE-$identifier_bin_size
dd if=/dev/zero of=$PADDING_BIN bs=$padding_len count=1
cat $PADDING_BIN >> $IDENTIFIER_BIN
}
doIdentifierSign()
{
openssl dgst -sha256 -out $SIGNATURE -sign $PRIVATE_KEY $IDENTIFIER_BIN
if [ $? -ne 0 ]; then
echo "Call openssl to sign failure"
return 1
fi
rm -rf $IDENTIFIER_BIN $IDENTIFIER_TXT $PADDING_BIN
}
doMain()
{
echo "Identifier sign script, ver 0.10"
doInit $@
if [ $? -ne 0 ]; then
echo "doInit execute error"
exit 1
fi
doStringToBinary
if [ $? -ne 0 ]; then
echo "doStrintToBinary execute error"
exit 1
fi
doIdentifierSign
if [ $? -ne 0 ]; then
echo "Identifier sign fail"
exit 1
fi
echo "Identifier sign successfully"
}
# ************* #
# main function #
# ************* #
doMain $@
#test command
#./unlockbl.sh 30313233343536303839414243444546 sign.pem signature.bin