1#!/bin/bash 2# Copyright 2018 The ChromiumOS Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6# Script to increment UEFI Key Exchange Key (KEK). 7 8# Load common constants and variables. 9# shellcheck source=uefi_common.sh 10. "$(dirname "$0")/uefi_common.sh" 11 12# Abort on errors. 13set -e 14 15if [ $# -ne 1 ]; then 16 cat <<EOF 17 Usage: $0 <keyset directory> 18 19 Increments the UEFI Key Exchange Key (KEK) in the specified keyset. 20EOF 21 exit 1 22fi 23 24KEY_DIR="$1" 25 26main() { 27 check_uefi_key_dir_name "${KEY_DIR}" 28 29 load_current_uefi_key_versions "${KEY_DIR}" 30 new_kek_key_ver=$(increment_uefi_version "${KEY_DIR}" "kek_key_version") 31 32 cd "${KEY_DIR}" 33 backup_kek_keypair "${CURR_KEK_KEY_VER}" 34 35 cat <<EOF 36Generating new UEFI Key Exchange Key (KEK) version. 37 38New Key Exchange Key version: ${new_kek_key_ver}. 39EOF 40 make_kek_keypair "${new_kek_key_ver}" 41 write_updated_uefi_version_file "${CURR_PK_KEY_VER}" "${new_kek_key_ver}" \ 42 "${CURR_DB_KEY_VER}" "${CURR_DB_CHILD_KEY_VER}" 43} 44 45main "$@" 46