GitHub - WWWWWWWWWWWWWWWWW/Bios-crypto

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 193 Commits
build		build
depends		depends
.gitattributes		.gitattributes
HOWTO-release		HOWTO-release
README		README
README.delegation		README.delegation
arm_libs.c		arm_libs.c
bios_hash.c		bios_hash.c
bios_interface.c		bios_interface.c
bios_mem.c		bios_mem.c
bios_side.c		bios_side.c
bios_string.c		bios_string.c
bios_verify.c		bios_verify.c
hashfs.c		hashfs.c
heap_alloc.c		heap_alloc.c
key01.c		key01.c
makefile		makefile
makekey.c		makekey.c
pysign.h		pysign.h
pysign.pyx		pysign.pyx
pyverify.h		pyverify.h
pyverify.pyx		pyverify.pyx
sig01.c		sig01.c
sign.c		sign.c
stack_alloc.c		stack_alloc.c
verify.c		verify.c
zdextract.c		zdextract.c
zhashfs.c		zhashfs.c

Repository files navigation

Tools for manipulating OLPC keys and signatures

Make a lease:

  Usage:    obc-make-lease.sh <sn>  <uuid>  <days>  [outfile]
  Example:  obc-make-lease.sh SHF706002A7 8BF9AC40-26F8-4BCC-A699-BE51FD366419 1 lease.sig

  If outfile is omitted, output goes to stdout

  There is a companion command obc-make-lease-from-csv.sh which
  expects a plain CSV file with no quotes or extraneous characters
  with lines composed of SN,UUID

Make a developer key:

  Usage:    obc-make-devkey.sh sn uuid [outfile]
  Example:  obc-make-devkey.sh SHF706002A7 8BF9AC40-26F8-4BCC-A699-BE51FD366419 develop.sig

  If outfile is omitted, output goes to stdout

  There is a companion command obc-make-devkey-from-csv.sh which
  expects a plain CSV file with no quotes or extraneous characters
  with lines composed of SN,UUID

Sign a kernel or initrd image file:

  Usage:    obc-sign-os keyname infile outfile.zip
  Example:  obc-sign-os  os  vmlinuz  runos.zip
            obc-sign-os  os  initrd   runrd.zip

Sign a firmware file:

  Usage:    obc-sign-fw keyname infile outfile.zip
  Example:  obc-sign-fw  fw  q2c25.rom  bootfw.zip

Sign an OS release (using "fs" key):

XO-1:
  Usage:    obc-make-fs.sh  infile   outfile.zip
  Example:  obc-make-fs.sh os767.img   fs.zip

XO-1.5: (output is fs.zip)
  Usage:    sign-zsp.sh   keyname    infile
  Example:  sign-zsp.sh    fs      os99.zsp

Lower level tools:

Calculate a future date in the stipulated format:

  Usage:    obc-futureday.py days
  Example:  obc-futureday.py 5

  Output goes to stdout

Create a sig01-format signature blob:

  Usage:    obc-sig01 hashname keyname infile
  Example:  obc-sig01 sha256 fw q2c25.rom
            obc-sig01 rmd160 fw q2c25.rom

  Output goes to stdout

Make an RSA-2048 key pair:

  Usage:    obc-makekey key_file_name
  Example:  obc-makekey os

  Output goes to key_file_name.public and key_file_name.private

Create a binary signature file:

  Usage:    obc-sign hashname key_file_name signed_file_name
  Example:  obc-sign sha256 os vmlinuz

  The signing key is key_file_name.private
  Output goes to signed_file_name.hashname.sig

Verify a binary signature file:

  Usage:    obc-verify hashname key_file_name signed_file_name
  Example:  obc-verify sha256 os vmlinuz

  The signature file name is signed_file_name.hashname.sig
  The verification key is key_file_name.public

Make a signature delegation from a "master" key to a local key:

  Usage:    obc-make-delegation.sh serial-number [days|abs expiry] signingkey targetkey [outfile]
  Example:  obc-make-delegation.sh SHF706002A7 10 masterkey serverkey deleg-SHF706002A7.sig

Make a signature delegation based on an existing delegation:

  Usage:    obc-make-delegation.sh --chain deleg.sig serial-number [days|abs expiry] signingkey targetkey  [outfile]
  Example:  obc-make-delegation.sh --chain reg-deleg-SHF706002A7.sig SHF706002A7 10 regionkey serverkey server-deleg-SHF706002A7.sig

Make a lease with a delegated signature -

  Usage:    obc-make-lease.sh --signingkey <keyname> --chain <chainfile> <sn>  <uuid>  <days>  [outfile]
  Example:  obc-make-lease.sh --signingkey server --chain server-deleg-SHF706002A7.sig SHF706002A7 8BF9AC40-26F8-4BCC-A699-BE51FD366419 1 lease.sig