Commit 588dde56fc4bd8793134a64c14423b5628f2baa4
1 parent
c862d481
rpi-otp-private-key: Add an interactive warning prompt for writes
Showing
1 changed file
with
20 additions
and
2 deletions
tools/rpi-otp-private-key
| @@ -14,7 +14,7 @@ die() { | @@ -14,7 +14,7 @@ die() { | ||
| 14 | 14 | ||
| 15 | usage() { | 15 | usage() { |
| 16 | cat <<EOF | 16 | cat <<EOF |
| 17 | - $(basename "$0") [-cfw] <key> | 17 | + $(basename "$0") [-cfwy] <key> |
| 18 | 18 | ||
| 19 | No args - reads the current private key from OTP. These values are NOT visible via 'vcgencmd otp_dump' | 19 | No args - reads the current private key from OTP. These values are NOT visible via 'vcgencmd otp_dump' |
| 20 | 20 | ||
| @@ -24,6 +24,7 @@ usage() { | @@ -24,6 +24,7 @@ usage() { | ||
| 24 | The vcmailbox API checks that the new key is equal to the bitwise OR of the current OTP and the new key. | 24 | The vcmailbox API checks that the new key is equal to the bitwise OR of the current OTP and the new key. |
| 25 | N.B. OTP bits can never change from 1 to 0. | 25 | N.B. OTP bits can never change from 1 to 0. |
| 26 | -w Writes the new key to OTP memory. | 26 | -w Writes the new key to OTP memory. |
| 27 | + -y Skip the confirmation prompt when writing to OTP. | ||
| 27 | 28 | ||
| 28 | <key> is a 64 digit hex number (256 bit) e.g. to generate a 256 random number run 'openssl rand -hex 32' | 29 | <key> is a 64 digit hex number (256 bit) e.g. to generate a 256 random number run 'openssl rand -hex 32' |
| 29 | 30 | ||
| @@ -64,12 +65,27 @@ write_key() { | @@ -64,12 +65,27 @@ write_key() { | ||
| 64 | key_params="${key_params} 0x$(echo -n "${key}" | cut -c${start}-${end})" | 65 | key_params="${key_params} 0x$(echo -n "${key}" | cut -c${start}-${end})" |
| 65 | count=$((count + 1)) | 66 | count=$((count + 1)) |
| 66 | done | 67 | done |
| 68 | + | ||
| 69 | + if [ "${YES}" = 0 ] && [ -t 0 ]; then | ||
| 70 | + echo "Write ${key} to OTP?" | ||
| 71 | + echo | ||
| 72 | + echo "WARNING: Updates to OTP registers are permenant and cannot be undone." | ||
| 73 | + | ||
| 74 | + echo "Type YES (in upper-case) to continue or press return to exit." | ||
| 75 | + read -r confirm | ||
| 76 | + if [ "${confirm}" != "YES" ]; then | ||
| 77 | + echo "Cancelled" | ||
| 78 | + exit | ||
| 79 | + fi | ||
| 80 | + fi | ||
| 81 | + | ||
| 67 | vcmailbox 0x38081 40 40 0 8 ${key_params} || die "Failed to write key" | 82 | vcmailbox 0x38081 40 40 0 8 ${key_params} || die "Failed to write key" |
| 68 | read_key | 83 | read_key |
| 69 | [ "${READ_KEY}" = "${key}" ] || die "Key readback check failed. ${out}" | 84 | [ "${READ_KEY}" = "${key}" ] || die "Key readback check failed. ${out}" |
| 70 | } | 85 | } |
| 71 | 86 | ||
| 72 | -while getopts bcfhw: option; do | 87 | +YES=0 |
| 88 | +while getopts bcfhw:y option; do | ||
| 73 | case "${option}" in | 89 | case "${option}" in |
| 74 | b) OUTPUT_BINARY=1 | 90 | b) OUTPUT_BINARY=1 |
| 75 | ;; | 91 | ;; |
| @@ -85,6 +101,8 @@ while getopts bcfhw: option; do | @@ -85,6 +101,8 @@ while getopts bcfhw: option; do | ||
| 85 | ;; | 101 | ;; |
| 86 | w) WRITE_KEY="${OPTARG}" | 102 | w) WRITE_KEY="${OPTARG}" |
| 87 | ;; | 103 | ;; |
| 104 | + y) YES=1 | ||
| 105 | + ;; | ||
| 88 | *) echo "Unknown argument \"${option}\"" | 106 | *) echo "Unknown argument \"${option}\"" |
| 89 | usage | 107 | usage |
| 90 | ;; | 108 | ;; |