From 893e425321e342fbedb9abe9c981c757a72fe7f1 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 28 Feb 2022 01:27:53 -0500
Subject: [PATCH] Add the script to generate vbhashes.txt

Output has been verified as correct on mata, cheeseburger, fajita, and guacamole

Signed-off-by: Tad <tad@spotco.us>
---
 Scripts/Generate_Verified_Boot_Hashes.sh | 43 ++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100755 Scripts/Generate_Verified_Boot_Hashes.sh

diff --git a/Scripts/Generate_Verified_Boot_Hashes.sh b/Scripts/Generate_Verified_Boot_Hashes.sh
new file mode 100755
index 00000000..bcedfe1b
--- /dev/null
+++ b/Scripts/Generate_Verified_Boot_Hashes.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+VERITY_DEVICES=('Amber' 'angler' 'bullhead' 'cheeseburger' 'cheryl' 'dragon' 'dumpling' 'flounder' 'marlin' 'mata' 'oneplus3' 'sailfish' 'shamu' 'z2_plus');
+AVB_DEVICES=('akari' 'alioth' 'aura' 'aurora' 'avicii' 'beryllium' 'blueline' 'bonito' 'bramble' 'coral' 'crosshatch' 'davinci' 'enchilada' 'fajita' 'flame' 'FP3' 'guacamole' 'guacamoleb' 'hotdog' 'hotdogb' 'lavender' 'lmi' 'pro1' 'raphael' 'redfin' 'sargo' 'sunfish' 'taimen' 'vayu' 'walleye' 'xz2c');
+
+#TODO: Make this a function?
+echo "================================================================================";
+echo "Verity Keys";
+echo "================================================================================";
+for f in */verifiedboot_relkeys.der.x509
+do
+	device=$(dirname $f);
+	if [[ " ${VERITY_DEVICES[@]} " =~ " ${device} " ]]; then
+		echo "Device: $device";
+		sha1=$(cat $f | openssl dgst -sha1 -c | sed 's/(stdin)= //' | tr [a-z] [A-Z]);
+		sha256=$(cat $f | openssl dgst -sha256 | sed 's/(stdin)= //' | tr [a-z] [A-Z]);
+		#echo -e "\tSHA-1:"; #TODO: Figure out how this is actually calculated, perhaps lacks the actual certificate infomation due to mincrypt?
+		#echo -e "\t\t$sha1";
+		echo -e "\tSHA-256:";
+		echo -e "\t\t${sha256:0:16}";
+		echo -e "\t\t${sha256:16:16}";
+		echo -e "\t\t${sha256:32:16}";
+		echo -e "\t\t${sha256:48:16}";
+	fi;
+done
+echo "================================================================================";
+echo "AVB Keys";
+echo "================================================================================";
+for f in */avb_pkmd.bin
+do
+	device=$(dirname $f);
+	if [[ " ${AVB_DEVICES[@]} " =~ " ${device} " ]]; then
+		echo "Device: $device";
+		sha256=$(cat $f | openssl dgst -sha256 | sed 's/(stdin)= //' | tr [a-z] [A-Z]);
+		#echo -e "\tID:"; #Not really needed
+		#echo -e "\t\t${sha256:0:8}";
+		echo -e "\tSHA-256:";
+		echo -e "\t\t${sha256:0:16}";
+		echo -e "\t\t${sha256:16:16}";
+		echo -e "\t\t${sha256:32:16}";
+		echo -e "\t\t${sha256:48:16}";
+	fi;
+done
+echo "================================================================================";