Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(402)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/scripts/build_image

Issue 2599001: Only sign kernel for x86 for now. Leave ARM unsigned. (Closed) Base URL: ssh://git@chromiumos-git/chromeos
Patch Set: Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/bash 1 #!/bin/bash
2 2
3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Script to build a bootable keyfob-based chromeos system image from within 7 # Script to build a bootable keyfob-based chromeos system image from within
8 # a chromiumos setup. This assumes that all needed packages have been built into 8 # a chromiumos setup. This assumes that all needed packages have been built into
9 # the given target's root with binary packages turned on. This script will 9 # the given target's root with binary packages turned on. This script will
10 # build the Chrome OS image using only pre-built binary packages. 10 # build the Chrome OS image using only pre-built binary packages.
(...skipping 417 matching lines...) Expand 10 before | Expand all | Expand 10 after
428 menuentry "local image A" { 428 menuentry "local image A" {
429 linux $grubpartA/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local ro otwait root=/dev/$linuxpartA ro noresume noswap i915.modeset=1 loglevel=1 429 linux $grubpartA/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local ro otwait root=/dev/$linuxpartA ro noresume noswap i915.modeset=1 loglevel=1
430 } 430 }
431 431
432 menuentry "local image B" { 432 menuentry "local image B" {
433 linux $grubpartB/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local ro otwait root=/dev/$linuxpartB ro noresume noswap i915.modeset=1 loglevel=1 433 linux $grubpartB/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local ro otwait root=/dev/$linuxpartB ro noresume noswap i915.modeset=1 loglevel=1
434 } 434 }
435 435
436 EOF 436 EOF
437 437
438 # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will 438 # FIXME: At the moment, we're working on signed images for x86 only. ARM will
439 # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS 439 # support this before shipping, but at the moment they don't.
440 # will use a separate signed kernel partition, which we'll create now. 440 if [[ "$ARCH" = "x86" ]]; then
441 # FIXME: remove serial output, debugging messages 441
442 cat <<'EOF' > "${OUTPUT_DIR}/config.txt" 442 # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
443 # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS
444 # will use a separate signed kernel partition, which we'll create now.
445 # FIXME: remove serial output, debugging messages
446 cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
443 earlyprintk=serial,ttyS0,115200 447 earlyprintk=serial,ttyS0,115200
444 console=ttyS0,115200 448 console=ttyS0,115200
445 init=/sbin/init 449 init=/sbin/init
446 add_efi_memmap 450 add_efi_memmap
447 boot=local 451 boot=local
448 rootwait 452 rootwait
449 root=/dev/sd%D%P 453 root=/dev/sd%D%P
450 ro 454 ro
451 noresume 455 noresume
452 noswap 456 noswap
453 i915.modeset=1 457 i915.modeset=1
454 loglevel=7 458 loglevel=7
455 Hi_Mom 459 Hi_Mom
456 EOF 460 EOF
461
462 # FIXME: We need to specify the real keys and certs here!
463 SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
464
465 # Create the kernel partition image.
466 kernel_utility --generate \
467 --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
468 --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
469 --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
470 --firmware_sign_algorithm 8 \
471 --kernel_sign_algorithm 2 \
472 --kernel_key_version 1 \
473 --kernel_version 1 \
474 --config "${OUTPUT_DIR}/config.txt" \
475 --bootloader /lib64/bootstub/bootstub.efi \
476 --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
477 --out "${OUTPUT_DIR}/vmlinuz.image"
478
479 else
480 # FIXME: For now, ARM just uses the unsigned kernel by itself.
481 cp -f "${ROOT_FS_DIR}/boot/vmlinuz" "${OUTPUT_DIR}/vmlinuz.image"
482 fi
457 483
458 # FIXME: We need to specify the real keys and certs here!
459 SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
460
461 # Create the kernel partition image.
462 kernel_utility --generate \
463 --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
464 --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
465 --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
466 --firmware_sign_algorithm 8 \
467 --kernel_sign_algorithm 2 \
468 --kernel_key_version 1 \
469 --kernel_version 1 \
470 --config "${OUTPUT_DIR}/config.txt" \
471 --bootloader /lib64/bootstub/bootstub.efi \
472 --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
473 --out "${OUTPUT_DIR}/vmlinuz.image"
474 484
475 # Perform any customizations on the root file system that are needed. 485 # Perform any customizations on the root file system that are needed.
476 "${SCRIPTS_DIR}/customize_rootfs" \ 486 "${SCRIPTS_DIR}/customize_rootfs" \
477 --root="$ROOT_FS_DIR" \ 487 --root="$ROOT_FS_DIR" \
478 --target="$ARCH" \ 488 --target="$ARCH" \
479 --board="$BOARD" 489 --board="$BOARD"
480 490
481 # Don't test the factory install shim. 491 # Don't test the factory install shim.
482 if [[ $FLAGS_factory_install -eq ${FLAGS_FALSE} ]] ; then 492 if [[ $FLAGS_factory_install -eq ${FLAGS_FALSE} ]] ; then
483 # Check that the image has been correctly created. 493 # Check that the image has been correctly created.
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
528 echo "Done. Image created in ${OUTPUT_DIR}" 538 echo "Done. Image created in ${OUTPUT_DIR}"
529 echo "Chromium OS image created as $PRISTINE_IMAGE_NAME" 539 echo "Chromium OS image created as $PRISTINE_IMAGE_NAME"
530 if [ "$FLAGS_withdev" -eq "$FLAGS_TRUE" ]; then 540 if [ "$FLAGS_withdev" -eq "$FLAGS_TRUE" ]; then
531 echo "Developer image created as $DEVELOPER_IMAGE_NAME" 541 echo "Developer image created as $DEVELOPER_IMAGE_NAME"
532 fi 542 fi
533 echo "To copy to USB keyfob, OUTSIDE the chroot, do something like:" 543 echo "To copy to USB keyfob, OUTSIDE the chroot, do something like:"
534 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX" 544 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"
535 echo "To convert to VMWare image, OUTSIDE the chroot, do something like:" 545 echo "To convert to VMWare image, OUTSIDE the chroot, do something like:"
536 echo " ./image_to_vmware.sh --from=${OUTSIDE_OUTPUT_DIR}" 546 echo " ./image_to_vmware.sh --from=${OUTSIDE_OUTPUT_DIR}"
537 echo "from the scripts directory where you entered the chroot." 547 echo "from the scripts directory where you entered the chroot."
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698