Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(806)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/scripts/build_image

Issue 2599001: Only sign kernel for x86 for now. Leave ARM unsigned. (Closed) Base URL: ssh://git@chromiumos-git/chromeos
Patch Set: Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/scripts/build_image
diff --git a/src/scripts/build_image b/src/scripts/build_image
index 4d05786608181c5e2010e8b5b558341d39a7b7e5..a51cc3c483773a9b16a6265c080e741c1b094e60 100755
--- a/src/scripts/build_image
+++ b/src/scripts/build_image
@@ -435,11 +435,15 @@ menuentry "local image B" {
EOF
-# Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
-# standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS
-# will use a separate signed kernel partition, which we'll create now.
-# FIXME: remove serial output, debugging messages
-cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
+# FIXME: At the moment, we're working on signed images for x86 only. ARM will
+# support this before shipping, but at the moment they don't.
+if [[ "$ARCH" = "x86" ]]; then
+
+ # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
+ # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS
+ # will use a separate signed kernel partition, which we'll create now.
+ # FIXME: remove serial output, debugging messages
+ cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
earlyprintk=serial,ttyS0,115200
console=ttyS0,115200
init=/sbin/init
@@ -454,23 +458,29 @@ i915.modeset=1
loglevel=7
Hi_Mom
EOF
+
+ # FIXME: We need to specify the real keys and certs here!
+ SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
+
+ # Create the kernel partition image.
+ kernel_utility --generate \
+ --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
+ --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
+ --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
+ --firmware_sign_algorithm 8 \
+ --kernel_sign_algorithm 2 \
+ --kernel_key_version 1 \
+ --kernel_version 1 \
+ --config "${OUTPUT_DIR}/config.txt" \
+ --bootloader /lib64/bootstub/bootstub.efi \
+ --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
+ --out "${OUTPUT_DIR}/vmlinuz.image"
+
+else
+ # FIXME: For now, ARM just uses the unsigned kernel by itself.
+ cp -f "${ROOT_FS_DIR}/boot/vmlinuz" "${OUTPUT_DIR}/vmlinuz.image"
+fi
-# FIXME: We need to specify the real keys and certs here!
-SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
-
-# Create the kernel partition image.
-kernel_utility --generate \
- --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
- --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
- --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
- --firmware_sign_algorithm 8 \
- --kernel_sign_algorithm 2 \
- --kernel_key_version 1 \
- --kernel_version 1 \
- --config "${OUTPUT_DIR}/config.txt" \
- --bootloader /lib64/bootstub/bootstub.efi \
- --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
- --out "${OUTPUT_DIR}/vmlinuz.image"
# Perform any customizations on the root file system that are needed.
"${SCRIPTS_DIR}/customize_rootfs" \
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698