build_image: pull out kernel partition creation

build_image

 #!/bin/bash
 
 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Script to build a bootable keyfob-based chromeos system image from within
 # a chromiumos setup. This assumes that all needed packages have been built into
 # the given target's root with binary packages turned on. This script will
 # build the Chrome OS image using only pre-built binary packages.
@@ skipping 444 matching lines @@
 
 menuentry "local image B" {
   linux $grubpartB/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local rootwait root=/dev/$linuxpartB ro noresume noswap i915.modeset=1 loglevel=1 cros_efi
 }
 
 menuentry "Alternate USB Boot" {
   linux (hd0,3)/boot/vmlinuz quiet console=tty2 init=/sbin/init boot=local rootwait root=/dev/sdb3 ro noresume noswap i915.modeset=1 loglevel=1 cros_efi
 }
 
 EOF
+  # TODO(wad) add baseline syslinux files to ESP and install the syslinux loader
 
-  # FIXME: At the moment, we're working on signed images for x86 only. ARM will
-  # support this before shipping, but at the moment they don't.
-  if [[ "${ARCH}" = "x86" ]]; then
-
-    # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
-    # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS
-    # BIOS will use a separate signed kernel partition, which we'll create now.
-    # FIXME: remove serial output, debugging messages.
-    cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
-earlyprintk=serial,ttyS0,115200
-console=ttyS0,115200
-init=/sbin/init
-add_efi_memmap
-gpt
-boot=local
-rootwait
-root=/dev/sd%D%P
-ro
-noresume
-noswap
-i915.modeset=1
-loglevel=7
-cros_secure
-EOF
-
-    # FIXME: We need to specify the real keys and certs here!
-    SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
-
-    # Wrap the public keys with VbPublicKey headers.
-    vbutil_key --pack \
-      --in "${SIG_DIR}/key_rsa2048.keyb" \
-      --version 1 --algorithm 4 \
-      --out "${OUTPUT_DIR}/key_alg4.vbpubk"
-
-    vbutil_key --pack \
-      --in "${SIG_DIR}/key_rsa4096.keyb" \
-      --version 1 --algorithm 8 \
-      --out "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-    vbutil_keyblock --pack "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --datapubkey "${OUTPUT_DIR}/key_alg4.vbpubk" \
-      --signprivate "${SIG_DIR}/key_rsa4096.pem" \
-      --algorithm 8 --flags 3
-
-    # Verify the keyblock.
-    vbutil_keyblock --unpack "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --signpubkey "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-    # Sign the kernel:
-    vbutil_kernel --pack "${OUTPUT_DIR}/vmlinuz.image" \
-      --keyblock "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --signprivate "${SIG_DIR}/key_rsa2048.pem" \
-      --version 1 \
-      --config "${OUTPUT_DIR}/config.txt" \
-      --bootloader /lib64/bootstub/bootstub.efi \
-      --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz"
-
-    # And verify it.
-    vbutil_kernel --verify "${OUTPUT_DIR}/vmlinuz.image" \
-      --signpubkey "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-  else
-    # FIXME: For now, ARM just uses the unsigned kernel by itself.
-    cp -f "${ROOT_FS_DIR}/boot/vmlinuz" "${OUTPUT_DIR}/vmlinuz.image"
-  fi
-
+  # Builds the kernel partition image.  The temporary files are kept around
+  # so that we can perform a load_kernel_test later on the final image.
+  # TODO(wad) add dm-verity boot args (--boot_args, --root)
+  ${SCRIPTS_DIR}/build_kernel_image.sh \
+    --arch="${ARCH}" \
+    --to="${OUTPUT_DIR}/vmlinuz.image" \
+    --vmlinuz="${ROOT_FS_DIR}/boot/vmlinuz" \
+    --working_dir="${OUTPUT_DIR}" \
+    --keep_work \
+    --keys_dir="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
 
   # Perform any customizations on the root file system that are needed.
   "${SCRIPTS_DIR}/customize_rootfs" \
     --root="${ROOT_FS_DIR}" \
     --target="${ARCH}" \
     --board="${BOARD}"
 
   # Don't test the factory install shim.
   if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then
     # Check that the image has been correctly created.
@@ skipping 48 matching lines @@
   echo "Creating developer image from base image ${OUTPUT_IMG}"
   cp ${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME} ${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}
   update_dev_packages ${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}
 fi
 
 trap - EXIT
 
 # FIXME: only signing things for x86 right now.
 if [[ "${ARCH}" = "x86" ]]; then
   # Verify the final image.
+  # key_alg8.vbpubk is generated by build_kernel_image.sh --keep_work
   load_kernel_test "${OUTPUT_IMG}" "${OUTPUT_DIR}/key_alg8.vbpubk"
 fi
 
 # Clean up temporary files.
 rm -f "${ROOT_FS_IMG}" "${STATEFUL_FS_IMG}" "${OUTPUT_DIR}/vmlinuz.image" \
   "${ESP_FS_IMG}" "${OUTPUT_DIR}/data4_sign8.keyblock" \
   "${OUTPUT_DIR}/key_alg4.vbpubk" "${OUTPUT_DIR}/key_alg8.vbpubk"
 rmdir "${ROOT_FS_DIR}" "${STATEFUL_FS_DIR}" "${ESP_FS_DIR}"
 
 echo "Done.  Image created in ${OUTPUT_DIR}"
 echo "Chromium OS image created as ${PRISTINE_IMAGE_NAME}"
 if [ "${FLAGS_recovery}" -eq "${FLAGS_TRUE}" ]; then
   echo "Recovery image created as ${PRISTINE_IMAGE_NAME}"
 fi
 if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]; then
   echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"
 fi
 
 print_time_elapsed
 
 echo "To copy to USB keyfob, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"
 echo "To convert to VMWare image, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_vmware.sh --from=${OUTSIDE_OUTPUT_DIR}"
 echo "from the scripts directory where you entered the chroot."