build_image: pull out kernel partition creation

build_image

Index: build_image
diff --git a/build_image b/build_image
index 078ca2d02d54986e60a4caa5fae08bcd49f0a84b..885b068d2b883b27c53e0dc0a845fefc85af3d06 100755
--- a/build_image
+++ b/build_image
@@ -462,73 +462,18 @@ menuentry "Alternate USB Boot" {
 }
 
 EOF
-
-  # FIXME: At the moment, we're working on signed images for x86 only. ARM will
-  # support this before shipping, but at the moment they don't.
-  if [[ "${ARCH}" = "x86" ]]; then
-
-    # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
-    # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS
-    # BIOS will use a separate signed kernel partition, which we'll create now.
-    # FIXME: remove serial output, debugging messages.
-    cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
-earlyprintk=serial,ttyS0,115200
-console=ttyS0,115200
-init=/sbin/init
-add_efi_memmap
-gpt
-boot=local
-rootwait
-root=/dev/sd%D%P
-ro
-noresume
-noswap
-i915.modeset=1
-loglevel=7
-cros_secure
-EOF
-
-    # FIXME: We need to specify the real keys and certs here!
-    SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
-
-    # Wrap the public keys with VbPublicKey headers.
-    vbutil_key --pack \
-      --in "${SIG_DIR}/key_rsa2048.keyb" \
-      --version 1 --algorithm 4 \
-      --out "${OUTPUT_DIR}/key_alg4.vbpubk"
-
-    vbutil_key --pack \
-      --in "${SIG_DIR}/key_rsa4096.keyb" \
-      --version 1 --algorithm 8 \
-      --out "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-    vbutil_keyblock --pack "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --datapubkey "${OUTPUT_DIR}/key_alg4.vbpubk" \
-      --signprivate "${SIG_DIR}/key_rsa4096.pem" \
-      --algorithm 8 --flags 3
-
-    # Verify the keyblock.
-    vbutil_keyblock --unpack "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --signpubkey "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-    # Sign the kernel:
-    vbutil_kernel --pack "${OUTPUT_DIR}/vmlinuz.image" \
-      --keyblock "${OUTPUT_DIR}/data4_sign8.keyblock" \
-      --signprivate "${SIG_DIR}/key_rsa2048.pem" \
-      --version 1 \
-      --config "${OUTPUT_DIR}/config.txt" \
-      --bootloader /lib64/bootstub/bootstub.efi \
-      --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz"
-
-    # And verify it.
-    vbutil_kernel --verify "${OUTPUT_DIR}/vmlinuz.image" \
-      --signpubkey "${OUTPUT_DIR}/key_alg8.vbpubk"
-
-  else
-    # FIXME: For now, ARM just uses the unsigned kernel by itself.
-    cp -f "${ROOT_FS_DIR}/boot/vmlinuz" "${OUTPUT_DIR}/vmlinuz.image"
-  fi
-
+  # TODO(wad) add baseline syslinux files to ESP and install the syslinux loader
+
+  # Builds the kernel partition image.  The temporary files are kept around
+  # so that we can perform a load_kernel_test later on the final image.
+  # TODO(wad) add dm-verity boot args (--boot_args, --root)
+  ${SCRIPTS_DIR}/build_kernel_image.sh \
+    --arch="${ARCH}" \
+    --to="${OUTPUT_DIR}/vmlinuz.image" \
+    --vmlinuz="${ROOT_FS_DIR}/boot/vmlinuz" \
+    --working_dir="${OUTPUT_DIR}" \
+    --keep_work \
+    --keys_dir="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
 
   # Perform any customizations on the root file system that are needed.
   "${SCRIPTS_DIR}/customize_rootfs" \
@@ -597,6 +542,7 @@ trap - EXIT
 # FIXME: only signing things for x86 right now.
 if [[ "${ARCH}" = "x86" ]]; then
   # Verify the final image.
+  # key_alg8.vbpubk is generated by build_kernel_image.sh --keep_work
   load_kernel_test "${OUTPUT_IMG}" "${OUTPUT_DIR}/key_alg8.vbpubk"
 fi