| OLD | NEW |
|---|
| (Empty) | |
| 1 #!/bin/bash |
| 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. |
| 6 |
| 7 # Script to resign the kernel partition generated in the output of build_image |
| 8 # with keys of our choosing. |
| 9 |
| 10 # Load common constants. This should be the first executable line. |
| 11 # The path to common.sh should be relative to your script's location. |
| 12 . "$(dirname "$0")/../common.sh" |
| 13 |
| 14 . "$(dirname "$0")/../chromeos-common.sh" # for partoffset and partsize |
| 15 |
| 16 locate_gpt |
| 17 |
| 18 DEFINE_string from "chromiumos_image.bin" \ |
| 19 "Input file name of Chrome OS image to re-sign." |
| 20 DEFINE_string datakey "" \ |
| 21 "Private Kernel Data Key (.vbprivk) to use for re-signing." |
| 22 DEFINE_string keyblock "" \ |
| 23 "Kernel Keyblock (.keyblock) to use for generating the vblock" |
| 24 DEFINE_string to "" \ |
| 25 "Output file name for the re-signed image." |
| 26 DEFINE_string vsubkey "" \ |
| 27 "(Optional) Public Kernel SubKey (.vbpubk) to use for testing verification." |
| 28 DEFINE_string vbutil_dir "" \ |
| 29 "(Optional) Path to directory containing vboot utility binaries" |
| 30 DEFINE_integer bootflags 0 \ |
| 31 "(Optional) Boot flags to use for verifying the output image" |
| 32 |
| 33 # Parse command line |
| 34 FLAGS "$@" || exit 1 |
| 35 eval set -- "${FLAGS_ARGV}" |
| 36 |
| 37 # Abort on error |
| 38 set -e |
| 39 |
| 40 if [ -z $FLAGS_from ] || [ ! -f $FLAGS_from ] ; then |
| 41 echo "Error: invalid flag --from" |
| 42 exit 1 |
| 43 fi |
| 44 |
| 45 if [ -z $FLAGS_datakey ] || [ ! -f $FLAGS_datakey ] ; then |
| 46 echo "Error: invalid kernel data key" |
| 47 exit 1 |
| 48 fi |
| 49 |
| 50 if [ -z $FLAGS_keyblock ] || [ ! -f $FLAGS_keyblock ] ; then |
| 51 echo "Error: invalid kernel keyblock" |
| 52 exit 1 |
| 53 fi |
| 54 |
| 55 if [ -z $FLAGS_to ]; then |
| 56 echo "Error: invalid flag --to" |
| 57 exit 1 |
| 58 fi |
| 59 |
| 60 sector_size=512 # sector size in bytes |
| 61 num_sectors_vb=128 # number of sectors in kernel verification blob |
| 62 koffset="$(partoffset ${FLAGS_from} 2)" |
| 63 ksize="$(partsize ${FLAGS_from} 2)" |
| 64 |
| 65 echo "Re-signing image ${FLAGS_from} and outputting ${FLAGS_to}" |
| 66 temp_kimage=$(mktemp) |
| 67 trap "rm -f ${temp_kimage}" EXIT |
| 68 temp_out_vb=$(mktemp) |
| 69 trap "rm -f ${temp_out_vb}" EXIT |
| 70 |
| 71 # Grab the kernel image in preparation for resigning |
| 72 dd if="${FLAGS_from}" of="${temp_kimage}" skip=$koffset bs=$sector_size \ |
| 73 count=$ksize |
| 74 ${FLAGS_vbutil_dir}vbutil_kernel \ |
| 75 --repack "${temp_out_vb}" \ |
| 76 --vblockonly \ |
| 77 --keyblock "${FLAGS_keyblock}" \ |
| 78 --signprivate "${FLAGS_datakey}" \ |
| 79 --oldblob "${temp_kimage}" |
| 80 |
| 81 # Create a copy of the input image and put in the new vblock |
| 82 cp "${FLAGS_from}" "${FLAGS_to}" |
| 83 dd if="${temp_out_vb}" of="${FLAGS_to}" seek=$koffset bs=$sector_size \ |
| 84 count=$num_sectors_vb conv=notrunc |
| 85 |
| 86 # Only test verification if the public subkey was passed in. |
| 87 if [ ! -z $FLAGS_vsubkey ]; then |
| 88 ${FLAGS_vbutil_dir}load_kernel_test "${FLAGS_to}" "${FLAGS_vsubkey}" \ |
| 89 ${FLAGS_bootflags} |
| 90 fi |
| 91 |
| 92 echo "New signed image was output to ${FLAGS_to}" |
| 93 |
| 94 # Clean up temporary files |
| 95 rm -f ${temp_kimage} |
| 96 rm -f ${temp_out_vb} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2938004:
Add a script to re-sign Chrome OS images with keys of our choosing. (Closed)
Base URL: ssh://git@chromiumos-git/crosutils.git