Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(637)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: scripts/image_signing/resign_firmwarefd.sh

Issue 3083025: Make signing script re-sign Firmware AU payload, and update rootfs hash. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: review fixes Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « scripts/image_signing/common.sh ('k') | scripts/image_signing/resign_image.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/bash 1 #!/bin/bash
2 2
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Script to resign a firmware image using a different set of keys 7 # Script to resign a firmware image using a different set of keys
8 # for use on signing servers. 8 # for use on signing servers.
9 # 9 #
10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock 10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock
(...skipping 29 matching lines...) Expand all
40 # area_offset="0x000aa000" area_size="0x0002e000" area_name="Firmware B Data" \ 40 # area_offset="0x000aa000" area_size="0x0002e000" area_name="Firmware B Data" \
41 # area_flags_raw="0x03" area_flags="static,compressed" 41 # area_flags_raw="0x03" area_flags="static,compressed"
42 # area_offset="0x00005200" area_size="0x00001000" area_name="RW VPD" \ 42 # area_offset="0x00005200" area_size="0x00001000" area_name="RW VPD" \
43 # area_flags_raw="0x00" area_flags="" 43 # area_flags_raw="0x00" area_flags=""
44 # 44 #
45 # This shows that Firmware A Data is at offset 0x0000a0000 in the .fd image 45 # This shows that Firmware A Data is at offset 0x0000a0000 in the .fd image
46 # and is of size 0x0009e000 bytes. This can be extracted to generate new vblocks 46 # and is of size 0x0009e000 bytes. This can be extracted to generate new vblocks
47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at 47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at
48 # offset 0x00008000 and size 0x00002000). 48 # offset 0x00008000 and size 0x00002000).
49 49
50 # Load common constants and variables.
51 . "$(dirname "$0")/common.sh"
52
50 # Abort on error 53 # Abort on error
51 set -e 54 set -e
52 55
53 # Check arguments 56 # Check arguments
54 if [ $# -ne 5 ] ; then 57 if [ $# -ne 5 ] ; then
55 echo \ 58 echo \
56 "Usage: $0 src_fd dst_fd firmware_datakey firmware_keyblock kernel_subkey" 59 "Usage: $0 src_fd dst_fd firmware_datakey firmware_keyblock kernel_subkey"
57 exit 1 60 exit 1
58 fi 61 fi
59 62
(...skipping 28 matching lines...) Expand all
88 match_str="$i Data" 91 match_str="$i Data"
89 line=$(fmap_decode $1 | grep "$match_str") 92 line=$(fmap_decode $1 | grep "$match_str")
90 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" 93 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')"
91 eval let \ 94 eval let \
92 fw${i}_offset="$offset" 95 fw${i}_offset="$offset"
93 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" 96 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')"
94 eval let \ 97 eval let \
95 fw${i}_size="$size" 98 fw${i}_size="$size"
96 done 99 done
97 100
98 temp_fwimage=$(mktemp) 101 temp_fwimage=$(make_temp_file)
99 temp_out_vb=$(mktemp) 102 temp_out_vb=$(make_temp_file)
100 trap "rm -f ${temp_fwimage} ${temp_out_vb}" EXIT
101 103
102 # Extract out Firmware A data and generate signature using the right keys 104 # Extract out Firmware A data and generate signature using the right keys
103 dd if="${src_fd}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \ 105 dd if="${src_fd}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \
104 count="${fwA_size}" 106 count="${fwA_size}"
105 107
106 echo "Re-calculating Firmware A vblock" 108 echo "Re-calculating Firmware A vblock"
107 vbutil_firmware \ 109 vbutil_firmware \
108 --vblock "${temp_out_vb}" \ 110 --vblock "${temp_out_vb}" \
109 --keyblock "${firmware_keyblock}" \ 111 --keyblock "${firmware_keyblock}" \
110 --signprivate "${firmware_datakey}" \ 112 --signprivate "${firmware_datakey}" \
(...skipping 16 matching lines...) Expand all
127 --signprivate "${firmware_datakey}" \ 129 --signprivate "${firmware_datakey}" \
128 --version "${VERSION}" \ 130 --version "${VERSION}" \
129 --fv "${temp_fwimage}" \ 131 --fv "${temp_fwimage}" \
130 --kernelkey "${kernel_subkey}" 132 --kernelkey "${kernel_subkey}"
131 133
132 # Destination image has already been created. 134 # Destination image has already been created.
133 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwB_vblock_offset}" bs=1 \ 135 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwB_vblock_offset}" bs=1 \
134 count="${fwB_vblock_size}" conv=notrunc 136 count="${fwB_vblock_size}" conv=notrunc
135 137
136 echo "New signed image was output to ${dst_fd}" 138 echo "New signed image was output to ${dst_fd}"
OLDNEW
« no previous file with comments | « scripts/image_signing/common.sh ('k') | scripts/image_signing/resign_image.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698