| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Helper script that generates the signed kernel image | 7 # Helper script that generates the signed kernel image |
| 8 | 8 |
| 9 . "$(dirname "$0")/common.sh" | 9 . "$(dirname "$0")/common.sh" |
| 10 | 10 |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 ${FLAGS_rootfs_image} \ | 81 ${FLAGS_rootfs_image} \ |
| 82 ${root_fs_blocks} \ | 82 ${root_fs_blocks} \ |
| 83 ${FLAGS_rootfs_hash}) | 83 ${FLAGS_rootfs_hash}) |
| 84 if [[ -f "${FLAGS_rootfs_hash}" ]]; then | 84 if [[ -f "${FLAGS_rootfs_hash}" ]]; then |
| 85 sudo chmod a+r "${FLAGS_rootfs_hash}" | 85 sudo chmod a+r "${FLAGS_rootfs_hash}" |
| 86 fi | 86 fi |
| 87 # Don't claim the root device unless the root= flag is pointed to | 87 # Don't claim the root device unless the root= flag is pointed to |
| 88 # the verified boot device. Doing so will claim /dev/sdDP out from | 88 # the verified boot device. Doing so will claim /dev/sdDP out from |
| 89 # under the system. | 89 # under the system. |
| 90 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then | 90 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then |
| 91 table=${table//HASH_DEV//dev/sd%D%P} | 91 if [[ "${FLAGS_arch}" = "x86" ]]; then |
| 92 table=${table//ROOT_DEV//dev/sd%D%P} | 92 base_root='/dev/sd%D%P' |
| 93 elif [[ "${FLAGS_arch}" = "arm" ]]; then |
| 94 base_root='/dev/${devname}${rootpart}' |
| 95 fi |
| 96 table=${table//HASH_DEV/${base_root}} |
| 97 table=${table//ROOT_DEV/${base_root}} |
| 93 fi | 98 fi |
| 94 verity_args="dm=\"vroot none ro,${table}\"" | 99 verity_args="dm=\"vroot none ro,${table}\"" |
| 95 info "dm-verity configuration: ${verity_args}" | 100 info "dm-verity configuration: ${verity_args}" |
| 96 fi | 101 fi |
| 97 | 102 |
| 98 mkdir -p "${FLAGS_working_dir}" | 103 mkdir -p "${FLAGS_working_dir}" |
| 99 cat <<EOF > "${FLAGS_working_dir}/boot.config" | 104 cat <<EOF > "${FLAGS_working_dir}/boot.config" |
| 100 root=${FLAGS_root} | 105 root=${FLAGS_root} |
| 101 dm_verity.error_behavior=${FLAGS_verity_error_behavior} | 106 dm_verity.error_behavior=${FLAGS_verity_error_behavior} |
| 102 dm_verity.max_bios=${FLAGS_verity_max_ios} | 107 dm_verity.max_bios=${FLAGS_verity_max_ios} |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 181 dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile | 186 dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile |
| 182 | 187 |
| 183 vbutil_kernel \ | 188 vbutil_kernel \ |
| 184 --verify $tempfile \ | 189 --verify $tempfile \ |
| 185 --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk" | 190 --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk" |
| 186 | 191 |
| 187 rm -f $tempfile | 192 rm -f $tempfile |
| 188 trap - EXIT | 193 trap - EXIT |
| 189 | 194 |
| 190 elif [[ "${FLAGS_arch}" = "arm" ]]; then | 195 elif [[ "${FLAGS_arch}" = "arm" ]]; then |
| 191 # FIXME: For now, ARM just uses the unsigned kernel by itself. | 196 # FIXME: This stuff is unsigned, and will likely change with vboot_reference |
| 192 cp -f "${FLAGS_vmlinuz}" "${FLAGS_to}" | 197 # but it doesn't technically have to. |
| 198 |
| 199 kernel_script="${FLAGS_working_dir}/kernel.scr" |
| 200 kernel_script_img="${FLAGS_working_dir}/kernel.scr.uimg" |
| 201 # HACK: !! Kernel image construction requires some stuff from portage, not |
| 202 # sure how to get that information here cleanly !! |
| 203 kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}" |
| 204 WORK="${WORK} ${kernel_script} ${kernel_script_img}" |
| 205 |
| 206 kernel_size=$((($(stat -c %s "${kernel_image}") + 511) / 512)) |
| 207 script_size=16 |
| 208 |
| 209 # Build boot script image |
| 210 echo -n 'setenv bootargs ${bootargs} ' > "${kernel_script}" |
| 211 tr '\n' ' ' <"${FLAGS_working_dir}/boot.config" >> "${kernel_script}" |
| 212 echo >> "${kernel_script}" |
| 213 printf 'read ${devtype} 0:${kernelpart} ${loadaddr} %x %x\n' \ |
| 214 ${script_size} ${kernel_size} >> "${kernel_script}" |
| 215 echo 'bootm ${loadaddr}' >> ${kernel_script} |
| 216 mkimage -A arm -O linux -T script -C none -a 0 -e 0 \ |
| 217 -n kernel_script -d "${kernel_script}" "${kernel_script_img}" |
| 218 |
| 219 if [ $(stat -c %s "${kernel_script_img}") -gt $((512 * ${script_size})) ] |
| 220 then |
| 221 echo 'Kernel script too large for reserved space.' |
| 222 exit 1 |
| 223 fi |
| 224 |
| 225 # Assemble image |
| 226 rm -f "${FLAGS_to}" |
| 227 dd if="${kernel_script_img}" of="${FLAGS_to}" bs=512 count="${script_size}" |
| 228 dd if="${kernel_image}" of="${FLAGS_to}" bs=512 seek="${script_size}" |
| 193 else | 229 else |
| 194 error "Unknown arch: ${FLAGS_arch}" | 230 error "Unknown arch: ${FLAGS_arch}" |
| 195 fi | 231 fi |
| 196 | 232 |
| 197 set +e # cleanup failure is a-ok | 233 set +e # cleanup failure is a-ok |
| 198 | 234 |
| 199 if [[ ${FLAGS_keep_work} -eq ${FLAGS_FALSE} ]]; then | 235 if [[ ${FLAGS_keep_work} -eq ${FLAGS_FALSE} ]]; then |
| 200 info "Cleaning up temporary files: ${WORK}" | 236 info "Cleaning up temporary files: ${WORK}" |
| 201 rm ${WORK} | 237 rm ${WORK} |
| 202 rmdir ${FLAGS_working_dir} | 238 rmdir ${FLAGS_working_dir} |
| 203 fi | 239 fi |
| 204 | 240 |
| 205 info "Kernel partition image emitted: ${FLAGS_to}" | 241 info "Kernel partition image emitted: ${FLAGS_to}" |
| 206 | 242 |
| 207 if [[ -f ${FLAGS_rootfs_hash} ]]; then | 243 if [[ -f ${FLAGS_rootfs_hash} ]]; then |
| 208 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" | 244 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" |
| 209 fi | 245 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3396011:
build_image: Add verity support for ARM. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/crosutils.git