OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Sign the final build image using the "official" keys. | 7 # Sign the final build image using the "official" keys. |
8 # | 8 # |
9 # Prerequisite tools needed in the system path: | 9 # Prerequisite tools needed in the system path: |
10 # | 10 # |
(...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
315 ${KEY_DIR}/kernel_data_key.vbprivk \ | 315 ${KEY_DIR}/kernel_data_key.vbprivk \ |
316 ${KEY_DIR}/kernel.keyblock | 316 ${KEY_DIR}/kernel.keyblock |
317 echo "Signed SSD image output to ${OUTPUT_IMAGE}" | 317 echo "Signed SSD image output to ${OUTPUT_IMAGE}" |
318 } | 318 } |
319 | 319 |
320 # Generate the USB image (direct boot) | 320 # Generate the USB image (direct boot) |
321 sign_for_usb() { | 321 sign_for_usb() { |
322 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ | 322 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
323 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ | 323 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
324 ${KEY_DIR}/recovery_kernel.keyblock | 324 ${KEY_DIR}/recovery_kernel.keyblock |
| 325 |
| 326 # Now generate the installer vblock with the SSD keys. |
| 327 # The installer vblock is for KERN-A on direct boot images. |
| 328 temp_kimagea=$(make_temp_file) |
| 329 temp_out_vb=$(make_temp_file) |
| 330 extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimagea} |
| 331 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimagea} ${temp_out_vb} \ |
| 332 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 333 ${KEY_DIR}/kernel.keyblock |
| 334 |
| 335 # Copy the installer vblock to the stateful partition. |
| 336 local stateful_dir=$(make_temp_dir) |
| 337 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
| 338 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
| 339 |
325 echo "Signed USB image output to ${OUTPUT_IMAGE}" | 340 echo "Signed USB image output to ${OUTPUT_IMAGE}" |
326 } | 341 } |
327 | 342 |
328 # Generate the USB (recovery + install) image | 343 # Generate the USB (recovery + install) image |
329 sign_for_recovery() { | 344 sign_for_recovery() { |
330 # Update the Kernel B hash in Kernel A command line | 345 # Update the Kernel B hash in Kernel A command line |
331 temp_kimageb=$(make_temp_file) | 346 temp_kimageb=$(make_temp_file) |
332 extract_image_partition ${INPUT_IMAGE} 4 ${temp_kimageb} | 347 extract_image_partition ${INPUT_IMAGE} 4 ${temp_kimageb} |
333 local kern_a_config=$(grab_kernel_config "${INPUT_IMAGE}" 2) | 348 local kern_a_config=$(grab_kernel_config "${INPUT_IMAGE}" 2) |
334 local kern_b_hash=$(sha1sum ${temp_kimageb} | cut -f1 -d' ') | 349 local kern_b_hash=$(sha1sum ${temp_kimageb} | cut -f1 -d' ') |
(...skipping 20 matching lines...) Expand all Loading... |
355 | 370 |
356 # Now generate the installer vblock with the SSD keys. | 371 # Now generate the installer vblock with the SSD keys. |
357 # The installer vblock is for KERN-B on recovery images. | 372 # The installer vblock is for KERN-B on recovery images. |
358 temp_out_vb=$(make_temp_file) | 373 temp_out_vb=$(make_temp_file) |
359 extract_image_partition ${OUTPUT_IMAGE} 4 ${temp_kimageb} | 374 extract_image_partition ${OUTPUT_IMAGE} 4 ${temp_kimageb} |
360 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimageb} ${temp_out_vb} \ | 375 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimageb} ${temp_out_vb} \ |
361 ${KEY_DIR}/kernel_data_key.vbprivk \ | 376 ${KEY_DIR}/kernel_data_key.vbprivk \ |
362 ${KEY_DIR}/kernel.keyblock | 377 ${KEY_DIR}/kernel.keyblock |
363 | 378 |
364 # Copy the installer vblock to the stateful partition. | 379 # Copy the installer vblock to the stateful partition. |
365 # TODO(gauravsh): Remove this after we get rid of the need to overwrite | 380 # TODO(gauravsh): Remove this if we get rid of the need to overwrite |
366 # the vblock during installs. Kenrn B could directly be signed by the | 381 # the vblock during installs. Kern B could directly be signed by the |
367 # SSD keys. | 382 # SSD keys. |
368 local stateful_dir=$(make_temp_dir) | 383 local stateful_dir=$(make_temp_dir) |
369 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} | 384 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
370 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock | 385 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
371 | 386 |
372 echo "Signed recovery image output to ${OUTPUT_IMAGE}" | 387 echo "Signed recovery image output to ${OUTPUT_IMAGE}" |
373 } | 388 } |
374 | 389 |
375 # Generate the factory install image. | 390 # Generate the factory install image. |
376 sign_for_factory_install() { | 391 sign_for_factory_install() { |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
423 resign_firmware_payload ${INPUT_IMAGE} | 438 resign_firmware_payload ${INPUT_IMAGE} |
424 update_rootfs_hash ${INPUT_IMAGE} \ | 439 update_rootfs_hash ${INPUT_IMAGE} \ |
425 ${KEY_DIR}/installer_kernel.keyblock \ | 440 ${KEY_DIR}/installer_kernel.keyblock \ |
426 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ | 441 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
427 2 | 442 2 |
428 sign_for_factory_install | 443 sign_for_factory_install |
429 else | 444 else |
430 echo "Invalid type ${TYPE}" | 445 echo "Invalid type ${TYPE}" |
431 exit 1 | 446 exit 1 |
432 fi | 447 fi |
OLD | NEW |