| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Sign the final build image using the "official" keys. | 7 # Sign the final build image using the "official" keys. |
| 8 # | 8 # |
| 9 # Prerequisite tools needed in the system path: | 9 # Prerequisite tools needed in the system path: |
| 10 # | 10 # |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 315 ${KEY_DIR}/kernel_data_key.vbprivk \ | 315 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 316 ${KEY_DIR}/kernel.keyblock | 316 ${KEY_DIR}/kernel.keyblock |
| 317 echo "Signed SSD image output to ${OUTPUT_IMAGE}" | 317 echo "Signed SSD image output to ${OUTPUT_IMAGE}" |
| 318 } | 318 } |
| 319 | 319 |
| 320 # Generate the USB image (direct boot) | 320 # Generate the USB image (direct boot) |
| 321 sign_for_usb() { | 321 sign_for_usb() { |
| 322 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ | 322 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
| 323 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ | 323 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
| 324 ${KEY_DIR}/recovery_kernel.keyblock | 324 ${KEY_DIR}/recovery_kernel.keyblock |
| 325 |
| 326 # Now generate the installer vblock with the SSD keys. |
| 327 # The installer vblock is for KERN-A on direct boot images. |
| 328 temp_kimagea=$(make_temp_file) |
| 329 temp_out_vb=$(make_temp_file) |
| 330 extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimagea} |
| 331 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimagea} ${temp_out_vb} \ |
| 332 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 333 ${KEY_DIR}/kernel.keyblock |
| 334 |
| 335 # Copy the installer vblock to the stateful partition. |
| 336 local stateful_dir=$(make_temp_dir) |
| 337 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
| 338 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
| 339 |
| 325 echo "Signed USB image output to ${OUTPUT_IMAGE}" | 340 echo "Signed USB image output to ${OUTPUT_IMAGE}" |
| 326 } | 341 } |
| 327 | 342 |
| 328 # Generate the USB (recovery + install) image | 343 # Generate the USB (recovery + install) image |
| 329 sign_for_recovery() { | 344 sign_for_recovery() { |
| 330 # Update the Kernel B hash in Kernel A command line | 345 # Update the Kernel B hash in Kernel A command line |
| 331 temp_kimageb=$(make_temp_file) | 346 temp_kimageb=$(make_temp_file) |
| 332 extract_image_partition ${INPUT_IMAGE} 4 ${temp_kimageb} | 347 extract_image_partition ${INPUT_IMAGE} 4 ${temp_kimageb} |
| 333 local kern_a_config=$(grab_kernel_config "${INPUT_IMAGE}" 2) | 348 local kern_a_config=$(grab_kernel_config "${INPUT_IMAGE}" 2) |
| 334 local kern_b_hash=$(sha1sum ${temp_kimageb} | cut -f1 -d' ') | 349 local kern_b_hash=$(sha1sum ${temp_kimageb} | cut -f1 -d' ') |
| (...skipping 20 matching lines...) Expand all Loading... |
| 355 | 370 |
| 356 # Now generate the installer vblock with the SSD keys. | 371 # Now generate the installer vblock with the SSD keys. |
| 357 # The installer vblock is for KERN-B on recovery images. | 372 # The installer vblock is for KERN-B on recovery images. |
| 358 temp_out_vb=$(make_temp_file) | 373 temp_out_vb=$(make_temp_file) |
| 359 extract_image_partition ${OUTPUT_IMAGE} 4 ${temp_kimageb} | 374 extract_image_partition ${OUTPUT_IMAGE} 4 ${temp_kimageb} |
| 360 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimageb} ${temp_out_vb} \ | 375 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimageb} ${temp_out_vb} \ |
| 361 ${KEY_DIR}/kernel_data_key.vbprivk \ | 376 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 362 ${KEY_DIR}/kernel.keyblock | 377 ${KEY_DIR}/kernel.keyblock |
| 363 | 378 |
| 364 # Copy the installer vblock to the stateful partition. | 379 # Copy the installer vblock to the stateful partition. |
| 365 # TODO(gauravsh): Remove this after we get rid of the need to overwrite | 380 # TODO(gauravsh): Remove this if we get rid of the need to overwrite |
| 366 # the vblock during installs. Kenrn B could directly be signed by the | 381 # the vblock during installs. Kern B could directly be signed by the |
| 367 # SSD keys. | 382 # SSD keys. |
| 368 local stateful_dir=$(make_temp_dir) | 383 local stateful_dir=$(make_temp_dir) |
| 369 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} | 384 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
| 370 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock | 385 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
| 371 | 386 |
| 372 echo "Signed recovery image output to ${OUTPUT_IMAGE}" | 387 echo "Signed recovery image output to ${OUTPUT_IMAGE}" |
| 373 } | 388 } |
| 374 | 389 |
| 375 # Generate the factory install image. | 390 # Generate the factory install image. |
| 376 sign_for_factory_install() { | 391 sign_for_factory_install() { |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 423 resign_firmware_payload ${INPUT_IMAGE} | 438 resign_firmware_payload ${INPUT_IMAGE} |
| 424 update_rootfs_hash ${INPUT_IMAGE} \ | 439 update_rootfs_hash ${INPUT_IMAGE} \ |
| 425 ${KEY_DIR}/installer_kernel.keyblock \ | 440 ${KEY_DIR}/installer_kernel.keyblock \ |
| 426 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ | 441 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
| 427 2 | 442 2 |
| 428 sign_for_factory_install | 443 sign_for_factory_install |
| 429 else | 444 else |
| 430 echo "Invalid type ${TYPE}" | 445 echo "Invalid type ${TYPE}" |
| 431 exit 1 | 446 exit 1 |
| 432 fi | 447 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4457001:
Produce the correct vvmlinuz_hd.vblock when signing for direct USB. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master