Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(247)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: scripts/image_signing/make_dev_firmware.sh

Issue 5987010: vboot_reference/make_dev_firmware: check write protection status before making changes (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master
Patch Set: fix param checking Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 # 2 #
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 # 6 #
7 # This script can change key (usually developer keys) in a firmware binary 7 # This script can change key (usually developer keys) in a firmware binary
8 # image or system live firmware (EEPROM), and assign proper HWID, BMPFV as well. 8 # image or system live firmware (EEPROM), and assign proper HWID, BMPFV as well.
9 9
10 SCRIPT_BASE="$(dirname "$0")" 10 SCRIPT_BASE="$(dirname "$0")"
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
55 [ "$FLAGS_debug" = $FLAGS_TRUE ] 55 [ "$FLAGS_debug" = $FLAGS_TRUE ]
56 } 56 }
57 57
58 # Prints messages (in parameters) in debug mode 58 # Prints messages (in parameters) in debug mode
59 debug_msg() { 59 debug_msg() {
60 if is_debug_mode; then 60 if is_debug_mode; then
61 echo "DEBUG: $*" 1>&2 61 echo "DEBUG: $*" 1>&2
62 fi 62 fi
63 } 63 }
64 64
65 # Disables write protection status registers
66 disable_write_protection() {
67 # No need to change WP status in file mode
68 if [ -n "$FLAGS_to" ]; then
69 return $FLAGS_TRUE
70 fi
71
72 # --wp-disable command may return success even if WP is still enabled,
73 # so we should use --wp-status to verify the results.
74 echo "Disabling system software write protection status..."
75 (flashrom --wp-disable && flashrom --wp-status) 2>&1 |
76 tee "$EXEC_LOG" |
77 grep -q '^WP: .* is disabled\.$'
78 }
79
65 # Reads $IMAGE from $FLAGS_from 80 # Reads $IMAGE from $FLAGS_from
66 read_image() { 81 read_image() {
67 if [ -z "$FLAGS_from" ]; then 82 if [ -z "$FLAGS_from" ]; then
68 echo "Reading system live firmware..." 83 echo "Reading system live firmware..."
69 if is_debug_mode; then 84 if is_debug_mode; then
70 flashrom -V -r "$IMAGE" 85 flashrom -V -r "$IMAGE"
71 else 86 else
72 flashrom -r "$IMAGE" >"$EXEC_LOG" 2>&1 87 flashrom -r "$IMAGE" >"$EXEC_LOG" 2>&1
73 fi 88 fi
74 else 89 else
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 "$kernel_sub_pubkey" \ 149 "$kernel_sub_pubkey" \
135 "$new_bmpfv" || 150 "$new_bmpfv" ||
136 exit 1 151 exit 1
137 152
138 if [ -z "$FLAGS_from" ]; then 153 if [ -z "$FLAGS_from" ]; then
139 is_from_live=1 154 is_from_live=1
140 else 155 else
141 ensure_files_exist "$FLAGS_from" 156 ensure_files_exist "$FLAGS_from"
142 fi 157 fi
143 158
144 # TODO(hungte) check if GPIO.3 (WP) is enabled 159 debug_msg "Checking software write protection status"
160 disable_write_protection ||
161 if is_debug_mode; then
162 err_die "Failed to disable WP. Diagnose Message: $(cat "$EXEC_LOG")"
163 else
164 err_die "Write protection is still enabled. " \
165 "Please verify that hardware write protection is disabled."
166 fi
145 167
146 debug_msg "Pulling image to $IMAGE" 168 debug_msg "Pulling image to $IMAGE"
147 (read_image && [ -s "$IMAGE" ]) || 169 (read_image && [ -s "$IMAGE" ]) ||
148 err_die "Failed to read image. Error message: $(cat "$EXEC_LOG")" 170 err_die "Failed to read image. Error message: $(cat "$EXEC_LOG")"
149 171
150 debug_msg "Prepare to backup the file" 172 debug_msg "Prepare to backup the file"
151 if [ -n "$is_from_live" -o $FLAGS_force_backup = $FLAGS_TRUE ]; then 173 if [ -n "$is_from_live" -o $FLAGS_force_backup = $FLAGS_TRUE ]; then
152 backup_image="$(make_temp_file)" 174 backup_image="$(make_temp_file)"
153 debug_msg "Creating backup file to $backup_image..." 175 debug_msg "Creating backup file to $backup_image..."
154 cp -f "$IMAGE" "$backup_image" 176 cp -f "$IMAGE" "$backup_image"
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
232 254
233 debug_msg "Complete." 255 debug_msg "Complete."
234 if [ -z "$FLAGS_to" ]; then 256 if [ -z "$FLAGS_to" ]; then
235 echo "Successfully changed firmware to Developer Keys. New HWID: $new_hwid" 257 echo "Successfully changed firmware to Developer Keys. New HWID: $new_hwid"
236 else 258 else
237 echo "Firmware '$FLAGS_to' now uses Developer Keys. New HWID: $new_hwid" 259 echo "Firmware '$FLAGS_to' now uses Developer Keys. New HWID: $new_hwid"
238 fi 260 fi
239 } 261 }
240 262
241 main 263 main
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698