Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: scripts/image_signing/resign_firmwarefd.sh

Issue 6368064: Allow signing scripts to (optionally) set the firmware and kernel versions (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master
Patch Set: ws fix for real Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | scripts/image_signing/resign_image.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Script to resign a firmware image using a different set of keys 7 # Script to resign a firmware image using a different set of keys
8 # for use on signing servers. 8 # for use on signing servers.
9 # 9 #
10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock 10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at 47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at
48 # offset 0x00008000 and size 0x00002000). 48 # offset 0x00008000 and size 0x00002000).
49 49
50 # Load common constants and variables. 50 # Load common constants and variables.
51 . "$(dirname "$0")/common_minimal.sh" 51 . "$(dirname "$0")/common_minimal.sh"
52 52
53 # Abort on error 53 # Abort on error
54 set -e 54 set -e
55 55
56 # Check arguments 56 # Check arguments
57 if [ $# -ne 5 ] ; then 57 if [ $# -lt 5 ] || [ $# -gt 6 ]; then
58 echo \ 58 echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\
59 "Usage: $0 src_fd dst_fd firmware_datakey firmware_keyblock kernel_subkey" 59 "kernel_subkey [version]"
60 exit 1 60 exit 1
61 fi 61 fi
62 62
63 # Make sure the tools we need are available. 63 # Make sure the tools we need are available.
64 for prog in mosys vbutil_firmware; do 64 for prog in mosys vbutil_firmware; do
65 type "${prog}" &>/dev/null || \ 65 type "${prog}" &>/dev/null || \
66 { echo "${prog} tool not found."; exit 1; } 66 { echo "${prog} tool not found."; exit 1; }
67 done 67 done
68 68
69 src_fd=$1 69 SRC_FD=$1
70 dst_fd=$2 70 DST_FD=$2
71 firmware_datakey=$3 71 FIRMWARE_DATAKEY=$3
72 firmware_keyblock=$4 72 FIRMWARE_KEYBLOCK=$4
73 kernel_subkey=$5 73 KERNEL_SUBKEY=$5
74 VERSION=$6
74 75
75 # TODO(gauravsh): Figure out where the version comes from. 76 if [ -z $VERSION ]; then
76 # Do we rev it manually? 77 VERSION=1
77 VERSION=1 78 fi
79 echo "Using firmware version: $VERSION"
78 80
79 # Parse offsets and size of firmware data and vblocks 81 # Parse offsets and size of firmware data and vblocks
80 for i in "A" "B" 82 for i in "A" "B"
81 do 83 do
82 match_str="$i Key" 84 match_str="$i Key"
83 line=$(mosys -f -k eeprom map $1 | grep "$match_str") 85 line=$(mosys -f -k eeprom map $1 | grep "$match_str")
84 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" 86 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')"
85 eval fw${i}_vblock_offset=$((offset)) 87 eval fw${i}_vblock_offset=$((offset))
86 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" 88 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')"
87 eval fw${i}_vblock_size=$((size)) 89 eval fw${i}_vblock_size=$((size))
88 90
89 match_str="$i Data" 91 match_str="$i Data"
90 line=$(mosys -f -k eeprom map $1 | grep "$match_str") 92 line=$(mosys -f -k eeprom map $1 | grep "$match_str")
91 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" 93 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')"
92 eval fw${i}_offset=$((offset)) 94 eval fw${i}_offset=$((offset))
93 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" 95 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')"
94 eval fw${i}_size=$((size)) 96 eval fw${i}_size=$((size))
95 done 97 done
96 98
97 temp_fwimage=$(make_temp_file) 99 temp_fwimage=$(make_temp_file)
98 temp_out_vb=$(make_temp_file) 100 temp_out_vb=$(make_temp_file)
99 101
100 # Extract out Firmware A data and generate signature using the right keys 102 # Extract out Firmware A data and generate signature using the right keys
101 dd if="${src_fd}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \ 103 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \
102 count="${fwA_size}" 104 count="${fwA_size}"
103 105
104 echo "Re-calculating Firmware A vblock" 106 echo "Re-calculating Firmware A vblock"
105 vbutil_firmware \ 107 vbutil_firmware \
106 --vblock "${temp_out_vb}" \ 108 --vblock "${temp_out_vb}" \
107 --keyblock "${firmware_keyblock}" \ 109 --keyblock "${FIRMWARE_KEYBLOCK}" \
108 --signprivate "${firmware_datakey}" \ 110 --signprivate "${FIRMWARE_DATAKEY}" \
109 --version "${VERSION}" \ 111 --version "${VERSION}" \
110 --fv "${temp_fwimage}" \ 112 --fv "${temp_fwimage}" \
111 --kernelkey "${kernel_subkey}" 113 --kernelkey "${KERNEL_SUBKEY}"
112 114
113 # Create a copy of the input image and put in the new vblock for firmware A 115 # Create a copy of the input image and put in the new vblock for firmware A
114 cp "${src_fd}" "${dst_fd}" 116 cp "${SRC_FD}" "${DST_FD}"
115 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwA_vblock_offset}" bs=1 \ 117 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwA_vblock_offset}" bs=1 \
116 count="${fwA_vblock_size}" conv=notrunc 118 count="${fwA_vblock_size}" conv=notrunc
117 119
118 # Repeat for firmware B 120 # Repeat for firmware B
119 dd if="${src_fd}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \ 121 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \
120 count="${fwB_size}" 122 count="${fwB_size}"
121 echo "Re-calculating Firmware B vblock" 123 echo "Re-calculating Firmware B vblock"
122 vbutil_firmware \ 124 vbutil_firmware \
123 --vblock "${temp_out_vb}" \ 125 --vblock "${temp_out_vb}" \
124 --keyblock "${firmware_keyblock}" \ 126 --keyblock "${FIRMWARE_KEYBLOCK}" \
125 --signprivate "${firmware_datakey}" \ 127 --signprivate "${FIRMWARE_DATAKEY}" \
126 --version "${VERSION}" \ 128 --version "${VERSION}" \
127 --fv "${temp_fwimage}" \ 129 --fv "${temp_fwimage}" \
128 --kernelkey "${kernel_subkey}" 130 --kernelkey "${KERNEL_SUBKEY}"
129 131
130 # Destination image has already been created. 132 # Destination image has already been created.
131 dd if="${temp_out_vb}" of="${dst_fd}" seek="${fwB_vblock_offset}" bs=1 \ 133 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwB_vblock_offset}" bs=1 \
132 count="${fwB_vblock_size}" conv=notrunc 134 count="${fwB_vblock_size}" conv=notrunc
133 135
134 echo "New signed image was output to ${dst_fd}" 136 echo "New signed image was output to ${DST_FD}"
OLDNEW
« no previous file with comments | « no previous file | scripts/image_signing/resign_image.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698