| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Standalone version of cros_resign_image.sh script from | 7 # Standalone version of cros_resign_image.sh script from |
| 8 # chromeos/src/scripts/bin/ for use on signing servers. | 8 # chromeos/src/scripts/bin/ for use on signing servers. |
| 9 | 9 |
| 10 # Both the cgpt tool and vbutil_kernel should be in the system path. | 10 # Both the cgpt tool and vbutil_kernel should be in the system path. |
| 11 | 11 |
| 12 # Load common constants and variables. | 12 # Load common constants and variables. |
| 13 . "$(dirname "$0")/common.sh" | 13 . "$(dirname "$0")/common.sh" |
| 14 | 14 |
| 15 # Abort on error | 15 # Abort on error |
| 16 set -e | 16 set -e |
| 17 | 17 |
| 18 # Check arguments | 18 # Check arguments |
| 19 if [ $# -ne 4 ] ; then | 19 if [ $# -lt 4 ] || [ $# -gt 5 ] ; then |
| 20 echo "usage: $0 src_bin dst_bin kernel_datakey kernel_keyblock" | 20 echo "usage: $PROG src_bin dst_bin kernel_datakey kernel_keyblock [version]" |
| 21 exit 1 | 21 exit 1 |
| 22 fi | 22 fi |
| 23 | 23 |
| 24 # Make sure the tools we need are available. | 24 # Make sure the tools we need are available. |
| 25 type -P cgpt &>/dev/null || \ | 25 for prereqs in vbutil_kernel cgpt; |
| 26 { echo "cgpt tool not found."; exit 1; } | 26 do |
| 27 type -P vbutil_kernel &>/dev/null || \ | 27 type -P "${prereqs}" &>/dev/null || \ |
| 28 { echo "vbutil_kernel tool not found."; exit 1; } | 28 { echo "${prereqs} tool not found."; exit 1; } |
| 29 done |
| 29 | 30 |
| 30 sector_size=512 # sector size in bytes | 31 SRC_BIN=$1 |
| 31 num_sectors_vb=128 # number of sectors in kernel verification blob | 32 DST_BIN=$2 |
| 32 src_bin=$1 | 33 KERNEL_DATAKEY=$3 |
| 33 dst_bin=$2 | 34 KERNEL_KEYBLOCK=$4 |
| 34 kernel_datakey=$3 | 35 VERSION=$5 |
| 35 kernel_keyblock=$4 | |
| 36 | 36 |
| 37 koffset="$(cgpt show -b -i 2 $1)" | 37 if [ -z $VERSION ]; then |
| 38 ksize="$(cgpt show -s -i 2 $1)" | 38 VERSION=1 |
| 39 fi |
| 40 echo "Using kernel version: $VERSION" |
| 39 | 41 |
| 40 echo "Re-signing image ${src_bin} and outputting ${dst_bin}" | |
| 41 temp_kimage=$(make_temp_file) | 42 temp_kimage=$(make_temp_file) |
| 42 temp_out_vb=$(make_temp_file) | 43 extract_image_partition ${SRC_BIN} 2 ${temp_kimage} |
| 44 updated_kimage=$(make_temp_file) |
| 43 | 45 |
| 44 # Grab the kernel image in preparation for resigning | 46 vbutil_kernel --repack "${updated_kimage}" \ |
| 45 dd if="${src_bin}" of="${temp_kimage}" skip=$koffset bs=$sector_size \ | 47 --keyblock "${KERNEL_KEYBLOCK}" \ |
| 46 count=$ksize | 48 --signprivate "${KERNEL_DATAKEY}" \ |
| 47 vbutil_kernel \ | 49 --version "${VERSION}" \ |
| 48 --repack "${temp_out_vb}" \ | |
| 49 --vblockonly \ | |
| 50 --keyblock "${kernel_keyblock}" \ | |
| 51 --signprivate "${kernel_datakey}" \ | |
| 52 --oldblob "${temp_kimage}" | 50 --oldblob "${temp_kimage}" |
| 53 | 51 |
| 54 # Create a copy of the input image and put in the new vblock | 52 # Create a copy of the input image and put in the new vblock |
| 55 cp "${src_bin}" "${dst_bin}" | 53 cp "${SRC_BIN}" "${DST_BIN}" |
| 56 dd if="${temp_out_vb}" of="${dst_bin}" seek=$koffset bs=$sector_size \ | 54 replace_image_partition ${DST_BIN} 2 ${updated_kimage} |
| 57 count=$num_sectors_vb conv=notrunc | 55 echo "New signed image was output to ${DST_BIN}" |
| 58 | 56 |
| 59 echo "New signed image was output to ${dst_bin}" | |
| 60 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6368064:
Allow signing scripts to (optionally) set the firmware and kernel versions (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master