scripts/image_signing/resign_image.sh - Issue 6368064: Allow signing scripts to (optionally) set the firmware and kernel versions

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: scripts/image_signing/resign_image.sh

Issue 6368064: Allow signing scripts to (optionally) set the firmware and kernel versions (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master

Patch Set: ws fix for real Created 9 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: scripts/image_signing/resign_image.sh

diff --git a/scripts/image_signing/resign_image.sh b/scripts/image_signing/resign_image.sh

index 5098f7d47834e8e9485214184840f3d573ab6253..9cdc1deff75e0d45ecb34b2b6cb522c84d77c3d0 100755

--- a/scripts/image_signing/resign_image.sh

+++ b/scripts/image_signing/resign_image.sh

@@ -16,45 +16,41 @@

set -e

# Check arguments

-if [ $# -ne 4 ] ; then

- echo "usage: $0 src_bin dst_bin kernel_datakey kernel_keyblock"

+if [ $# -lt 4 ] || [ $# -gt 5 ] ; then

+ echo "usage: $PROG src_bin dst_bin kernel_datakey kernel_keyblock [version]"

exit 1

# Make sure the tools we need are available.

-type -P cgpt &>/dev/null || \

- { echo "cgpt tool not found."; exit 1; }

-type -P vbutil_kernel &>/dev/null || \

- { echo "vbutil_kernel tool not found."; exit 1; }

-sector_size=512 # sector size in bytes

-num_sectors_vb=128 # number of sectors in kernel verification blob

-src_bin=$1

-dst_bin=$2

-kernel_datakey=$3

-kernel_keyblock=$4

-koffset="$(cgpt show -b -i 2 $1)"

-ksize="$(cgpt show -s -i 2 $1)"

-echo "Re-signing image ${src_bin} and outputting ${dst_bin}"

+for prereqs in vbutil_kernel cgpt;

+do

+ type -P "${prereqs}" &>/dev/null || \

+ { echo "${prereqs} tool not found."; exit 1; }

+done

+SRC_BIN=$1

+DST_BIN=$2

+KERNEL_DATAKEY=$3

+KERNEL_KEYBLOCK=$4

+VERSION=$5

+if [ -z $VERSION ]; then

+ VERSION=1

+fi

+echo "Using kernel version: $VERSION"

temp_kimage=$(make_temp_file)

-temp_out_vb=$(make_temp_file)

-# Grab the kernel image in preparation for resigning

-dd if="${src_bin}" of="${temp_kimage}" skip=$koffset bs=$sector_size \

- count=$ksize

-vbutil_kernel \

- --repack "${temp_out_vb}" \

- --vblockonly \

- --keyblock "${kernel_keyblock}" \

- --signprivate "${kernel_datakey}" \

+extract_image_partition ${SRC_BIN} 2 ${temp_kimage}

+updated_kimage=$(make_temp_file)

+vbutil_kernel --repack "${updated_kimage}" \

+ --keyblock "${KERNEL_KEYBLOCK}" \

+ --signprivate "${KERNEL_DATAKEY}" \

+ --version "${VERSION}" \

--oldblob "${temp_kimage}"

# Create a copy of the input image and put in the new vblock

-cp "${src_bin}" "${dst_bin}"

-dd if="${temp_out_vb}" of="${dst_bin}" seek=$koffset bs=$sector_size \

- count=$num_sectors_vb conv=notrunc

-echo "New signed image was output to ${dst_bin}"

+cp "${SRC_BIN}" "${DST_BIN}"

+replace_image_partition ${DST_BIN} 2 ${updated_kimage}

+echo "New signed image was output to ${DST_BIN}"

« no previous file with comments | « scripts/image_signing/resign_firmwarefd.sh ('k') | scripts/image_signing/resign_kernel_partition.sh » ('j') | no next file with comments »