OLD | NEW |
| (Empty) |
1 #!/bin/bash | |
2 | |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | |
4 # Use of this source code is governed by a BSD-style license that can be | |
5 # found in the LICENSE file. | |
6 | |
7 # Script to resign the kernel partition generated in the output of build_image | |
8 # with keys of our choosing. | |
9 | |
10 # Load common constants. This should be the first executable line. | |
11 # The path to common.sh should be relative to your script's location. | |
12 . "/usr/lib/crosutils/common.sh" | |
13 | |
14 . "/usr/lib/installer/chromeos-common.sh" # for partoffset and partsize | |
15 | |
16 locate_gpt | |
17 | |
18 DEFINE_string from "chromiumos_image.bin" \ | |
19 "Input file name of Chrome OS image to re-sign." | |
20 DEFINE_string datakey "" \ | |
21 "Private Kernel Data Key (.vbprivk) to use for re-signing." | |
22 DEFINE_string keyblock "" \ | |
23 "Kernel Keyblock (.keyblock) to use for generating the vblock" | |
24 DEFINE_string to "" \ | |
25 "Output file name for the re-signed image." | |
26 DEFINE_string vsubkey "" \ | |
27 "(Optional) Public Kernel SubKey (.vbpubk) to use for testing verification." | |
28 DEFINE_string vbutil_dir "" \ | |
29 "(Optional) Path to directory containing vboot utility binaries" | |
30 DEFINE_integer bootflags 0 \ | |
31 "(Optional) Boot flags to use for verifying the output image" | |
32 | |
33 # Parse command line | |
34 FLAGS "$@" || exit 1 | |
35 eval set -- "${FLAGS_ARGV}" | |
36 | |
37 # Abort on error | |
38 set -e | |
39 | |
40 if [ -z $FLAGS_from ] || [ ! -f $FLAGS_from ] ; then | |
41 echo "Error: invalid flag --from" | |
42 exit 1 | |
43 fi | |
44 | |
45 if [ -z $FLAGS_datakey ] || [ ! -f $FLAGS_datakey ] ; then | |
46 echo "Error: invalid kernel data key" | |
47 exit 1 | |
48 fi | |
49 | |
50 if [ -z $FLAGS_keyblock ] || [ ! -f $FLAGS_keyblock ] ; then | |
51 echo "Error: invalid kernel keyblock" | |
52 exit 1 | |
53 fi | |
54 | |
55 if [ -z $FLAGS_to ]; then | |
56 echo "Error: invalid flag --to" | |
57 exit 1 | |
58 fi | |
59 | |
60 sector_size=512 # sector size in bytes | |
61 num_sectors_vb=128 # number of sectors in kernel verification blob | |
62 koffset="$(partoffset ${FLAGS_from} 2)" | |
63 ksize="$(partsize ${FLAGS_from} 2)" | |
64 | |
65 echo "Re-signing image ${FLAGS_from} and outputting ${FLAGS_to}" | |
66 temp_kimage=$(mktemp) | |
67 trap "rm -f ${temp_kimage}" EXIT | |
68 temp_out_vb=$(mktemp) | |
69 trap "rm -f ${temp_out_vb}" EXIT | |
70 | |
71 # Grab the kernel image in preparation for resigning | |
72 dd if="${FLAGS_from}" of="${temp_kimage}" skip=$koffset bs=$sector_size \ | |
73 count=$ksize | |
74 ${FLAGS_vbutil_dir}vbutil_kernel \ | |
75 --repack "${temp_out_vb}" \ | |
76 --vblockonly \ | |
77 --keyblock "${FLAGS_keyblock}" \ | |
78 --signprivate "${FLAGS_datakey}" \ | |
79 --oldblob "${temp_kimage}" | |
80 | |
81 # Create a copy of the input image and put in the new vblock | |
82 cp "${FLAGS_from}" "${FLAGS_to}" | |
83 dd if="${temp_out_vb}" of="${FLAGS_to}" seek=$koffset bs=$sector_size \ | |
84 count=$num_sectors_vb conv=notrunc | |
85 | |
86 # Only test verification if the public subkey was passed in. | |
87 if [ ! -z $FLAGS_vsubkey ]; then | |
88 ${FLAGS_vbutil_dir}load_kernel_test "${FLAGS_to}" "${FLAGS_vsubkey}" \ | |
89 ${FLAGS_bootflags} | |
90 fi | |
91 | |
92 echo "New signed image was output to ${FLAGS_to}" | |
93 | |
94 # Clean up temporary files | |
95 rm -f ${temp_kimage} | |
96 rm -f ${temp_out_vb} | |
OLD | NEW |