build_image - Issue 6538014: Add transitional flag for enabling arm kernel signing

Side by Side Diff: build_image

Issue 6538014: Add transitional flag for enabling arm kernel signing (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/crosutils.git@master

Patch Set: Code review Created 9 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 #!/bin/bash	1 #!/bin/bash

2	2

3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.	3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.

4 # Use of this source code is governed by a BSD-style license that can be	4 # Use of this source code is governed by a BSD-style license that can be

5 # found in the LICENSE file.	5 # found in the LICENSE file.

6	6

7 # Script to build a bootable keyfob-based chromeos system image from within	7 # Script to build a bootable keyfob-based chromeos system image from within

8 # a chromiumos setup. This assumes that all needed packages have been built into	8 # a chromiumos setup. This assumes that all needed packages have been built into

9 # the given target's root with binary packages turned on. This script will	9 # the given target's root with binary packages turned on. This script will

10 # build the Chrome OS image using only pre-built binary packages.	10 # build the Chrome OS image using only pre-built binary packages.

(...skipping 74 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
85 "Attempt to preserve the previous build image if one can be found (unstable, \	85 "Attempt to preserve the previous build image if one can be found (unstable, \

86 kernel/firmware not updated)"	86 kernel/firmware not updated)"

87 DEFINE_boolean fast ${DEFAULT_FAST} \	87 DEFINE_boolean fast ${DEFAULT_FAST} \

88 "Call many emerges in parallel"	88 "Call many emerges in parallel"

89 DEFINE_string boot_args "noinitrd" \	89 DEFINE_string boot_args "noinitrd" \

90 "Additional boot arguments to pass to the commandline"	90 "Additional boot arguments to pass to the commandline"

91	91

92 DEFINE_string usb_disk /dev/sdb3 \	92 DEFINE_string usb_disk /dev/sdb3 \

93 "Path syslinux should use to do a usb boot. Default: /dev/sdb3"	93 "Path syslinux should use to do a usb boot. Default: /dev/sdb3"

94	94

	95 # TODO(clchiou): Remove this flag after arm verified boot is stable

	96 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \

	97 "Sign kernel partition for ARM images (temporary hack)."

	98

95 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \	99 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \

96 "Default all bootloaders to use kernel-based root fs integrity checking."	100 "Default all bootloaders to use kernel-based root fs integrity checking."

97 DEFINE_integer verity_error_behavior 3 \	101 DEFINE_integer verity_error_behavior 3 \

98 "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing, \	102 "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing, \

99 3: cros) Default: 3"	103 3: cros) Default: 3"

100 DEFINE_integer verity_depth 1 \	104 DEFINE_integer verity_depth 1 \

101 "Kernel verified boot hash tree depth. Default: 1"	105 "Kernel verified boot hash tree depth. Default: 1"

102 DEFINE_integer verity_max_ios -1 \	106 DEFINE_integer verity_max_ios -1 \

103 "Number of outstanding I/O operations dm-verity caps at. Default: -1"	107 "Number of outstanding I/O operations dm-verity caps at. Default: -1"

104 DEFINE_string verity_algorithm "sha1" \	108 DEFINE_string verity_algorithm "sha1" \

(...skipping 170 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
275 ARCH="arm"	279 ARCH="arm"

276 ;;	280 ;;

277 *86)	281 *86)

278 ARCH="x86"	282 ARCH="x86"

279 ;;	283 ;;

280 *)	284 *)

281 error "Unable to determine ARCH from toolchain: ${CHOST}"	285 error "Unable to determine ARCH from toolchain: ${CHOST}"

282 exit 1	286 exit 1

283 esac	287 esac

284	288

	289 if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then

	290 crosbug12352_flag="--crosbug12352_arm_kernel_signing"

	291 else

	292 crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"

	293 fi

285 if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then	294 if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then

286 enable_rootfs_verification_flag="--enable_rootfs_verification"	295 enable_rootfs_verification_flag="--enable_rootfs_verification"

287 fi	296 fi

288	297

289 # Hack to fix bug where x86_64 CHOST line gets incorrectly added.	298 # Hack to fix bug where x86_64 CHOST line gets incorrectly added.

290 # ToDo(msb): remove this hack.	299 # ToDo(msb): remove this hack.

291 PACKAGES_FILE="${BOARD_ROOT}/packages/Packages"	300 PACKAGES_FILE="${BOARD_ROOT}/packages/Packages"

292 sudo sed -e "s/CHOST: x86_64-pc-linux-gnu//" -i "${PACKAGES_FILE}"	301 sudo sed -e "s/CHOST: x86_64-pc-linux-gnu//" -i "${PACKAGES_FILE}"

293	302

294 # Handle existing directory.	303 # Handle existing directory.

(...skipping 103 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
398 --rootfs_mountpoint="${ROOT_FS_DIR}"	407 --rootfs_mountpoint="${ROOT_FS_DIR}"

399 --statefulfs_mountpoint="${STATEFUL_FS_DIR}"	408 --statefulfs_mountpoint="${STATEFUL_FS_DIR}"

400 --espfs_mountpoint="${ESP_FS_DIR}"	409 --espfs_mountpoint="${ESP_FS_DIR}"

401 --verity_error_behavior="${FLAGS_verity_error_behavior}"	410 --verity_error_behavior="${FLAGS_verity_error_behavior}"

402 --verity_depth="${FLAGS_verity_depth}"	411 --verity_depth="${FLAGS_verity_depth}"

403 --verity_max_ios="${FLAGS_verity_max_ios}"	412 --verity_max_ios="${FLAGS_verity_max_ios}"

404 --verity_algorithm="${FLAGS_verity_algorithm}"	413 --verity_algorithm="${FLAGS_verity_algorithm}"

405 --keys_dir="${DEVKEYSDIR}"	414 --keys_dir="${DEVKEYSDIR}"

406 --usb_disk="${FLAGS_usb_disk}"	415 --usb_disk="${FLAGS_usb_disk}"

407 --nocleanup_dirs	416 --nocleanup_dirs

	417 ${crosbug12352_flag}

408 ${enable_rootfs_verification_flag}	418 ${enable_rootfs_verification_flag}

409 EOF	419 EOF

410 }	420 }

411	421

412 # Modifies an existing image to add development packages	422 # Modifies an existing image to add development packages

413 update_dev_packages() {	423 update_dev_packages() {

414 local image_name=$1	424 local image_name=$1

415	425

416 echo "Adding developer packages to ${image_name}"	426 echo "Adding developer packages to ${image_name}"

417	427

(...skipping 369 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
787	797

788 USE_DEV_KEYS=	798 USE_DEV_KEYS=

789 if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] \|\| \	799 if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] \|\| \

790 [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then	800 [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then

791 USE_DEV_KEYS="--use_dev_keys"	801 USE_DEV_KEYS="--use_dev_keys"

792 fi	802 fi

793	803

794 # Place flags before positional args	804 # Place flags before positional args

795 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \	805 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \

796 "${PRISTINE_IMAGE_NAME}" \	806 "${PRISTINE_IMAGE_NAME}" \

797 ${USE_DEV_KEYS}	807 ${USE_DEV_KEYS} \

	808 ${crosbug12352_flag}

798	809

799 # FIXME: only signing things for x86 right now.	810 # FIXME Test x86 image, and test arm image if enabled;

800 if [[ "${ARCH}" = "x86" ]]; then	811 # should unconditionally test an image after crosbug12352 is fixed

	812 if [[ "${ARCH}" = "x86" ]] \|\|

	813 [[ "${ARCH}" = "arm" &&

	814 "${FLAGS_crosbug12352_arm_kernel_signing}" -eq "${FLAGS_TRUE}" ]]; then

801 BOOT_FLAG=	815 BOOT_FLAG=

802 if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] \|\|	816 if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] \|\|

803 [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then	817 [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then

804 BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h	818 BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h

805 info "--dev_install set, pass BOOT_FLAG_DEVELOPER flag to load_kernel_test"	819 info "--dev_install set, pass BOOT_FLAG_DEVELOPER flag to load_kernel_test"

806 fi	820 fi

807	821

808 # Verify the final image.	822 # Verify the final image.

809 load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \	823 load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \

810 "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}	824 "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}

811 fi	825 fi

812	826

813 # Create a developer image based on the chromium os base image.	827 # Create a developer image based on the chromium os base image.

814 if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ] ; then	828 if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ] ; then

815 if [[ ! -f ${DEVELOPER_IMG} ]] ; then	829 if [[ ! -f ${DEVELOPER_IMG} ]] ; then

816 echo "Creating developer image from base image ${PRISTINE_IMAGE_NAME}"	830 echo "Creating developer image from base image ${PRISTINE_IMAGE_NAME}"

817 cp ${PRISTINE_IMG} ${DEVELOPER_IMG}	831 cp ${PRISTINE_IMG} ${DEVELOPER_IMG}

818 fi	832 fi

819	833

820 update_dev_packages ${DEVELOPER_IMAGE_NAME}	834 update_dev_packages ${DEVELOPER_IMAGE_NAME}

821 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \	835 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \

822 "${DEVELOPER_IMAGE_NAME}"	836 "${DEVELOPER_IMAGE_NAME}" \

	837 ${crosbug12352_flag}

823 fi	838 fi

824	839

825 # Clean up temporary files.	840 # Clean up temporary files.

826 rm -f "${ROOT_FS_IMG}" "${STATEFUL_FS_IMG}" "${OUTPUT_DIR}/vmlinuz.image" \	841 rm -f "${ROOT_FS_IMG}" "${STATEFUL_FS_IMG}" "${OUTPUT_DIR}/vmlinuz.image" \

827 "${ESP_FS_IMG}" "${OEM_FS_IMG}" "${OUTPUT_DIR}/vmlinuz_hd.vblock"	842 "${ESP_FS_IMG}" "${OEM_FS_IMG}" "${OUTPUT_DIR}/vmlinuz_hd.vblock"

828 rmdir "${ROOT_FS_DIR}" "${STATEFUL_FS_DIR}" "${OEM_FS_DIR}" "${ESP_FS_DIR}"	843 rmdir "${ROOT_FS_DIR}" "${STATEFUL_FS_DIR}" "${OEM_FS_DIR}" "${ESP_FS_DIR}"

829	844

830 # Generating AU generator zip file to run outside chroot	845 # Generating AU generator zip file to run outside chroot

831 generate_au_zip \|\| echo "Failed generating AU zip file - ignoring Error..."	846 generate_au_zip \|\| echo "Failed generating AU zip file - ignoring Error..."

832 # Create a 'latest' link	847 # Create a 'latest' link

833 rm -f ${FLAGS_output_root}/${FLAGS_board}/latest	848 rm -f ${FLAGS_output_root}/${FLAGS_board}/latest

834 ln -s $(basename ${OUTPUT_DIR}) ${FLAGS_output_root}/${FLAGS_board}/latest	849 ln -s $(basename ${OUTPUT_DIR}) ${FLAGS_output_root}/${FLAGS_board}/latest

835	850

836 echo "Done. Image created in ${OUTPUT_DIR}"	851 echo "Done. Image created in ${OUTPUT_DIR}"

837 echo "Chromium OS image created as ${PRISTINE_IMAGE_NAME}"	852 echo "Chromium OS image created as ${PRISTINE_IMAGE_NAME}"

838 if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]; then	853 if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]; then

839 echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"	854 echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"

840 fi	855 fi

841	856

842 print_time_elapsed	857 print_time_elapsed

843	858

844 echo "To copy to USB keyfob, do something like:"	859 echo "To copy to USB keyfob, do something like:"

845 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"	860 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"

846 echo "To convert to VMWare image, INSIDE the chroot, do something like:"	861 echo "To convert to VMWare image, INSIDE the chroot, do something like:"

847 echo " ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD}"	862 echo " ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD}"

848 echo "from the scripts directory where you entered the chroot."	863 echo "from the scripts directory where you entered the chroot."

OLD	NEW

« no previous file with comments | « bin/cros_make_image_bootable ('k') | build_kernel_image.sh » ('j') | build_kernel_image.sh » ('J')