Chromium Code Reviews Chromium Code Reviews
Issue 6538014:
Add transitional flag for enabling arm kernel signing (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/crosutils.git@master| Index: build_image |
| diff --git a/build_image b/build_image |
| index c6fdac0e2b12296813f76c38f5b2f41b2571eb75..84c7cd36043445530283fc4913b3bc5fc30c097a 100755 |
| --- a/build_image |
| +++ b/build_image |
| @@ -92,6 +92,10 @@ DEFINE_string boot_args "noinitrd" \ |
| DEFINE_string usb_disk /dev/sdb3 \ |
| "Path syslinux should use to do a usb boot. Default: /dev/sdb3" |
| +# TODO(clchiou): Change default to FLAGS_TRUE once ARM verify boot is stable? |
| +DEFINE_boolean enable_kernel_signing ${FLAGS_FALSE} \ |
|
Will Drewry
2011/02/17 16:54:09
This flag is way too broad. It is meant as a tran
Che-Liang Chiou
2011/02/21 11:08:39
Done.
|
| + "Sign kernel partition for ARM images." |
| + |
| DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ |
| "Default all bootloaders to use kernel-based root fs integrity checking." |
| DEFINE_integer verity_error_behavior 3 \ |
| @@ -282,6 +286,11 @@ case "${TC_ARCH}" in |
| exit 1 |
| esac |
| +if [[ ${FLAGS_enable_kernel_signing} -eq ${FLAGS_TRUE} ]]; then |
| + enable_kernel_signing_flag="--enable_kernel_signing" |
| +else |
| + enable_kernel_signing_flag="--noenable_kernel_signing" |
| +fi |
| if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then |
| enable_rootfs_verification_flag="--enable_rootfs_verification" |
| fi |
| @@ -405,6 +414,7 @@ create_boot_desc() { |
| --keys_dir="${DEVKEYSDIR}" |
| --usb_disk="${FLAGS_usb_disk}" |
| --nocleanup_dirs |
| + ${enable_kernel_signing_flag} |
| ${enable_rootfs_verification_flag} |
| EOF |
| } |
| @@ -794,10 +804,13 @@ fi |
| # Place flags before positional args |
| ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \ |
| "${PRISTINE_IMAGE_NAME}" \ |
| - ${USE_DEV_KEYS} |
| + ${USE_DEV_KEYS} \ |
| + ${enable_kernel_signing_flag} |
| # FIXME: only signing things for x86 right now. |
| -if [[ "${ARCH}" = "x86" ]]; then |
| +# FIXME: signing things for x86, and for ARM if enabled. |
| +if [[ "${FLAGS_enable_kernel_signing}" -eq "${FLAGS_TRUE}" || \ |
| + "${ARCH}" = "x86" ]]; then |
| BOOT_FLAG= |
| if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] || |
| [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then |
| @@ -819,7 +832,8 @@ if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ] ; then |
| update_dev_packages ${DEVELOPER_IMAGE_NAME} |
| ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \ |
| - "${DEVELOPER_IMAGE_NAME}" |
| + "${DEVELOPER_IMAGE_NAME}" \ |
| + ${enable_kernel_signing_flag} |
| fi |
| # Clean up temporary files. |
