Add transitional flag for enabling arm kernel signing

build_kernel_image.sh

Index: build_kernel_image.sh
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index f54bc3b8ec8a9b44358e5f3ed153628a8c0f08ea..33b02fcf6cdd7b03a6d99585fc2bc7e9fce92032 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -69,6 +69,10 @@ DEFINE_integer verity_max_ios 1024 \
 DEFINE_string verity_hash_alg "sha1" \
   "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 
+# TODO(clchiou): Remove this flag after arm verified boot is stable
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+  "Sign kernel partition for ARM images (temporary hack)."
+
 # Parse flags
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
@@ -143,15 +147,12 @@ EOF
 WORK="${WORK} ${FLAGS_working_dir}/boot.config"
 info "Emitted cross-platform boot params to ${FLAGS_working_dir}/boot.config"
 
-# FIXME: At the moment, we're working on signed images for x86 only. ARM will
-# support this before shipping, but at the moment they don't.
+# Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
+# standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS
+# BIOS will use a separate signed kernel partition, which we'll create now.
+# FIXME: remove serial output, debugging messages.
+mkdir -p ${FLAGS_working_dir}
 if [[ "${FLAGS_arch}" = "x86" ]]; then
-
-  # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
-  # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS
-  # BIOS will use a separate signed kernel partition, which we'll create now.
-  # FIXME: remove serial output, debugging messages.
-  mkdir -p ${FLAGS_working_dir}
   cat <<EOF | cat - "${FLAGS_working_dir}/boot.config" \
     > "${FLAGS_working_dir}/config.txt"
 console=tty2
@@ -168,6 +169,30 @@ tpm_tis.interrupts=0
 EOF
   WORK="${WORK} ${FLAGS_working_dir}/config.txt"
 
+  bootloader_path="/lib64/bootstub/bootstub.efi"
+  kernel_image="${FLAGS_vmlinuz}"
+elif [[ "${FLAGS_arch}" = "arm" ]]; then
+  cp "${FLAGS_working_dir}/boot.config" "${FLAGS_working_dir}/config.txt"
+  WORK="${WORK} ${FLAGS_working_dir}/config.txt"
+
+  bootloader_script="${FLAGS_working_dir}/bootloader.scr"
+  bootloader_script_img="${FLAGS_working_dir}/bootloader.scr.uimg"
+  echo -n 'setenv bootargs ${bootargs} ' > "${bootloader_script}"
+  tr '\n' ' ' <"${FLAGS_working_dir}/boot.config" >> "${bootloader_script}"

[gauravsh, 2011/02/22 22:07:02]

space between < and "

[Che-Liang Chiou, 2011/02/23 08:36:18]

Done.

+  mkimage -A arm -O linux -T script -C none -a 0 -e 0 \
+    -n bootloader_script -d "${bootloader_script}" "${bootloader_script_img}"
+  bootloader_path="${bootloader_script_img}"
+  WORK="${WORK} ${bootloader_script} ${bootloader_script_img}"
+
+  kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}"
+else
+  error "Unknown arch: ${FLAGS_arch}"

[Will Drewry, 2011/02/22 19:33:31]

This isn't quite what I meant.  I was hoping to de-dupe even more and only have
one conditional for x86 and one for arm.   However, this helps a lot.  One
suggestion below.

[Che-Liang Chiou, 2011/02/23 08:36:18]

Done.

+fi
+
+# FIXME: We always sign a x86 image, and only sign an arm image when enabled.
+if [[ "${FLAGS_arch}" = "x86" ]] ||
+   [[ "${FLAGS_arch}" = "arm" && \
+      "${FLAGS_crosbug12352_arm_kernel_signing}" -eq "${FLAGS_TRUE}" ]]; then

[Will Drewry, 2011/02/22 19:33:31]

Instead of doing this test here, would it be easier to just add a variable like:
  sign_the_kernel=${FLAGS_FALSE}

then in the x86 section above set:
  sign_the_kernel=${FLAGS_TRUE}
and in the arm section do:
  sign_the_kernel=${FLAGS_crosbug12352_arm_kernel_signing}


and here just check:

if [ $sign_the_kernel -eq ${FLAGS_TRUE} ]; then
...
fi


If that change was made, you could also then move the arm-unsigned code up under
the arm conditional above instead of leaving it stranded off the signing else.

[Che-Liang Chiou, 2011/02/23 08:36:18]

Done.

   # We sign the image with the recovery_key, because this is what goes onto the
   # USB key. We can only boot from the USB drive in recovery mode.
   # For dev install shim, we need to use the installer keyblock instead of
@@ -187,8 +212,9 @@ EOF
     --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
     --version 1 \
     --config "${FLAGS_working_dir}/config.txt" \
-    --bootloader /lib64/bootstub/bootstub.efi \
-    --vmlinuz "${FLAGS_vmlinuz}"
+    --bootloader "${bootloader_path}" \
+    --vmlinuz "${kernel_image}" \
+    --arch "${FLAGS_arch}"
 
   # And verify it.
   vbutil_kernel \
@@ -221,9 +247,9 @@ EOF
   rm -f $tempfile
   trap - EXIT
 
-elif [[ "${FLAGS_arch}" = "arm" ]]; then
-  # FIXME: This stuff is unsigned, and will likely change with vboot_reference
-  # but it doesn't technically have to.
+else
+  # FIXME: This stuff is unsigned. This part should be removed or made
+  # non-default after ARM verified boot is stable.
 
   kernel_script="${FLAGS_working_dir}/kernel.scr"
   kernel_script_img="${FLAGS_working_dir}/kernel.scr.uimg"
@@ -260,8 +286,6 @@ elif [[ "${FLAGS_arch}" = "arm" ]]; then
   # phony hd.vblock to keep chromeos-install and cros_generate_update_payload
   # working.
   dd if="${FLAGS_to}" of="${FLAGS_hd_vblock}" bs=64K count=1
-else
-  error "Unknown arch: ${FLAGS_arch}"
 fi
 
 set +e  # cleanup failure is a-ok