Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(337)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: scripts/image_signing/resign_firmwarefd.sh

Issue 6594131: Add support for using separate developer firmware keyblock while signing. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master
Patch Set: fix typo Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | scripts/image_signing/sign_official_build.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Script to resign a firmware image using a different set of keys 7 # Script to resign a firmware image using a different set of keys
8 # for use on signing servers. 8 # for use on signing servers.
9 # 9 #
10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock 10 # arguments: src_fd, dst_fd, firmware_datakey, and firmware_keyblock
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at 47 # which can then replace old vblock for Firmware A ("Firmware A Key" region at
48 # offset 0x00008000 and size 0x00002000). 48 # offset 0x00008000 and size 0x00002000).
49 49
50 # Load common constants and variables. 50 # Load common constants and variables.
51 . "$(dirname "$0")/common_minimal.sh" 51 . "$(dirname "$0")/common_minimal.sh"
52 52
53 # Abort on error 53 # Abort on error
54 set -e 54 set -e
55 55
56 # Check arguments 56 # Check arguments
57 if [ $# -lt 5 ] || [ $# -gt 6 ]; then 57 if [ $# -lt 7 ] || [ $# -gt 8 ]; then
58 echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\ 58 echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\
59 "kernel_subkey [version]" 59 "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version]"
60 exit 1 60 exit 1
61 fi 61 fi
62 62
63 # Make sure the tools we need are available. 63 # Make sure the tools we need are available.
64 for prog in mosys vbutil_firmware; do 64 for prog in mosys vbutil_firmware; do
65 type "${prog}" &>/dev/null || \ 65 type "${prog}" &>/dev/null || \
66 { echo "${prog} tool not found."; exit 1; } 66 { echo "${prog} tool not found."; exit 1; }
67 done 67 done
68 68
69 SRC_FD=$1 69 SRC_FD=$1
70 DST_FD=$2 70 DST_FD=$2
71 FIRMWARE_DATAKEY=$3 71 FIRMWARE_DATAKEY=$3
72 FIRMWARE_KEYBLOCK=$4 72 FIRMWARE_KEYBLOCK=$4
73 KERNEL_SUBKEY=$5 73 DEV_FIRMWARE_DATAKEY=$5
74 VERSION=$6 74 DEV_FIRMWARE_KEYBLOCK=$6
75 KERNEL_SUBKEY=$7
76 VERSION=$8
75 77
76 if [ -z $VERSION ]; then 78 if [ -z $VERSION ]; then
77 VERSION=1 79 VERSION=1
78 fi 80 fi
79 echo "Using firmware version: $VERSION" 81 echo "Using firmware version: $VERSION"
80 82
81 # Parse offsets and size of firmware data and vblocks 83 # Parse offsets and size of firmware data and vblocks
82 for i in "A" "B" 84 for i in "A" "B"
83 do 85 do
84 line=$(mosys -f -k eeprom map $1 | grep "$i Key") || 86 line=$(mosys -f -k eeprom map $1 | grep "$i Key") ||
(...skipping 13 matching lines...) Expand all
98 100
99 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')" 101 offset="$(echo $line | sed -e 's/.*area_offset=\"\([a-f0-9x]*\)\".*/\1/')"
100 eval fw${i}_offset=$((offset)) 102 eval fw${i}_offset=$((offset))
101 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')" 103 size="$(echo $line | sed -e 's/.*area_size=\"\([a-f0-9x]*\)\".*/\1/')"
102 eval fw${i}_size=$((size)) 104 eval fw${i}_size=$((size))
103 done 105 done
104 106
105 temp_fwimage=$(make_temp_file) 107 temp_fwimage=$(make_temp_file)
106 temp_out_vb=$(make_temp_file) 108 temp_out_vb=$(make_temp_file)
107 109
108 # Extract out Firmware A data and generate signature using the right keys 110 # Extract out Firmware A data and generate signature using the right keys.
111 # Firmware A is the dev firmware.
109 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \ 112 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwA_offset}" bs=1 \
110 count="${fwA_size}" 113 count="${fwA_size}"
111 114
112 echo "Re-calculating Firmware A vblock" 115 echo "Re-calculating Firmware A vblock"
113 vbutil_firmware \ 116 vbutil_firmware \
114 --vblock "${temp_out_vb}" \ 117 --vblock "${temp_out_vb}" \
115 --keyblock "${FIRMWARE_KEYBLOCK}" \ 118 --keyblock "${DEV_FIRMWARE_KEYBLOCK}" \
116 --signprivate "${FIRMWARE_DATAKEY}" \ 119 --signprivate "${DEV_FIRMWARE_DATAKEY}" \
117 --version "${VERSION}" \ 120 --version "${VERSION}" \
118 --fv "${temp_fwimage}" \ 121 --fv "${temp_fwimage}" \
119 --kernelkey "${KERNEL_SUBKEY}" 122 --kernelkey "${KERNEL_SUBKEY}"
120 123
121 # Create a copy of the input image and put in the new vblock for firmware A 124 # Create a copy of the input image and put in the new vblock for firmware A
122 cp "${SRC_FD}" "${DST_FD}" 125 cp "${SRC_FD}" "${DST_FD}"
123 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwA_vblock_offset}" bs=1 \ 126 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwA_vblock_offset}" bs=1 \
124 count="${fwA_vblock_size}" conv=notrunc 127 count="${fwA_vblock_size}" conv=notrunc
125 128
126 # Repeat for firmware B 129 # Firmware B is the normal firmware.
127 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \ 130 dd if="${SRC_FD}" of="${temp_fwimage}" skip="${fwB_offset}" bs=1 \
128 count="${fwB_size}" 131 count="${fwB_size}"
129 echo "Re-calculating Firmware B vblock" 132 echo "Re-calculating Firmware B vblock"
130 vbutil_firmware \ 133 vbutil_firmware \
131 --vblock "${temp_out_vb}" \ 134 --vblock "${temp_out_vb}" \
132 --keyblock "${FIRMWARE_KEYBLOCK}" \ 135 --keyblock "${FIRMWARE_KEYBLOCK}" \
133 --signprivate "${FIRMWARE_DATAKEY}" \ 136 --signprivate "${FIRMWARE_DATAKEY}" \
134 --version "${VERSION}" \ 137 --version "${VERSION}" \
135 --fv "${temp_fwimage}" \ 138 --fv "${temp_fwimage}" \
136 --kernelkey "${KERNEL_SUBKEY}" 139 --kernelkey "${KERNEL_SUBKEY}"
137 140
138 # Destination image has already been created. 141 # Destination image has already been created.
139 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwB_vblock_offset}" bs=1 \ 142 dd if="${temp_out_vb}" of="${DST_FD}" seek="${fwB_vblock_offset}" bs=1 \
140 count="${fwB_vblock_size}" conv=notrunc 143 count="${fwB_vblock_size}" conv=notrunc
141 144
142 echo "New signed image was output to ${DST_FD}" 145 echo "New signed image was output to ${DST_FD}"
OLDNEW
« no previous file with comments | « no previous file | scripts/image_signing/sign_official_build.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698