Add transitional flag for ARM kernel signing in mod_image_for_recovery.sh.

mod_image_for_recovery.sh

 #!/bin/bash
 
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # This script modifies a base image to act as a recovery installer.
 # If no kernel image is supplied, it will build a devkeys signed recovery
 # kernel.  Alternatively, a signed recovery kernel can be used to
 # create a Chromium OS recovery image.
@@ skipping 63 matching lines @@
 DEFINE_string rootfs_hash "/tmp/rootfs.hash" \
   "Path where the rootfs hash should be stored."
 
 DEFINE_boolean verbose $FLAGS_FALSE \
     "Log all commands to stdout." v
 
 # Keep in sync with build_image.
 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \
   "Directory containing the signing keys."
 
+# TODO(clchiou): Remove this flag after arm verified boot is stable
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+  "Sign kernel partition for ARM images (temporary hack)."
+
 # Parse command line
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
 
 if [ $FLAGS_verbose -eq $FLAGS_FALSE ]; then
   exec 2>/dev/null
   # Redirecting to stdout instead of stderr since
   # we silence  stderr above.
   die() {
     echo -e "${V_BOLD_RED}ERROR  : $1${V_VIDOFF}"
@@ skipping 38 matching lines @@
     error "ARM recovery mode is still in the works. Use a normal image for now."
     ;;
   *86)
     ARCH="x86"
     ;;
   *)
     error "Unable to determine ARCH from toolchain: ${CHOST}"
     exit 1
 esac
 
+if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
+  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
+else
+  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
+fi
+
 get_install_vblock() {
   # If it exists, we need to copy the vblock over to stateful
   # This is the real vblock and not the recovery vblock.
   local stateful_offset=$(partoffset "$FLAGS_image" 1)
   local stateful_mnt=$(mktemp -d)
   local out=$(mktemp)
 
   set +e
   sudo mount -o ro,loop,offset=$((stateful_offset * 512)) \
              "$FLAGS_image" $stateful_mnt
@@ skipping 80 matching lines @@
     --hd_vblock="$RECOVERY_KERNEL_VBLOCK" \
     --vmlinuz="$vmlinuz" \
     --working_dir="${IMAGE_DIR}" \
     --boot_args="panic=60 cros_recovery kern_b_hash=$kern_hash" \
     --keep_work \
     --rootfs_image=${root_dev} \
     --rootfs_hash=${FLAGS_rootfs_hash} \
     --root=${cros_root} \
     --keys_dir="${FLAGS_keys_dir}" \
     --nouse_dev_keys \
+    ${crosbug12352_flag} \
     ${verity_args} 1>&2
   sudo rm "$FLAGS_rootfs_hash"
   sudo losetup -d "$root_dev"
   trap - RETURN
 
   # Update the EFI System Partition configuration so that the kern_hash check
   # passes.
   local efi_dev=$(sudo losetup -f)
   local efi_offset=$(partoffset "$FLAGS_image" 12)
   local efi_size=$(partsize "$FLAGS_image" 12)
@@ skipping 186 matching lines @@
 
 trap cleanup EXIT
 
 maybe_resize_stateful  # Also copies the image if needed.
 
 install_recovery_kernel
 
 echo "Recovery image created at $RECOVERY_IMAGE"
 print_time_elapsed
 trap - EXIT