scripts/image_signing/make_dev_ssd.sh - Issue 6813109: make_dev_ssd.sh: support updating legacy boot partitions

Side by Side Diff: scripts/image_signing/make_dev_ssd.sh

Issue 6813109: make_dev_ssd.sh: support updating legacy boot partitions (Closed) Base URL: ssh://gitrw.chromium.org:9222/vboot_reference.git@master

Patch Set: Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 #!/bin/sh	1 #!/bin/sh

2 #	2 #

3 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.	3 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.

4 # Use of this source code is governed by a BSD-style license that can be	4 # Use of this source code is governed by a BSD-style license that can be

5 # found in the LICENSE file.	5 # found in the LICENSE file.

6 #	6 #

7 # This script can change key (usually developer keys) and kernel config	7 # This script can change key (usually developer keys) and kernel config

8 # of a kernels on SSD.	8 # of a kernels on SSD.

9	9

10 SCRIPT_BASE="$(dirname "$0")"	10 SCRIPT_BASE="$(dirname "$0")"

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
54 s\| dm_verity[^=]=[-0-9]\|\|g	54 s\| dm_verity[^=]=[-0-9]\|\|g

55 s\| dm="[^"]*"\|\|	55 s\| dm="[^"]*"\|\|

56 s\| ro \| rw \|'	56 s\| ro \| rw \|'

57 }	57 }

58	58

59 # Checks if rootfs verification is enabled from kernel boot parameter	59 # Checks if rootfs verification is enabled from kernel boot parameter

60 is_rootfs_verification_enabled() {	60 is_rootfs_verification_enabled() {

61 echo "$*" \| grep -q 'root=/dev/dm-0'	61 echo "$*" \| grep -q 'root=/dev/dm-0'

62 }	62 }

63	63

	64 remove_legacy_boot_rootfs_verification() {

	65 # See src/scripts/create_legacy_bootloader_templates

	66 local image="$1"

	67 local mount_point="$(make_temp_dir)"

	68 local config_file

	69 debug_msg "Removing rootfs verification for legacy boot configuration."

	70 mount_image_partition "$image" 12 "$mount_point" \|\| return $FLAGS_FALSE

	71 config_file="$mount_point/efi/boot/grub.cfg"

	72 [ ! -f "$config_file" ] \|\|

	73 sudo sed -i 's/^ set default=2 $/set default=0/g' "$config_file"

	74 config_file="$mount_point/syslinux/default.cfg"

	75 [ ! -f "$config_file" ] \|\|

	76 sudo sed -i 's/-vusb/-usb/g; s/-vhd/-hd/g' "$config_file"

	77 sudo umount "$mount_point"

	78 }

	79

64 # Wrapped version of dd	80 # Wrapped version of dd

65 mydd() {	81 mydd() {

66 # oflag=sync is safer, but since we need bs=512, syncing every block would be	82 # oflag=sync is safer, but since we need bs=512, syncing every block would be

67 # very slow.	83 # very slow.

68 dd "$@" >"$EXEC_LOG" 2>&1 \|\|	84 dd "$@" >"$EXEC_LOG" 2>&1 \|\|

69 err_die "Failed in [dd $@], Message: $(cat "$EXEC_LOG")"	85 err_die "Failed in [dd $@], Message: $(cat "$EXEC_LOG")"

70 }	86 }

71	87

72 # Prints a more friendly name from kernel index number	88 # Prints a more friendly name from kernel index number

73 cros_kernel_name() {	89 cros_kernel_name() {

(...skipping 77 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
151	167

152 if [ ${FLAGS_remove_rootfs_verification} = $FLAGS_FALSE ]; then	168 if [ ${FLAGS_remove_rootfs_verification} = $FLAGS_FALSE ]; then

153 debug_msg "Bypassing rootfs verification check"	169 debug_msg "Bypassing rootfs verification check"

154 elif ! is_rootfs_verification_enabled "$kernel_config"; then	170 elif ! is_rootfs_verification_enabled "$kernel_config"; then

155 echo "INFO: $name: rootfs verification was not enabled."	171 echo "INFO: $name: rootfs verification was not enabled."

156 else	172 else

157 debug_msg "Changing boot parameter to remove rootfs verification"	173 debug_msg "Changing boot parameter to remove rootfs verification"

158 kernel_config="$(remove_rootfs_verification "$kernel_config")"	174 kernel_config="$(remove_rootfs_verification "$kernel_config")"

159 debug_msg "New kernel config: $kernel_config"	175 debug_msg "New kernel config: $kernel_config"

160 echo "$name: Disabled rootfs verification."	176 echo "$name: Disabled rootfs verification."

	177 remove_legacy_boot_rootfs_verification "$ssd_device"

161 fi	178 fi

162	179

163 local new_kernel_config_file="$(make_temp_file)"	180 local new_kernel_config_file="$(make_temp_file)"

164 echo -n "$kernel_config" >"$new_kernel_config_file"	181 echo -n "$kernel_config" >"$new_kernel_config_file"

165	182

166 debug_msg "Re-signing $name from $old_blob to $new_blob"	183 debug_msg "Re-signing $name from $old_blob to $new_blob"

167 debug_msg "Using key: $KERNEL_DATAKEY"	184 debug_msg "Using key: $KERNEL_DATAKEY"

168 vbutil_kernel \	185 vbutil_kernel \

169 --repack "$new_blob" \	186 --repack "$new_blob" \

170 --keyblock "$KERNEL_KEYBLOCK" \	187 --keyblock "$KERNEL_KEYBLOCK" \

(...skipping 109 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
280 debug_msg "Complete."	297 debug_msg "Complete."

281 if [ $num_signed -gt 0 -a $num_signed -le $num_given ]; then	298 if [ $num_signed -gt 0 -a $num_signed -le $num_given ]; then

282 # signed something at least	299 # signed something at least

283 echo "Successfully re-signed $num_signed of $num_given kernel(s)" \	300 echo "Successfully re-signed $num_signed of $num_given kernel(s)" \

284 " on device $FLAGS_image".	301 " on device $FLAGS_image".

285 else	302 else

286 err_die "Failed re-signing kernels."	303 err_die "Failed re-signing kernels."

287 fi	304 fi

288 }	305 }

289	306

	307 # People using this to process images may forget to add "-i",

	308 # so adding parameter check is safer.

	309 if [ "$#" -gt 0 ]; then

	310 flags_help

	311 err_die "Unknown parameters: $@"

	312 fi

	313

290 main	314 main

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »