vboot_reference: check developer firmware before running make_dev_ssd

scripts/image_signing/make_dev_ssd.sh

Index: scripts/image_signing/make_dev_ssd.sh
diff --git a/scripts/image_signing/make_dev_ssd.sh b/scripts/image_signing/make_dev_ssd.sh
index 17e84977b0adee919b9351156d31ad770091230f..799bef9cfe120761381ea7b498903f44ba07a001 100755
--- a/scripts/image_signing/make_dev_ssd.sh
+++ b/scripts/image_signing/make_dev_ssd.sh
@@ -17,8 +17,11 @@ DEFAULT_KEYS_FOLDER="$VBOOT_BASE/devkeys"
 DEFAULT_BACKUP_FOLDER='/mnt/stateful_partition/backups'
 DEFAULT_PARTITIONS='2 4'
 
+# TODO(hungte) or use "rootdev -s" in future
+DEFAULT_IMAGE="/dev/sda"
+
 # DEFINE_string name default_value description flag
-DEFINE_string image "/dev/sda" "Path to device or image file" "i"
+DEFINE_string image "$DEFAULT_IMAGE" "Path to device or image file" "i"
 DEFINE_string keys "$DEFAULT_KEYS_FOLDER" "Path to folder of dev keys" "k"
 DEFINE_boolean remove_rootfs_verification \
   $FLAGS_FALSE "Modify kernel boot config to disable rootfs verification" ""
@@ -32,6 +35,7 @@ DEFINE_string partitions "$DEFAULT_PARTITIONS" \
  "List of partitions to examine" ""
 DEFINE_boolean recovery_key "$FLAGS_FALSE" \
  "Use recovery key to sign image (to boot from USB" ""
+DEFINE_boolean force "$FLAGS_FALSE" "Skip sanity checks and make the change" "f"
 
 # Parse command line
 FLAGS "$@" || exit 1
@@ -292,6 +296,33 @@ main() {
     "$FLAGS_image" ||
     exit 1
 
+  debug_msg "Firmware compatbility sanity check"

[Randall Spangler, 2011/04/14 16:19:10]

compatibility

[Hung-Te, 2011/04/15 03:06:59]

Done.

+  if [ "$FLAGS_force" = "$FLAGS_FALSE" ] &&
+     [ "$FLAGS_image" = "$DEFAULT_IMAGE" ] &&
+     [ "$(crossystem mainfw_type)" != "developer" ]; then
+
+      # TODO(hungte) we can check if the fimware rootkey is already dev keys."
+      echo "
+      ERROR: YOU ARE NOT USING DEVELOPER FIRMWARE, AND RUNNING THIS COMMAND MAY
+      THROW YOUR CHROMEOS DEVICE INTO UNBOOTABLE STATE.
+
+      You need to either install developer firmware, or change system rootkey.
+
+       - To install developer firmware: type command
+         sudo chromeos-firmwareupdate --force --mode=todev

[Randall Spangler, 2011/04/14 16:19:10]

If --force is required now, also should change the banner/motd for the root
shell (in a separate CL, of course)

[Hung-Te, 2011/04/15 03:06:59]

 It actually not required - but just to make sure people won't get confused if
they get a system with that disabled, I add --force in the instruction.
 Maybe the better place is to add "disabled, please add --force" inside the
updater itself.
 I'll remove the --force and make another CL inside the updater to describe the
--force.

+
+       - To change system rootkey: disable write protection, then type command:

[Randall Spangler, 2011/04/14 16:19:10]

disable firmware write protection

[Hung-Te, 2011/04/15 03:06:59]

Done.

+         sudo ./make_dev_firmware.sh
+
+      If you are sure that you want to make such image without developer
+      firmware or you've already changed system root keys, please run this
+      command again with -f param:

[Randall Spangler, 2011/04/14 16:19:10]

-f --> --force

[Hung-Te, 2011/04/15 03:06:59]

Done.

+
+         sudo ./make_dev_ssd.sh --force

[Randall Spangler, 2011/04/14 16:19:10]

Bonus points for echoing the original args ($@) + --force.

[Hung-Te, 2011/04/15 03:06:59]

Done.

+      "
+      exit 1
+  fi
+
   resign_ssd_kernel "$FLAGS_image" || num_signed=$?
 
   debug_msg "Complete."