OLD | NEW |
(Empty) | |
| 1 #!/bin/bash |
| 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. |
| 6 |
| 7 # Sign the final build image using the "official" keys. |
| 8 |
| 9 # Usage: sign_for_ssd.sh <type> input_image /path/to/keys/dir output_image |
| 10 # |
| 11 # where <type> is one of: |
| 12 # ssd (sign an SSD image) |
| 13 # recovery (sign a USB recovery image) |
| 14 # install (sign a factory install image) |
| 15 |
| 16 # Load common constants and variables. |
| 17 . "$(dirname "$0")/common.sh" |
| 18 |
| 19 if [ $# -ne 4 ]; then |
| 20 cat <<EOF |
| 21 Usage: $0 <type> input_image /path/to/keys/dir output_image" |
| 22 where <type> is one of: |
| 23 ssd (sign an SSD image) |
| 24 recovery (sign a USB recovery image) |
| 25 install (sign a factory install image) |
| 26 EOF |
| 27 exit 1 |
| 28 fi |
| 29 |
| 30 # Abort on errors. |
| 31 set -e |
| 32 |
| 33 TYPE=$1 |
| 34 INPUT_IMAGE=$2 |
| 35 KEY_DIR=$3 |
| 36 OUTPUT_IMAGE=$4 |
| 37 |
| 38 |
| 39 # Generate the SSD image |
| 40 sign_for_ssd() { |
| 41 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
| 42 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 43 ${KEY_DIR}/kernel.keyblock |
| 44 echo "Output signed SSD image to ${OUTPUT_IMAGE}" |
| 45 } |
| 46 |
| 47 # Generate the USB (recovery + install) image |
| 48 sign_for_recovery() { |
| 49 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
| 50 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
| 51 ${KEY_DIR}/recovery_kernel.keyblock |
| 52 |
| 53 # Now generate the installer vblock with the SSD keys. |
| 54 temp_kimage=$(mktemp) |
| 55 trap "rm -f ${temp_kimage}" EXIT |
| 56 temp_out_vb=$(mktemp) |
| 57 trap "rm -f ${temp_out_vb}" EXIT |
| 58 extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimage} |
| 59 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimage} ${temp_out_vb} \ |
| 60 ${KEY_DIR}/kernel_data_key.vbprivk \ |
| 61 ${KEY_DIR}/kernel.keyblock |
| 62 |
| 63 # Copy the installer vblock to the stateful partition. |
| 64 local stateful_dir=$(mktemp -d) |
| 65 trap "sudo umount -d $stateful_dir; rm -rf $stateful_dir" EXIT |
| 66 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
| 67 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
| 68 echo "Output signed recovery image to ${OUTPUT_IMAGE}" |
| 69 } |
| 70 |
| 71 # Generate the factory install image. |
| 72 sign_for_factory_install() { |
| 73 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
| 74 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
| 75 ${KEY_DIR}/installer_kernel.keyblock |
| 76 echo "Output signed factory install image to ${OUTPUT_IMAGE}" |
| 77 } |
| 78 |
| 79 if [ "${TYPE}" == "ssd" ]; then |
| 80 sign_for_ssd |
| 81 elif [ "${TYPE}" == "recovery" ]; then |
| 82 sign_for_recovery |
| 83 elif [ "${TYPE}" == "install" ]; then |
| 84 sign_for_factory_install |
| 85 else |
| 86 echo "Invalid type ${TYPE}" |
| 87 exit 1 |
| 88 fi |
| 89 |
| 90 |
OLD | NEW |