Index: scripts/image_signing/sign_official_build.sh |
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh |
new file mode 100755 |
index 0000000000000000000000000000000000000000..e5a64867fa04d6b5c515809adf14ae434d5f8691 |
--- /dev/null |
+++ b/scripts/image_signing/sign_official_build.sh |
@@ -0,0 +1,90 @@ |
+#!/bin/bash |
+ |
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
+# Use of this source code is governed by a BSD-style license that can be |
+# found in the LICENSE file. |
+ |
+# Sign the final build image using the "official" keys. |
+ |
+# Usage: sign_for_ssd.sh <type> input_image /path/to/keys/dir output_image |
+# |
+# where <type> is one of: |
+# ssd (sign an SSD image) |
+# recovery (sign a USB recovery image) |
+# install (sign a factory install image) |
+ |
+# Load common constants and variables. |
+. "$(dirname "$0")/common.sh" |
+ |
+if [ $# -ne 4 ]; then |
+ cat <<EOF |
+Usage: $0 <type> input_image /path/to/keys/dir output_image" |
+where <type> is one of: |
+ ssd (sign an SSD image) |
+ recovery (sign a USB recovery image) |
+ install (sign a factory install image) |
+EOF |
+ exit 1 |
+fi |
+ |
+# Abort on errors. |
+set -e |
+ |
+TYPE=$1 |
+INPUT_IMAGE=$2 |
+KEY_DIR=$3 |
+OUTPUT_IMAGE=$4 |
+ |
+ |
+# Generate the SSD image |
+sign_for_ssd() { |
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
+ ${KEY_DIR}/kernel_data_key.vbprivk \ |
+ ${KEY_DIR}/kernel.keyblock |
+ echo "Output signed SSD image to ${OUTPUT_IMAGE}" |
+} |
+ |
+# Generate the USB (recovery + install) image |
+sign_for_recovery() { |
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
+ ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
+ ${KEY_DIR}/recovery_kernel.keyblock |
+ |
+ # Now generate the installer vblock with the SSD keys. |
+ temp_kimage=$(mktemp) |
+ trap "rm -f ${temp_kimage}" EXIT |
+ temp_out_vb=$(mktemp) |
+ trap "rm -f ${temp_out_vb}" EXIT |
+ extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimage} |
+ ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimage} ${temp_out_vb} \ |
+ ${KEY_DIR}/kernel_data_key.vbprivk \ |
+ ${KEY_DIR}/kernel.keyblock |
+ |
+ # Copy the installer vblock to the stateful partition. |
+ local stateful_dir=$(mktemp -d) |
+ trap "sudo umount -d $stateful_dir; rm -rf $stateful_dir" EXIT |
+ mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir} |
+ sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock |
+ echo "Output signed recovery image to ${OUTPUT_IMAGE}" |
+} |
+ |
+# Generate the factory install image. |
+sign_for_factory_install() { |
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \ |
+ ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ |
+ ${KEY_DIR}/installer_kernel.keyblock |
+ echo "Output signed factory install image to ${OUTPUT_IMAGE}" |
+} |
+ |
+if [ "${TYPE}" == "ssd" ]; then |
+ sign_for_ssd |
+elif [ "${TYPE}" == "recovery" ]; then |
+ sign_for_recovery |
+elif [ "${TYPE}" == "install" ]; then |
+ sign_for_factory_install |
+else |
+ echo "Invalid type ${TYPE}" |
+ exit 1 |
+fi |
+ |
+ |