OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Sign the final build image using the "official" keys. | 7 # Sign the final build image using the "official" keys. |
8 # | 8 # |
9 # Prerequisite tools needed in the system path: | 9 # Prerequisite tools needed in the system path: |
10 # | 10 # |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
294 local hash_image=$(make_temp_file) | 294 local hash_image=$(make_temp_file) |
295 local type="" | 295 local type="" |
296 | 296 |
297 # First, perform RootFS verification | 297 # First, perform RootFS verification |
298 echo "Verifying RootFS hash..." | 298 echo "Verifying RootFS hash..." |
299 local new_kernel_config=$(calculate_rootfs_hash "${rootfs_image}" \ | 299 local new_kernel_config=$(calculate_rootfs_hash "${rootfs_image}" \ |
300 "${kernel_config}" "${hash_image}") | 300 "${kernel_config}" "${hash_image}") |
301 local expected_hash=$(get_hash_from_config "${new_kernel_config}") | 301 local expected_hash=$(get_hash_from_config "${new_kernel_config}") |
302 local got_hash=$(get_hash_from_config "${kernel_config}") | 302 local got_hash=$(get_hash_from_config "${kernel_config}") |
303 | 303 |
| 304 if [ -z "${expected_hash}" ]; then |
| 305 echo "FAILED: RootFS hash is empty!" |
| 306 exit 1 |
| 307 fi |
304 if [ ! "${got_hash}" = "${expected_hash}" ]; then | 308 if [ ! "${got_hash}" = "${expected_hash}" ]; then |
305 cat <<EOF | 309 cat <<EOF |
306 FAILED: RootFS hash is incorrect. | 310 FAILED: RootFS hash is incorrect. |
307 Expected: ${expected_hash} | 311 Expected: ${expected_hash} |
308 Got: ${got_hash} | 312 Got: ${got_hash} |
309 EOF | 313 EOF |
| 314 exit 1 |
310 else | 315 else |
311 echo "PASS: RootFS hash is correct (${expected_hash})" | 316 echo "PASS: RootFS hash is correct (${expected_hash})" |
312 fi | 317 fi |
313 | 318 |
314 # Now try and verify kernel partition signature. | 319 # Now try and verify kernel partition signature. |
315 set +e | 320 set +e |
316 local try_key=${KEY_DIR}/recovery_key.vbpubk | 321 local try_key=${KEY_DIR}/recovery_key.vbpubk |
317 echo "Testing key verification..." | 322 echo "Testing key verification..." |
318 # The recovery key is only used in the recovery mode. | 323 # The recovery key is only used in the recovery mode. |
319 echo -n "With Recovery Key (Recovery Mode ON, Dev Mode OFF): " && \ | 324 echo -n "With Recovery Key (Recovery Mode ON, Dev Mode OFF): " && \ |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
511 resign_firmware_payload ${OUTPUT_IMAGE} | 516 resign_firmware_payload ${OUTPUT_IMAGE} |
512 update_rootfs_hash ${OUTPUT_IMAGE} \ | 517 update_rootfs_hash ${OUTPUT_IMAGE} \ |
513 ${KEY_DIR}/installer_kernel.keyblock \ | 518 ${KEY_DIR}/installer_kernel.keyblock \ |
514 ${KEY_DIR}/installer_kernel_data_key.vbprivk \ | 519 ${KEY_DIR}/installer_kernel_data_key.vbprivk \ |
515 2 | 520 2 |
516 sign_for_factory_install ${OUTPUT_IMAGE} | 521 sign_for_factory_install ${OUTPUT_IMAGE} |
517 else | 522 else |
518 echo "Invalid type ${TYPE}" | 523 echo "Invalid type ${TYPE}" |
519 exit 1 | 524 exit 1 |
520 fi | 525 fi |
OLD | NEW |