diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2017-07-05 16:00:32 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-10 15:27:21 -0700 |
commit | 74871a6bcd669dbf8d14d979edce3d2775f22f8d (patch) | |
tree | 68a24f97c039983aadc84a351d535177bcb48e4b | |
parent | f06f6f6d4e17f324dd487ee39dddd644c719912d (diff) | |
download | chrome-ec-74871a6bcd669dbf8d14d979edce3d2775f22f8d.tar.gz |
cr50 signer: provide means of setting board ID
There needs to be a way to set a board ID fields in the Cr50 RW
header. This patch adds this capability to the board signer and
release image creator scripts.
create_released_image.sh is being modified to include chrome OS
command line option parsing bash library, and a new command line
parameter is defined, --cr50_board_id. Its value is a string of three
colon separated fields, <board id>:<board id mask>:<board id flags>,
where
<board id> is a 4 character ASCII string, the RLZ board code
<board id mask> and <board id flags> are two hex values, without
preceding 0x.
This value is passed to the bs script through environment variable
CR50_BOARD_ID (to be in sync with the bs script taking already
optional parameters like H1_DEVIDS from the environment).
The bs script is slightly refactored, code modifying the manifest to
splice in the device ID nodes is put into a function, and code adding
the board ID nodes to the manifest is also included in the new
function.
The three fields of the CR50_BOARD_ID string are converted to integers
and added to three nodes in the manifest (board_id, board_id_mask, and
board_id_flags respectively).
BRANCH=none
BUG=b:62294740
TEST=created a released image image using
create_released_image.sh --cr50_board_id RXXX:ffffff00:ff00 \
<rest of parameters>
using the modified usb_updater (under a different patch) verified
that the header fields have been created as expected.
Change-Id: I8374024de347f341ac16b72c2fa4a774e8385466
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/562918
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rwxr-xr-x | util/signer/bs | 56 | ||||
-rwxr-xr-x | util/signer/create_released_image.sh | 37 |
2 files changed, 80 insertions, 13 deletions
diff --git a/util/signer/bs b/util/signer/bs index a11b4af0bb..ecf3cb221a 100755 --- a/util/signer/bs +++ b/util/signer/bs @@ -52,10 +52,59 @@ The same values can be obtained in the lsusb command output: note that the lsusb reported values are in hex and need to be prefixed with 0x. +Finally, this script also allows to specify the board ID fields of the RW +headers. The fields come from the evironment variable CR50_BOARD_ID, which is +required to include three colon separated fields. The first field is a four +letter board RLZ code, the second field is board id mask in hex, no 0x prefix, +and the third field - board ID flags, again, hex, no 0x prefix. + +CR50_BOARD_ID='XXYY:12:13' ${progname} [other options, if any] + +both H1_DEVIDS and CR50_BOARD_ID can be defined independently. + EOF exit "${rv}" } +# This function modifies the manifest to include device ID and board ID nodes, +# if H1_DEVIDS and CR50_BOARD_ID are defined in the environment, respectively, +tweak_manifest () { + local sub + + # If defined, plug in dev ID nodes before the 'fuses' node. + if [[ -z "${do_prod}" && -n "${H1_DEVIDS}" ]]; then + echo "creating a customized DEV image for DEV IDS ${H1_DEVIDS}" + sub=$(printf "\\\n \"DEV_ID0\": %d,\\\n \"DEV_ID1\": %d," ${H1_DEVIDS}) + sed -i "s/\"fuses\": {/\"fuses\": {${sub}/" "${tmpf}" + fi + + if [[ -z "${CR50_BOARD_ID}" ]]; then + return + fi + + # CR50_BOARD_ID is set, let's parse it and plug in the board ID related + # nodes into manifest before the 'fuses' node. + local bid_params + local rlz + + bid_params=( $(echo $CR50_BOARD_ID | sed 's/:/ /g') ) + # A very basic sanity check: it needs to consist of three colon separated + # fields. + if [[ ${#bid_params[@]} != 3 ]]; then + echo "Wrong board ID string \"$CR50_BOARD_ID\"}" >&2 + exit 1 + fi + + # Convert board RLZ code from ASCII to hex + rlz="0x$(echo -n ${bid_params[0]} | hexdump -ve '/1 "%02x"')" + + # Prepare text of all three board ID related nodes + sub="$(printf "\\\n\"board_id\": %d,\\\n" "${rlz}")" + sub+="$(printf "\"board_id_flags\": %d,\\\n" "0x${bid_params[1]}")" + sub+="$(printf "\"board_id_mask\": %d,\\\n" "0x${bid_params[2]}")" + sed -i "s/\"fuses\": {/${sub}\"fuses\": {/" "${tmpf}" +} + # This is the suggested location of the codesigner utility. BIN_ROOT="${HOME}/bin" @@ -68,6 +117,7 @@ if [[ -z "${CROS_WORKON_SRCROOT}" ]]; then exit 1 fi +: ${CR50_BOARD_ID=} : ${H1_DEVIDS=} EC_ROOT="${CROS_WORKON_SRCROOT}/src/platform/ec" EC_BIN_ROOT="${EC_ROOT}/util/signer" @@ -138,11 +188,7 @@ else dst_suffix='flat' fi -if [[ -z "${do_prod}" && -n "${H1_DEVIDS}" ]]; then - echo "creating a customized DEV image for DEV IDS ${H1_DEVIDS}" - sub=$(printf "\\\n \"DEV_ID0\": %d,\\\n \"DEV_ID1\": %d," ${H1_DEVIDS}) - sed -i "s/\"fuses\": {/\"fuses\": {${sub}/" "${tmpf}" -fi +tweak_manifest count=0 for elf in ${elves[@]}; do diff --git a/util/signer/create_released_image.sh b/util/signer/create_released_image.sh index 6b8190fdf6..6a4273662c 100755 --- a/util/signer/create_released_image.sh +++ b/util/signer/create_released_image.sh @@ -13,7 +13,6 @@ # set -u -set -e # A very crude RO verification function. The key signature found at a fixed # offset into the RO blob must match the RO type. Prod keys have bit D2 set to @@ -110,6 +109,14 @@ prepare_image() { } # Execution starts here =========================== +if [ -z "${CROS_WORKON_SRCROOT}" ]; then + echo "$(basename $0): This script must run inside Chrome OS chroot" >&2 + exit 1 +fi + +SCRIPT_ROOT="${CROS_WORKON_SRCROOT}/src/scripts" +. "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1 + TMPD="$(mktemp -d /tmp/$(basename $0).XXXXX)" trap "/bin/rm -rf ${TMPD}" SIGINT SIGTERM EXIT @@ -119,15 +126,26 @@ dest_dir= IMAGE_SIZE='524288' export RESULT_FILE -if [ -z "${CROS_WORKON_SRCROOT}" ]; then - echo "$(basename $0): This script must run inside Chrome OS chroot" >&2 - exit 1 -fi +DEFINE_string cr50_board_id "" \ + "Optional string representing Board ID field of the Cr50 RW header. +Consists of three fields separated by colon: <RLZ>:<hex mask>:<hex flags>" + +# Do not put this before the DEFINE_ invocations - they routinely experience +# error return values. +set -e +FLAGS_HELP="usage: $(basename $0) [flags] <blobs> + +blobs are: + <prod RO A>.hex <prod RO B>.hex <dev RO A>.hex <dev RO B>.hex \ + <RW.elf> <RW_B.elf>" + +# Parse command line. +FLAGS "$@" || exit 1 + +eval set -- "${FLAGS_ARGV}" if [ "${#*}" != "6" ]; then - echo "six parameters are required: " - echo "<prod RO A>.hex " \ - "<prod RO B>.hex <dev RO A>.hex <dev RO B>.hex <RW.elf> <RW_B.elf>" >&2 + flags_help exit 1 fi @@ -145,6 +163,9 @@ dev_ro_b="${4}" rw_a="${5}" rw_b="${6}" +# Used by the bs script. +export CR50_BOARD_ID="${FLAGS_cr50_board_id}" + prepare_image 'dev' "${dev_ro_a}" "${dev_ro_b}" "${rw_a}" "${rw_b}" prepare_image 'prod' "${prod_ro_a}" "${prod_ro_b}" "${rw_a}" "${rw_b}" tarball="${dest_dir}.tbz2" |