From c34791f6b3c9e25c6abe1976efecf3bdc51ba453 Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Thu, 4 Apr 2019 14:28:03 -0700
Subject: cr50 signer: make sure SQA images can not be signed with prod keys

This patch makes sure that SQA images can not be signed with prod keys.

BRANCH=none
BUG=none

TEST=manually verified that the modified grep expression triggers for
     both DBG and SQA containing strings.

Change-Id: I3c8b8c45dbbf5d38bc9c35f766e80ada8257cb65
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1553575
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
---
 util/signer/bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/signer/bs b/util/signer/bs
index c06d611ef0..7c07d8fc40 100755
--- a/util/signer/bs
+++ b/util/signer/bs
@@ -291,8 +291,8 @@ tweak_manifest
 count=0
 for elf in ${elves[@]}; do
   if [[ -n "${do_prod}" ]]; then
-    if strings "${elf}" | grep -q "DBG/cr50"; then
-      echo "Will not sign debug image with prod keys" >&2
+    if strings "${elf}" | egrep -q "(DBG|SQA)/cr50"; then
+      echo "Will not sign debug or SQA image with prod keys" >&2
       exit 1
     fi
   fi
-- 
cgit v1.2.1