diff options
| author | Randall Spangler <rspangler@chromium.org> | 2010-12-03 09:26:22 -0800 |
|---|---|---|
| committer | Randall Spangler <rspangler@chromium.org> | 2010-12-03 09:26:22 -0800 |
| commit | 38ab919c086f5bcdb9feb49f0e2f8adac9972fda (patch) | |
| tree | 91a57c80fc7b4a64fa8666ab52ad79f48a4e0b2b | |
| parent | 527612e3565be00030a082c262204a0562bc0d4a (diff) | |
| download | vboot-38ab919c086f5bcdb9feb49f0e2f8adac9972fda.tar.gz | |
Add --save_config and --set_config options to make_dev_ssd.sh
Change-Id: I691e6e62f5d5d9b6671fd05f172829b84d503b77
BUG=9934
TEST=manual
1. From a root shell, on a device signed with developer keys:
make_dev_ssd.sh --save_config=foo
This should create a foo.2 file with a kernel command line. It'll be
similar to the one in /proc/cmdline. It may create a foo.4 file, if
kernel B is also valid.
2. Modify the command line in foo.2 (and foo.4, if it exists).
Suggest adding "blah2" to foo.2, and "blah4" to foo.4 if it
exists.
3. From a root shell:
make_dev_ssd.sh --set_config=foo
4. Reboot.
5. Check the kernel command line.
cat /proc/cmdline
If you booted from kernel A, you should see "blah2" in the command
line. If B, you should see "blah4".
Review URL: http://codereview.chromium.org/5567003
| -rwxr-xr-x | scripts/image_signing/make_dev_ssd.sh | 73 |
1 files changed, 49 insertions, 24 deletions
diff --git a/scripts/image_signing/make_dev_ssd.sh b/scripts/image_signing/make_dev_ssd.sh index 4753a129..c189eb67 100755 --- a/scripts/image_signing/make_dev_ssd.sh +++ b/scripts/image_signing/make_dev_ssd.sh @@ -24,6 +24,10 @@ DEFINE_boolean remove_rootfs_verification \ DEFINE_string backup_dir \ "$DEFAULT_BACKUP_FOLDER" "Path of directory to store kernel backups" "" DEFINE_boolean debug $FLAGS_FALSE "Provide debug messages" "d" +DEFINE_string save_config "" \ + "Base filename to store kernel configs to, instead of resigning." "" +DEFINE_string set_config "" \ + "Base filename to load kernel configs from" "" # Parse command line FLAGS "$@" || exit 1 @@ -128,20 +132,53 @@ resign_ssd_kernel() { mydd if="$ssd_device" of="$old_blob" bs=$bs skip=$offset count=$size debug_msg "Checking if $name is valid" - local old_kernel_config - if ! old_kernel_config="$(dump_kernel_config "$old_blob" 2>"$EXEC_LOG")" - then + local kernel_config + if ! kernel_config="$(dump_kernel_config "$old_blob" 2>"$EXEC_LOG")"; then debug_msg "dump_kernel_config error message: $(cat "$EXEC_LOG")" echo "INFO: $name: no kernel boot information, ignored." continue fi + if [ -n "${FLAGS_save_config}" ]; then + # Save current kernel config + local old_config_file + old_config_file="${FLAGS_save_config}.$kernel_index" + echo "Saving $name config to $old_config_file" + echo "$kernel_config" > "$old_config_file" + # Just save; don't resign + continue + fi + + if [ -n "${FLAGS_set_config}" ]; then + # Set new kernel config from file + local new_config_file + new_config_file="${FLAGS_set_config}.$kernel_index" + kernel_config="$(cat "$new_config_file")" || + err_die "Failed to read new kernel config from $new_config_file" + debug_msg "New kernel config: $kernel_config)" + echo "$name: Replaced config from $new_config_file" + fi + + if [ ${FLAGS_remove_rootfs_verification} = $FLAGS_FALSE ]; then + debug_msg "Bypassing rootfs verification check" + elif ! is_rootfs_verification_enabled "$kernel_config"; then + echo "INFO: $name: rootfs verification was not enabled." + else + debug_msg "Changing boot parameter to remove rootfs verification" + kernel_config="$(remove_rootfs_verification "$kernel_config")" + debug_msg "New kernel config: $kernel_config" + echo "$name: Disabled rootfs verification." + fi + + local new_kernel_config_file="$(make_temp_file)" + echo "$kernel_config" >"$new_kernel_config_file" + debug_msg "Re-signing $name from $old_blob to $new_blob" debug_msg "Using key: $KERNEL_DATAKEY" - vbutil_kernel \ --repack "$new_blob" \ - --vblockonly --keyblock "$KERNEL_KEYBLOCK" \ + --keyblock "$KERNEL_KEYBLOCK" \ + --config "$new_kernel_config_file" \ --signprivate "$KERNEL_DATAKEY" \ --oldblob "$old_blob" >"$EXEC_LOG" 2>&1 || err_die "Failed to resign $name. Message: $(cat "$EXEC_LOG")" @@ -151,25 +188,6 @@ resign_ssd_kernel() { cp "$old_blob" "$new_kern" mydd if="$new_blob" of="$new_kern" conv=notrunc - if [ ${FLAGS_remove_rootfs_verification} = $FLAGS_FALSE ]; then - debug_msg "Bypassing rootfs verification check" - elif ! is_rootfs_verification_enabled "$old_kernel_config"; then - echo "INFO: $name: rootfs verification was not enabled." - else - debug_msg "Changing boot parameter to remove rootfs verification" - local new_kernel_config_file="$(make_temp_file)" - remove_rootfs_verification "$old_kernel_config" >"$new_kernel_config_file" - debug_msg "New kernel config: $(cat $new_kernel_config_file)" - vbutil_kernel \ - --repack "$new_blob" \ - --config "$new_kernel_config_file" \ - --signprivate "$KERNEL_DATAKEY" \ - --oldblob "$new_kern" >"$EXEC_LOG" 2>&1 || - err_die "Failed to resign $name. Message: $(cat "$EXEC_LOG")" - echo "$name: Disabled rootfs verification." - mydd if="$new_blob" of="$new_kern" conv=notrunc - fi - if is_debug_mode; then debug_msg "for debug purposes, check *.dbgbin" cp "$old_blob" old_blob.dbgbin @@ -233,6 +251,13 @@ resign_ssd_kernel() { echo "$name: Re-signed with developer keys successfully." done + + # If we saved the kernel config, exit now so we don't print an error + if [ -n "${FLAGS_save_config}" ]; then + echo "(Kernels have not been resigned.)" + exit 0 + fi + return $resigned_kernels } |