diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2011-03-15 18:37:18 -0700 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2011-03-15 18:37:18 -0700 |
commit | 61388bb53ebbad41b4aca1f4a9b5966f953aad6b (patch) | |
tree | d9b5adf6f4f12c65d81075c36f6fb9d652c8dce5 | |
parent | b64faaa7f4167344765eb32baebb0aa01a03bc29 (diff) | |
download | vboot-61388bb53ebbad41b4aca1f4a9b5966f953aad6b.tar.gz |
Add wrapper script for easy signing of firmware
Thought I might as well put this is in the repo since I use it very often.
Change-Id: Iecbb2340dce1522b15aab8eefb3b2c346cb7c24f
BUG=none
TEST=manually signed an image.
Review URL: http://codereview.chromium.org/6698014
-rwxr-xr-x | scripts/image_signing/sign_firmware.sh | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh new file mode 100755 index 00000000..1d20e10c --- /dev/null +++ b/scripts/image_signing/sign_firmware.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Wrapper script for re-signing a firmware image. + +# Determine script directory +SCRIPT_DIR=$(dirname $0) + +# Abort on error. +set -e + +FIRMWARE_VERSION=1 + +if [ $# -ne 3 ]; then + cat<<EOF +Usage: $0 <input_firmware> <key_dir> <output_firmware> + +Signs <input_firmware> with keys in <key_dir> and outputs signed firmware to +<output_firmware>. +EOF + exit 1 +fi + +IN_FIRMWARE=$1 +KEY_DIR=$2 +OUT_FIRMWARE=$3 + +temp_fw=$(mktemp) +trap "rm ${temp_fw}" EXIT + +# Replace the root and recovery key in the Google Binary Block of the firmware. +gbb_utility -s \ + --rootkey=${KEY_DIR}/root_key.vbpubk \ + --recoverykey=${KEY_DIR}/recovery_key.vbpubk \ + ${IN_FIRMWARE} ${temp_fw} + +# Resign the firmware with new keys +${SCRIPT_DIR}/resign_firmwarefd.sh ${temp_fw} ${OUT_FIRMWARE} \ + ${KEY_DIR}/firmware_data_key.vbprivk \ + ${KEY_DIR}/firmware.keyblock \ + ${KEY_DIR}/dev_firmware_data_key.vbprivk \ + ${KEY_DIR}/dev_firmware.keyblock \ + ${KEY_DIR}/kernel_subkey.vbpubk \ + ${FIRMWARE_VERSION} |