diff options
author | Hung-Te Lin <hungte@chromium.org> | 2011-04-15 11:07:06 +0800 |
---|---|---|
committer | Hung-Te Lin <hungte@chromium.org> | 2011-04-15 11:07:06 +0800 |
commit | 83728d0aef71945e54b8948107361b86a95118d9 (patch) | |
tree | b01f4bc14bb63d766e3e8d285ec77de5d6168018 | |
parent | 480a323fe7fb181df397b64bfe1abe57338d74af (diff) | |
download | vboot-83728d0aef71945e54b8948107361b86a95118d9.tar.gz |
vboot_reference: check developer firmware before running make_dev_ssd
Developers may turn on developer switch, enter shell, and then try to run
make_dev_ssd without switching to developer firmware / dev root key.
And that would make the system showing "NO GOOD" or "INSERT" screen
after reboot.
For sanity check, we should check if firmware type is "developer" before running
make_dev_ssd.
BUG=none
TEST=(using normale firmware) make_dev_ssd # seeing the error messages
sudo chromeos-firmwareupdate --mode=todev; sudo reboot
(using developer firmware) make_dev_ssd # not seeing error
Change-Id: Id62959c91c39b0bbcca604c9e83fd087e3727b8b
R=rspangler@chromium.org
Review URL: http://codereview.chromium.org/6840047
-rwxr-xr-x | scripts/image_signing/make_dev_ssd.sh | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/scripts/image_signing/make_dev_ssd.sh b/scripts/image_signing/make_dev_ssd.sh index 17e84977..9a645deb 100755 --- a/scripts/image_signing/make_dev_ssd.sh +++ b/scripts/image_signing/make_dev_ssd.sh @@ -17,8 +17,11 @@ DEFAULT_KEYS_FOLDER="$VBOOT_BASE/devkeys" DEFAULT_BACKUP_FOLDER='/mnt/stateful_partition/backups' DEFAULT_PARTITIONS='2 4' +# TODO(hungte) or use "rootdev -s" in future +DEFAULT_IMAGE="/dev/sda" + # DEFINE_string name default_value description flag -DEFINE_string image "/dev/sda" "Path to device or image file" "i" +DEFINE_string image "$DEFAULT_IMAGE" "Path to device or image file" "i" DEFINE_string keys "$DEFAULT_KEYS_FOLDER" "Path to folder of dev keys" "k" DEFINE_boolean remove_rootfs_verification \ $FLAGS_FALSE "Modify kernel boot config to disable rootfs verification" "" @@ -32,9 +35,11 @@ DEFINE_string partitions "$DEFAULT_PARTITIONS" \ "List of partitions to examine" "" DEFINE_boolean recovery_key "$FLAGS_FALSE" \ "Use recovery key to sign image (to boot from USB" "" +DEFINE_boolean force "$FLAGS_FALSE" "Skip sanity checks and make the change" "f" # Parse command line FLAGS "$@" || exit 1 +ORIGINAL_PARAMS="$@" eval set -- "$FLAGS_ARGV" # Globals @@ -292,6 +297,36 @@ main() { "$FLAGS_image" || exit 1 + debug_msg "Firmware compatibility sanity check" + if [ "$FLAGS_force" = "$FLAGS_FALSE" ] && + [ "$FLAGS_image" = "$DEFAULT_IMAGE" ] && + [ "$(crossystem mainfw_type)" != "developer" ]; then + + # TODO(hungte) we can check if the fimware rootkey is already dev keys." + echo " + ERROR: YOU ARE NOT USING DEVELOPER FIRMWARE, AND RUNNING THIS COMMAND MAY + THROW YOUR CHROMEOS DEVICE INTO UNBOOTABLE STATE. + + You need to either install developer firmware, or change system rootkey. + + - To install developer firmware: type command + sudo chromeos-firmwareupdate --mode=todev + + - To change system rootkey: disable firmware write protection (a hardware + switch) and then type command: + sudo ./make_dev_firmware.sh + + If you are sure that you want to make such image without developer + firmware or you've already changed system root keys, please run this + command again with --force param: + + sudo ./make_dev_ssd.sh --force $ORIGINAL_PARAMS + + YOUR IMAGE $FLAGS_image IS NOT MODIFIED. + " + exit 1 + fi + resign_ssd_kernel "$FLAGS_image" || num_signed=$? debug_msg "Complete." |