diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2011-08-23 13:47:35 -0700 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2011-08-23 15:56:25 -0700 |
commit | 69b88dc99b0c3ed12ad66f8df7b65ecc3682204f (patch) | |
tree | ab3cd5e468d580d74608c4e5896f1d9ede4034e5 | |
parent | a3454fcaa415b2c99514c44eebee7325fe0d1f9f (diff) | |
download | vboot-69b88dc99b0c3ed12ad66f8df7b65ecc3682204f.tar.gz |
Add support for new verity key-value style kernel parameters
BUG=chromium-os:18492
TEST=manually tested with both an old verity image, as well as a new one (with
the pending http://gerrit.chromium.org/gerrit/6085)
Change-Id: I347de9185db1c4ea949d37121c63e08184e8fcfe
Reviewed-on: http://gerrit.chromium.org/gerrit/6516
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 49 |
1 files changed, 39 insertions, 10 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 6d124ff1..bbba4e25 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -87,6 +87,23 @@ get_hash_from_config() { cut -f2- -d, | cut -f9 -d ' ' } +# TODO(gauravsh): These are duplicated from chromeos-setimage. We need +# to move all signing and rootfs code to one single place where it can be +# reused. crosbug.com/19543 + +# get_verity_arg <commandline> <key> -> <value> +get_verity_arg() { + echo "$1" | sed "s/.*\b$2=\([^ \"]*\).*/\1/" +} + +is_old_verity_argv() { + local depth=$(echo "$1" | cut -f7 -d' ') + if [ "$depth" = "0" ]; then + return 0 + fi + return 1 +} + # Calculate rootfs hash of an image # Args: ROOTFS_IMAGE KERNEL_CONFIG HASH_IMAGE # @@ -101,21 +118,33 @@ calculate_rootfs_hash() { local dm_config=$(echo ${kernel_config} | sed -e 's/.*dm="\([^"]*\)".*/\1/g' | cut -f2- -d,) - # We extract dm=... portion of the config command line. Here's an example: - # - # dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 \ - # sha1 63b7ad16cb9db4b70b28593f825aa6b7825fdcf2" - # if [ -z "${dm_config}" ]; then echo "WARNING: Couldn't grab dm_config. Aborting rootfs hash calculation" exit 1 fi - local rootfs_sectors=$(echo ${dm_config} | cut -f2 -d' ') - local root_dev=$(echo ${dm_config} | cut -f4 -d ' ') - local hash_dev=$(echo ${dm_config} | cut -f5 -d ' ') - local verity_depth=$(echo ${dm_config} | cut -f7 -d' ') - local verity_algorithm=$(echo ${dm_config} | cut -f8 -d' ') + + local rootfs_sectors + local verity_depth + local verity_algorithm + local root_dev + local hash_dev + if is_old_verity_argv "${dm_config}"; then + # dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 \ + # sha1 63b7ad16cb9db4b70b28593f825aa6b7825fdcf2" + rootfs_sectors=$(echo ${dm_config} | cut -f2 -d' ') + verity_depth=$(echo ${dm_config} | cut -f7 -d' ') + verity_algorithm=$(echo ${dm_config} | cut -f8 -d' ') + root_dev=$(echo ${dm_config} | cut -f4 -d ' ') + hash_dev=$(echo ${dm_config} | cut -f5 -d ' ') + else + # Key-value parameters. + rootfs_sectors=$(get_verity_arg "${dm_config}" hashstart) + verity_depth=0 + verity_algorithm=$(get_verity_arg "${dm_config}" alg) + root_dev=$(get_verity_arg "${dm_config}" payload) + hash_dev=$(get_verity_arg "${dm_config}" hashtree) + fi # Run the verity tool on the rootfs partition. local table="vroot none ro,"$(sudo verity mode=create \ |