reven signing: skip install_gsetup_certs

BUG=b:199136347,b:194500280
TEST=none
BRANCH=none

Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
Reviewed-by: George Engelbrecht <engeg@google.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index bb8d69d4..700da038 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -709,6 +709,7 @@ resign_android_image_if_exists() {
 # Args: LOOPDEV
 sign_uefi_binaries() {
   local loopdev="$1"
+  local kerna_config="$2"
 
   if [[ ! -d "${KEY_DIR}/uefi" ]]; then
     return 0
@@ -721,7 +722,11 @@ sign_uefi_binaries() {
   elif [[ -z "${esp_dir}" ]]; then
     return 0
   fi
-  "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi"
+  # The reven board has a special signing flow. If this flag is set, don't
+  # invoke install_gsetup_certs.sh.
+  if " ${kerna_config} " != *" cros_reven "* ]]; then
+    "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi"
+  fi
   "${SCRIPT_DIR}/sign_uefi.sh" "${esp_dir}" "${KEY_DIR}/uefi"
   sudo umount "${esp_dir}"
 
@@ -1016,7 +1021,7 @@ sign_image_file() {
   resign_firmware_payload "${loopdev}"
   remove_old_container_key "${loopdev}"
   resign_android_image_if_exists "${loopdev}"
-  sign_uefi_binaries "${loopdev}"
+  sign_uefi_binaries "${loopdev}" "${kerna_config}"
   # We do NOT strip /boot for factory installer, since some devices need it to
   # boot EFI. crbug.com/260512 would obsolete this requirement.
   #