diff options
| author | C Shapiro <shapiroc@chromium.org> | 2017-10-23 12:01:29 -0600 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-24 10:38:24 -0700 |
| commit | 9ff61a3e814f28692336e45cc0158cb18b7444b8 (patch) | |
| tree | 54b534ef999cdafc84c21164d3899bba27eee6ed | |
| parent | 8122e0b8b13794ffcda7a0a0930b2bc6969e8364 (diff) | |
| download | vboot-9ff61a3e814f28692336e45cc0158cb18b7444b8.tar.gz | |
vboot_reference: Decouple from model
The signer has no concept of model and doesn't need to. From its
perspective, it is simply generating a signature block based on a set of
instructions.
Changing the comments and variable name to reflect this.
BUG=b:68141451
TEST=None
BRANCH=None
Change-Id: Ia2a3e4a5273a4bcd9c5645db2cf0db80af6c28cf
Reviewed-on: https://chromium-review.googlesource.com/733857
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 1e435a65..54b4c9f5 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -551,27 +551,29 @@ resign_firmware_payload() { # go/cros-unibuild-signing # # This iterates over a signer_config.csv file, which contains the following: - # model_name,image,key_id (header) + # output_name,image,key_id (header) # santa,models/santa/bios.bin,SOME_OEM (sample line) # - # This dictates the keys that should be used for which models and images. + # This dictates what output signature blocks to generate based on what + # keys/binaries. # # It reuses the LOEM architecture already existing in the signer keysets, # but this could be revisited at a future date. # - # Within signer_config.csv, it used the key_id column to match the key + # Within signer_config.csv, it uses the key_id column to match the key # value in loem.ini (if present) and signs the corresponding firmware # image using that key. # - # For output, it uses the model name for the signed vblocks, which is then - # detected/used by the firmware updater script. + # It then outputs the appropriate signature blocks based on the output_name. + # The firmware updater scripts then detects what output_name to use at + # runtime based on the platform. local signer_config="${shellball_dir}/signer_config.csv" if [[ -e "${signer_config}" ]]; then info "Using signer_config.csv to determine firmware signatures" info "See go/cros-unibuild-signing for details" { read # Burn the first line (header line) - while IFS="," read -r model_name image key_id + while IFS="," read -r output_name image key_id do local key_suffix='' local extra_args=() @@ -582,7 +584,7 @@ resign_firmware_payload() { # just use the common keys present in the keyset. # # The presence of the /keyset subdir in the shellball will indicate - # whether model specific keyblocks are available or not. + # whether dynamic signature blocks are available or not. # This is what updater4.sh currently uses to make the decision. if [[ -e "${KEY_DIR}/loem.ini" ]]; then # loem.ini has the format KEY_ID_VALUE = KEY_INDEX @@ -590,21 +592,21 @@ resign_firmware_payload() { local key_index="$(echo "${match}" | cut -d ' ' -f 1)" info "Detected key index from loem.ini as ${key_index} for ${key_id}" if [[ -z "${key_index}" ]]; then - die "Failed to find key_id ${key_id} in loem.ini file for model " \ - "${model_name}" + die "Failed to find key_id ${key_id} in loem.ini file for " \ + "${output_name}" fi key_suffix=".loem${key_index}" shellball_keyset_dir="${shellball_dir}/keyset" mkdir -p "${shellball_keyset_dir}" extra_args+=( --loemdir "${shellball_keyset_dir}" - --loemid "${model_name}" + --loemid "${output_name}" ) rootkey="${KEY_DIR}/root_key${key_suffix}.vbpubk" - cp "${rootkey}" "${shellball_keyset_dir}/rootkey.${model_name}" + cp "${rootkey}" "${shellball_keyset_dir}/rootkey.${output_name}" fi - info "Signing firmware image ${image} for model ${model_name} " \ + info "Signing firmware image ${image} for ${output_name} " \ "with key suffix ${key_suffix}" local temp_fw=$(make_temp_file) |