diff options
author | Jack Neus <jackneus@google.com> | 2021-09-07 20:30:01 +0000 |
---|---|---|
committer | Jora Jacobi <jora@google.com> | 2021-09-07 21:53:01 +0000 |
commit | 1376cfbfdd3b0cbc14da190c744604c4f3d29a23 (patch) | |
tree | 0446dd0375d1f9dc860b5e9d606c8c306216db86 | |
parent | 8ccbd949716969fe8e7e477634fc82c9bf4358b7 (diff) | |
download | vboot-1376cfbfdd3b0cbc14da190c744604c4f3d29a23.tar.gz |
reven signing: skip install_gsetup_certs
BUG=b:199136347,b:194500280
TEST=none
BRANCH=none
Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
Reviewed-by: George Engelbrecht <engeg@google.com>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index bb8d69d4..700da038 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -709,6 +709,7 @@ resign_android_image_if_exists() { # Args: LOOPDEV sign_uefi_binaries() { local loopdev="$1" + local kerna_config="$2" if [[ ! -d "${KEY_DIR}/uefi" ]]; then return 0 @@ -721,7 +722,11 @@ sign_uefi_binaries() { elif [[ -z "${esp_dir}" ]]; then return 0 fi - "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi" + # The reven board has a special signing flow. If this flag is set, don't + # invoke install_gsetup_certs.sh. + if " ${kerna_config} " != *" cros_reven "* ]]; then + "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi" + fi "${SCRIPT_DIR}/sign_uefi.sh" "${esp_dir}" "${KEY_DIR}/uefi" sudo umount "${esp_dir}" @@ -1016,7 +1021,7 @@ sign_image_file() { resign_firmware_payload "${loopdev}" remove_old_container_key "${loopdev}" resign_android_image_if_exists "${loopdev}" - sign_uefi_binaries "${loopdev}" + sign_uefi_binaries "${loopdev}" "${kerna_config}" # We do NOT strip /boot for factory installer, since some devices need it to # boot EFI. crbug.com/260512 would obsolete this requirement. # |