sign_official_release: relax board name for guybrush

To address the case where the signer could be modifying the original
contents of the board name by adding the release stage, check for
presence of the base board name in the string instead of checking for
exact matcn.

BRANCH=none
BUG=b:263378945
TEST=attempted local signing, observed expected messages in the output
     log.

Change-Id: Idddd33cdbbc91497bfbc94b3757adb0f24f1a1f0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4228431
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380967
Reviewed-by: Cheng Yueh <cyueh@chromium.org>
Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
Commit-Queue: Cheng Yueh <cyueh@chromium.org>
Tested-by: Phoebe Wang <phoebewang@chromium.org>

1 files changed, 4 insertions, 5 deletions

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 36033bca..984d2c11 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -571,11 +571,10 @@ resign_firmware_payload() {
         echo "After setting GBB on ${bios_path}: md5 =" \
           $(md5sum ${bios_path} | awk '{print $1}')
 
-        board_name="$(lsbval "${rootfs_dir}/etc/lsb-release" \
-           "CHROMEOS_RELEASE_BOARD")"
-
-        if [[ ${board_name} == "guybrush" ]]; then
-          echo "Not looking for RO_GSCVD on guygrush, b/263378945"
+        board_name="$(get_boardvar_from_lsb_release "${rootfs_dir}")"
+        echo "Board name from lsb-release: ${board_name}"
+        if [[ ${board_name} == *guybrush* ]]; then
+          echo "Not looking for RO_GSCVD on guybrush, b/263378945"
         elif futility dump_fmap -p "${bios_path}" | grep -q RO_GSCVD; then
           # Attempt AP RO verification signing only in case the FMAP includes
           # the RO_GSCVD section.