diff options
author | Hung-Te Lin <hungte@chromium.org> | 2011-07-22 16:07:58 +0800 |
---|---|---|
committer | Hung-Te Lin <hungte@chromium.org> | 2011-07-22 21:14:27 -0700 |
commit | 8e17e5fe43e9407066e7cdf9dabfd3eb637817a7 (patch) | |
tree | edc515cc5dd06ad4f66a33491d429f33f4f3fa8d | |
parent | ad03a439bc97523e03d19aa1dcd568744d60889c (diff) | |
download | vboot-8e17e5fe43e9407066e7cdf9dabfd3eb637817a7.tar.gz |
resign_firmwarefd.sh: support new "flag" (for hinting two-stop FW)
The two-stop firmware relies on the "flag" field which may be useful for the
resign_firmwarefd.sh.
BUG=chrome-os-partner:5095
TEST=./resign_firmwarefd [params] 1
vbutil_firmware --verify ..... # seeing flag = 1
Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b
Reviewed-on: http://gerrit.chromium.org/gerrit/4561
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
-rwxr-xr-x | scripts/image_signing/make_dev_firmware.sh | 4 | ||||
-rwxr-xr-x | scripts/image_signing/resign_firmwarefd.sh | 17 |
2 files changed, 18 insertions, 3 deletions
diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh index d66d6f65..b2fa4fc9 100755 --- a/scripts/image_signing/make_dev_firmware.sh +++ b/scripts/image_signing/make_dev_firmware.sh @@ -222,6 +222,7 @@ main() { debug_msg "Resign the firmware code (A/B) with new keys" local unsigned_image="$(make_temp_file)" cp -f "$IMAGE" "$unsigned_image" + # TODO(hungte) derive kernel key and preamble flag from existing firmware "$SCRIPT_BASE/resign_firmwarefd.sh" \ "$unsigned_image" \ "$IMAGE" \ @@ -231,6 +232,9 @@ main() { "$dev_firmware_keyblock" \ "$kernel_sub_pubkey" >"$EXEC_LOG" 2>&1 || err_die "Failed to re-sign firmware. (message: $(cat "$EXEC_LOG"))" + if is_debug_mode; then + cat "$EXEC_LOG" + fi # TODO(hungte) compare if the image really needs to be changed. diff --git a/scripts/image_signing/resign_firmwarefd.sh b/scripts/image_signing/resign_firmwarefd.sh index b5d1cf23..ad72a70e 100755 --- a/scripts/image_signing/resign_firmwarefd.sh +++ b/scripts/image_signing/resign_firmwarefd.sh @@ -54,9 +54,9 @@ set -e # Check arguments -if [ $# -lt 7 ] || [ $# -gt 8 ]; then +if [ $# -lt 7 ] || [ $# -gt 9 ]; then echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\ - "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version]" + "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version [flag]]" exit 1 fi @@ -74,12 +74,21 @@ DEV_FIRMWARE_DATAKEY=$5 DEV_FIRMWARE_KEYBLOCK=$6 KERNEL_SUBKEY=$7 VERSION=$8 +# This is the --flag in vbutil_firmware. It currently has only two values: +# 0 for RW-NORMAL firmware, and 1 for RO-NORMAL firmware (search "two_stop +# firmware" for more information). +PREAMBLE_FLAG=$9 -if [ -z $VERSION ]; then +if [ -z "$VERSION" ]; then VERSION=1 fi echo "Using firmware version: $VERSION" +if [ -n "$PREAMBLE_FLAG" ]; then + echo "Using firmware preamble flag: $PREAMBLE_FLAG" + PREAMBLE_FLAG="--flag $PREAMBLE_FLAG" +fi + # Parse offsets and size of firmware data and vblocks for i in "A" "B" do @@ -118,6 +127,7 @@ vbutil_firmware \ --keyblock "${DEV_FIRMWARE_KEYBLOCK}" \ --signprivate "${DEV_FIRMWARE_DATAKEY}" \ --version "${VERSION}" \ + $PREAMBLE_FLAG \ --fv "${temp_fwimage}" \ --kernelkey "${KERNEL_SUBKEY}" @@ -135,6 +145,7 @@ vbutil_firmware \ --keyblock "${FIRMWARE_KEYBLOCK}" \ --signprivate "${FIRMWARE_DATAKEY}" \ --version "${VERSION}" \ + $PREAMBLE_FLAG \ --fv "${temp_fwimage}" \ --kernelkey "${KERNEL_SUBKEY}" |