summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHung-Te Lin <hungte@chromium.org>2011-07-22 16:07:58 +0800
committerHung-Te Lin <hungte@chromium.org>2011-07-22 21:14:27 -0700
commit8e17e5fe43e9407066e7cdf9dabfd3eb637817a7 (patch)
treeedc515cc5dd06ad4f66a33491d429f33f4f3fa8d
parentad03a439bc97523e03d19aa1dcd568744d60889c (diff)
downloadvboot-8e17e5fe43e9407066e7cdf9dabfd3eb637817a7.tar.gz
resign_firmwarefd.sh: support new "flag" (for hinting two-stop FW)
The two-stop firmware relies on the "flag" field which may be useful for the resign_firmwarefd.sh. BUG=chrome-os-partner:5095 TEST=./resign_firmwarefd [params] 1 vbutil_firmware --verify ..... # seeing flag = 1 Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b Reviewed-on: http://gerrit.chromium.org/gerrit/4561 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Diffstat
-rwxr-xr-xscripts/image_signing/make_dev_firmware.sh4
-rwxr-xr-xscripts/image_signing/resign_firmwarefd.sh17
2 files changed, 18 insertions, 3 deletions
diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh
index d66d6f65..b2fa4fc9 100755
--- a/scripts/image_signing/make_dev_firmware.sh
+++ b/scripts/image_signing/make_dev_firmware.sh
@@ -222,6 +222,7 @@ main() {
debug_msg "Resign the firmware code (A/B) with new keys"
local unsigned_image="$(make_temp_file)"
cp -f "$IMAGE" "$unsigned_image"
+ # TODO(hungte) derive kernel key and preamble flag from existing firmware
"$SCRIPT_BASE/resign_firmwarefd.sh" \
"$unsigned_image" \
"$IMAGE" \
@@ -231,6 +232,9 @@ main() {
"$dev_firmware_keyblock" \
"$kernel_sub_pubkey" >"$EXEC_LOG" 2>&1 ||
err_die "Failed to re-sign firmware. (message: $(cat "$EXEC_LOG"))"
+ if is_debug_mode; then
+ cat "$EXEC_LOG"
+ fi
# TODO(hungte) compare if the image really needs to be changed.
diff --git a/scripts/image_signing/resign_firmwarefd.sh b/scripts/image_signing/resign_firmwarefd.sh
index b5d1cf23..ad72a70e 100755
--- a/scripts/image_signing/resign_firmwarefd.sh
+++ b/scripts/image_signing/resign_firmwarefd.sh
@@ -54,9 +54,9 @@
set -e
# Check arguments
-if [ $# -lt 7 ] || [ $# -gt 8 ]; then
+if [ $# -lt 7 ] || [ $# -gt 9 ]; then
echo "Usage: $PROG src_fd dst_fd firmware_datakey firmware_keyblock"\
- "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version]"
+ "dev_firmware_datakey dev_firmware_keyblock kernel_subkey [version [flag]]"
exit 1
fi
@@ -74,12 +74,21 @@ DEV_FIRMWARE_DATAKEY=$5
DEV_FIRMWARE_KEYBLOCK=$6
KERNEL_SUBKEY=$7
VERSION=$8
+# This is the --flag in vbutil_firmware. It currently has only two values:
+# 0 for RW-NORMAL firmware, and 1 for RO-NORMAL firmware (search "two_stop
+# firmware" for more information).
+PREAMBLE_FLAG=$9
-if [ -z $VERSION ]; then
+if [ -z "$VERSION" ]; then
VERSION=1
fi
echo "Using firmware version: $VERSION"
+if [ -n "$PREAMBLE_FLAG" ]; then
+ echo "Using firmware preamble flag: $PREAMBLE_FLAG"
+ PREAMBLE_FLAG="--flag $PREAMBLE_FLAG"
+fi
+
# Parse offsets and size of firmware data and vblocks
for i in "A" "B"
do
@@ -118,6 +127,7 @@ vbutil_firmware \
--keyblock "${DEV_FIRMWARE_KEYBLOCK}" \
--signprivate "${DEV_FIRMWARE_DATAKEY}" \
--version "${VERSION}" \
+ $PREAMBLE_FLAG \
--fv "${temp_fwimage}" \
--kernelkey "${KERNEL_SUBKEY}"
@@ -135,6 +145,7 @@ vbutil_firmware \
--keyblock "${FIRMWARE_KEYBLOCK}" \
--signprivate "${FIRMWARE_DATAKEY}" \
--version "${VERSION}" \
+ $PREAMBLE_FLAG \
--fv "${temp_fwimage}" \
--kernelkey "${KERNEL_SUBKEY}"
View Lorry Controller Status