diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2016-12-14 11:34:33 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-12-14 06:03:12 -0800 |
| commit | 1a0679c1a4386de578566955ee7504a75e0c5885 (patch) | |
| tree | 52a7d2e3acf231b02550fb5bc63c0650df878caf | |
| parent | 8bb1c3b852030dbecc58e6ec6c790ede621bc6e9 (diff) | |
| download | vboot-1a0679c1a4386de578566955ee7504a75e0c5885.tar.gz | |
scripts: Change anti-rollback check from error to warning for make_dev_firmware.
Currently make_dev_firmware will abort if the stored TPM version is
higher and ask user to reset TPM; however that is not very feasible
because:
(1) If the device is still MP-signed, external users can't boot
dev-signed factory shim or recovery or test images.
(2) Even if the user is able to reset TPM, the stored TPM version
will be increased again when user boots into the image for
running make_dev_firmware.
As a result, the right flow is to allow user (with warning and
instructions) resign firmware with dev-keys, boot into recovery mode due
to anti-rollback check, and then boot any dev-signed image to reset TPM.
BRANCH=none
BUG=None
TEST=./make_dev_firmware.sh # see warning message.
Change-Id: Ifd4cd9912ab505427c985154b3f469e1485789b2
Reviewed-on: https://chromium-review.googlesource.com/419898
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rwxr-xr-x | scripts/image_signing/make_dev_firmware.sh | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh index c2ce4128..45bf07ae 100755 --- a/scripts/image_signing/make_dev_firmware.sh +++ b/scripts/image_signing/make_dev_firmware.sh @@ -222,11 +222,18 @@ main() { # TODO(hungte) Change key block by data_key_version. if [ "$data_key_version" -gt "$new_data_key_version" ]; then - err_die "Sorry, firmware data key version <$new_data_key_version> in" \ - "your new keys [$FLAGS_keys] is smaller than original firmware" \ - "<$data_key_version> and won't boot due to TPM anti-rollback" \ - "detection. You have to first reset TPM." + echo "$(tput bold)$(tput setaf 1) + Warning: firmware data key version <$new_data_key_version> in your new keys + [$FLAGS_keys] is smaller than original firmware <$data_key_version> and + will boot into only recovery mode due to TPM anti-rollback detection. + + After reboot with dev recovery key, you will need to reset TPM by booting a + test or dev image in recovery mode (NOT Ctrl-U), switch to VT2 and run + command <chromoes-tpm-recovery>; or use a factory install shim image + (build_image factory_install). + $(tput sgr 0)" >&2 fi + echo "Signing with Data Key Version: $data_key_version, " \ "Firmware Version: $firmware_version" |