diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2011-08-10 12:00:13 +0800 |
|---|---|---|
| committer | Hung-Te Lin <hungte@chromium.org> | 2011-08-10 18:17:29 -0700 |
| commit | 010630f18c8880b80e564fc6a0bcf8e5eb7f9de6 (patch) | |
| tree | 3814dc2fe2a675d1d09e460844e1cf3bedf6fe59 | |
| parent | 7f503e40641a2d8b62dd38497e277fe553a23ca1 (diff) | |
| download | vboot-firmware-u-boot-v1.tar.gz | |
make_dev_firmware: handle developer firmware keyblock correctlyfirmware-u-boot-v1firmware-881-u-boot-v1
We should detect keyblock from existing firmware and decide if a developer
firmware keyblock should be used.
BUG=chromium-os:18946
TEST=./make_dev_firmware.sh -f zgb.bin -t zgb_dev.bin
# seeing Using keyblocks (developer, normal)...
./make_dev_firmware.sh -f mario.bin -t mario_dev.bin
# seeing Using keyblocks (normal, normal)...
./make_dev_firmware.sh -f arm.bin -t arm_dev.bin
# seeing Using keyblocks (normal, normal)...
Change-Id: I74fa0db980e26a6a19a4393303e8c5b3260c84c7
Reviewed-on: http://gerrit.chromium.org/gerrit/5623
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
| -rwxr-xr-x | scripts/image_signing/make_dev_firmware.sh | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh index b2fa4fc9..db2a83e1 100755 --- a/scripts/image_signing/make_dev_firmware.sh +++ b/scripts/image_signing/make_dev_firmware.sh @@ -39,6 +39,7 @@ set -e # the image we are (temporary) working with IMAGE="$(make_temp_file)" +IMAGE="$(readlink -f "$IMAGE")" # a log file to keep the output results of executed command EXEC_LOG="$(make_temp_file)" @@ -194,6 +195,34 @@ main() { cp -f "$IMAGE" "$backup_image" fi + debug_msg "Detecting developer firmware keyblock" + local expanded_firmware_dir="$(make_temp_dir)" + local use_devfw_keyblock="$FLAGS_FALSE" + (cd "$expanded_firmware_dir"; dump_fmap -x "$IMAGE" >/dev/null 2>&1) || + err_die "Failed to extract firmware image." + if [ -f "$expanded_firmware_dir/VBLOCK_A" ]; then + local has_dev=$FLAGS_TRUE has_norm=$FLAGS_TRUE + # In output of vbutil_keyblock, "!DEV" means "bootable on normal mode" and + # "DEV" means "bootable on developer mode". Here we try to match the pattern + # in output of vbutil_block, and disable the flags (has_dev, has_norm) if + # the pattern was not found. + vbutil_keyblock --unpack "$expanded_firmware_dir/VBLOCK_A" | + grep -qw '!DEV' || has_norm=$FLAGS_FALSE + vbutil_keyblock --unpack "$expanded_firmware_dir/VBLOCK_A" | + grep -qw '[^!]DEV' || has_dev=$FLAGS_FALSE + if [ "$has_norm" = "$FLAGS_FALSE" -a "$has_dev" = "$FLAGS_TRUE" ]; then + use_devfw_keyblock=$FLAGS_TRUE + fi + fi + + if [ "$use_devfw_keyblock" = "$FLAGS_TRUE" ]; then + echo "Using keyblocks (developer, normal)..." + else + echo "Using keyblocks (normal, normal)..." + dev_firmware_prvkey="$firmware_prvkey" + dev_firmware_keyblock="$firmware_keyblock" + fi + # TODO(hungte) We can use vbutil_firmware to check if the current firmware is # valid so that we know keys and vbutil_firmware are all working fine. |