diff options
author | Mike Frysinger <vapier@chromium.org> | 2017-05-09 03:29:37 -0400 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-06 21:13:56 -0700 |
commit | 06beb42e11733670eb1894f12586443a37a5af7c (patch) | |
tree | 2917ef6e2e5cd273694b48ab636faf7045750102 | |
parent | 3dd580298b42d9d77e1f37733e4df2b6d5c302c6 (diff) | |
download | vboot-06beb42e11733670eb1894f12586443a37a5af7c.tar.gz |
image_signing: sign_official_build.sh: use loopbacks when updating recovery kernels
This avoids copying in/out the kernels for their configs and to resign.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12
Reviewed-on: https://chromium-review.googlesource.com/505478
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index f31bd622..9ef3f5fc 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -720,15 +720,15 @@ EOF } # Re-calculate recovery kernel hash. -# Args: IMAGE_BIN +# Args: LOOPDEV update_recovery_kernel_hash() { - image_bin=$1 + local loopdev="$1" + local loop_kerna="${loopdev}p2" + local loop_kernb="${loopdev}p4" # Update the Kernel B hash in Kernel A command line - local old_kerna_config=$(grab_kernel_config "${image_bin}" 2) - local new_kernb=$(make_temp_file) - extract_image_partition ${image_bin} 4 ${new_kernb} - local new_kernb_hash=$(sha1sum ${new_kernb} | cut -f1 -d' ') + local old_kerna_config="$(sudo dump_kernel_config "${loop_kerna}")" + local new_kernb_hash=$(sudo sha1sum "${loop_kernb}" | cut -f1 -d' ') new_kerna_config=$(make_temp_file) echo "$old_kerna_config" | @@ -737,19 +737,13 @@ update_recovery_kernel_hash() { info "New config for kernel partition 2 is" cat ${new_kerna_config} - local temp_kimagea=$(make_temp_file) - extract_image_partition ${image_bin} 2 ${temp_kimagea} - # Re-calculate kernel partition signature and command line. - local updated_kimagea=$(make_temp_file) - vbutil_kernel --repack ${updated_kimagea} \ + sudo vbutil_kernel --repack "${loop_kerna}" \ --keyblock ${KEY_DIR}/recovery_kernel.keyblock \ --signprivate ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ --version "${KERNEL_VERSION}" \ - --oldblob ${temp_kimagea} \ + --oldblob "${loop_kerna}" \ --config ${new_kerna_config} - - replace_image_partition ${image_bin} 2 ${updated_kimagea} } # Update the legacy bootloader templates in EFI partition if available. @@ -852,7 +846,7 @@ sign_image_file() { "${kernB_keyblock}" "${kernB_privkey}" update_stateful_partition_vblock "${loopdev}" if [[ "${image_type}" == "recovery" ]]; then - update_recovery_kernel_hash "${output}" + update_recovery_kernel_hash "${loopdev}" fi if ! update_legacy_bootloader "${output}" "${dm_partno}"; then # Error is already logged. |