summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarco Chen <marcochen@chromium.org>2018-01-15 13:05:59 +0800
committerchrome-bot <chrome-bot@chromium.org>2018-01-16 04:08:26 -0800
commite0b3841863281a3fc3b188bfbab55d401fabdc73 (patch)
tree86f3f174e4941cd7604d7133c97def878f62000d
parentfde7cdc134d66ff0ad1350901b716c4d7d158fa8 (diff)
downloadvboot-e0b3841863281a3fc3b188bfbab55d401fabdc73.tar.gz
image_signing: Add sha1sum of keys in keyset to VERSION.signer.stabilize-10323.31.Bstabilize-10323.30.Bstabilize-10323.29.Bfactory-soraka-10323.B
To record sha1sum of keys in keyset can help loem or unibuild projects to verify 1. whether rekey process is performed correctly during the factory build. 2. whether HWID database is updated correctly. BUG=chromium:763328 TEST=1) modify loem.ini to match what coral is. 2) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ./chromeos_10308.0.0_coral_recovery_dev-channel_mp-v4.bin ./src/platform/vboot_reference/tests/loemkeys ./output.bin 3) verify output file - VERSION.signer. BRANCH=none Change-Id: I80deadb04d9dc0eb66fc5ac45dce84e6f41f1a16 Signed-off-by: Marco Chen <marcochen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/866522 Reviewed-by: Simon Glass <sjg@chromium.org>
-rwxr-xr-xscripts/image_signing/sign_official_build.sh9
1 files changed, 9 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index bba33e23..1bee36df 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -10,6 +10,7 @@
#
# futility (from src/platform/vboot_reference)
# vbutil_kernel (from src/platform/vboot_reference)
+# vbutil_key (from src/platform/vboot_reference)
# cgpt (from src/platform/vboot_reference)
# dump_kernel_config (from src/platform/vboot_reference)
# verity (from src/platform/verity)
@@ -724,6 +725,14 @@ resign_firmware_payload() {
local signer_notes="${shellball_dir}/VERSION.signer"
echo "" >"$signer_notes"
echo "Signed with keyset in $(readlink -f "${KEY_DIR}") ." >>"${signer_notes}"
+ if [[ -d "${shellball_keyset_dir}" ]]; then
+ echo "List sha1sum of all loem/model's signatures:" >>"${signer_notes}"
+ for key in "${shellball_keyset_dir}"/rootkey.*; do
+ model="${key##*.}"
+ sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9)
+ echo " ${model}: ${sha1}" >>"${signer_notes}"
+ done
+ fi
new_shellball=$(make_temp_file)
cp -f "${firmware_bundle}" "${new_shellball}"