diff options
| author | Joel Kitching <kitching@google.com> | 2021-06-26 04:18:47 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-07-03 07:14:56 +0000 |
| commit | f54c5d25961b7fd516903e4bbf2ba9aeba246d4e (patch) | |
| tree | 655903d384082aba0f08b64e463471ed7e866b5b | |
| parent | a27a826eb10e2d463130431da9e72b804da72241 (diff) | |
| download | vboot-f54c5d25961b7fd516903e4bbf2ba9aeba246d4e.tar.gz | |
vboot/sign_official_build: remove kernel and recovery_kernel
These two types are simply thin wrappers around vbutil_kernel
and are no longer used.
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ia9a13f2992eb9de9f6c65525739da5f8e945cb3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989638
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 9da51bf8..29755623 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -31,8 +31,6 @@ where <type> is one of: recovery (sign a USB recovery image) factory (sign a factory install image) update_payload (sign a delta update hash) - kernel (sign a kernel image) - recovery_kernel (sign a recovery_kernel image) firmware (sign a firmware image) verify (verify an image including rootfs hashes) accessory_usbpd (sign USB-PD accessory firmware) @@ -400,52 +398,6 @@ sign_firmware() { info "Signed firmware image output to ${image}" } -# Sign a kernel in-place with the given keys. -# Args: KERNEL_IMAGE KEY_DIR KERNEL_VERSION -sign_kernel() { - local image=$1 - local key_dir=$2 - local kernel_version=$3 - - # Note: Although vbutil_kernel may correctly handle specifying the same - # output file as the input file, we do not want to rely on it correctly - # handing that. Hence, the use of a temporary file. - local temp_kernel=$(make_temp_file) - - # Resign the kernel with new keys. - vbutil_kernel --repack "${temp_kernel}" \ - --keyblock "${key_dir}/kernel.keyblock" \ - --signprivate "${key_dir}/kernel_data_key.vbprivk" \ - --version "${kernel_version}" \ - --oldblob "${image}" - - mv "${temp_kernel}" "${image}" - info "Signed kernel image output to ${image}" -} - -# Sign a recovery kernel in-place with the given keys. -# Args: KERNEL_IMAGE KEY_DIR KERNEL_VERSION -sign_recovery_kernel() { - local image=$1 - local key_dir=$2 - local kernel_version=$3 - - # Note: Although vbutil_kernel may correctly handle specifying the same - # output file as the input file, we do not want to rely on it correctly - # handing that. Hence, the use of a temporary file. - local temp_kernel=$(make_temp_file) - - # Resign the kernel with new recovery keys. - vbutil_kernel --repack "${temp_kernel}" \ - --keyblock "${key_dir}/recovery_kernel.keyblock" \ - --signprivate "${key_dir}/recovery_kernel_data_key.vbprivk" \ - --version "${kernel_version}" \ - --oldblob "${image}" - - mv "${temp_kernel}" "${image}" - info "Signed recovery_kernel image output to ${image}" -} - # Sign a delta update payload (usually created by paygen). # Args: INPUT_IMAGE KEY_DIR OUTPUT_IMAGE sign_update_payload() { @@ -1097,18 +1049,6 @@ elif [[ "${TYPE}" == "firmware" ]]; then fi cp ${INPUT_IMAGE} ${OUTPUT_IMAGE} sign_firmware ${OUTPUT_IMAGE} ${KEY_DIR} ${FIRMWARE_VERSION} -elif [[ "${TYPE}" == "kernel" ]]; then - if [[ -e "${KEY_DIR}/loem.ini" ]]; then - die "LOEM signing not implemented yet for kernel images" - fi - cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}" - sign_kernel "${OUTPUT_IMAGE}" "${KEY_DIR}" "${KERNEL_VERSION}" -elif [[ "${TYPE}" == "recovery_kernel" ]]; then - if [[ -e "${KEY_DIR}/loem.ini" ]]; then - die "LOEM signing not implemented yet for recovery_kernel images" - fi - cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}" - sign_recovery_kernel "${OUTPUT_IMAGE}" "${KEY_DIR}" "${KERNEL_VERSION}" elif [[ "${TYPE}" == "update_payload" ]]; then sign_update_payload ${INPUT_IMAGE} ${KEY_DIR} ${OUTPUT_IMAGE} elif [[ "${TYPE}" == "accessory_usbpd" ]]; then |