diff options
author | Mike Frysinger <vapier@chromium.org> | 2018-09-26 23:14:20 -0400 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-28 10:10:46 -0700 |
commit | cf6b7a9c522a5b62714dee304ee4e6bec8a45ab8 (patch) | |
tree | e9a6c6df560cb745cc5f1a795f79a2cdc601ab2f | |
parent | ba71ad66e335d063f613fecc62703878f7359a46 (diff) | |
download | vboot-cf6b7a9c522a5b62714dee304ee4e6bec8a45ab8.tar.gz |
image_signing: workaround ecrw signing breakage
It looks like cbfstool removing & inserting blobs into the bios, even
if the contents are the same, break the signatures run over the region.
Until we can figure out what's going on, avoid re-adding content that's
the same to keep the signatures valid.
BRANCH=None
BUG=chromium:889716
TEST=signing fizz image has valid vblock hashes
Change-Id: I00ba84cf22b6fffc594e60b78f91e7cb49c98f06
Reviewed-on: https://chromium-review.googlesource.com/1248201
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@chromium.org>
-rw-r--r-- | scripts/image_signing/common_minimal.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/scripts/image_signing/common_minimal.sh b/scripts/image_signing/common_minimal.sh index 8166d698..86a69db6 100644 --- a/scripts/image_signing/common_minimal.sh +++ b/scripts/image_signing/common_minimal.sh @@ -443,6 +443,18 @@ store_file_in_cbfs() { local file="$2" local name="$3" local compression=$(get_cbfs_compression "$1" "${name}") + + # Don't re-add a file to a section if it's unchanged. Otherwise this seems + # to break signature of existing contents. https://crbug.com/889716 + if cbfstool "${image}" extract -r "FW_MAIN_A,FW_MAIN_B" \ + -f "${file}.orig" -n "${name}"; then + if cmp -s "${file}" "${file}.orig"; then + rm -f "${file}.orig" + return + fi + rm -f "${file}.orig" + fi + cbfstool "${image}" remove -r "FW_MAIN_A,FW_MAIN_B" -n "${name}" || return # This add can fail if # 1. Size of a signature after compression is larger |