diff options
author | C Shapiro <shapiroc@chromium.org> | 2017-09-05 10:10:26 -0600 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-05 21:07:18 -0700 |
commit | 16426bf1667a223f3ef52f1129fd5fe2b91787ba (patch) | |
tree | 9feea132a69afd78c601c8785ced3a311a27002c | |
parent | 3f3a496a23088731e4ab5654b02fbc13a6881c65 (diff) | |
download | vboot-16426bf1667a223f3ef52f1129fd5fe2b91787ba.tar.gz |
image_signing: Fix missing root key for unibuilds
For model specific signatures, the root key needs to be copied also for
the development case where the root key can be flashed into the RO
block.
BUG=b:65367246
TEST=./build_image --board=coral dev \
&& ./mod_image_for_recovery.sh --board=coral \
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
recovery ../build/images/coral/latest/recovery_image.bin \
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I116850881d3c183b20e7d75e40deb13122f40c7a
Reviewed-on: https://chromium-review.googlesource.com/650546
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index f18c62eb..551a6996 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -575,6 +575,7 @@ resign_firmware_payload() { do local key_suffix='' local extra_args=() + rootkey="${KEY_DIR}/root_key.vbpubk" # If there are OEM specific keys available, we're going to use them. # Otherwise, we're going to ignore key_id from the config file and @@ -593,11 +594,14 @@ resign_firmware_payload() { "${model_name}" fi key_suffix=".loem${key_index}" - mkdir -p "${shellball_dir}/keyset" + shellball_keyset_dir="${shellball_dir}/keyset" + mkdir -p "${shellball_keyset_dir}" extra_args+=( - --loemdir "${shellball_dir}/keyset" + --loemdir "${shellball_keyset_dir}" --loemid "${model_name}" ) + rootkey="${KEY_DIR}/root_key${key_suffix}.vbpubk" + cp "${rootkey}" "${shellball_keyset_dir}/rootkey.${model_name}" fi info "Signing firmware image ${image} for model ${model_name} " \ @@ -628,7 +632,6 @@ resign_firmware_payload() { ${image_path} \ ${temp_fw} - rootkey="${KEY_DIR}/root_key${key_suffix}.vbpubk" # For development phases, when the GBB can be updated still, set the # recovery and root keys in the image. |