diff options
author | Jae Hoon Kim <kimjae@chromium.org> | 2021-09-07 10:40:46 -0700 |
---|---|---|
committer | Jora Jacobi <jora@google.com> | 2021-09-07 21:52:47 +0000 |
commit | 8ccbd949716969fe8e7e477634fc82c9bf4358b7 (patch) | |
tree | a4d207b353700c4eb82bd1f0d02267ae76da79d2 | |
parent | ae48219ec49fdec3c084dc5ba1f49219e4bd7d60 (diff) | |
download | vboot-8ccbd949716969fe8e7e477634fc82c9bf4358b7.tar.gz |
vboot/sign_official_build: Skip re-signing empty miniOS partitions
Reasons that miniOS partitions might be empty is that the feature is not
enabled yet, but the partitions exist as it's using the newer
disk_layout_v3.
BUG=b:199021334
TEST=# run tests
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
BRANCH=none
Change-Id: I2a6b68240428ab2f01394230840ff116c720b3df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145770
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Auto-Submit: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 05be80d4..bb8d69d4 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -896,13 +896,22 @@ resign_minios_kernels() { info "Searching for miniOS kernels to resign..." - local loop_kern - for loop_kern in "${loopdev}p"*; do - local part_type_guid=$(sudo lsblk -rnb -o PARTTYPE "${loop_kern}") + local loop_minios + for loop_minios in "${loopdev}p"*; do + local part_type_guid + part_type_guid=$(sudo lsblk -rnb -o PARTTYPE "${loop_minios}") if [[ "${part_type_guid}" != "${MINIOS_KERNEL_GUID}" ]]; then continue fi + # Skip miniOS partitions which are empty. This happens when miniOS + # kernels aren't written to the partitions because the feature is not + # enabled. + if ! sudo "${FUTILITY}" dump_kernel_config "${loop_minios}"; then + info "Skipping empty miniOS partition ${partnum}." + continue + fi + # Delay checking that keyblock and private key exist until we are certain # of a valid miniOS partition. Images that don't support miniOS might not # provide these. (This check is repeated twice, but that's okay.) @@ -917,14 +926,14 @@ resign_minios_kernels() { # Assume this is a miniOS kernel. local minios_kernel_version=$((KERNEL_VERSION >> 24)) - if sudo ${FUTILITY} vbutil_kernel --repack "${loop_kern}" \ + if sudo ${FUTILITY} vbutil_kernel --repack "${loop_minios}" \ --keyblock "${keyblock}" \ --signprivate "${priv_key}" \ --version "${minios_kernel_version}" \ - --oldblob "${loop_kern}"; then - info "Resign miniOS ${loop_kern}: done" + --oldblob "${loop_minios}"; then + info "Resign miniOS ${loop_minios}: done" else - error "Resign miniOS ${loop_kern}: failed" + error "Resign miniOS ${loop_minios}: failed" return 1 fi done |