sign_official_release: relax board name for guybrush

To address the case where the signer could be modifying the original
contents of the board name by adding the release stage, check for
presence of the base board name in the string instead of checking for
exact matcn.

BRANCH=none
BUG=b:263378945
TEST=attempted local signing, observed expected messages in the output
     log.

Change-Id: Idddd33cdbbc91497bfbc94b3757adb0f24f1a1f0
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4228431
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Tim Van Patten <timvp@google.com>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

1 files changed, 4 insertions, 5 deletions

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 36033bca..984d2c11 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -571,11 +571,10 @@ resign_firmware_payload() {
         echo "After setting GBB on ${bios_path}: md5 =" \
           $(md5sum ${bios_path} | awk '{print $1}')
 
-        board_name="$(lsbval "${rootfs_dir}/etc/lsb-release" \
-           "CHROMEOS_RELEASE_BOARD")"
-
-        if [[ ${board_name} == "guybrush" ]]; then
-          echo "Not looking for RO_GSCVD on guygrush, b/263378945"
+        board_name="$(get_boardvar_from_lsb_release "${rootfs_dir}")"
+        echo "Board name from lsb-release: ${board_name}"
+        if [[ ${board_name} == *guybrush* ]]; then
+          echo "Not looking for RO_GSCVD on guybrush, b/263378945"
         elif futility dump_fmap -p "${bios_path}" | grep -q RO_GSCVD; then
           # Attempt AP RO verification signing only in case the FMAP includes
           # the RO_GSCVD section.