diff options
| author | Paul Taysom <taysom@chromium.org> | 2012-12-20 15:45:43 -0800 |
|---|---|---|
| committer | ChromeBot <chrome-bot@google.com> | 2013-01-18 14:50:45 -0800 |
| commit | 96d16de52ebb6785f7d34dcecc030d1b4e3f9c09 (patch) | |
| tree | 7e47b480a5177e7cc457f9d33fe9203642902f7e | |
| parent | 265e2f78dd46845253b683ca8367483c31ba3f4a (diff) | |
| download | vboot-96d16de52ebb6785f7d34dcecc030d1b4e3f9c09.tar.gz | |
Fixed the cmdline modification for bootcache
Changed the manipulation of the device mapper arguments in the
command line to handle bootcache. Had to maintain backwards
compatibility with older versions because the signer is used
with older images.
BUG=chromium-os:37114, 37061
TEST=On a parrot with dev signed keys, signed and installed an R-23 image (2913),
a image with bootcache disabled and an image with bootcache enabled.
BRANCH=none
Change-Id: I59c46ccc3ff8b89ae9c4515f020ea9fbe6d96c7c
Reviewed-on: https://gerrit.chromium.org/gerrit/40052
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 59 |
1 files changed, 41 insertions, 18 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index d6073dd3..eedfe622 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -123,19 +123,40 @@ is_old_verity_argv() { # Get the dmparams parameters from a kernel config. get_dmparams_from_config() { local kernel_config=$1 - echo ${kernel_config} | sed -ne 's/.*dm="\([^"]*\)".*/\1/gp' | cut -f2- -d, + echo ${kernel_config} | sed -nre 's/.*dm="([^"]*)".*/\1/p' } # Get the verity root digest hash from a kernel config command line. get_hash_from_config() { local kernel_config=$1 local dm_config=$(get_dmparams_from_config "${kernel_config}") - if is_old_verity_argv "${dm_config}"; then - echo ${dm_config} | cut -f9 -d ' ' + local vroot_dev=$(get_dm_args "${dm_config}" vroot) + if is_old_verity_argv "${vroot_dev}"; then + echo ${vroot_dev} | cut -f9 -d ' ' else - echo $(get_verity_arg "${dm_config}" root_hexdigest) + echo $(get_verity_arg "${vroot_dev}" root_hexdigest) fi } +# Get the slave device and its args +# get_dm_ags $dm_config [vboot|vroot] +# Assumes we have only one slave device per device +get_dm_slave() { + local dm=$1 + local device=$2 + echo $(echo "${dm}" | sed -nre "s/.*${device}[^,]*,([^,]*).*/\1/p") +} + +# Set the slave device and its args for a device +# get_dm_ags $dm_config [vboot|vroot] args +# Assumes we have only one slave device per device +set_dm_slave() { + local dm=$1 + local device=$2 + local slave=$3 + echo $(echo "${dm}" | + sed -nre "s/(.*${devcie}[^,]*,)([^,]*)(.*)/\1${slave}\3/p") +} + CALCULATED_KERNEL_CONFIG= # Calculate rootfs hash of an image # Args: ROOTFS_IMAGE KERNEL_CONFIG HASH_IMAGE @@ -155,6 +176,7 @@ calculate_rootfs_hash() { echo "WARNING: Couldn't grab dm_config. Aborting rootfs hash calculation." return 1 fi + local vroot_dev=$(get_dm_slave "${dm_config}" vroot) local rootfs_sectors local verity_depth @@ -162,26 +184,26 @@ calculate_rootfs_hash() { local root_dev local hash_dev local verity_bin="verity" - if is_old_verity_argv "${dm_config}"; then + if is_old_verity_argv "${vroot_dev}"; then # dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 \ # sha1 63b7ad16cb9db4b70b28593f825aa6b7825fdcf2" - rootfs_sectors=$(echo ${dm_config} | cut -f2 -d' ') - verity_depth=$(echo ${dm_config} | cut -f7 -d' ') - verity_algorithm=$(echo ${dm_config} | cut -f8 -d' ') - root_dev=$(echo ${dm_config} | cut -f4 -d ' ') - hash_dev=$(echo ${dm_config} | cut -f5 -d ' ') + rootfs_sectors=$(echo ${vroot_dev} | cut -f2 -d' ') + verity_depth=$(echo ${vroot_dev} | cut -f7 -d' ') + verity_algorithm=$(echo ${vroot_dev} | cut -f8 -d' ') + root_dev=$(echo ${vroot_dev} | cut -f4 -d ' ') + hash_dev=$(echo ${vroot_dev} | cut -f5 -d ' ') # Hack around the fact that the signer needs to use the old version of # verity to generate legacy verity kernel parameters. If we find it, # we use it. type -P "verity-old" &>/dev/null && verity_bin="verity-old" else # Key-value parameters. - rootfs_sectors=$(get_verity_arg "${dm_config}" hashstart) + rootfs_sectors=$(get_verity_arg "${vroot_dev}" hashstart) verity_depth=0 - verity_algorithm=$(get_verity_arg "${dm_config}" alg) - root_dev=$(get_verity_arg "${dm_config}" payload) - hash_dev=$(get_verity_arg "${dm_config}" hashtree) - salt=$(get_verity_arg "${dm_config}" salt) + verity_algorithm=$(get_verity_arg "${vroot_dev}" alg) + root_dev=$(get_verity_arg "${vroot_dev}" payload) + hash_dev=$(get_verity_arg "${vroot_dev}" hashtree) + salt=$(get_verity_arg "${vroot_dev}" salt) fi local salt_arg @@ -190,16 +212,17 @@ calculate_rootfs_hash() { fi # Run the verity tool on the rootfs partition. - local table="vroot none ro,"$(sudo ${verity_bin} mode=create \ + local slave=$(sudo ${verity_bin} mode=create \ alg=${verity_algorithm} \ payload="${rootfs_image}" \ payload_blocks=$((rootfs_sectors / 8)) \ hashtree="${hash_image}" ${salt_arg}) # Reconstruct new kernel config command line and replace placeholders. - table="$(echo "$table" | + slave="$(echo "${slave}" | sed -s "s|ROOT_DEV|${root_dev}|g;s|HASH_DEV|${hash_dev}|")" + local dm_args=$(set_dm_slave "${dm_config}" vroot "${slave}") CALCULATED_KERNEL_CONFIG=$(echo ${kernel_config} | - sed -e 's#\(.*dm="\)\([^"]*\)\(".*\)'"#\1${table}\3#g") + sed -e 's#\(.*dm="\)\([^"]*\)\(".*\)'"#\1${dm_args}\3#g") } # Re-calculate rootfs hash, update rootfs and kernel command line. |