diff options
| author | Mike Frysinger <vapier@chromium.org> | 2015-09-04 19:37:12 -0400 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-09-04 23:02:14 -0700 |
| commit | 7d0845475599bf98493afabc6861d5949bf08f16 (patch) | |
| tree | 463f5068a9ad48203a0f117718f4c20caddba4fc | |
| parent | 90cd023d0132a13ba85b592ceafd60064ce1857d (diff) | |
| download | vboot-7d0845475599bf98493afabc6861d5949bf08f16.tar.gz | |
image_signing: rework input/output files and firmware signing
The new nvidia logic expects to have the "real" output filename and not
yet another temp path. Since sign_firmware.sh supports being passed in
the input as the output and doing in-place signing, just document it and
update the callers.
BUG=chrome-os-partner:44227
BRANCH=None
TEST=signer outputs pubkey.sha to the same location as the output firmware
Change-Id: Iadc5dc5aaace6be9e22ff2c55bfbc58b7e1b3ef0
Reviewed-on: https://chromium-review.googlesource.com/296574
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_firmware.sh | 1 | ||||
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 7 |
2 files changed, 2 insertions, 6 deletions
diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh index 349988cc..45d739f9 100755 --- a/scripts/image_signing/sign_firmware.sh +++ b/scripts/image_signing/sign_firmware.sh @@ -21,6 +21,7 @@ Usage: $0 <input_firmware> <key_dir> <output_firmware> [firmware_version] \ Signs <input_firmware> with keys in <key_dir>, setting firmware version to <firmware_version>. Outputs signed firmware to <output_firmware>. +The <input_firmware> and <output_firmware> paths may be the same. If no firmware version is specified, it is set as 1. EOF exit 1 diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index de155967..36d2d859 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -442,15 +442,10 @@ sign_firmware() { local firmware_version=$3 local loem_output_dir=${4:-} - local temp_firmware=$(make_temp_file) # Resign the firmware with new keys, also replacing the root and recovery # public keys in the GBB. - "${SCRIPT_DIR}/sign_firmware.sh" "${image}" "${key_dir}" "${temp_firmware}" \ + "${SCRIPT_DIR}/sign_firmware.sh" "${image}" "${key_dir}" "${image}" \ "${firmware_version}" "${loem_output_dir}" - # Note: Although sign_firmware.sh may correctly handle specifying the same - # output file as the input file, we do not want to rely on it correctly - # handing that. Hence, the use of a temporary file. - mv ${temp_firmware} ${image} echo "Signed firmware image output to ${image}" } |