diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2015-10-19 17:22:07 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-27 10:13:38 -0700 |
| commit | d6723ed12b429834c2627c009aab58f0db20ce73 (patch) | |
| tree | d92216bb25dc02d33b90218ec96fc3c350a6589a | |
| parent | 3a631486bddaeab1e8cc2abe0fb725721f2a0be0 (diff) | |
| download | vboot-d6723ed12b429834c2627c009aab58f0db20ce73.tar.gz | |
sign_official_build: add support for signing standalone accessories
Use futility to re-sign standalone accessory firmware images either the
former "usbpd1" used by USB Power Delivery firmware generated from the
EC codebase or the new "rwsig" format.
BRANCH=smaug, samus
BUG=chrome-os-partner:46635
TEST=manual:
openssl genrsa -F4 -out key_zinger.pem 2048
openssl genrsa -F4 -out key_hadoken.pem 2048
futility create --desc="Hadoken fake MP key" key_hadoken.pem key_hadoken
./scripts/image_signing/sign_official_build.sh accessory_usbpd build/zinger/ec.bin . build/zinger/ec.SIGNED.bin
./scripts/image_signing/sign_official_build.sh accessory_rwsig build/hadoken/keyboard_app.bin . build/hadoken/keyboard_app.SIGNED.bin
and compare the re-signed files with the original files.
Change-Id: I586ba3e4349929782e734af1590f394824e7dd44
Reviewed-on: https://chromium-review.googlesource.com/306795
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index d1c87685..145e92d3 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -37,6 +37,8 @@ where <type> is one of: usb (sign an image to boot directly from USB) verify (verify an image including rootfs hashes) nv_lp0_firmware (sign nvidia lp0 firmware) + accessory_usbpd (sign USB-PD accessory firmware) + accessory_rwsig (sign accessory RW firmware) output_image: File name of the signed output image version_file: File name of where to read the kernel and firmware versions. @@ -879,6 +881,14 @@ elif [[ "${TYPE}" == "recovery_kernel" ]]; then sign_recovery_kernel "${OUTPUT_IMAGE}" "${KEY_DIR}" "${KERNEL_VERSION}" elif [[ "${TYPE}" == "update_payload" ]]; then sign_update_payload ${INPUT_IMAGE} ${KEY_DIR} ${OUTPUT_IMAGE} +elif [[ "${TYPE}" == "accessory_usbpd" ]]; then + KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))" + cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}" + futility sign --type usbpd1 --pem "${KEY_NAME}.pem" "${OUTPUT_IMAGE}" +elif [[ "${TYPE}" == "accessory_rwsig" ]]; then + KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))" + cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}" + futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}" else echo "Invalid type ${TYPE}" exit 1 |