diff options
author | Marco Chen <marcochen@chromium.org> | 2018-05-09 17:08:01 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-09 14:40:26 -0700 |
commit | f709cd2bee1cdff49ece4c7c3ab23950e4dd9d30 (patch) | |
tree | 8cce5f781c6fb4711c19c4e8aaa7227cb9875ca4 | |
parent | 8543190e64a1c2cc17ed03a20c01da642cd59151 (diff) | |
download | vboot-f709cd2bee1cdff49ece4c7c3ab23950e4dd9d30.tar.gz |
image_signing: Add sha1sum of a key without loem keyset to VERSION.signer.
CL:866522 supported the case of loem and uni-build projects but not for
the project with one key only. After this CL, `gooftool finalize` can
refer to VERSION.signer in order to get correct firmware key hash from
recovery image. As the result, firmware_keys field can be removed from
HWID database.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: I376cd7038c0fe1d5cc71cb39cbabeb5e79994407
Reviewed-on: https://chromium-review.googlesource.com/1051429
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 1c4a2958..78aee2dd 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -732,6 +732,11 @@ resign_firmware_payload() { sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9) echo " ${model}: ${sha1}" >>"${signer_notes}" done + else + echo "List sha1sum of single key's signature:" >>"${signer_notes}" + key="${KEY_DIR}/root_key.vbpubk" + sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9) + echo " root: ${sha1}" >>"${signer_notes}" fi new_shellball=$(make_temp_file) |