diff options
| author | YH Lin <yueherngl@google.com> | 2018-04-30 19:26:12 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-02 22:20:58 -0700 |
| commit | 41d0e327910507c73ead5f88d0ed3db524353062 (patch) | |
| tree | fe62f3f5e525fd9991ca5135863aafab856893c9 | |
| parent | ae602dee78452ee2c9667ad9d71c54ac1668e743 (diff) | |
| download | vboot-stabilize-nocturne.10646.B.tar.gz | |
sign_official_build.sh: dump more md5sum on bios.binstabilize-nocturne.10646.B
Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.
BUG=b:77252439
TEST=None
BRANCH=None
Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index d47ae908..5f8fd7e2 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -624,6 +624,9 @@ resign_firmware_payload() { # Path to bios.bin. local bios_path="${shellball_dir}/${bios_image}" + echo "Before EC signing ${bios_path}: md5 =" \ + $(md5sum ${bios_path} | awk '{print $1}') + if [ -n "${ec_image}" ]; then # Path to ec.bin. local ec_path="${shellball_dir}/${ec_image}" @@ -634,6 +637,10 @@ resign_firmware_payload() { local rw_hash="EC_RW.hash" # futility writes byproduct files to CWD, so we cd to temp dir. pushd "$(make_temp_dir)" > /dev/null + + echo "Signing EC with:" ${FUTILITY} sign --type rwsig --prikey \ + "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}" + ${FUTILITY} sign --type rwsig --prikey \ "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}" \ || die "Failed to sign ${ec_path}" @@ -649,7 +656,20 @@ resign_firmware_payload() { fi fi + echo "After EC signing ${bios_path}: md5 =" \ + $(md5sum ${bios_path} | awk '{print $1}') + # Resign bios.bin. + echo "Signing Bios with:" ${FUTILITY} sign \ + --signprivate "${signprivate}" \ + --keyblock "${keyblock}" \ + --devsign "${devsign}" \ + --devkeyblock "${devkeyblock}" \ + --kernelkey "${KEY_DIR}/kernel_subkey.vbpubk" \ + --version "${FIRMWARE_VERSION}" \ + "${extra_args[@]}" \ + ${bios_path} \ + ${temp_fw} ${FUTILITY} sign \ --signprivate "${signprivate}" \ --keyblock "${keyblock}" \ @@ -661,9 +681,17 @@ resign_firmware_payload() { ${bios_path} \ ${temp_fw} + echo "After Bios signing ${temp_fw}: md5 =" \ + $(md5sum ${temp_fw} | awk '{print $1}') # For development phases, when the GBB can be updated still, set the # recovery and root keys in the image. + echo "Setting GBB with:" ${FUTILITY} gbb \ + -s \ + --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \ + --rootkey="${rootkey}" \ + "${temp_fw}" \ + "${bios_path}" ${FUTILITY} gbb \ -s \ --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \ @@ -671,6 +699,9 @@ resign_firmware_payload() { "${temp_fw}" \ "${bios_path}" + echo "After setting GBB on ${bios_path}: md5 =" \ + $(md5sum ${bios_path} | awk '{print $1}') + info "Signed firmware image output to ${bios_path}" done unset IFS |