diff options
author | Mike Frysinger <vapier@chromium.org> | 2014-06-12 18:43:34 -0400 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-06-13 20:36:52 +0000 |
commit | d81a3269b862e30c2726ab5a70436060436c93da (patch) | |
tree | c75ee34c32b02c9b66a4dfd3cdcf0cf016dd0819 | |
parent | bdc2c943432d795e8cffd268fa52bc4b2d9ef153 (diff) | |
download | vboot-d81a3269b862e30c2726ab5a70436060436c93da.tar.gz |
sign_firmware: clean up style to use a main func
No real functional changes here. Tidying up to make the next CL easier.
BUG=chromium:381862
TEST=ran by hand and checked output
BRANCH=none
Change-Id: I9ffea6eba17560797135f39cf861318b545b9a54
Reviewed-on: https://chromium-review.googlesource.com/203681
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_firmware.sh | 71 |
1 files changed, 39 insertions, 32 deletions
diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh index c15fbb96..9a0c7830 100755 --- a/scripts/image_signing/sign_firmware.sh +++ b/scripts/image_signing/sign_firmware.sh @@ -1,18 +1,17 @@ #!/bin/bash - # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. # Wrapper script for re-signing a firmware image. -# Determine script directory -SCRIPT_DIR=$(dirname $0) +# Determine script directory. +SCRIPT_DIR=$(dirname "$0") # Abort on error. set -e -if [ $# -lt 3 ] || [ $# -gt 4 ]; then +usage() { cat<<EOF Usage: $0 <input_firmware> <key_dir> <output_firmware> [firmware_version] @@ -21,31 +20,39 @@ to <firmware_version>. Outputs signed firmware to <output_firmware>. If no firmware version is specified, it is set as 1. EOF exit 1 -fi - -IN_FIRMWARE=$1 -KEY_DIR=$2 -OUT_FIRMWARE=$3 -FIRMWARE_VERSION=${4:-1} - -temp_fw=$(mktemp) -trap "rm ${temp_fw}" EXIT - -# Resign the firmware with new keys -${SCRIPT_DIR}/resign_firmwarefd.sh ${IN_FIRMWARE} ${temp_fw} \ - ${KEY_DIR}/firmware_data_key.vbprivk \ - ${KEY_DIR}/firmware.keyblock \ - ${KEY_DIR}/dev_firmware_data_key.vbprivk \ - ${KEY_DIR}/dev_firmware.keyblock \ - ${KEY_DIR}/kernel_subkey.vbpubk \ - ${FIRMWARE_VERSION} - -# Replace the root and recovery key in the Google Binary Block of the firmware. -# Note: This needs to happen after calling resign_firmwarefd.sh since it needs -# to be able to verify the firmware using the root key to determine the preamble -# flags. -gbb_utility -s \ - --rootkey=${KEY_DIR}/root_key.vbpubk \ - --recoverykey=${KEY_DIR}/recovery_key.vbpubk \ - ${temp_fw} ${OUT_FIRMWARE} - +} + +main() { + if [[ $# -lt 3 || $# -gt 4 ]]; then + usage + fi + + local in_firmware=$1 + local key_dir=$2 + local out_firmware=$3 + local firmware_version=${4:-1} + + local temp_fw=$(mktemp) + trap "rm -f '${temp_fw}'" EXIT + + # Resign the firmware with new keys. + "${SCRIPT_DIR}/resign_firmwarefd.sh" \ + "${in_firmware}" \ + "${temp_fw}" \ + "${key_dir}/firmware_data_key.vbprivk" \ + "${key_dir}/firmware.keyblock" \ + "${key_dir}/dev_firmware_data_key.vbprivk" \ + "${key_dir}/dev_firmware.keyblock" \ + "${key_dir}/kernel_subkey.vbpubk" \ + "${firmware_version}" + + # Replace the root and recovery key in the Google Binary Block of the + # firmware. Note: This needs to happen after calling resign_firmwarefd.sh + # since it needs to be able to verify the firmware using the root key to + # determine the preamble flags. + gbb_utility -s \ + --rootkey="${key_dir}/root_key.vbpubk" \ + --recoverykey="${key_dir}/recovery_key.vbpubk" \ + "${temp_fw}" "${out_firmware}" +} +main "$@" |