diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2017-08-31 10:12:40 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-09 02:26:17 -0700 |
| commit | 3d25d2b4ba7886244176aa8c429fdac2acf7db3e (patch) | |
| tree | b2e194379ee8920c107e93d0752b5e0915d6237f /futility/cmd_sign.c | |
| parent | f78d505e04051153d16df2a0adb9927a47d81bcd (diff) | |
| download | vboot-3d25d2b4ba7886244176aa8c429fdac2acf7db3e.tar.gz | |
futility: Make rwsig sign command produce EC_RW image
This change makes futility write out a EC_RW image to the filesystem.
It also allows the command to run without '--prikey' option. When a
private key isn't provided, the command copies the previous signature.
This can be used to extract EC_RW without changing the key or the
signature. Since data only mode doesn't have a previous signature,
the command returns error if '--prikey' isn't specified (as done
before).
BUG=b:65027647
BRANCH=none
TEST=Run futility as follows
futility sign --type rwsig ec.RW.flat ec.RW.sig (Missing key error, expected)
futility sign --type rwsig ec.bin (EC_RW.bin is produced)
futility sign --type rwsig EC_RW.bin
futility sign --type rwsig --prikey key.vbprik2 ec.RW.flat ec.RW.sig
futility sign --type rwsig --prikey key.vbprik2 ec.bin (EC_RW.bin is produced)
futility sign --type rwsig --prikey key.vbprik2 EC_RW.bin
make runfutiltests
Change-Id: I8c1e0cef147967cfd6d28aa7272b88c03e109e0d
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/647804
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'futility/cmd_sign.c')
| -rw-r--r-- | futility/cmd_sign.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 8599c74c..7a53887f 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -495,12 +495,16 @@ static void print_help_rwsig(int argc, char *argv[]) "If INFILE contains an FMAP, RW and signatures offsets are read from\n" "FMAP. These regions must be named EC_RW and SIG_RW respectively.\n" "If a public key is found in the region named KEY_RO, it will be replaced\n" - "in the RO image.\n" + "in the RO image. This mode also produces EC_RW.bin which is a EC_RW\n" + "region image (same as the input file for 'Data + Signature mode').\n" "\n" "Options:\n" "\n" - " --prikey FILE.vbprik2 Private key in vb2 format (required)\n" - " --version NUM Public key version if we are replacing" + " --prikey FILE.vbprik2 Private key in vb2 format. Required\n" + " if INFILE is a binary blob. If not\n" + " provided, previous signature is copied\n" + " and a public key won't be replaced.\n" + " --version NUM Public key version if we are replacing\n" " the key in INFILE (default: 1)\n" " --sig_size NUM Offset from the end of INFILE where the\n" " signature blob should be located, if\n" @@ -972,7 +976,9 @@ static int do_sign(int argc, char *argv[]) "hash_alg"); break; case FILE_TYPE_RWSIG: - errorcnt += no_opt_if(!sign_option.prikey, "prikey"); + if (sign_option.inout_file_count > 1) + /* Signing raw data. No signature pre-exists. */ + errorcnt += no_opt_if(!sign_option.prikey, "prikey"); break; default: /* Anything else we don't care */ |