futility: updater: override signature id for phaser360

Because of lacking CL:1501614 in octopus factory branch, dopefish
root key is written to some phaser360 devices. That will lead to
firmware updater not be able to verify RW vblock and AU will fail.
This CL will fix that by using root key info and model name to
make firmware updater get a proper sig_id so that in-field machines
can be updated by AU.

BUG=b:146876241, b:133901651, b:146482979
BRANCH=none
TEST=using a DUT of phaser360 (without whitelabel_tag = dopefish)
     which is flashed dopefish rootkey and hwid, using command
     'chromeos-firmwareupdate -m autoupdate --wp=1' to flash
     firmware, RW firmware can be updated and DUT can boot normally.

Change-Id: I163c16189c28a996ed08bf2a7b162e6ee3b13be6
Signed-off-by: Paul Ma <magf@bitland.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1981650
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>

1 files changed, 26 insertions, 0 deletions

diff --git a/futility/updater_utils.c b/futility/updater_utils.c
index 7a8185b1..3807fbbe 100644
--- a/futility/updater_utils.c
+++ b/futility/updater_utils.c
@@ -12,6 +12,7 @@
 #include "2common.h"
 #include "crossystem.h"
 #include "host_misc.h"
+#include "util_misc.h"
 #include "updater.h"
 
 #define COMMAND_BUFFER_SIZE 256
@@ -662,3 +663,28 @@ void remove_all_temp_files(struct tempfile *head)
 		free(head);
 	}
 }
+
+/*
+ * Returns rootkey hash of firmware image, or NULL on failure.
+ */
+const char *get_firmware_rootkey_hash(const struct firmware_image *image)
+{
+	const struct vb2_gbb_header *gbb = NULL;
+	const struct vb2_packed_key *rootkey = NULL;
+
+	assert(image->data);
+
+	gbb = find_gbb(image);
+	if (!gbb) {
+		WARN("No GBB found in image.\n");
+		return NULL;
+	}
+
+	rootkey = get_rootkey(gbb);
+	if (!rootkey) {
+		WARN("No rootkey found in image.\n");
+		return NULL;
+	}
+
+	return packed_key_sha1_string(rootkey);
+}