diff options
author | Amey Deshpande <ameyd@google.com> | 2015-09-16 18:16:42 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-03 16:26:08 -0700 |
commit | dabb158ad27610661ef16639843e2909f2a3dba5 (patch) | |
tree | 7f3fc2b412ab31cb7c5cfab8fb357042e0b521a4 /scripts/image_signing/common_minimal.sh | |
parent | 82db93d5fc924860e4f1fb4cf24f29b5b335a480 (diff) | |
download | vboot-stabilize-7520.67.B.tar.gz |
signer: update legacy bootloader templates after image signingstabilize-7520.67.Bstabilize-7520.63.Bstabilize-7520.49.Brelease-R47-7520.B
Specifically, this patch updates 'root_hexdigest' in legacy bootloader
templates in EFI system partition to match the signed rootfs.
BRANCH=None
BUG=chromium:512940
TEST=Ran sign_official_build.sh locally and booted the image on kvm
(using BIOS).
TEST=Ran signing_unittests.py by locally changing vboot_stable_hash to
include this patch.
$ ./sign_official_build.sh base chromiumos_base_image.bin \
../../tests/devkeys chromiumos_base_image_signed.bin
Change-Id: Ied021c4464b113a64508f5081605069bdcecbc1f
Reviewed-on: https://chromium-review.googlesource.com/301742
Commit-Ready: Amey Deshpande <ameyd@google.com>
Tested-by: Amey Deshpande <ameyd@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'scripts/image_signing/common_minimal.sh')
-rw-r--r-- | scripts/image_signing/common_minimal.sh | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/scripts/image_signing/common_minimal.sh b/scripts/image_signing/common_minimal.sh index be3d2adc..ad84c501 100644 --- a/scripts/image_signing/common_minimal.sh +++ b/scripts/image_signing/common_minimal.sh @@ -162,20 +162,18 @@ is_rootfs_partition() { # If the kernel is buggy and is unable to loop+mount quickly, # retry the operation a few times. # Args: IMAGE PARTNUM MOUNTDIRECTORY [ro] +# +# This function does not check whether the partition is allowed to be mounted as +# RW. Callers must ensure the partition can be mounted as RW before calling +# this function without |ro| argument. _mount_image_partition_retry() { local image=$1 local partnum=$2 local mount_dir=$3 local ro=$4 - local offset=$(( $(partoffset "$image" "$partnum") * 512 )) + local offset=$(( $(partoffset "${image}" "${partnum}") * 512 )) local out try - if [ "$ro" != "ro" ]; then - # Forcibly call enable_rw_mount. It should fail on unsupported - # filesystems and be idempotent on ext*. - enable_rw_mount "$image" ${offset} 2> /dev/null - fi - set -- sudo LC_ALL=C mount -o loop,offset=${offset},${ro} \ "${image}" "${mount_dir}" try=1 @@ -204,19 +202,38 @@ _mount_image_partition_retry() { return 1 } +# If called without 'ro', make sure the partition is allowed to be mounted as +# 'rw' before actually mounting it. +# Args: IMAGE PARTNUM MOUNTDIRECTORY [ro] +_mount_image_partition() { + local image=$1 + local partnum=$2 + local mount_dir=$3 + local ro=$4 + local offset=$(( $(partoffset "${image}" "${partnum}") * 512 )) + + if [ "$ro" != "ro" ]; then + # Forcibly call enable_rw_mount. It should fail on unsupported + # filesystems and be idempotent on ext*. + enable_rw_mount "${image}" ${offset} 2> /dev/null + fi + + _mount_image_partition_retry "$@" +} + # Mount a partition read-only from an image into a local directory # Args: IMAGE PARTNUM MOUNTDIRECTORY mount_image_partition_ro() { - _mount_image_partition_retry "$@" "ro" + _mount_image_partition "$@" "ro" } # Mount a partition from an image into a local directory # Args: IMAGE PARTNUM MOUNTDIRECTORY mount_image_partition() { local mount_dir=$3 - _mount_image_partition_retry "$@" - if is_rootfs_partition "$mount_dir"; then - tag_as_needs_to_be_resigned "$mount_dir" + _mount_image_partition "$@" + if is_rootfs_partition "${mount_dir}"; then + tag_as_needs_to_be_resigned "${mount_dir}" fi } |