diff options
author | Julius Werner <jwerner@chromium.org> | 2019-07-17 14:44:16 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-07-25 20:38:36 -0700 |
commit | 0e2e748940b7a48b8b056700dc0d081928c63c2e (patch) | |
tree | f54593e27c5a263f4818373cf15f7b4aef3164b1 /scripts/image_signing/sign_official_build.sh | |
parent | e050a2c88fc963cb97d9794849e9e2b60fabbe77 (diff) | |
download | vboot-0e2e748940b7a48b8b056700dc0d081928c63c2e.tar.gz |
sign_official_build.sh: Update kern_b_hash to support SHA256stabilize-octopus-12371.15.Bstabilize-12386.Bstabilize-12371.89.Bstabilize-12371.82.Bstabilize-12371.81.Bstabilize-12371.80.Bstabilize-12371.75.Bstabilize-12371.71.Bstabilize-12371.65.Bstabilize-12371.52.Bstabilize-12371.50.Bstabilize-12371.39.Bstabilize-12371.27.Bstabilize-12371.26.Bstabilize-12371.11.Brelease-R77-12371.B
We're updating the algorithm for this so the signing scripts have to
support it as well. Since we're running ToT signing scripts on older
images as well, determine the hash algorithm used in the image by
checking its length (40 hex digits for SHA1, 64 for SHA256).
BRANCH=None
BUG=b:137576540
TEST=$(sign_official_build.sh recovery recovery_image.bin
/tmp/scratch/mykeys/ resigned_image.bin) -- used futility to confirm
that new image kern_b_hash matches new image KERN-B and uses the
expected algorithm (tried with both SHA1 and SHA256)
Cq-Depend: chromium:1706624
Change-Id: Ie1a62ad1fd4fbf141cc1c32d592b863f2d43a24e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1707529
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'scripts/image_signing/sign_official_build.sh')
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 4e83a31a..59033c27 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -913,7 +913,13 @@ update_recovery_kernel_hash() { # Update the Kernel B hash in Kernel A command line local old_kerna_config="$(sudo dump_kernel_config "${loop_kerna}")" - local new_kernb_hash=$(sudo sha1sum "${loop_kernb}" | cut -f1 -d' ') + local old_kernb_hash="$(echo "$old_kerna_config" | + sed -nEe "s#.*kern_b_hash=([a-z0-9]*).*#\1#p")" + if [[ "${#old_kernb_hash}" -lt 64 ]]; then + local new_kernb_hash=$(sudo sha1sum "${loop_kernb}" | cut -f1 -d' ') + else + local new_kernb_hash=$(sudo sha256sum "${loop_kernb}" | cut -f1 -d' ') + fi new_kerna_config=$(make_temp_file) echo "$old_kerna_config" | |