diff options
author | Marco Chen <marcochen@chromium.org> | 2018-05-10 11:05:51 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-14 09:14:47 -0700 |
commit | c694502ae336b9f89f6b73b2d67548a7385d74ef (patch) | |
tree | 312a89e936d52b11659f58eccc02852cedb80d2d /scripts | |
parent | 4318090484a212318608da193f18483fd1023727 (diff) | |
download | vboot-c694502ae336b9f89f6b73b2d67548a7385d74ef.tar.gz |
image_signing: Add sha1sum of the recovery key to VERSION.signer.
firmware_keys field in the HWID database also contains hash of recovery
key so need this information as well in order to deprecate firmware_keys
field.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: If2be93723e95d46fc0546239695be27c3229275c
Reviewed-on: https://chromium-review.googlesource.com/1053334
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Wei-Han Chen <stimim@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 78aee2dd..0f9bd50c 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -725,6 +725,11 @@ resign_firmware_payload() { local signer_notes="${shellball_dir}/VERSION.signer" echo "" >"$signer_notes" echo "Signed with keyset in $(readlink -f "${KEY_DIR}") ." >>"${signer_notes}" + # record recovery_key + key="${KEY_DIR}/recovery_key.vbpubk" + sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9) + echo "recovery: ${sha1}" >>"${signer_notes}" + # record root_key(s) if [[ -d "${shellball_keyset_dir}" ]]; then echo "List sha1sum of all loem/model's signatures:" >>"${signer_notes}" for key in "${shellball_keyset_dir}"/rootkey.*; do |