summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorMike Frysinger <vapier@chromium.org>2017-05-09 02:59:09 -0400
committerchrome-bot <chrome-bot@chromium.org>2017-06-23 22:56:47 -0700
commit3abb4fe45e0e25d203c77d1a5ed1afd49a5a594c (patch)
tree6719bec34cef6cd4b99df90e057ce9a1a222fc8a /scripts
parent7662a7e3d062bea6ce3bb224c237ce9cf9e6a018 (diff)
downloadvboot-3abb4fe45e0e25d203c77d1a5ed1afd49a5a594c.tar.gz
image_signing: sign_official_build.sh: switch initial image signing to loopbacks
This changes the kernel config reading and the stateful vblock updating to use loopback devices. This avoids having to copy out the kernels many times over just to read them. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ibb49791a7db998e45b35ed15ddc12126e669c730 Reviewed-on: https://chromium-review.googlesource.com/505477 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/image_signing/sign_official_build.sh27
1 files changed, 16 insertions, 11 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index d7a5bf79..f31bd622 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -343,31 +343,30 @@ update_rootfs_hash() {
}
# Update the SSD install-able vblock file on stateful partition.
-# ARGS: Image
+# ARGS: Loopdev
# This is deprecated because all new images should have a SSD boot-able kernel
# in partition 4. However, the signer needs to be able to sign new & old images
# (crbug.com/449450#c13) so we will probably never remove this.
update_stateful_partition_vblock() {
- local image="$1"
- local kernb_image="$(make_temp_file)"
+ local loopdev="$1"
local temp_out_vb="$(make_temp_file)"
- extract_image_partition "${image}" 4 "${kernb_image}"
- if [[ "$(dump_kernel_config "${kernb_image}" 2>/dev/null)" == "" ]]; then
+ local loop_kern="${loopdev}p4"
+ if [[ -z "$(sudo dump_kernel_config "${loop_kern}" 2>/dev/null)" ]]; then
info "Building vmlinuz_hd.vblock from legacy image partition 2."
- extract_image_partition "${image}" 2 "${kernb_image}"
+ loop_kern="${loopdev}p2"
fi
# vblock should always use kernel keyblock.
- vbutil_kernel --repack "${temp_out_vb}" \
+ sudo vbutil_kernel --repack "${temp_out_vb}" \
--keyblock "${KEY_DIR}/kernel.keyblock" \
--signprivate "${KEY_DIR}/kernel_data_key.vbprivk" \
- --oldblob "${kernb_image}" \
+ --oldblob "${loop_kern}" \
--vblockonly
# Copy the installer vblock to the stateful partition.
local stateful_dir=$(make_temp_dir)
- mount_image_partition "${image}" 1 "${stateful_dir}"
+ sudo mount "${loopdev}p1" "${stateful_dir}"
sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock
sudo umount "${stateful_dir}"
}
@@ -825,8 +824,13 @@ sign_image_file() {
local kernA_privkey="$6"
local kernB_keyblock="$7"
local kernB_privkey="$8"
+
info "Preparing ${image_type} image..."
cp --sparse=always "${input}" "${output}"
+
+ local loopdev=$(loopback_partscan "${output}")
+ local loop_kern="${loopdev}p${dm_partno}"
+
resign_firmware_payload "${output}"
resign_android_image_if_exists "${output}"
# We do NOT strip /boot for factory installer, since some devices need it to
@@ -836,7 +840,8 @@ sign_image_file() {
# "cros_installer postinst" on BIOS or EFI systems relies on presence of
# /boot in rootfs to update kernel. We infer the BIOS type from the kernel
# config.
- local kerna_config="$(grab_kernel_config "${input}" 2)"
+ local loop_kerna="${loopdev}p2"
+ local kerna_config="$(sudo dump_kernel_config "${loop_kerna}")"
if [[ "${image_type}" != "factory_install" &&
" ${kerna_config} " != *" cros_legacy "* &&
" ${kerna_config} " != *" cros_efi "* ]]; then
@@ -845,7 +850,7 @@ sign_image_file() {
update_rootfs_hash "${output}" "${dm_partno}" \
"${kernA_keyblock}" "${kernA_privkey}" \
"${kernB_keyblock}" "${kernB_privkey}"
- update_stateful_partition_vblock "${output}"
+ update_stateful_partition_vblock "${loopdev}"
if [[ "${image_type}" == "recovery" ]]; then
update_recovery_kernel_hash "${output}"
fi