image_signing: sign_official_build.sh: Add version to rwsig signatures

We would like to have different signature versions for hammer
(1=dev, 2=premp, 3=mp), so we should pass --version to futility.

The default version stays 1.

BRANCH=none
BUG=b:35587169
TEST=openssl genrsa -3 -out key_hammer.pem 2048
     futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer
     echo firmware_version=2 > key_hammer.version
     ../vboot_reference/scripts/image_signing/sign_official_build.sh \
           accessory_rwsig build/hammer/ec.bin . \
           ec-signed.bin key_hammer.version
     futility show ec-signed.bin => Version: 0x00000002
TEST=Without passing a version file, version is still 1.
     ../vboot_reference/scripts/image_signing/sign_official_build.sh \
           accessory_rwsig build/hammer/ec.bin . ec-signed.bin
     futility show ec-signed.bin => Version: 0x00000001

Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d
Reviewed-on: https://chromium-review.googlesource.com/631757
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index cf0b3345..651726c1 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -1030,7 +1030,8 @@ elif [[ "${TYPE}" == "accessory_rwsig" ]]; then
     KEY_NAME="${KEY_DIR}/key"
   fi
   cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
-  futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}"
+  futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" \
+           --version "${FIRMWARE_VERSION}" "${OUTPUT_IMAGE}"
 elif [[ "${TYPE}" == "oci-container" ]]; then
   sign_oci_container "${INPUT_IMAGE}" "${KEY_DIR}" "${OUTPUT_IMAGE}"
 else