summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorVincent Palatin <vpalatin@chromium.org>2015-10-19 17:22:07 -0700
committerchrome-bot <chrome-bot@chromium.org>2015-10-27 10:13:38 -0700
commitd6723ed12b429834c2627c009aab58f0db20ce73 (patch)
treed92216bb25dc02d33b90218ec96fc3c350a6589a /scripts
parent3a631486bddaeab1e8cc2abe0fb725721f2a0be0 (diff)
downloadvboot-d6723ed12b429834c2627c009aab58f0db20ce73.tar.gz
sign_official_build: add support for signing standalone accessories
Use futility to re-sign standalone accessory firmware images either the former "usbpd1" used by USB Power Delivery firmware generated from the EC codebase or the new "rwsig" format. BRANCH=smaug, samus BUG=chrome-os-partner:46635 TEST=manual: openssl genrsa -F4 -out key_zinger.pem 2048 openssl genrsa -F4 -out key_hadoken.pem 2048 futility create --desc="Hadoken fake MP key" key_hadoken.pem key_hadoken ./scripts/image_signing/sign_official_build.sh accessory_usbpd build/zinger/ec.bin . build/zinger/ec.SIGNED.bin ./scripts/image_signing/sign_official_build.sh accessory_rwsig build/hadoken/keyboard_app.bin . build/hadoken/keyboard_app.SIGNED.bin and compare the re-signed files with the original files. Change-Id: I586ba3e4349929782e734af1590f394824e7dd44 Reviewed-on: https://chromium-review.googlesource.com/306795 Commit-Ready: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/image_signing/sign_official_build.sh10
1 files changed, 10 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index d1c87685..145e92d3 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -37,6 +37,8 @@ where <type> is one of:
usb (sign an image to boot directly from USB)
verify (verify an image including rootfs hashes)
nv_lp0_firmware (sign nvidia lp0 firmware)
+ accessory_usbpd (sign USB-PD accessory firmware)
+ accessory_rwsig (sign accessory RW firmware)
output_image: File name of the signed output image
version_file: File name of where to read the kernel and firmware versions.
@@ -879,6 +881,14 @@ elif [[ "${TYPE}" == "recovery_kernel" ]]; then
sign_recovery_kernel "${OUTPUT_IMAGE}" "${KEY_DIR}" "${KERNEL_VERSION}"
elif [[ "${TYPE}" == "update_payload" ]]; then
sign_update_payload ${INPUT_IMAGE} ${KEY_DIR} ${OUTPUT_IMAGE}
+elif [[ "${TYPE}" == "accessory_usbpd" ]]; then
+ KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+ cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
+ futility sign --type usbpd1 --pem "${KEY_NAME}.pem" "${OUTPUT_IMAGE}"
+elif [[ "${TYPE}" == "accessory_rwsig" ]]; then
+ KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+ cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
+ futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}"
else
echo "Invalid type ${TYPE}"
exit 1