diff options
| author | Jakub Czapiga <jacz@semihalf.com> | 2022-04-12 14:49:22 +0200 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-05-30 14:12:59 +0000 |
| commit | 3000736e2da72115f1350b6d9c0c66d208ddd1be (patch) | |
| tree | cdffce0a346021eba308728628831e51561a4ec3 /scripts | |
| parent | fb0ddbbdf6018d9305248eb3138cb3cfcd532b31 (diff) | |
| download | vboot-3000736e2da72115f1350b6d9c0c66d208ddd1be.tar.gz | |
futility: Remove --devsign and --devkeyblock
This feature has not been needed since pre-2012 devices which have long
since reached their end of life. We can safely remove it to simplify the
code.
Also remove ZGB image, as it is no longer needed.
BUG=b:197114807
TEST=sudo FEATURES=test emerge vboot_reference
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3650757
Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/image_signing/make_dev_firmware.sh | 6 | ||||
| -rwxr-xr-x | scripts/image_signing/resign_firmwarefd.sh | 20 | ||||
| -rwxr-xr-x | scripts/image_signing/sign_firmware.sh | 2 | ||||
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 12 | ||||
| -rwxr-xr-x | scripts/keygeneration/create_new_keys.sh | 16 |
5 files changed, 5 insertions, 51 deletions
diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh index 0db56382..20c8414a 100755 --- a/scripts/image_signing/make_dev_firmware.sh +++ b/scripts/image_signing/make_dev_firmware.sh @@ -167,8 +167,6 @@ main() { local recovery_pubkey="${FLAGS_keys}/recovery_key.vbpubk" local firmware_keyblock="${FLAGS_keys}/firmware.keyblock" local firmware_prvkey="${FLAGS_keys}/firmware_data_key.vbprivk" - local dev_firmware_keyblock="${FLAGS_keys}/dev_firmware.keyblock" - local dev_firmware_prvkey="${FLAGS_keys}/dev_firmware_data_key.vbprivk" local kernel_sub_pubkey="${FLAGS_keys}/kernel_subkey.vbpubk" local ec_efs_pubkey="${FLAGS_keys}/key_ec_efs.vbpubk2" local ec_efs_prvkey="${FLAGS_keys}/key_ec_efs.vbprik2" @@ -281,8 +279,6 @@ main() { echo "Using keyblocks (developer, normal)..." else echo "Using keyblocks (normal, normal)..." - dev_firmware_prvkey="$firmware_prvkey" - dev_firmware_keyblock="$firmware_keyblock" fi debug_msg "Extract firmware version and data key version" @@ -351,8 +347,6 @@ main() { "${IMAGE_BIOS}" \ "${firmware_prvkey}" \ "${firmware_keyblock}" \ - "${dev_firmware_prvkey}" \ - "${dev_firmware_keyblock}" \ "${kernel_sub_pubkey}" \ "${firmware_version}" \ ${optional_opts} || diff --git a/scripts/image_signing/resign_firmwarefd.sh b/scripts/image_signing/resign_firmwarefd.sh index d4cb5b8c..ea233157 100755 --- a/scripts/image_signing/resign_firmwarefd.sh +++ b/scripts/image_signing/resign_firmwarefd.sh @@ -20,20 +20,12 @@ SRC_FD=$1 DST_FD=$2 FIRMWARE_DATAKEY=$3 FIRMWARE_KEYBLOCK=$4 -DEV_FIRMWARE_DATAKEY=$5 -DEV_FIRMWARE_KEYBLOCK=$6 -KERNEL_SUBKEY=$7 +KERNEL_SUBKEY=$5 # optional -VERSION=$8 -PREAMBLE_FLAG=$9 -LOEM_OUTPUT_DIR=${10} -LOEMID=${11} - -if [ ! -e $DEV_FIRMWARE_KEYBLOCK ] || [ ! -e $DEV_FIRMWARE_DATAKEY ] ; then - echo "No dev firmware keyblock/datakey found. Reusing normal keys." - DEV_FIRMWARE_KEYBLOCK="$FIRMWARE_KEYBLOCK" - DEV_FIRMWARE_DATAKEY="$FIRMWARE_DATAKEY" -fi +VERSION=$6 +PREAMBLE_FLAG=$7 +LOEM_OUTPUT_DIR=$8 +LOEMID=$9 # pass optional args [ -n "$VERSION" ] && VERSION="--version $VERSION" @@ -44,8 +36,6 @@ fi exec ${FUTILITY} sign \ --signprivate $FIRMWARE_DATAKEY \ --keyblock $FIRMWARE_KEYBLOCK \ - --devsign $DEV_FIRMWARE_DATAKEY \ - --devkeyblock $DEV_FIRMWARE_KEYBLOCK \ --kernelkey $KERNEL_SUBKEY \ $VERSION \ $PREAMBLE_FLAG \ diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh index 0e7ac7c4..ebc6cdc7 100755 --- a/scripts/image_signing/sign_firmware.sh +++ b/scripts/image_signing/sign_firmware.sh @@ -57,8 +57,6 @@ sign_one() { "${temp_fw}" \ "${key_dir}/firmware_data_key${loem_key}.vbprivk" \ "${key_dir}/firmware${loem_key}.keyblock" \ - "${key_dir}/dev_firmware_data_key${loem_key}.vbprivk" \ - "${key_dir}/dev_firmware${loem_key}.keyblock" \ "${key_dir}/kernel_subkey.vbpubk" \ "${firmware_version}" \ "" \ diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 98c86104..e9c219e6 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -515,14 +515,6 @@ resign_firmware_payload() { local signprivate="${KEY_DIR}/firmware_data_key${key_suffix}.vbprivk" local keyblock="${KEY_DIR}/firmware${key_suffix}.keyblock" - local devsign="${KEY_DIR}/dev_firmware_data_key${key_suffix}.vbprivk" - local devkeyblock="${KEY_DIR}/dev_firmware${key_suffix}.keyblock" - - if [ ! -e "${devsign}" ] || [ ! -e "${devkeyblock}" ] ; then - echo "No dev firmware keyblock/datakey found. Reusing normal keys." - devsign="${signprivate}" - devkeyblock="${keyblock}" - fi # Path to bios.bin. local bios_path="${shellball_dir}/${bios_image}" @@ -566,8 +558,6 @@ resign_firmware_payload() { echo "Signing Bios with:" ${FUTILITY} sign \ --signprivate "${signprivate}" \ --keyblock "${keyblock}" \ - --devsign "${devsign}" \ - --devkeyblock "${devkeyblock}" \ --kernelkey "${KEY_DIR}/kernel_subkey.vbpubk" \ --version "${FIRMWARE_VERSION}" \ "${extra_args[@]}" \ @@ -576,8 +566,6 @@ resign_firmware_payload() { ${FUTILITY} sign \ --signprivate "${signprivate}" \ --keyblock "${keyblock}" \ - --devsign "${devsign}" \ - --devkeyblock "${devkeyblock}" \ --kernelkey "${KEY_DIR}/kernel_subkey.vbpubk" \ --version "${FIRMWARE_VERSION}" \ "${extra_args[@]}" \ diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh index 2e1fd22c..4a2ad33a 100755 --- a/scripts/keygeneration/create_new_keys.sh +++ b/scripts/keygeneration/create_new_keys.sh @@ -14,7 +14,6 @@ usage() { Usage: ${PROG} [options] Options: - --devkeyblock Also generate developer firmware keyblock and data key --android Also generate android keys --uefi Also generate UEFI keys --8k Use 8k keys instead of 4k (enables options below) @@ -36,8 +35,6 @@ EOF main() { set -e - # Flag to indicate whether we should be generating a developer keyblock flag. - local dev_keyblock="false" local android_keys="false" local uefi_keys="false" local root_key_algoid=${ROOT_KEY_ALGOID} @@ -50,11 +47,6 @@ main() { while [[ $# -gt 0 ]]; do case $1 in - --devkeyblock) - echo "Will also generate developer firmware keyblock and data key." - dev_keyblock="true" - ;; - --android) echo "Will also generate Android keys." android_keys="true" @@ -158,9 +150,6 @@ main() { make_pair ec_data_key ${EC_DATAKEY_ALGOID} ${eckey_version} make_pair root_key ${root_key_algoid} make_pair firmware_data_key ${FIRMWARE_DATAKEY_ALGOID} ${fkey_version} - if [[ "${dev_keyblock}" == "true" ]]; then - make_pair dev_firmware_data_key ${DEV_FIRMWARE_DATAKEY_ALGOID} ${fkey_version} - fi make_pair kernel_subkey ${KERNEL_SUBKEY_ALGOID} ${ksubkey_version} make_pair kernel_data_key ${KERNEL_DATAKEY_ALGOID} ${kdatakey_version} @@ -178,11 +167,6 @@ main() { # Ditto EC keyblock make_keyblock ec ${EC_KEYBLOCK_MODE} ec_data_key ec_root_key - if [[ "${dev_keyblock}" == "true" ]]; then - # Create the dev firmware keyblock for use only in Developer mode. - make_keyblock dev_firmware ${DEV_FIRMWARE_KEYBLOCK_MODE} dev_firmware_data_key root_key - fi - # Create the recovery kernel keyblock for use only in Recovery mode. make_keyblock recovery_kernel ${RECOVERY_KERNEL_KEYBLOCK_MODE} recovery_kernel_data_key recovery_key |