diff options
| author | Jakub Czapiga <jacz@semihalf.com> | 2022-07-04 12:34:28 +0200 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-07-22 07:46:32 +0000 |
| commit | 64dd01225f64d6745a008d91fba3fcac2f1920bd (patch) | |
| tree | 6d1bb9a194c763284a8d2655853b212ade295cd7 /tests/futility/test_sign_kernel.sh | |
| parent | 499b1814a76303b332c49dd5efb2c84e30b973ba (diff) | |
| download | vboot-64dd01225f64d6745a008d91fba3fcac2f1920bd.tar.gz | |
futility: Add --keyset option to sign command for BIOS and kernelstabilize-14998.Bfactory-foobar-15000.B
This patch adds --keyset option for sign command for BIOS_IMAGE,
RAW_FIRMWARE, RAW_KERNEL and KERN_PREAMBLE file types. The default value
of this option is '/usr/share/vboot/devkeys'. It allows futility to load
public and private keys, and keyblocks from under this path, when they
were not provided manually using their respective options.
Files loaded by default for BIOS_IMAGE and RAW_FIRMWARE:
- ${keysetdir}/firmware_data_key.vbprivk
- ${keysetdir}/firmware.keyblock
- ${keysetdir}/kernel_subkey.vbpubk
Files loaded by default for RAW_KERNEL:
- ${keysetdir}/kernel_data_key.vbprivk
- ${keysetdir}/kernel.keyblock
File loaded by default for KERN_PREAMBLE:
- ${keysetdir}/kernel_data_key.vbprivk
BUG=none
BRANCH=none
TEST=make runfutiltests
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ic4026d501d88e0de7d2c6f52c7494c639d08bd15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3740601
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Diffstat (limited to 'tests/futility/test_sign_kernel.sh')
| -rwxr-xr-x | tests/futility/test_sign_kernel.sh | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/tests/futility/test_sign_kernel.sh b/tests/futility/test_sign_kernel.sh index 61b1c5aa..bba1164f 100755 --- a/tests/futility/test_sign_kernel.sh +++ b/tests/futility/test_sign_kernel.sh @@ -45,8 +45,7 @@ try_arch () { # pack it up the new way "${FUTILITY}" --debug sign \ - --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \ - --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \ + --keyset "${DEVKEYS}/recovery_" \ --version 1 \ --config "${TMP}.config.txt" \ --bootloader "${TMP}.bootloader.bin" \ @@ -84,7 +83,7 @@ try_arch () { # repack it the new way "${FUTILITY}" --debug sign \ - --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \ + --keyset "${DEVKEYS}" \ --keyblock "${DEVKEYS}/kernel.keyblock" \ --version 2 \ --pad "${padding}" \ |