summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xscripts/image_signing/sign_official_build.sh22
1 files changed, 21 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index a2460357..1ca50092 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -1054,6 +1054,25 @@ sign_image_file() {
local loop_rootfs="${loopdev}p3"
local is_reven=$(get_is_reven "${loopdev}")
+ # The reven board needs to produce recovery images since some
+ # downstream tools (e.g. the Chromebook Recovery Utility) expect
+ # them. However, reven's recovery images are not like other boards
+ # since reven is installed on generic PC hardware, and "recovery"
+ # actually means reinstalling.
+ #
+ # Installation occurs via liveboot, which loads the 'A' partitions.
+ # The UEFI bootloader expects the kernel partition to be signed with
+ # the normal board key, not the recovery key, so for reven we sign
+ # recovery images like base images: using the non-recovery key for
+ # both the 'A' and 'B' partitions.
+ local sign_recovery_like_base="${is_reven}"
+
+ if [[ "${image_type}" == "recovery" &&
+ "${sign_recovery_like_base}" == "true" ]]; then
+ kernA_keyblock="${kernB_keyblock}"
+ kernA_privkey="${kernB_privkey}"
+ fi
+
resign_firmware_payload "${loopdev}"
remove_old_container_key "${loopdev}"
resign_android_image_if_exists "${loopdev}"
@@ -1076,7 +1095,8 @@ sign_image_file() {
"${kernA_keyblock}" "${kernA_privkey}" \
"${kernB_keyblock}" "${kernB_privkey}"
update_stateful_partition_vblock "${loopdev}"
- if [[ "${image_type}" == "recovery" ]]; then
+ if [[ "${image_type}" == "recovery" &&
+ "${sign_recovery_like_base}" == "false" ]]; then
update_recovery_kernel_hash "${loopdev}"
fi
if ! resign_minios_kernels "${loopdev}" "${minios_keyblock}" \
View Lorry Controller Status