1 files changed, 39 insertions, 32 deletions

diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh
index c15fbb96..9a0c7830 100755
--- a/scripts/image_signing/sign_firmware.sh
+++ b/scripts/image_signing/sign_firmware.sh
@@ -1,18 +1,17 @@
 #!/bin/bash
-
 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Wrapper script for re-signing a firmware image.
 
-# Determine script directory
-SCRIPT_DIR=$(dirname $0)
+# Determine script directory.
+SCRIPT_DIR=$(dirname "$0")
 
 # Abort on error.
 set -e
 
-if [ $# -lt 3 ] || [ $# -gt 4 ]; then
+usage() {
   cat<<EOF
 Usage: $0 <input_firmware> <key_dir> <output_firmware> [firmware_version]
 
@@ -21,31 +20,39 @@ to <firmware_version>. Outputs signed firmware to <output_firmware>.
 If no firmware version is specified, it is set as 1.
 EOF
   exit 1
-fi
-
-IN_FIRMWARE=$1
-KEY_DIR=$2
-OUT_FIRMWARE=$3
-FIRMWARE_VERSION=${4:-1}
-
-temp_fw=$(mktemp)
-trap "rm ${temp_fw}" EXIT
-
-# Resign the firmware with new keys
-${SCRIPT_DIR}/resign_firmwarefd.sh ${IN_FIRMWARE} ${temp_fw} \
-  ${KEY_DIR}/firmware_data_key.vbprivk \
-  ${KEY_DIR}/firmware.keyblock \
-  ${KEY_DIR}/dev_firmware_data_key.vbprivk \
-  ${KEY_DIR}/dev_firmware.keyblock \
-  ${KEY_DIR}/kernel_subkey.vbpubk \
-  ${FIRMWARE_VERSION}
-
-# Replace the root and recovery key in the Google Binary Block of the firmware.
-# Note: This needs to happen after calling resign_firmwarefd.sh since it needs
-# to be able to verify the firmware using the root key to determine the preamble
-# flags.
-gbb_utility -s \
-  --rootkey=${KEY_DIR}/root_key.vbpubk \
-  --recoverykey=${KEY_DIR}/recovery_key.vbpubk \
-  ${temp_fw} ${OUT_FIRMWARE}
-
+}
+
+main() {
+  if [[ $# -lt 3 || $# -gt 4 ]]; then
+    usage
+  fi
+
+  local in_firmware=$1
+  local key_dir=$2
+  local out_firmware=$3
+  local firmware_version=${4:-1}
+
+  local temp_fw=$(mktemp)
+  trap "rm -f '${temp_fw}'" EXIT
+
+  # Resign the firmware with new keys.
+  "${SCRIPT_DIR}/resign_firmwarefd.sh" \
+    "${in_firmware}" \
+    "${temp_fw}" \
+    "${key_dir}/firmware_data_key.vbprivk" \
+    "${key_dir}/firmware.keyblock" \
+    "${key_dir}/dev_firmware_data_key.vbprivk" \
+    "${key_dir}/dev_firmware.keyblock" \
+    "${key_dir}/kernel_subkey.vbpubk" \
+    "${firmware_version}"
+
+  # Replace the root and recovery key in the Google Binary Block of the
+  # firmware.  Note: This needs to happen after calling resign_firmwarefd.sh
+  # since it needs to be able to verify the firmware using the root key to
+  # determine the preamble flags.
+  gbb_utility -s \
+    --rootkey="${key_dir}/root_key.vbpubk" \
+    --recoverykey="${key_dir}/recovery_key.vbpubk" \
+    "${temp_fw}" "${out_firmware}"
+}
+main "$@"