diff options
Diffstat (limited to 'scripts/image_signing/sign_firmware.sh')
-rwxr-xr-x | scripts/image_signing/sign_firmware.sh | 71 |
1 files changed, 39 insertions, 32 deletions
diff --git a/scripts/image_signing/sign_firmware.sh b/scripts/image_signing/sign_firmware.sh index c15fbb96..9a0c7830 100755 --- a/scripts/image_signing/sign_firmware.sh +++ b/scripts/image_signing/sign_firmware.sh @@ -1,18 +1,17 @@ #!/bin/bash - # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. # Wrapper script for re-signing a firmware image. -# Determine script directory -SCRIPT_DIR=$(dirname $0) +# Determine script directory. +SCRIPT_DIR=$(dirname "$0") # Abort on error. set -e -if [ $# -lt 3 ] || [ $# -gt 4 ]; then +usage() { cat<<EOF Usage: $0 <input_firmware> <key_dir> <output_firmware> [firmware_version] @@ -21,31 +20,39 @@ to <firmware_version>. Outputs signed firmware to <output_firmware>. If no firmware version is specified, it is set as 1. EOF exit 1 -fi - -IN_FIRMWARE=$1 -KEY_DIR=$2 -OUT_FIRMWARE=$3 -FIRMWARE_VERSION=${4:-1} - -temp_fw=$(mktemp) -trap "rm ${temp_fw}" EXIT - -# Resign the firmware with new keys -${SCRIPT_DIR}/resign_firmwarefd.sh ${IN_FIRMWARE} ${temp_fw} \ - ${KEY_DIR}/firmware_data_key.vbprivk \ - ${KEY_DIR}/firmware.keyblock \ - ${KEY_DIR}/dev_firmware_data_key.vbprivk \ - ${KEY_DIR}/dev_firmware.keyblock \ - ${KEY_DIR}/kernel_subkey.vbpubk \ - ${FIRMWARE_VERSION} - -# Replace the root and recovery key in the Google Binary Block of the firmware. -# Note: This needs to happen after calling resign_firmwarefd.sh since it needs -# to be able to verify the firmware using the root key to determine the preamble -# flags. -gbb_utility -s \ - --rootkey=${KEY_DIR}/root_key.vbpubk \ - --recoverykey=${KEY_DIR}/recovery_key.vbpubk \ - ${temp_fw} ${OUT_FIRMWARE} - +} + +main() { + if [[ $# -lt 3 || $# -gt 4 ]]; then + usage + fi + + local in_firmware=$1 + local key_dir=$2 + local out_firmware=$3 + local firmware_version=${4:-1} + + local temp_fw=$(mktemp) + trap "rm -f '${temp_fw}'" EXIT + + # Resign the firmware with new keys. + "${SCRIPT_DIR}/resign_firmwarefd.sh" \ + "${in_firmware}" \ + "${temp_fw}" \ + "${key_dir}/firmware_data_key.vbprivk" \ + "${key_dir}/firmware.keyblock" \ + "${key_dir}/dev_firmware_data_key.vbprivk" \ + "${key_dir}/dev_firmware.keyblock" \ + "${key_dir}/kernel_subkey.vbpubk" \ + "${firmware_version}" + + # Replace the root and recovery key in the Google Binary Block of the + # firmware. Note: This needs to happen after calling resign_firmwarefd.sh + # since it needs to be able to verify the firmware using the root key to + # determine the preamble flags. + gbb_utility -s \ + --rootkey="${key_dir}/root_key.vbpubk" \ + --recoverykey="${key_dir}/recovery_key.vbpubk" \ + "${temp_fw}" "${out_firmware}" +} +main "$@" |