summaryrefslogtreecommitdiff
path: root/scripts/image_signing/sign_gsc_firmware.sh
Commit message (Collapse)AuthorAgeFilesLines
* change node locked version expectationsstabilize-13971.Bstabilize-13970.BVadim Bendebury2021-05-121-6/+8
| | | | | | | | | | | | | | | With the new rollback info space value the node locked images base needs to be enabled. BRANCH=none BUG=b:187438971 TEST=none Change-Id: I78eafc72766947df81c9b6519bc13633423840d6 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2888711 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* sign_gsc_firmware: support rewriting filenameGeorge Engelbrecht2021-03-101-0/+6
| | | | | | | | | | | | | | | | | | | | When the gsc signer reads the contents of the payload it finds out if it is a cr50 or ti50 chip. We write the chip type to a .rename file next to the bin (which has a @CHIP@ in the path) so that the signer can rename the artifact for placement. Signed-off-by: George Engelbrecht <engeg@google.com> BRANCH=None BUG=b:179964270 TEST=local signer Change-Id: I0600cb60bb614111802119293ba0c63f2b61c231 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2728736 Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: George Engelbrecht <engeg@google.com> Tested-by: George Engelbrecht <engeg@google.com>
* Revert "sign_gsc_firmware: update generated file name"factory-dalboz-13695.BVadim Bendebury2020-12-291-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit bc2317695965bb92b8809d9c06327adedcb0653c. The reason for revert is that the signer needs to know the generated file name, and in case vboot reference alters the name the signer remains unaware of the change and is still looking for the file named @CHIP@... Some other means of figuring out the file name will be required, let's stick with the @CHIP@ prefix for now. BRANCH=none BUG=b:173049030 TEST=none Change-Id: I23ea65314d49e86fc4edb015e89b6076f87a54dd Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2605238 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: George Engelbrecht <engeg@google.com> Auto-Submit: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* sign_gsc_firmware: update generated file namefactory-test-13683.Bfactory-dedede-13683.BVadim Bendebury2020-12-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | When processing Gsc image singing request the signing server is not aware of which chip the image is being signed for, the output file name includes the string @CHIP@ and it is the responsibility of the actual signing scripts to figure out if the image is for Cr50 or Ti50. The destination image type is determined based no the signing manifest contents, this patch add code to replace @CHIP@ with the actual image type. BRANCH=none BUG=b:173049030 TEST=invoked the script to sign a Ti50 image locally, verified that the produced signed image file had the expected name. Change-Id: Ib1534ce50e0a44d0ec014e8dbee4e4d85c2082c9 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2596695 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* sign_gsc_firmware: refactor and extend to support D2Vadim Bendebury2020-12-111-90/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The major difference between Cr50 and Ti50 signing is that the RW sections are represented differently: elf files in Cr50 case and ihex files in Ti50 case. Other differences include the produced signed final image size and the offsets of the components in the final image. The signing script is being updated to figure out all these differences at run time. A new optional field is introduced in the signing manifest, the 'generation'. If this field is absent or set to 'h' (for H1), the script proceeds with the Cr50 signing process. If 'generation' is set to 'd' (for D2), the script proceeds with the Ti50 signing process. Instead of using fixed offsets into the final image, the base addresses of the components in ihex format are used, the only fixed value is the base address of the flash image in the chip address space (0x40000 for H1 vs 0x80000 for D2). To make this work for H1 the output format of the signed blob produced by gsc-codesigner is changed from binary to ihex. BRANCH=none BUG=b:173049030 TEST=using this script and the signing_istructions.sh module produced by the real Cr50 signer was able to produce functional images for both Cr50 and Ti50. Change-Id: I845be1101b09c9476fa27fbddb72607dc6cea901 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570009 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Auto-Submit: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* sign_gsc_firmware: add functions to determine ihex module base addressVadim Bendebury2020-12-111-0/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of D2 memory layout scheme it became impossible to hardcode the base address of various components of the D2 firmware image. Luckily, the components are represented as binary blobs in Intel ihex format, which allows to retrieve the base address of the component from the ihex records. The address is composed of two elements: the segment base supplied in the record type 02 or 04, and the record offset into the segment, supplied in the data record of type 0. The segment address is expressed as a 16 bit value, the actual value shifted right either 4 bits (in case of record type 02) or 16 bits (in case of record type 04). The data record offset is also a 16 bit value. The base address of the blob is calculated as <segment address> + <first data record offset> and is available from the first two records in the ihex module. Detailed information of ihex file format can be found in https://en.wikipedia.org/wiki/Intel_HEX . BRANCH=none BUG=b:173049030 TEST=with the next patch in the stack applied was able to successfully build a multicomponent ti50 image. Change-Id: I135c2f9960f1f218532c82bafd7acbe362414fc9 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570008 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* image_signing: use GSC nomenclature instead of Cr50Vadim Bendebury2020-12-111-0/+508
This patch does not yet provide the ability to sign Ti50 images, but prepares the signing scripts for further modifications to support a variety of security chip signing flows. BRANCH=none BUG=b:173049030 TEST=verified successful signing of a Cr50 image in a test signer setup also created a functional Cr50 image invoking sign_official_build.sh by hand. Change-Id: Ic103c9fdf7d1c4ea160c7f6849d5ae5a8303c343 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2537078 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
View Lorry Controller Status