| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's already a local |output| variable that we clobbered.
BUG=chromium:935628
TEST=cros-signing/signer/signing_unittest.py passes
BRANCH=none
Change-Id: Idde2aa35053ff6bc149f3f4d1df784e25b4fcdc5
Reviewed-on: https://chromium-review.googlesource.com/c/1490651
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Openssl output format changed, use futility for key_size.
BUG=chromium:935628
TEST=None
BRANCH=none
Change-Id: I1329fa8cd1a79943dbcd8be19d56680ae22376f1
Reviewed-on: https://chromium-review.googlesource.com/c/1489452
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a script for signing Cr50 images on the build server.
BRANCH=cr50
TEST=sign_official_build.sh cr50_firmware input tests/devkeys output
BUG=b:74100307
Change-Id: I741b8532980b0a7a0b32fbacff235c38661c7668
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313573
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I5cc37fae19fb4b3db229598aa0f5c69a6f32005a
Reviewed-on: https://chromium-review.googlesource.com/1387904
Commit-Ready: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 16ceb9625ed13b0da4ae6306f9187b672b9b382f dropped support for old
versions, but it also accidentally dropped the salt= setting which ended
up breaking newer recovery kernels. Restore that line and drop an unused
var from the old code path.
BRANCH=None
BUG=chromium:891015, chromium:891764
TEST=running `./sign_official_build.sh verify` against the images in crbug.com/891764 works again
Change-Id: I8ae619c9243f9c2638962ae439b9df5090d6c535
Reviewed-on: https://chromium-review.googlesource.com/1376831
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To speed things up, support stripping /boot from a rootfs block device.
This way we can mount an image via loopback and pass that in directly.
BRANCH=None
BUG=chromium:714598
TEST=strip_boot_from_image.sh on image files works, and on loopback partitions
Change-Id: Ie74d3f239ac29533f4325d0c1f75e3cce5fab7a5
Reviewed-on: https://chromium-review.googlesource.com/1152075
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Require that the container passed in is the one containing
the specified key, and no other key. So if only one key is
present it must be the specified key.
BUG=chromium:863464
TEST=run locally
BRANCH=None
Change-Id: Ieeca5773f35b7bf92beae8a2192ed6e6fd9008e6
Reviewed-on: https://chromium-review.googlesource.com/1136910
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware_keys field in the HWID database also contains hash of recovery
key so need this information as well in order to deprecate firmware_keys
field.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: If2be93723e95d46fc0546239695be27c3229275c
Reviewed-on: https://chromium-review.googlesource.com/1053334
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Wei-Han Chen <stimim@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:866522 supported the case of loem and uni-build projects but not for
the project with one key only. After this CL, `gooftool finalize` can
refer to VERSION.signer in order to get correct firmware key hash from
recovery image. As the result, firmware_keys field can be removed from
HWID database.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: I376cd7038c0fe1d5cc71cb39cbabeb5e79994407
Reviewed-on: https://chromium-review.googlesource.com/1051429
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of util-linux/mount don't like when you create overlapping
loopback files. Since we always create a loopback of the entire image,
this means every mount fails.
We can change the few users in here over to using the existing loopback
partitions rather than continuing to create their own from scratch. This
makes the code a bit simpler.
However, we currently duplicate some of the mount image helpers so that
one version works off of a disk image while the other uses loopbacks.
Cleaning this up requires a number of changes in other files which we'll
want to do eventually, just not right now (to minimize risk).
BUG=chromium:714598
TEST=image signing works on newer gLinux installs
BRANCH=None
Change-Id: I31b35636b3b271e97070d283f8cb74d3183d8ec8
Reviewed-on: https://chromium-review.googlesource.com/1034435
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.
BUG=b:77252439
TEST=None
BRANCH=None
Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up the code review comments on CL:995175, which was merged as
1493e938e45535f86b7132a83123c6319eacb217
("image_signing: sign UEFI binaries")
BUG=b:62189155
TEST=See CL:*613656
BRANCH=none
Change-Id: Ic01bfbbfe39fbfb85c0f313ab62bbcd3e2fbb9a3
Reviewed-on: https://chromium-review.googlesource.com/1024919
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:62189155
TEST=See CL:*601769
BRANCH=none
Change-Id: Id9569616bae0d5f44c1c96e18522ace244a5aae8
Reviewed-on: https://chromium-review.googlesource.com/995175
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of only logging when ARC++ is not present, also report when we
found an ARC++ image about to be re-signed.
BUG=None
TEST=See info message when running sign_official_build.sh
BRANCH=None
Change-Id: I0d983d38048c4b8dace51e4ea25e23c7cf1da3d7
Reviewed-on: https://chromium-review.googlesource.com/942021
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the EC supporting EFS boot, the RO section contains a
public key, and the RW is signed. For running FAFT, should
replace the RO key to a known one (the dev key under
vboot_reference), such that FAFT tests can resign the RW
using a known private key.
For BIOS image, we use make_dev_firmware.sh to do a similar
job to replace the key in BIOS. This CL makes the
make_dev_firmware script support changing EC key.
BUG=b:71769443
BRANCH=none
TEST=Modify files
$ # Check the original BIOS and EC images
$ futility show ec.bin
$ futility show bios.bin
$ ./make_dev_firmware.sh --change_ec -f bios.bin -t new_bios.bin \
-e ec.bin -o new_ec.bin --backup_dir backup
$ # Check the new images, using new keys and verification succeeded
$ futility show new_ec.bin
$ futility show new_bios.bin
TEST=Modify live firmware
$ ./make_dev_firmware.sh --change_ec
And then run firmware_ECUpdateId with a Type-C charger.
TEST=Run sign_official_build.sh
$ sign_official_build.sh recovery recovery_image.bin \
~/trunk/src/platform/vboot_reference/tests/devkeys /tmp/out.bin
TEST=make runalltests
Change-Id: Id51e2c411a4e6d016e619cec91453ce918b7fff7
Reviewed-on: https://chromium-review.googlesource.com/889406
Commit-Ready: Wai-Hong Tam <waihong@google.com>
Tested-by: Wai-Hong Tam <waihong@google.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To record sha1sum of keys in keyset can help loem or unibuild projects to verify
1. whether rekey process is performed correctly during the factory
build.
2. whether HWID database is updated correctly.
BUG=chromium:763328
TEST=1) modify loem.ini to match what coral is.
2) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10308.0.0_coral_recovery_dev-channel_mp-v4.bin
./src/platform/vboot_reference/tests/loemkeys ./output.bin
3) verify output file - VERSION.signer.
BRANCH=none
Change-Id: I80deadb04d9dc0eb66fc5ac45dce84e6f41f1a16
Signed-off-by: Marco Chen <marcochen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/866522
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The helper function - info redirects msg to stderr and appends some
backslash escapes so
1. it can't be redirected to VERSION.signer via stdout again.
2. Even if change to stderr, we also don't want these appended
msg.
BUG=chromium:760879
TEST==~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I46d560fb4cb93756fd02e32412410afb3a4db0e2
Reviewed-on: https://chromium-review.googlesource.com/861694
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sign_official_build.sh resign ec.bin and store
signed RW copies in bios.bin if the original ec.bin contains
signed RW copies.
BUG=b:66956286
BRANCH=none
CQ-DEPEND=CL:738794,CL:*490792
TEST=sign_official_build.sh recovery recovery_image.bin \
~/trunk/src/platform/vboot_reference/tests/devkeys /tmp/out.bin
Change-Id: I73c7d8da7d8e2f770e5952d0124f8d43bb13e592
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/734295
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The signer has no concept of model and doesn't need to. From its
perspective, it is simply generating a signature block based on a set of
instructions.
Changing the comments and variable name to reflect this.
BUG=b:68141451
TEST=None
BRANCH=None
Change-Id: Ia2a3e4a5273a4bcd9c5645db2cf0db80af6c28cf
Reviewed-on: https://chromium-review.googlesource.com/733857
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature was originally implemented before go/cros-unibuild-signing.
It only provided basis support to continue testing unibuilds, but didn't
deal with the actual required model specific cases.
Unibuilds have already been migrated away from this, so this feature is
now obsolete.
BUG=None
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I58b569b97f0bf42a927a851e7bc0559cb1e26200
Reviewed-on: https://chromium-review.googlesource.com/660805
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For model specific signatures, the root key needs to be copied also for
the development case where the root key can be flashed into the RO
block.
BUG=b:65367246
TEST=./build_image --board=coral dev \
&& ./mod_image_for_recovery.sh --board=coral \
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
recovery ../build/images/coral/latest/recovery_image.bin \
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I116850881d3c183b20e7d75e40deb13122f40c7a
Reviewed-on: https://chromium-review.googlesource.com/650546
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The grep pattern was too lenient and allowed for matches with the same
shared root key id. E.g. NASHER also matched NASHER360
This changes the pattern to match exactly to the end of the line.
BUG=b:65284008
TEST=grep -E "[0-9]+ = NASHER$" ~/tmp/loem.ini with actual loem.ini
that will exist on the signers
BRANCH=None
Change-Id: I80a870cd512825d30c7a39e4ac6f3cffc9ea808d
Reviewed-on: https://chromium-review.googlesource.com/647800
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: YH Lin <yueherngl@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
updater4.sh uses the /keyset subdir from the firmware updater shellball
to indicate if it should use model specific keys or not. This won't
work for any case where the signers haven't been updated with model
specific keys yet.
Changed the output for unibuilds to be consistent with non-uni builds
where the /keyset subdir won't be created if loem.ini doesn't exist on
the signer.
BUG=b:65128657
TEST=crrev.com/c/626718 and crrev.com/c/636344 test cases, which cover
both the shared and non-shared key use cases
BRANCH=None
Change-Id: I38db1385fa99ac4a9843a750c336c58b74b127b4
Reviewed-on: https://chromium-review.googlesource.com/642031
Commit-Ready: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the current coral config to use the fake keys from the loemkeys
dev keyset (ACME) and then tested/debugged this flow based on that
config.
Fixed issue where key_id wasn't eval'd in bash when it was passed to
grep because it has ' quotes around it.
BUG=b:64842314
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery
../build/images/coral/R62-9877.0.2017_08_25_1030-a1/recovery_image.bin
../platform/vboot_reference/tests/loemkeys
coral_loem_signed_recovery.bin
BRANCH=None
Change-Id: I50a58e512e9a83dc2707951f12d709f9006d67ca
Reviewed-on: https://chromium-review.googlesource.com/636344
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We would like to have different signature versions for hammer
(1=dev, 2=premp, 3=mp), so we should pass --version to futility.
The default version stays 1.
BRANCH=none
BUG=b:35587169
TEST=openssl genrsa -3 -out key_hammer.pem 2048
futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer
echo firmware_version=2 > key_hammer.version
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . \
ec-signed.bin key_hammer.version
futility show ec-signed.bin => Version: 0x00000002
TEST=Without passing a version file, version is still 1.
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . ec-signed.bin
futility show ec-signed.bin => Version: 0x00000001
Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d
Reviewed-on: https://chromium-review.googlesource.com/631757
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For design context, see go/cros-unibuild-signing
This adds support for multiple, shared firmware images from a unified
build that needs to be signed with different OEM specific keys.
It uses a signer_config.csv file (that is generated by pack_firmware.py)
to determine which images need to be signed with which keys.
BUG=b:64842314
TEST=./build_image --board=coral dev
&& ./mod_image_for_recovery.sh --board=coral
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: Id3711bbe73dfe652184bc046b5f642c30b8d1627
Reviewed-on: https://chromium-review.googlesource.com/626718
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loader updates
This is the last place that uses grab_kernel_config. Convert it over
to accessing the kernel directly via loopbacks and delete the helper
function entirely. This avoids unnecessary copies and prevents any
more code from using it.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I16aa2c2568d15c43bb20b9d5dc18060915047506
Reviewed-on: https://chromium-review.googlesource.com/505481
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids copying GB of data for the rootfs & kernels by using loopback
devices instead.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I41cd71db3c567be811c4a59523c797c128a8e493
Reviewed-on: https://chromium-review.googlesource.com/505480
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids copying out the kernels just to read their configs.
Not super important as the signer doesn't use it, but we want to
kill off the grab_kernel_config helper.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I2533b1d4de6980120f277fea3a1d964cb4fbaf0d
Reviewed-on: https://chromium-review.googlesource.com/505479
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels
This avoids copying in/out the kernels for their configs and to resign.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12
Reviewed-on: https://chromium-review.googlesource.com/505478
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the kernel config reading and the stateful vblock updating
to use loopback devices. This avoids having to copy out the kernels
many times over just to read them.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Ibb49791a7db998e45b35ed15ddc12126e669c730
Reviewed-on: https://chromium-review.googlesource.com/505477
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace commands using gbb_utility by the new 'gbb' futility command.
BRANCH=none
BUG=None
TEST=USE=test emerge-$BOARD vboot_reference
Change-Id: I8c1547d295a955373413482509a33964b0e0c06f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/538442
Reviewed-by: Stefan Reinauer <reinauer@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unified builds break down multiple firmware images for each model;
however, the signing script didn't have support for this.
This updates the signing script to iterate over all models in a unified
build and sign each firmware image separately.
BUG=chromium:734485
TEST=sign_official_build.sh recovery for reef and reef-uni
BRANCH=none
Change-Id: Ia2b5b8bd36ac77aeb7944362186d1d5739e6ff3d
Reviewed-on: https://chromium-review.googlesource.com/540131
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than copy out the rootfs to a temp file and perform checks on that,
run the checks directly on the image. This saves us from having to copy
many GB worth of data which can be expensive on the VMs (slow disk I/O).
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Ie7d1c432aacb69e57b6c5fd9ab810b8d0b054860
Reviewed-on: https://chromium-review.googlesource.com/505476
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the output easier to follow when multiple scripts are being run.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: I4097fd58f349dc84c242dd12d6a94e12f387a1f0
Reviewed-on: https://chromium-review.googlesource.com/498232
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:660209
TEST=`./sign_official_build.sh oci-container fastboot/ ../tests/devkeys` works
TEST=signing an image inserted the container pubkey
BRANCH=None
Change-Id: I75793b03e93f2c18b1495a3ec729ad04d2e17401
Reviewed-on: https://chromium-review.googlesource.com/427538
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Effectively, this will sign Android platform apks in M53, the first ARC
release.
TEST=Haven't heard problem from the latest Dev release 8737.1.0
BUG=b:29915721
Change-Id: Ic71f04e7fddbe3d020c57f9933e09b5537ee7370
Reviewed-on: https://chromium-review.googlesource.com/376799
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=sign_official_build.sh with veyron_minnie image # works
TEST=sign_official_build.sh with veyron_shark image # skipped
BUG=chromium:638289
Change-Id: Ic00b5c73fc094ad1146ffb1f29d2dcc5cfdb839d
Reviewed-on: https://chromium-review.googlesource.com/371458
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we return early from the release check, we leaked the mount point.
This could in turn cause issues with data syncing and hash calculation.
BUG=b:30891460
TEST=None
BRANCH=None
Change-Id: I7a40007e371b8e64ca7e8210ad9121dc1a4bcf9f
Reviewed-on: https://chromium-review.googlesource.com/370739
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sign_android_image.sh is the main script that signs the image. It makes
similar changes to an image like the Android official signing tool
(sign_target_files_apks.py) does, but more Chrome OS specific.
TEST=./sign_official_build.sh recovery recovery_image.bin \
../../tests/devkeys/ out_img
TEST=Same above but with a recovery image without Android image.
Android signing was skipping.
TEST=Same above but with a M53 image. Android signing was skipped.
TEST=Unpack the image and diff the before and after. Looks correct.
BUG=b:29915721
Change-Id: I0ae5f0ad8d2b05e485d60262558517ea563bf527
Reviewed-on: https://chromium-review.googlesource.com/366794
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=Ran sign_official_build locally on image w/ cros_efi and checked
the signed image had /boot in rootfs.
BUG=chromium:604967
BRANCH=None
Change-Id: Id6e1a6409e07fa37a5c116c66ac937dd9aec1481
Reviewed-on: https://chromium-review.googlesource.com/335469
Commit-Ready: Amey Deshpande <ameyd@google.com>
Tested-by: Amey Deshpande <ameyd@google.com>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:590933
TEST=Ran sign_official_build.sh locally and booted the image on kvm
(using BIOS).
$ ./sign_official_build.sh base chromiumos_base_image.bin \
../../tests/devkeys chromiumos_base_image_signed.bin
Change-Id: I2e1aad6e2073dea8e92d6ee25ac6972a5d555d71
Reviewed-on: https://chromium-review.googlesource.com/331661
Commit-Ready: Amey Deshpande <ameyd@google.com>
Tested-by: Amey Deshpande <ameyd@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The standalone accessories are using a key name like this:
key_<product>.pem or key_<product>.vbprik2
when it doesn't exist, fallback using key.pem or key.vbprik2.
BRANCH=none
BUG=chrome-os-partner:47557
TEST=manual:
./scripts/image_signing/sign_official_build.sh accessory_usbpd ../ec/build/zinger/ec.bin tests/devkeys-acc /tmp/ec-zinger.TEST.SIGNED.bin
./scripts/image_signing/sign_official_build.sh accessory_rwsig ../ec/private/build/hadoken/keyboard_app.bin tests/devkeys-acc /tmp/ec-hadoken.TEST.SIGNED.bin
./scripts/image_signing/sign_official_build.sh accessory_rwsig ../ec/private/build/hadoken/keyboard_app.bin /tmp /tmp/ec-hadoken.TEST.SIGNED.bin
Change-Id: I68863664bdb9da1695e91b1986f3a0148af7da26
Reviewed-on: https://chromium-review.googlesource.com/312836
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
My previous patch using futility to re-sign standalone accessory
firmware images had a mistake in the key directory path : fix it.
Also add RSA-2048 'accessory' keys for signer unit testing.
BRANCH=smaug, samus
BUG=chrome-os-partner:46635
TEST=run cros-signing unittests (./signing_unittests.py)
Change-Id: Ia2f641c85337c67f81968be4730643a6ad5f22cf
Reviewed-on: https://chromium-review.googlesource.com/309530
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use futility to re-sign standalone accessory firmware images either the
former "usbpd1" used by USB Power Delivery firmware generated from the
EC codebase or the new "rwsig" format.
BRANCH=smaug, samus
BUG=chrome-os-partner:46635
TEST=manual:
openssl genrsa -F4 -out key_zinger.pem 2048
openssl genrsa -F4 -out key_hadoken.pem 2048
futility create --desc="Hadoken fake MP key" key_hadoken.pem key_hadoken
./scripts/image_signing/sign_official_build.sh accessory_usbpd build/zinger/ec.bin . build/zinger/ec.SIGNED.bin
./scripts/image_signing/sign_official_build.sh accessory_rwsig build/hadoken/keyboard_app.bin . build/hadoken/keyboard_app.SIGNED.bin
and compare the re-signed files with the original files.
Change-Id: I586ba3e4349929782e734af1590f394824e7dd44
Reviewed-on: https://chromium-review.googlesource.com/306795
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifically, this patch updates 'root_hexdigest' in legacy bootloader
templates in EFI system partition to match the signed rootfs.
BRANCH=None
BUG=chromium:512940
TEST=Ran sign_official_build.sh locally and booted the image on kvm
(using BIOS).
TEST=Ran signing_unittests.py by locally changing vboot_stable_hash to
include this patch.
$ ./sign_official_build.sh base chromiumos_base_image.bin \
../../tests/devkeys chromiumos_base_image_signed.bin
Change-Id: Ied021c4464b113a64508f5081605069bdcecbc1f
Reviewed-on: https://chromium-review.googlesource.com/301742
Commit-Ready: Amey Deshpande <ameyd@google.com>
Tested-by: Amey Deshpande <ameyd@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chrome-os-partner:44227
TEST='sign_official_build.sh recovery_kernel boot.img keys
boot.img.recovery-signed' works fine and able to boot in locked recovery mode
using fastboot boot.
Change-Id: Iabde28bb2068b8294fc3d03f2f771c63368ecbb5
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/300250
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should speed up the copies significantly by using less disk
storage & I/O when the unpacked file is not sparse already. This
option has been in cp for a long time, and works in Ubuntu Precise
(coreutils-8.13) & Trusty (coreutils-8.21).
BUG=chromium:530730
TEST=`./signing_unittests.py` passes
BRANCH=None
Change-Id: I82192455a623eabf96abf4f25296f3dc0c129ca2
Reviewed-on: https://chromium-review.googlesource.com/299440
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Amey Deshpande <ameyd@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signer was calling sign_official_build.sh in a manner that wasn't
being accepted correctly. Also add test keys from firmware branch.
BUG=chrome-os-partner:44227
TEST=sign_official_build.sh nv_lp0_firmware tegra_lp0_resume.fw tests/devkeys tegra_lp0_resume.fw.signed versions.default
BRANCH=signer
Change-Id: Icd298ac75e3da746220826dc2fb9cc2466e41f1d
Signed-off-by: David Riley <davidriley@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/297802
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|