From 1376cfbfdd3b0cbc14da190c744604c4f3d29a23 Mon Sep 17 00:00:00 2001 From: Jack Neus Date: Tue, 7 Sep 2021 20:30:01 +0000 Subject: reven signing: skip install_gsetup_certs BUG=b:199136347,b:194500280 TEST=none BRANCH=none Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278 Signed-off-by: Jack Neus Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774 Reviewed-by: George Engelbrecht --- scripts/image_signing/sign_official_build.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index bb8d69d4..700da038 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -709,6 +709,7 @@ resign_android_image_if_exists() { # Args: LOOPDEV sign_uefi_binaries() { local loopdev="$1" + local kerna_config="$2" if [[ ! -d "${KEY_DIR}/uefi" ]]; then return 0 @@ -721,7 +722,11 @@ sign_uefi_binaries() { elif [[ -z "${esp_dir}" ]]; then return 0 fi - "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi" + # The reven board has a special signing flow. If this flag is set, don't + # invoke install_gsetup_certs.sh. + if " ${kerna_config} " != *" cros_reven "* ]]; then + "${SCRIPT_DIR}/install_gsetup_certs.sh" "${esp_dir}" "${KEY_DIR}/uefi" + fi "${SCRIPT_DIR}/sign_uefi.sh" "${esp_dir}" "${KEY_DIR}/uefi" sudo umount "${esp_dir}" @@ -1016,7 +1021,7 @@ sign_image_file() { resign_firmware_payload "${loopdev}" remove_old_container_key "${loopdev}" resign_android_image_if_exists "${loopdev}" - sign_uefi_binaries "${loopdev}" + sign_uefi_binaries "${loopdev}" "${kerna_config}" # We do NOT strip /boot for factory installer, since some devices need it to # boot EFI. crbug.com/260512 would obsolete this requirement. # -- cgit v1.2.1