From 41d0e327910507c73ead5f88d0ed3db524353062 Mon Sep 17 00:00:00 2001
From: YH Lin <yueherngl@google.com>
Date: Mon, 30 Apr 2018 19:26:12 -0700
Subject: sign_official_build.sh: dump more md5sum on bios.bin

Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.

BUG=b:77252439
TEST=None
BRANCH=None

Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
---
 scripts/image_signing/sign_official_build.sh | 31 ++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index d47ae908..5f8fd7e2 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -624,6 +624,9 @@ resign_firmware_payload() {
         # Path to bios.bin.
         local bios_path="${shellball_dir}/${bios_image}"
 
+        echo "Before EC signing ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         if [ -n "${ec_image}" ]; then
           # Path to ec.bin.
           local ec_path="${shellball_dir}/${ec_image}"
@@ -634,6 +637,10 @@ resign_firmware_payload() {
             local rw_hash="EC_RW.hash"
             # futility writes byproduct files to CWD, so we cd to temp dir.
             pushd "$(make_temp_dir)" > /dev/null
+
+            echo "Signing EC with:" ${FUTILITY} sign --type rwsig --prikey \
+              "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}"
+
             ${FUTILITY} sign --type rwsig --prikey \
               "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}" \
               || die "Failed to sign ${ec_path}"
@@ -649,7 +656,20 @@ resign_firmware_payload() {
           fi
         fi
 
+        echo "After EC signing ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         # Resign bios.bin.
+        echo "Signing Bios with:" ${FUTILITY} sign \
+          --signprivate "${signprivate}" \
+          --keyblock "${keyblock}" \
+          --devsign "${devsign}" \
+          --devkeyblock "${devkeyblock}" \
+          --kernelkey "${KEY_DIR}/kernel_subkey.vbpubk" \
+          --version "${FIRMWARE_VERSION}" \
+          "${extra_args[@]}" \
+          ${bios_path} \
+          ${temp_fw}
         ${FUTILITY} sign \
           --signprivate "${signprivate}" \
           --keyblock "${keyblock}" \
@@ -661,9 +681,17 @@ resign_firmware_payload() {
           ${bios_path} \
           ${temp_fw}
 
+        echo "After Bios signing ${temp_fw}: md5 =" \
+          $(md5sum ${temp_fw} | awk '{print $1}')
 
         # For development phases, when the GBB can be updated still, set the
         # recovery and root keys in the image.
+        echo "Setting GBB with:" ${FUTILITY} gbb \
+          -s \
+          --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \
+          --rootkey="${rootkey}" \
+          "${temp_fw}" \
+          "${bios_path}"
         ${FUTILITY} gbb \
           -s \
           --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \
@@ -671,6 +699,9 @@ resign_firmware_payload() {
           "${temp_fw}" \
           "${bios_path}"
 
+        echo "After setting GBB on ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         info "Signed firmware image output to ${bios_path}"
       done
       unset IFS
-- 
cgit v1.2.1