From e681c371484b50c0cc35d91123b176acdc2449eb Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Tue, 11 May 2021 12:31:21 -0700
Subject: change node locked version expectations

With the new rollback info space value the node locked images base
needs to be enabled.

BRANCH=none
BUG=b:187438971
TEST=none

Change-Id: I78eafc72766947df81c9b6519bc13633423840d6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2888711
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
---
 scripts/image_signing/sign_gsc_firmware.sh | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/scripts/image_signing/sign_gsc_firmware.sh b/scripts/image_signing/sign_gsc_firmware.sh
index bc5b89ac..af7b7dad 100755
--- a/scripts/image_signing/sign_gsc_firmware.sh
+++ b/scripts/image_signing/sign_gsc_firmware.sh
@@ -25,7 +25,7 @@ set -u
 
 PRE_PVT_BID_FLAG=0x10
 MP_BID_FLAG=0x10000
-CR50_FACTORY_VERSION="0.3.22"
+CR50_NODE_LOCKED_VERSION="0.5.12"
 
 # Convert unsigned 32 bit value into a signed one.
 to_int32() {
@@ -151,9 +151,10 @@ paste_bin() {
 # that the manifest conforms to GSC version numbering and board ID flags
 # conventions for various build images:
 #
-# - only factory version binaries can be converted to node locked images,
-#   board IDs for node locked images come from signing instructions, and the
-#   config1 manifest field value must have the 0x80000000 bit set.
+# - only binaries where version is set to CR50_NODE_LOCKED_VERSION can be
+#   converted to node locked images. Board IDs for node locked images come
+#   from signing instructions, and the config1 manifest field value must have
+#   the 0x80000000 bit set.
 #
 # - when signing pre-pvt binaries (major version number is even) the 0x10
 #   flags bit must be set.
@@ -197,8 +198,9 @@ verify_and_prepare_gsc_manifest() {
       if [[ -z ${INSN_DEVICE_ID:-} ]]; then
         die "Node locked target without Device ID value"
       fi
-      # Case of a node locked image, it must have the fixed factory version.
-      if [[ "${epoch}.${major}.${minor}" != "${CR50_FACTORY_VERSION}" ]];then
+      # Case of a node locked image, it must have the fixed version.
+      if [[ "${epoch}.${major}.${minor}" != "${CR50_NODE_LOCKED_VERSION}" ]]
+      then
         die "Won't create node locked images for version $epoch.$major.$minor"
       fi
 
-- 
cgit v1.2.1