From f709cd2bee1cdff49ece4c7c3ab23950e4dd9d30 Mon Sep 17 00:00:00 2001 From: Marco Chen Date: Wed, 9 May 2018 17:08:01 +0800 Subject: image_signing: Add sha1sum of a key without loem keyset to VERSION.signer. CL:866522 supported the case of loem and uni-build projects but not for the project with one key only. After this CL, `gooftool finalize` can refer to VERSION.signer in order to get correct firmware key hash from recovery image. As the result, firmware_keys field can be removed from HWID database. BUG=chromium:763328 TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin ./src/platform/vboot_reference/tests/devkeys ./output.bin 2) verify output file - VERSION.signer. BRANCH=None Change-Id: I376cd7038c0fe1d5cc71cb39cbabeb5e79994407 Reviewed-on: https://chromium-review.googlesource.com/1051429 Commit-Ready: Marco Chen Tested-by: Marco Chen Reviewed-by: Marco Chen Reviewed-by: C Shapiro --- scripts/image_signing/sign_official_build.sh | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'scripts/image_signing') diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 1c4a2958..78aee2dd 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -732,6 +732,11 @@ resign_firmware_payload() { sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9) echo " ${model}: ${sha1}" >>"${signer_notes}" done + else + echo "List sha1sum of single key's signature:" >>"${signer_notes}" + key="${KEY_DIR}/root_key.vbpubk" + sha1=$(vbutil_key --unpack "${key}" | grep sha1sum | cut -d" " -f9) + echo " root: ${sha1}" >>"${signer_notes}" fi new_shellball=$(make_temp_file) -- cgit v1.2.1