blob: 83463b84aaf5cca1aabe6c927d03e336fbeab1ab [file] [log] [blame]
#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Script to resign the kernel partition generated in the output of build_image
# with SSD keys.
# --- BEGIN COMMON.SH BOILERPLATE ---
# Load common CrOS utilities. Inside the chroot this file is installed in
# /usr/lib/crosutils. Outside the chroot we find it relative to the script's
# location.
find_common_sh() {
local common_paths=("$(dirname "$(readlink -f "$0")")/.." /usr/lib/crosutils)
local path
SCRIPT_ROOT="${common_paths[0]}"
for path in "${common_paths[@]}"; do
if [ -r "${path}/common.sh" ]; then
SCRIPT_ROOT="${path}"
break
fi
done
}
find_common_sh
. "${SCRIPT_ROOT}/common.sh" || exit 1
# --- END COMMON.SH BOILERPLATE ---
# Need to be inside the chroot to load chromeos-common.sh
assert_inside_chroot
# Load functions and constants for chromeos-install
. /usr/share/misc/chromeos-common.sh || exit 1
locate_gpt
DEFINE_string from "chromiumos_image.bin" \
"Input file name of Chrome OS image to re-sign."
# Parse command line
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
failure() {
echo "SIGNING HAD FAILED"
exit 1
}
# Abort on error
switch_to_strict_mode
trap "failure" EXIT
if [ -z "${FLAGS_from}" ] || [ ! -f "${FLAGS_from}" ] ; then
echo "Error: invalid flag --from"
exit 1
fi
# Example commandline is as follows:
# ./sign_official_build.sh \
# ssd \
# /.../build/images/x86-mario/0.8.68.2/chromiumos_test_image.bin \
# ../../tests/devkeys/ \
# /.../build/images/x86-mario/0.8.68.2/chromiumos_test_ssd_image.bin
VBOOT_DIR="${SRC_ROOT}/platform/vboot_reference"
if [ ! -d "${VBOOT_DIR}" ]; then
die_notrace "VBOOT DIR NOT FOUND at \'${VBOOT_DIR}\' .."
fi
TMP_IMAGE=$(mktemp)
VBOOT_KEYS="${VBOOT_DIR}/tests/devkeys"
if [ ! -d "${VBOOT_KEYS}" ]; then
die_notrace "VBOOT KEYS NOT FOUND at \'${VBOOT_KEYS}\' .."
fi
VBOOT_SIGN="${VBOOT_DIR}/scripts/image_signing/sign_official_build.sh"
if [ ! -x "${VBOOT_SIGN}" ]; then
die_notrace \
"VBOOT TOOL sign_official_build.sh NOT FOUND at \'${VBOOT_SIGN}\' .."
fi
cp "${FLAGS_from}" "${TMP_IMAGE}"
${VBOOT_SIGN} ssd "${TMP_IMAGE}" "${VBOOT_KEYS}" "${FLAGS_from}"
rm "${TMP_IMAGE}"
set +e
trap - EXIT