Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / 16ceb9625ed13b0da4ae6306f9187b672b9b382f^! / .
commit16ceb9625ed13b0da4ae6306f9187b672b9b382f[log] [tgz]
authorMike Frysinger <vapier@chromium.org>Mon Oct 01 17:05:14 2018 -0400
committerchrome-bot <chrome-bot@chromium.org>Tue Oct 02 09:17:37 2018 -0700
tree9df3f5a3ea7ee37df28955bce9ba7ef661cf5861
parentb95aa03f38d2073e68968145c99a216e4d45084f [diff]
image_signing: drop support for <R16 recovery image signing

We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it.  But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.

BRANCH=None
BUG=chromium:891015
TEST=precq passes

Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 8e9537d..8db3ead 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh

@@ -177,33 +177,12 @@
   fi
   local vroot_dev=$(get_dm_slave "${dm_config}" vroot)
 
-  local rootfs_sectors
-  local verity_depth
-  local verity_algorithm
-  local root_dev
-  local hash_dev
-  local verity_bin="verity"
-  if is_old_verity_argv "${vroot_dev}"; then
-    # dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 \
-    # sha1 63b7ad16cb9db4b70b28593f825aa6b7825fdcf2"
-    rootfs_sectors=$(echo ${vroot_dev} | cut -f2 -d' ')
-    verity_depth=$(echo ${vroot_dev} | cut -f7 -d' ')
-    verity_algorithm=$(echo ${vroot_dev} | cut -f8 -d' ')
-    root_dev=$(echo ${vroot_dev} | cut -f4 -d ' ')
-    hash_dev=$(echo ${vroot_dev} | cut -f5 -d ' ')
-    # Hack around the fact that the signer needs to use the old version of
-    # verity to generate legacy verity kernel parameters. If we find it,
-    # we use it.
-    type -P "verity-old" &>/dev/null && verity_bin="verity-old"
-  else
-    # Key-value parameters.
-    rootfs_sectors=$(get_verity_arg "${vroot_dev}" hashstart)
-    verity_depth=0
-    verity_algorithm=$(get_verity_arg "${vroot_dev}" alg)
-    root_dev=$(get_verity_arg "${vroot_dev}" payload)
-    hash_dev=$(get_verity_arg "${vroot_dev}" hashtree)
-    salt=$(get_verity_arg "${vroot_dev}" salt)
-  fi
+  # Extract the key-value parameters from the kernel command line.
+  local rootfs_sectors=$(get_verity_arg "${vroot_dev}" hashstart)
+  local verity_depth=0
+  local verity_algorithm=$(get_verity_arg "${vroot_dev}" alg)
+  local root_dev=$(get_verity_arg "${vroot_dev}" payload)
+  local hash_dev=$(get_verity_arg "${vroot_dev}" hashtree)
 
   local salt_arg
   if [ -n "$salt" ]; then
@@ -211,7 +190,7 @@
   fi
 
   # Run the verity tool on the rootfs partition.
-  local slave=$(sudo ${verity_bin} mode=create \
+  local slave=$(sudo verity mode=create \
     alg=${verity_algorithm} \
     payload="${rootfs_image}" \
     payload_blocks=$((rootfs_sectors / 8)) \