signer: improve error handling in update_legacy_bootloader()

TEST=Ran locally and booted the image on kvm
(using BIOS).

$ ./ base chromiumos_base_image.bin \
  ../../tests/devkeys chromiumos_base_image_signed.bin

Change-Id: I2e1aad6e2073dea8e92d6ee25ac6972a5d555d71
Commit-Ready: Amey Deshpande <>
Tested-by: Amey Deshpande <>
Reviewed-by: Mike Frysinger <>
diff --git a/scripts/image_signing/ b/scripts/image_signing/
index a3f7c98..83f31c6 100755
--- a/scripts/image_signing/
+++ b/scripts/image_signing/
@@ -714,7 +714,11 @@
   local esp_dir="$(make_temp_dir)"
   # We use the 'unsafe' variant because the EFI system partition is vfat type
   # and can be mounted in RW mode.
-  _mount_image_partition_retry "${image}" "${esp_partnum}" "${esp_dir}"
+  if ! _mount_image_partition_retry "${image}" "${esp_partnum}" \
+                                    "${esp_dir}"; then
+    error "Could not mount EFI partition for updating legacy bootloader cfg."
+    return 1
+  fi
   # If we can't find the dm parameter in the kernel config, bail out now.
   local kernel_config=$(grab_kernel_config "${image}" "${dm_partno}")