sign_official_build.sh: dump more md5sum on bios.bin

Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.

BUG=b:77252439
TEST=None
BRANCH=None

Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index d47ae90..5f8fd7e 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -624,6 +624,9 @@
         # Path to bios.bin.
         local bios_path="${shellball_dir}/${bios_image}"
 
+        echo "Before EC signing ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         if [ -n "${ec_image}" ]; then
           # Path to ec.bin.
           local ec_path="${shellball_dir}/${ec_image}"
@@ -634,6 +637,10 @@
             local rw_hash="EC_RW.hash"
             # futility writes byproduct files to CWD, so we cd to temp dir.
             pushd "$(make_temp_dir)" > /dev/null
+
+            echo "Signing EC with:" ${FUTILITY} sign --type rwsig --prikey \
+              "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}"
+
             ${FUTILITY} sign --type rwsig --prikey \
               "${KEY_DIR}/key_ec_efs.vbprik2" "${ec_path}" \
               || die "Failed to sign ${ec_path}"
@@ -649,7 +656,20 @@
           fi
         fi
 
+        echo "After EC signing ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         # Resign bios.bin.
+        echo "Signing Bios with:" ${FUTILITY} sign \
+          --signprivate "${signprivate}" \
+          --keyblock "${keyblock}" \
+          --devsign "${devsign}" \
+          --devkeyblock "${devkeyblock}" \
+          --kernelkey "${KEY_DIR}/kernel_subkey.vbpubk" \
+          --version "${FIRMWARE_VERSION}" \
+          "${extra_args[@]}" \
+          ${bios_path} \
+          ${temp_fw}
         ${FUTILITY} sign \
           --signprivate "${signprivate}" \
           --keyblock "${keyblock}" \
@@ -661,9 +681,17 @@
           ${bios_path} \
           ${temp_fw}
 
+        echo "After Bios signing ${temp_fw}: md5 =" \
+          $(md5sum ${temp_fw} | awk '{print $1}')
 
         # For development phases, when the GBB can be updated still, set the
         # recovery and root keys in the image.
+        echo "Setting GBB with:" ${FUTILITY} gbb \
+          -s \
+          --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \
+          --rootkey="${rootkey}" \
+          "${temp_fw}" \
+          "${bios_path}"
         ${FUTILITY} gbb \
           -s \
           --recoverykey="${KEY_DIR}/recovery_key.vbpubk" \
@@ -671,6 +699,9 @@
           "${temp_fw}" \
           "${bios_path}"
 
+        echo "After setting GBB on ${bios_path}: md5 =" \
+          $(md5sum ${bios_path} | awk '{print $1}')
+
         info "Signed firmware image output to ${bios_path}"
       done
       unset IFS