| #!/bin/bash |
| |
| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Script that just takes in a kernel partition and outputs a new vblock |
| # signed with the specific keys. For use on signing servers. |
| |
| # vbutil_kernel must be in the system path. |
| |
| SCRIPT_DIR=$(dirname $0) |
| |
| # Abort on error |
| set -e |
| |
| # Check arguments |
| if [ $# -lt 4 ] || [ $# -gt 5 ]; then |
| echo "usage: $0 src_kpart dst_vblock kernel_datakey kernel_keyblock [version]" |
| exit 1 |
| fi |
| |
| # Make sure the tools we need are available. |
| type -P vbutil_kernel &>/dev/null || \ |
| ( echo "vbutil_kernel tool not found."; exit 1; ) |
| |
| SRC_KPART=$1 |
| DST_VBLOCK=$2 |
| KERNEL_DATAKEY=$3 |
| KERNEL_KEYBLOCK=$4 |
| VERSION=$5 |
| |
| if [ -z $VERSION ]; then |
| VERSION=1 |
| fi |
| echo "Using kernel version: $VERSION" |
| |
| vbutil_kernel --repack "${DST_VBLOCK}" \ |
| --vblockonly \ |
| --keyblock "${KERNEL_KEYBLOCK}" \ |
| --signprivate "${KERNEL_DATAKEY}" \ |
| --version "${VERSION}" \ |
| --oldblob "${SRC_KPART}" |
| |
| echo "New kernel vblock was output to ${DST_VBLOCK}" |
| |