| # Copyright 2013 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| """All things Chrome OS signing related""" |
| |
| import configparser |
| import os |
| from typing import Optional |
| |
| from chromite.lib import constants |
| |
| |
| SIGNING_DIR = constants.CHROMITE_DIR / "signing" |
| INPUT_INSN_DIR_REL = os.path.join("crostools", "signer_instructions") |
| TEST_INPUT_INSN_DIR = os.path.join(SIGNING_DIR, "signer_instructions") |
| |
| CROS_SIGNING_BASE_DIR = os.path.join( |
| constants.SOURCE_ROOT, "src", "platform", "signing", "signer-production" |
| ) |
| CROS_SIGNING_CONFIG = os.path.join( |
| CROS_SIGNING_BASE_DIR, "signer/configs/cros_common.config" |
| ) |
| SECURITY_BASELINES_DIR = os.path.join( |
| CROS_SIGNING_BASE_DIR, "security_test_baselines" |
| ) |
| CROS_SIGNING_BIN_DIR = os.path.join( |
| CROS_SIGNING_BASE_DIR, "signer/signingtools-bin" |
| ) |
| |
| |
| def GetDefaultVbootStableHash( |
| config_file: Optional[str] = None, |
| ) -> Optional[str]: |
| """Get the default signer vboot_stable_hash config value.""" |
| config = configparser.ConfigParser() |
| config.read(config_file or CROS_SIGNING_CONFIG) |
| try: |
| return config.get("signer", "vboot_stable_hash") |
| except configparser.Error: |
| return None |