From 594eb296fed7809a1e7faa714df5ca710f99a576 Mon Sep 17 00:00:00 2001 From: Nicolas Boichat Date: Thu, 24 Aug 2017 17:27:56 +0800 Subject: [PATCH] image_signing: sign_official_build.sh: Add version to rwsig signatures We would like to have different signature versions for hammer (1=dev, 2=premp, 3=mp), so we should pass --version to futility. The default version stays 1. BRANCH=none BUG=b:35587169 TEST=openssl genrsa -3 -out key_hammer.pem 2048 futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer echo firmware_version=2 > key_hammer.version ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . \ ec-signed.bin key_hammer.version futility show ec-signed.bin => Version: 0x00000002 TEST=Without passing a version file, version is still 1. ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . ec-signed.bin futility show ec-signed.bin => Version: 0x00000001 Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d Reviewed-on: https://chromium-review.googlesource.com/631757 Commit-Ready: Nicolas Boichat Tested-by: Nicolas Boichat Reviewed-by: Mike Frysinger --- scripts/image_signing/sign_official_build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index cf0b33456c..651726c13d 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -1030,7 +1030,8 @@ elif [[ "${TYPE}" == "accessory_rwsig" ]]; then KEY_NAME="${KEY_DIR}/key" fi cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}" - futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}" + futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" \ + --version "${FIRMWARE_VERSION}" "${OUTPUT_IMAGE}" elif [[ "${TYPE}" == "oci-container" ]]; then sign_oci_container "${INPUT_IMAGE}" "${KEY_DIR}" "${OUTPUT_IMAGE}" else