Add --subkey_in option to kernel signing utility.

This allows for using an existing key signature (subkey) header to generate new signed images if the kernel signing is unchanged. This obviates the need to take out the firmware private key each time a new signed kernel image is generated. A similar change will also be propagated to the firmware signing utility. We would REALLY like to reduce the need to take out the verified boot private root key (used for generating R/W firmware key signature headers) everytime we generate a new signed R/W firmware image. Review URL: http://codereview.chromium.org/2372001
2025-11-29 04:33:39 +00:00 · 2010-05-28 11:47:33 -07:00
parent 2a9c66cd71
commit f666780e86
4 changed files with 151 additions and 53 deletions
--- a/utility/include/kernel_utility.h
+++ b/utility/include/kernel_utility.h
@@ -8,7 +8,7 @@
 #include <string>

 extern "C" {
-#include  "kernel_image.h"
+#include "kernel_image.h"
 }

 struct RSAPublicKey;
@@ -58,6 +58,7 @@ class KernelUtility {
  std::string firmware_key_pub_file_;
  std::string kernel_key_file_;  // Private key for signing the kernel.
  std::string kernel_key_pub_file_;
+  std::string subkey_in_file_;  // Existing key signature header.
  std::string config_file_;  // File containing kernel commandline parameters
  std::string bootloader_file_;  // Embedded bootloader code
  std::string vmlinuz_file_;  // Input vmlinuz to be embedded in signed blob.