scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-01 13:43:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
255 Commits 52 Branches 2 Tags
0500524edda44c770690bb942e916522f1eca5cd
Commit Graph

4 Commits

Author SHA1 Message Date
Gaurav Shah
0c4c9bac3c Make signing script re-sign Firmware AU payload, and update rootfs hash. 
The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys.

BUG=3496, 5264
TEST=manual

>>>>>For testing rootfs hash updates

1) Ensure that image was build with the --enable_rootfs_verification flag
2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file)
3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output.
4) You should see dm-bht complaining about block hash mismatches
    $ dmesg | grep dm
      ..... <dm-bht errors>.......
      <errors of the form "dm-bht: Block hash match failed">

4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash.
5) Boot from the re-signed image. Look at dmesg output.
6) You should see NO dm-bht errors.

>>>>>For testing re-signing of firmware payload

Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory.
   $ unpack_firmwarefd.sh bios.bin
   $ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data
    [Verification should succeed]
   $ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey
   "rootkey" should be the same as KEY_DIR/root_key.vbpubk
   "recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk

KEY_DIR: Directory containing the keys used to generate the output image.

Review URL: http://codereview.chromium.org/3083025
 2010-08-16 13:29:00 -07:00
Darin Petkov
11701c7bb2 Cleanup set_chronos_passowrd script. Also, use $PROG. 
BUG=5580
TEST=changed password, reimaged device

Review URL: http://codereview.chromium.org/3164006
 2010-08-11 11:08:47 -07:00
Darin Petkov
b7ddcb1caf A utility for updating /etc/lsb-release values. 
BUG=5581
TEST=updated an image, updated a device, verified /etc/lsb-release

Review URL: http://codereview.chromium.org/3145008
 2010-08-11 11:02:38 -07:00
Gaurav Shah
37522c9c0c Add a script to generate builds signed using the official keys. 
The script sign_official_build.sh does the appropriate signing depending on whether an ssd, recovery or factory-install image is desired.

Also re-factors some common functionality into common.sh.

BUG=3496
TEST=manual

I haven't had a chance to test this on an actual machine running our firmware but will do that before I actually check-in. Thoughts I'd atleast get this out to get the review going.

Review URL: http://codereview.chromium.org/3066034
 2010-08-04 15:20:52 -07:00