Removing rootfs verification or resigning kernels can lead to an
unusable system if the dev_boot_signed_only flag is set. Add a sanity
check to print out an error when this happens.
BRANCH=none
BUG=none
TEST=manual
Run /usr/share/vboot/bin/make_dev_ssd.sh with the dev_boot_signed_only
flag set to 1 and observe that an error message is printed.
Change-Id: If116538152ee3122e3b742918bf1676982754fdd
Reviewed-on: https://chromium-review.googlesource.com/260970
Trybot-Ready: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
When trying to build out-of-tree, running `git status` will attempt to
write to the .git/ dir which causes a sandbox violation.
Since this code doesn't seem to actually do anything, drop it.
BUG=chromium:466499
TEST=precq still passes
TEST=build now passes when building out of tree
TEST=`./scripts/getversion.sh` produces good output with clean & dirty trees
BRANCH=None
Change-Id: Ia722fedef692876ffc87109b3a1d2e4a76235532
Reviewed-on: https://chromium-review.googlesource.com/259541
Trybot-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Some Brillo devices may have smaller kernel partition and we need to reduce the
size limit.
BUG=none
BRANCH=none
TEST=make_dev_ssd.sh applied on a Brillo config with 8MB kernel partition.
Change-Id: I9ca37445a6cdb20138f13dbe975c207383a1474c
Reviewed-on: https://chromium-review.googlesource.com/255341
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mao Huang <littlecvr@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Forgot to update the bitsizes in the variable constants.
BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates 8k keys
TEST=`./create_new_keys.sh --4k` now generates 4k keys
BRANCH=None
Change-Id: Ie285649f4d58ad2e2cba71f4cab737cc2235e3ab
Reviewed-on: https://chromium-review.googlesource.com/245890
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
While we do this, clean up:
- use braces everywhere
- convert local vars from $VAR to $var
- parse all command line args properly
- run in `set -e` mode
BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates sane keys
TEST=`./create_new_keys.sh --help` shows help output
TEST=`./create_new_keys.sh --asdfasdf` shows an error
TEST=`./create_new_keys.sh` outside chroot (w/out vboot binaries) aborts after first failure
BRANCH=None
Change-Id: I1ba0db0b24c0f2f10cf397b47115f0e98384d991
Reviewed-on: https://chromium-review.googlesource.com/245317
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
The signing scripts pass a bunch of args around, including paths
to the keys used to sign dev-mode-specific firmware. That was
only used on Alex and ZGB, so all the newer systems don't have
those keys and the script falls over.
This uses the normal firmware keys if the dev-firmware keys don't
exist. This was an oversight with the original CL that touched
resign_firmwarefd.sh
BUG=chromium:453901
BRANCH=ToT
TEST=manual
Download a newer signed recovery image, say for nyan, and save it as
scripts/image_signing/nyan-recovery-mp.bin
Temporarily delete the developer firmware keys from the devkeys:
rm -f tests/devkeys/dev_firmware*
Now try resigning the recovery image:
cd scripts/image_signing
./sign_official_build.sh recovery nyan-recovery-mp.bin \
../../tests/devkeys/ signed.bin \
../../tests/devkeys/key.versions
It should work.
Change-Id: I474811158cb33e16ad09c16b0db825c40217dd70
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245151
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Old images don't put kernel on partition 4 and rely on vblock for installation.
The signer script has to support both old and new images, by testing if kernel
partition has valid data.
BRANCH=signer
BUG=chromium:449450
TEST=(get old image without kernel blob on partition 4)
sign_official_build.sh usb image.bin ../../tests/devkeys signed.bin \
../../tests/devkeys/key.versions
Change-Id: I92542ffb162660d86c30d9598fe1ca59ff69afe4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243874
Reviewed-by: Mike Frysinger <vapier@chromium.org>
For each mount_image_partition, we have to unmount explicitly before doing other
changes (especially when using dd) to image. Otherwise system may flush data
when releaseing loop device and cause output image to be corrupted.
BUG=chromium:449450
TEST=sign_official_build.sh factory factory_install_shim.bin \
../../../tests/devkeys signed.bin ../../../tests/devkeys/key.versions
sign_official_build.sh verify signed.bin
BRANCH=signer
Change-Id: I20756d9769c3737e25cfea348a9a4d64cc43b202
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243496
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The shar utility changed the flag name and newer versions no longer
accept -w. Mung the shellball on the fly to use the newer flag.
BUG=chrome-os-partner:33719
TEST=signing old firmware shellball inside chroot passes
BRANCH=none
Change-Id: If5c2da3062bd72062baa779bb26ea56304c31558
Reviewed-on: https://chromium-review.googlesource.com/241064
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Some devices may use rootdev=/dev/dm-1 as root device (the default one was
dm-0, according to build scripts). Running make_dev_ssd.sh
--remove_rootfs_verification on these devices will fail changing rootdev kernel
command line, and cause people not able to re-mount root device as writable.
To support running make_dev_ssd on these devices, we want to change the rootdev
pattern to dm[0-9].
BUG=chromium:428041.
TEST=make_dev_ssd.sh --remove_rootfs_verification
BRANCH=none
Change-Id: Idfd251c58e7d39b0b80ec1fc68989c2f49bdd1b2
Reviewed-on: https://chromium-review.googlesource.com/226782
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
ChromiumOS images have recently changed the installable vblock from stateful
partition to kernel + vblock in slot B. sign_official_build script should
follow that layout so other scripts (ex, cros_generate_update_payload) won't
find wrong blob.
BRANCH=none
BUG=chrome-os-partner:32156
TEST=for image_t in ssd usb install recovery; do
./sign_official_build.sh $image_t IMAGE KEYDIR output$image_t.bin
./sign_official_build.sh verify output$image_t.bin
done
# Also boots images without problem.
Change-Id: I04e2b50f3f3355263ba6de9567b4a82c040c5826
Reviewed-on: https://chromium-review.googlesource.com/221890
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
If we try to sign an image w/out Chrome, this file won't exist.
Run grep with the -s flag to silence those warnings.
BUG=chromium:418817
TEST=`cbuildbot storm-release` no longer warns
BRANCH=None
Change-Id: Ibac0978e3e4d9f89c00206a2dd21c1d71544f710
Reviewed-on: https://chromium-review.googlesource.com/221184
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
scripts/sign_data.sh is just a wrapper to do this:
./signature_digest_utility $1 $3 \
| openssl rsautl -sign -pkcs -inkey $2
AFAICT, that script is only invoked by the SignatureFile()
function in host/lib/file_keys.c, which is not referenced by
anything. I think I can remove both of those things.
Also remove utility/gbb_utility.cc, which should have been done
long ago in commit 6f39615.
BUG=none
BRANCH=ToT
TEST=make runalltests
Also ran it on daisy_spring-paladin and link-tot-paladin.
Change-Id: I16de5022765806f11bf6144d7ffd8cc849578a68
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/216719
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Since all of the functionality of the resign_firmwarefd.sh script
is built in to futility, let's just make that script invoke
futility to do the work. We'll come back and remove the script
entirely, once all outside references to it have been changed to
do the right thing.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Also tested by editing tests/futility/test_resign_firmware.sh to
invoke the resign_firmwarefd.sh script instead of futility.
Everything passed.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id068e551067a956cd7ddc3f9b9e23488261d8d94
Reviewed-on: https://chromium-review.googlesource.com/216716
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Add a script that runs sanity checks on the versions in a keyset.
In particular, tests whether the actual key versions match those
in key.versions. Also runs consistency checks (for example: firmware
version should match kernel subkey version).
BUG=none
TEST=run on all of our keysets
BRANCH=none
Change-Id: I5b509ba33127364f6b63252ad167646eb7dce710
Reviewed-on: https://chromium-review.googlesource.com/190790
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
chromeos-install always expects DM verity information from install source,
because even when --noenable_rootfs_verification is applied, the output image
will still include DM verity in kernel command line (just not enabled).
To support developers installing a modified image (by
--remove_rootfs_verification), we have to change the command line to keep DM
verity data, just like how --noenable_rootfs_verification is done.
BRANCH=none
BUG=none
TEST=make_dev_ssd.sh --noenable_rootfs_verification; reboot;
chromeos-install # success.
Change-Id: I3b2c8cbf1b89086ed91b5549c7147cd940fbda14
Reviewed-on: https://chromium-review.googlesource.com/207321
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
In order to disable PD software sync but still do EC software sync
it is useful to have a separate GBB flag for it.
This will allow me to release a Samus P2B firmware image that will
update the EC but not the PD, since the PD FW that comes on P2B
devices cannot be updated with software sync.
BUG=chrome-os-partner:30079
BRANCH=None
TEST=flash BIOS with updated EC+PD:
1) no GBB flags to override behavior updates both EC and PD
2) GBB flag to disable EC software sync disables both EC and PD update
3) GBB flag to disable PD software sync disables only PD update
Change-Id: I49ffb59238bee4a2dd66b24f2516e3ce46ea06cd
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/211910
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Rather than leave the default set of keys in the firmware untouched
(which are dev keys), insert the first loem keyset we find. This is
for people who extract the bios.bin by hand and then blindly burn it
into their flash. This way they'll still get some valid loem keys.
It's not a great solution, but it's better than nothing.
BUG=chromium:381862
TEST=signed recovery image by hand w/loemkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/devkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/custom loemkeys and looked at packed bios.bin
BRANCH=none
Change-Id: I8db1e34d9f4d85be6edf81fecf79a72031571b01
Reviewed-on: https://chromium-review.googlesource.com/204262
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
The common.sh file already defines these variables/funcs, so drop them.
BUG=chromium:381862
TEST=`./create_new_keys.sh` created new keys correctly
BRANCH=none
Change-Id: Ie7f0f683d4971c188d4629b520938b4b65bb0a9f
Reviewed-on: https://chromium-review.googlesource.com/203685
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
With an loem keyset in a recovery shellball, we don't want to write the
rootkeys & vblocks to the firmware image directly. Instead, we'll put
them into a keyset subdir that the firmware updater will process later.
bios.bin
keyset/
rootkey.LOEMID
vblock_A.LOEMID
vblock_B.LOEMID
We still write the recovery key to the firmware image though as that is
shared between all the keysets.
BUG=chromium:381862
TEST=Ran against a recovery image with devkeys & loemkeys and checked shellball
TEST=`cbuildbot daisy-release` works
BRANCH=none
Change-Id: I6fc99c71e6c7dee25f7f9a466a97314ff750fda9
Reviewed-on: https://chromium-review.googlesource.com/203682
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Make ensure_no_nonrelease_files.sh stop grepping
/etc/session_manager_use_flags.txt for USE flags. Instead,
look for non-comment lines in /etc/chrome_dev.conf.
BUG=chromium:377301
TEST=manual: ran against images both with and without
extra config directives
BRANCH=none
CQ-DEPEND=I86d01f4a551433527bb434dc62c30fb44082f774
CQ-DEPEND=Ic030207840b6be79b51486d1706573241a01c08d
Change-Id: Iefeefd936dc7706ed74340edb6521621885bbe25
Reviewed-on: https://chromium-review.googlesource.com/203463
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Daniel Erat <derat@chromium.org>
Tested-by: Daniel Erat <derat@chromium.org>
make_dev_firmware.sh calls resign_firmwarefd.sh, which extracts rootkey from
input image for checking VBLOCK firmware body size. As a result, we should
resign firmware before changing rootkey / GBB.
BUG=chromium:365738
TEST=Install Nyan/Peppy PreMP-signed firmware, run make_dev_firmware.sh, and
then boot in normal mode.
BRANCH=none
Change-Id: I45dbcacb40b7b77bbf89f1ba244bf7fb25f9ae27
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/196521
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Early proto devices (for testers and developers) may have hardware write
protection enabled and software disabled. They can still flash SPI ROM in that
case, and no need to disable hardware WP switch.
BRANCH=none
BUG=chromium:341242
TEST=./set_gbb_flags.sh 0x39 # see WP messages.
Change-Id: Id320410795a162a009b80360c2225c7510337591
Reviewed-on: https://chromium-review.googlesource.com/186336
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Shawn Nematbakhsh <shawnn@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
People trying to override GBB flags and not having write protection disabled may
corrupt whole RW section of firmware.
To avoid that, we should check write protection before starting to invoke
flashrom commands.
BUG=chromium:341242
TEST=./set_gbb_flags.sh 0x39 # Aborted on a write-protected system, as expected.
BRANCH=none
Change-Id: I6b2dcc75b87dc5ceace0d7caec62ded787b2b534
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/185653
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@google.com>
The "-p internal:bus=*" is now deprecated by "-p {host,ec}" because we may have
EC on SPI bus.
BUG=none
TEST=manually executed dev_debug_vboot and see correct output.
BRANCH=none
Change-Id: I6363c09c2ebf57812bf35b7db220303a2786db20
Reviewed-on: https://gerrit.chromium.org/gerrit/66321
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yung-Chieh Lo <yjlou@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
This is a helper script intended for the signing servers to use to strip
out the /boot directory from images just before signing.
BUG=chromium:210352
TEST=Manually used to strip and image and validated the results.
BRANCH=None
Change-Id: I814522284143d8f90651e13000d428718aeca1e4
Reviewed-on: https://gerrit.chromium.org/gerrit/60828
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
Fixed sign_official_build.sh to work with PARTUUID in the linux format,
PARTUUID=%U/PARTNROFF=1. Had to handle the '/'.
Also fixed a misspelled variable name, devcie -> device. It worked
before because a NULL string generated the right results in the
current configuration.
BUG=chromium:224066
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery /home/taysom/trunk/src/build/images/$B/latest/recovery_image.bin /home/taysom/trunk/src/platform/vboot_reference/tests/devkeys /tmp/taysom.bin
BRANCH=none
Change-Id: Id201885a63c6eba4cdb7c9216c0d3d35e6d3f0c4
Reviewed-on: https://gerrit.chromium.org/gerrit/61889
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
1) GBB flag to skip EC software sync, so EC will be untouched. Needed
for EC development.
2) GBB flag to default to booting legacy at end of dev screen timeout.
Very handy for booting Ubuntu (or other OS).
Also added unit tests for the new flags.
BUG=chrome-os-partner:20111
BRANCH=none
TEST=make runtests
Change-Id: I9da87d87014881a1b1393b0b4a5acb921d080066
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
The code was using a mixture of shell patterns and
sed regular expression. Changed code to just used
sed regex. This will let me use more complex regex
that are needed for adding PARTUUID to uuids.
BUG=chromium:241572
TEST=./security_test_image
BRANCH=none
Change-Id: I2e8570051b31d580ae36cb82f05383a33236b88e
Reviewed-on: https://gerrit.chromium.org/gerrit/51503
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
The Linux kernel expects partitions that are identified by uuid,
to have the the uuid prefixed by "PARTUUID=" and an optional suffix
of "PARTRNOFF=%d".
The change adds additional pattern matching for these strings.
This will also let get rid of custom uuid processing in dm-verity,
dm-bootcache and dm-verity-chromeos.
BUG=chromium:224066
TEST=security_test_image with old and new command line
BRANCH=none
Change-Id: I71b89dd1df8d7ccd5768c2784078bb869d546bf3
Reviewed-on: https://gerrit.chromium.org/gerrit/51303
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
There's no need to give execute permissions to files that aren't supposed to
executed.
BUG=none
BRANCH=none
TEST=manual
make runtests
Change-Id: I2480b97b39124e98c2f639d56be54cadfdc17f9b
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42648
Reviewed-by: Randall Spangler <rspangler@chromium.org>
When setting a field, this script mounts the image, unmounts, mounts
it, then writes the field, then unmounts it. When setting 4 or 5
keys at once, this is quite a waste.
Tweak it so we only mount it once, and we can set multiple keys in
a single call by looping over the input args.
BUG=None
TEST=`./signing_unittests.py` passes
BRANCH=None
Change-Id: Id7dc4e8ef58113cc4632721851fcab04ef1e69eb
Reviewed-on: https://gerrit.chromium.org/gerrit/42601
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Changed the manipulation of the device mapper arguments in the
command line to handle bootcache. Had to maintain backwards
compatibility with older versions because the signer is used
with older images.
BUG=chromium-os:37114, 37061
TEST=On a parrot with dev signed keys, signed and installed an R-23 image (2913),
a image with bootcache disabled and an image with bootcache enabled.
BRANCH=none
Change-Id: I59c46ccc3ff8b89ae9c4515f020ea9fbe6d96c7c
Reviewed-on: https://gerrit.chromium.org/gerrit/40052
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
For debugging purposes, we like to see the kernel command line that a
particular kernel is using. We have all the tools to do this already,
but not easy to leverage (you have to manually extract/etc...). So
add a "dump_config" helper to help people out.
Further, the existing argc processing is incomplete and not terribly
friendly. Add some useful error messages explaining why we quit.
BUG=None
TEST=`./sign_official_build.sh dump_config <bin>` works
TEST=`./sign_official_build.sh verify <bin>` works
TEST=`./sign_official_build.sh` shows usage
TEST=`./sign_official_build.sh recovery <bin>` shows usage
TEST=`./sign_official_build.sh recovery <bin> / /tmp/foo` tries to sign
BRANCH=None
Change-Id: I9f94250b8c299783bdcba704733974c6a5491101
Reviewed-on: https://gerrit.chromium.org/gerrit/39603
Reviewed-by: Paul Taysom <taysom@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Changed the pattern substitution to work with dm-[0-9]
BUG=chromium-os:25441
TEST=Turned off verity on stumpy both with and without bootcache
BRANCH=none
Change-Id: I519ad71879f2db847f450b869c8f7a67606f1e20
Reviewed-on: https://gerrit.chromium.org/gerrit/38691
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.
BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none
Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
Using PT=18 provides better screen on scaled screens.
IPAPGothic does not look good after being scaled, so let's use Droid Sans
Fallback again.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: I59f3768a14055d8f135e15b85107406d5a2d4924
Reviewed-on: https://gerrit.chromium.org/gerrit/38016
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
To simplify dependency (and prepare for building inside chroot), we need to get
rid of dependency for ImageMagick, which is now entirely replaceable by Python
Image Library.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: Ie3d3a4ac399b2fe58aa75f8e02e4475bcba21c51
Reviewed-on: https://gerrit.chromium.org/gerrit/37985
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Running ImageMagick + PIL is a redundant task; we should let PIL
do flatten, resize, and exporting to different format.
Before: real 11m54s, user 37m10s.
After: real 8m3s, user 16m33s.
BRANCH=none
BUG=none
TEST=make
Change-Id: I65f1e5b769161650310abca46851824755402d9b
Reviewed-on: https://gerrit.chromium.org/gerrit/37200
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Sub-shell execution is slow. To improve shell script execution speed:
- Replae $(expr) by $(()).
- Cache image file data and avoid executing ImageMagick.
- Prevent extra eval & subshell.
- Remove bash-only syntax to allow using dash.
# time ../make_default_yaml en
Before change: Real 9s, User 1m7s.
After (bash): Real 1.6s, User 8.8s.
After (dash): Real 1.0s, User 6.9s.
BRANCH=none
BUG=none
TEST=make
Change-Id: I59626fb1a211de82cf58fcd1331a5641b97e2823
Reviewed-on: https://gerrit.chromium.org/gerrit/37006
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Change *usb2 to "USB2 only, no SD" and add "*sdusb2" as "USB2 only, with SD".
Also fixed PIL conversion error on Ubuntu Precise edition.
BRANCH=none
BUG=chrome-os-partner:15738
TEST=make # pass
Change-Id: I9bc22b7f82bc6e58e6069ae6dd4951e882edb19c
Reviewed-on: https://gerrit.chromium.org/gerrit/36997
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Dave Parker <dparker@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
There will be more bios*.bin (ex, bios_rw.bin) in firmware updater, and we do
want to sign all files.
BRANCH=signer
BUG=chromium-os:35369
TEST=sign_official_build.sh ssd DEV_IMAGE ../../tests/devkeys
Change-Id: I2ea0c5c3d7a18c43df581f50b4bd907206dcd7ad
Reviewed-on: https://gerrit.chromium.org/gerrit/36890
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
