OpenCellular

mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-07 00:15:21 +00:00

Author	SHA1	Message	Date
Mike Frysinger	2d160adf72	image_signing: sign_official_build.sh: switch verification to loopbacks Rather than copy out the rootfs to a temp file and perform checks on that, run the checks directly on the image. This saves us from having to copy many GB worth of data which can be expensive on the VMs (slow disk I/O). BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ie7d1c432aacb69e57b6c5fd9ab810b8d0b054860 Reviewed-on: https://chromium-review.googlesource.com/505476 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-06-15 15:17:17 -07:00
Marco Chen	04b3835b69	Add a script to generate a keypair for signing Rose RW firmware. Rose decided to leverage the key format of Hammer therefore this script calls Hammer's one to generate a key pair and renames them to key_rose*. BUG=b:37693819 TEST=None BRANCH=None Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403 Reviewed-on: https://chromium-review.googlesource.com/529504 Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-12 06:47:41 -07:00
Mike Frysinger	4df2f6f4e2	keygeneration: make helper script executable BUG=b:35587169 TEST=None BRANCH=None Change-Id: I2098f39dd17893c5e30ed495eaa87935efbcb0ee Reviewed-on: https://chromium-review.googlesource.com/526613 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Marco Chen <marcochen@chromium.org>	2017-06-10 03:10:21 -07:00
Marco Chen	670ca01555	Add a script to generate a keypair for signing accessory RW firmware. BUG=b:35587169 TEST=None BRANCH=None Change-Id: Ibb309c34ca22d30138cb62d698eafb6ee77add8c Reviewed-on: https://chromium-review.googlesource.com/520368 Commit-Ready: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-06 08:52:17 -07:00
Mike Frysinger	fda1300464	keygeneration: add some output helpers These use the same forms as in other shell projects in CrOS. BUG=b:35587169 TEST=ran create_new_android_keys.sh and new output works BRANCH=None Change-Id: Id75fd77203795d7837537f12ab948376a7ad105e Reviewed-on: https://chromium-review.googlesource.com/520786 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>	2017-06-01 23:49:33 -07:00
Mike Frysinger	b568c66bd7	image_signing: ensure_secure_kernelparams.sh: use loopback devices for speed Rather than read out the whole kernel partition just to dump the kernel config, set the image up via a loopback device and read from there. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a Reviewed-on: https://chromium-review.googlesource.com/505475 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-05-23 23:59:31 -07:00
Mike Frysinger	9d11bb1b1d	image_signing: unify output helpers We have `err_die` and `die` helpers that do the same thing, but some scripts just have to know which one to use based on their runtime. Just unify them as the more common `die` so all scripts can use it. Similarly, we provide info, warn, and error to dev scripts, but not to the runtime ones. Add small stubs in common_minimal.sh so the API is consistent. BRANCH=None BUG=chromium:718184 TEST=scripts still work Change-Id: Id44fb27900c37f4e357d20817f909e4534d1c5b3 Reviewed-on: https://chromium-review.googlesource.com/507990 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-19 04:13:09 +00:00
Mike Frysinger	b660356d51	image_signing: fix key insert logic We don't want to override the common trap as the common sh files already have handlers installed to clean up files/mounts. Re-use those helpers to avoid leaking loopback mounts. BRANCH=None BUG=chromium:718184 TEST=signing images still works Change-Id: I749ce5075194356219fea51152154fdc5a2e3b99 Reviewed-on: https://chromium-review.googlesource.com/505575 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-16 17:43:14 +00:00
Mike Frysinger	36e030df80	image_signing: strip_boot_from_image.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I48edde260e1d1db88f65624c7ff46ad2ac1cc2f4 Reviewed-on: https://chromium-review.googlesource.com/498100 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 15:25:43 -07:00
Mike Frysinger	9e7caccd35	image_signing: resign_image.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ief4256a8ceab753d5c1fd6d0f3d81609e11f62a9 Reviewed-on: https://chromium-review.googlesource.com/500329 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	3c8496cc86	image_signing: sign_official_build.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4097fd58f349dc84c242dd12d6a94e12f387a1f0 Reviewed-on: https://chromium-review.googlesource.com/498232 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	ad16cf327e	image_signing: ensure_sane_lsb-release.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I7351e1ff63bb7e88e4449dd2718685fef7ec031d Reviewed-on: https://chromium-review.googlesource.com/498267 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 01:04:43 -07:00
Mike Frysinger	5fa64e2eae	image_signing: ensure_no_nonrelease_files.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I666d3f5beee4b4e3e9903d546ef66917990a659e Reviewed-on: https://chromium-review.googlesource.com/498231 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 22:49:01 -07:00
Mike Frysinger	eb7c7632fe	image_signing: make_dev_ssd.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I96e20f38b6a51ad4dc8064fa3fb3d4302c47888f Reviewed-on: https://chromium-review.googlesource.com/497302 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 20:58:06 -07:00
Mike Frysinger	3a6d6f886e	image_signing: common.sh: prefix helper messages with $PROG by default This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I072994dd07cf559a60e8a139eaeaf000cbbf72e3 Reviewed-on: https://chromium-review.googlesource.com/497301 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:55 -07:00
Mike Frysinger	f68d76c1cd	image_signing: do not fail when chronos does not exist If the device doesn't create a chronos user, don't throw errors. For some embedded systems, they don't need a chronos user. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4604beae1e647e024a04583471b8a7d0d4f188fa Reviewed-on: https://chromium-review.googlesource.com/500027 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:53 -07:00
Mike Frysinger	0dfff398fc	image_signing: swap_rootfs.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ic9cf90929f949a7f6b4e41e5b819d6f786c1c833 Reviewed-on: https://chromium-review.googlesource.com/500328 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-10 11:58:28 -07:00
Mike Frysinger	1aabe7111e	image_signing: output pubkey in DER format BRANCH=None BUG=chromium:718184 TEST=new imageloader works Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f Reviewed-on: https://chromium-review.googlesource.com/497914 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org>	2017-05-10 11:58:19 -07:00
Mike Frysinger	f3df71d44c	image_signing: set_channel: use new lsbval helper Minor clean up to the logic. BUG=None TEST=`./set_channel recovery_image.bin stable-channel` changed the lsb-release file to stable BRANCH=None Change-Id: Idf12b643f88e373b528b50e269537b861052b448 Reviewed-on: https://chromium-review.googlesource.com/414225 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>	2017-05-07 09:45:58 -07:00
Mike Frysinger	febef2af40	image_signing: fix signing of zip/crx files Restore the search logic for manifests in subdirs. BRANCH=None BUG=chromium:697645 TEST=signed adb/fastboot zip archives Change-Id: I07a417216ea463cb00d6ead7cd3b61d6e6fa507d Reviewed-on: https://chromium-review.googlesource.com/494207 Commit-Ready: Hsinyu Chao <hychao@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org>	2017-05-04 06:07:01 -07:00
Eric Caruso	1919b169bf	image_signing: change files sign_oci_container looks for Since we're packing containers in a format imageloader understands, we need to consume imageloader's manifest and produce a signature it knows to look for. BRANCH=ToT BUG=chromium:697645 TEST=package adb container, verify imageloader.sig.2 is present Change-Id: Ied9cdacf1d448a094c1b171bc2bf3b2ae54eb517 Reviewed-on: https://chromium-review.googlesource.com/457102 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-04-26 16:19:51 -07:00
Victor Hsieh	cfbc083efe	Preserve compress method when re-sign Android image TEST=sign_android_image.sh rootfs /path/to/tests/devkeys/android # unsquash -s still shows gzip (previous script always use lzo) BUG=chromium:705247 BRANCH=none Change-Id: If95686d293123a069ce36bc53cbea3a08aa3e7ab Reviewed-on: https://chromium-review.googlesource.com/461205 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-03-28 17:16:52 -07:00
Mike Frysinger	62461d719f	image_signing: support signing of OCI containers BUG=chromium:660209 TEST=`./sign_official_build.sh oci-container fastboot/ ../tests/devkeys` works TEST=signing an image inserted the container pubkey BRANCH=None Change-Id: I75793b03e93f2c18b1495a3ec729ad04d2e17401 Reviewed-on: https://chromium-review.googlesource.com/427538 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-01-14 20:19:06 -08:00
Hung-Te Lin	d140800050	scripts: Add "-p host" to make_dev_firmware.sh. Always add "-p host" for flashrom to find right programmer. BRANCH=None BUG=chrome-os-partner:60894 TEST=./make_dev_firmware.sh Change-Id: Iee66e143e77ea258a2a9ff3757d9446b7cf37dbc Reviewed-on: https://chromium-review.googlesource.com/419860 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Ting Shen <phoenixshen@chromium.org>	2016-12-28 00:55:50 -08:00
Ting Shen	e5500a319b	set_gbb_flags: add '-p host' to flashrom command BRANCH=none BUG=chrome-os-partner:60894 TEST=set_gbb_flags 0 Change-Id: I22f372590bfe7705d4312588f971ad37f229a216 Reviewed-on: https://chromium-review.googlesource.com/418519 Commit-Ready: Ting Shen <phoenixshen@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Reviewed-by: David Hendricks <dhendrix@chromium.org>	2016-12-20 06:47:09 -08:00
Hung-Te Lin	1a0679c1a4	scripts: Change anti-rollback check from error to warning for make_dev_firmware. Currently make_dev_firmware will abort if the stored TPM version is higher and ask user to reset TPM; however that is not very feasible because: (1) If the device is still MP-signed, external users can't boot dev-signed factory shim or recovery or test images. (2) Even if the user is able to reset TPM, the stored TPM version will be increased again when user boots into the image for running make_dev_firmware. As a result, the right flow is to allow user (with warning and instructions) resign firmware with dev-keys, boot into recovery mode due to anti-rollback check, and then boot any dev-signed image to reset TPM. BRANCH=none BUG=None TEST=./make_dev_firmware.sh # see warning message. Change-Id: Ifd4cd9912ab505427c985154b3f469e1485789b2 Reviewed-on: https://chromium-review.googlesource.com/419898 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>	2016-12-14 06:03:12 -08:00
Mike Frysinger	1e9245dfff	image_signing: unify board extraction logic from lsb-release We had two places extracting the board value from lsb-release and parsing the output by hand. Unify them to use the same parsing logic to avoid desynchronized behavior. We also create a new get_boardvar_from_lsb_release helper to unify the board name -> variable name mangling logic. BUG=chromium:667192 TEST=`./security_test_image --board samus` still detects the correct board BRANCH=None Change-Id: If88a8ae59b9c9fd45ddd796653a0173ed0186d2d Reviewed-on: https://chromium-review.googlesource.com/414224 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>	2016-11-29 17:41:03 -08:00
Randall Spangler	46a382d613	vboot: Remove vboot1 cryptolib padding source The old vboot1 cryptolib hard-coded many of its padding arrays in a padding.c file. Use the equivalent vboot2 apis instead. This change is almost exclusively on the host and test side; the only firmware impact is on a single line of debug output. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400902 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>	2016-11-06 02:33:02 +00:00
Qiang Xu	a1001da565	Strip out bootcache config when removing rootfs verification For a device with bootcache support (such as parrot), the kernel config contains bootcache args (reference: device_map_args in build_kernel_image.sh). When removing rootfs verification, bootcache should be disabled, equivalently we should remove bootcache args. BRANCH=vboot_reference BUG=chromium:590606 TEST=tested on parrot device with ./build_image --board=parrot test. After installing the image on device, (1) run sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification (2) reboot The bootloop bug is fixed. Change-Id: I56ca5f2d98e00e1117611959a67ce72338ec7377 Reviewed-on: https://chromium-review.googlesource.com/395386 Commit-Ready: Qiang Xu <warx@chromium.org> Tested-by: Qiang Xu <warx@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Qiang Xu <warx@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-10-13 17:26:38 -07:00
Hung-Te Lin	fefc682bb7	scripts: Improve make_dev_firmware and allow working with more MP firmware. Verified boot has "TPM anti-rollback check" that prohibits booting firmware if the device has been installed with a firmware that has higher signing version. This is causing problems when people are trying to use make_dev_firmware script on MP devices (which usually has a higher version than DEV keyset, which is always 1). Previously, make_dev_firmware won't alert about this so developers will first see boot failure, figure out what happened, and then either uprev the devkeys folder manually (which we don't provide scripts on DUT so it's hard), or reset the device by using factory reset shim. Since make_dev_firmware already knows all information, it should check and increase version number automatically. This change has implemented checking and increasing 'firmware version'. The 'data key version' is also checked, but increasing that is more complicated and we probably don't have all required tools yet on DUT, so it is only checked. Also added one flag --[no]mod_hwid so MP device users can keep their HWID easier, when they need to switch back and forth between DEV / real MP firmware. BRANCH=none BUG=none TEST=Grab a firmware from daisy mp-v4.bin and do ./make_dev_firmware.sh -f bios.bin -t out.bin --nomod_hwid Change-Id: If81ef60e6debdcd1c6d899b5a2c03bdacb4fd4f7 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/390871 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>	2016-10-01 00:02:43 -07:00
Victor Hsieh	31cf713244	Revert "Change debug key signatures" The lab use test image (non-signed) to run CTS, so we still need to switch key to make a test pass (which blacklist Google's dev key). This reverts commit `b94145a309`. TEST=None BUG=b:29915721,b:31373710 Change-Id: I0873d13b606f3e49b9d055e9dd081d3dacd97c65 Reviewed-on: https://chromium-review.googlesource.com/388636 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-26 11:59:22 -07:00
Luis Hector Chavez	42b74d2677	Preserve file capabilities while signing Android The version of unsquashfs that is shipped with Trusty does not correctly file capabilities, even though the target filesystem supports them. This change forces the Android signer script to prefer the pre-built binaries for mksquashfs/unsquashfs in order for the file capabilities to be preserved. BUG=b:31630024 BRANCH=none TEST=Called sign_android_image.sh locally, saw capabilities preserved across repeated invocations. CQ-DEPEND=CL:*289356 Change-Id: I13e8782edb699eb4ce8bcf82885bd474f4351430 Reviewed-on: https://chromium-review.googlesource.com/387867 Commit-Ready: Luis Hector Chavez <lhchavez@google.com> Tested-by: Luis Hector Chavez <lhchavez@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-23 21:09:16 -07:00
Mike Frysinger	6f2ea5b731	keygeneration: create_new_keys: add key-name/output options We use these features on the signer, so move the logic here so it's in the public code. BUG=None TEST=`./create_new_keys.sh --key-name hihya --output foo --android` worked BRANCH=None Change-Id: I85d6fdbafd99a1b94bc90e26cbc17ba801614914 Reviewed-on: https://chromium-review.googlesource.com/388673 Reviewed-by: David Riley <davidriley@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>	2016-09-22 19:58:27 +00:00
Mike Frysinger	df39d0ac27	keygeneration: add --android option to generate keys BUG=b:29915721 TEST=`./create_new_keys.sh --android` includes android keys BRANCH=None Change-Id: Ibb00b87921435ac5b70a297324ddf60563dc08d8 Reviewed-on: https://chromium-review.googlesource.com/386905 Reviewed-by: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>	2016-09-20 20:48:21 +00:00
Bill Richardson	afa7350dcc	make_dev_firmware.sh should use key.versions file The 'key.versions' file is used by the image signing scripts to ensure that newly generated keys and re-signed buildbot images have the correct version numbers to avoid rollback in officially-signed Chrome OS images. If a skilled user is re-keying her Chromebook to use personal keys in normal mode (which requires disabling WP and changing the GBB and VBLOCK_A/B), she can avoid clearing the TPM rollback counters if make_dev_firmware.sh will obtain the firmware_version from the key.versions file in her personal key directory. BUG=none BRANCH=none TEST=make runtests, manual tests Extract an MP-signed BIOS from a Chromebook Peppy. flashrom -p host -r peppy.bin Resign it without this CL: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy.bin Resign it with this CL: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new.bin Confirm no difference: cmp dev_peppy.bin dev_peppy_new.bin Temporarily edit tests/devkeys/key.versions to contain firmware_key_version=2 firmware_version=3 kernel_key_version=4 kernel_version=5 Resign again: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new2.bin Confirm that the only difference is the firmware version in VBLOCK_A/B: futility show dev_peppy_new*.bin Change-Id: I133f1b58fb969eaeb239a44a4800750c4eee1d5f Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/383887 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-12 17:36:22 -07:00
Victor Hsieh	b94145a309	Change debug key signatures We switched to different debug keys so the signature needs to be updated. TEST=sign_official_image with the new recovery image, failed before this change bug succeeded after. BUG=chromium:645628 Change-Id: I58236222c26f90268de80dc99f22d84650e67bb7 Reviewed-on: https://chromium-review.googlesource.com/383900 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org>	2016-09-09 21:39:16 +00:00
Victor Hsieh	b618e0ccf3	Remove Android signing restriction of M54+ Effectively, this will sign Android platform apks in M53, the first ARC release. TEST=Haven't heard problem from the latest Dev release 8737.1.0 BUG=b:29915721 Change-Id: Ic71f04e7fddbe3d020c57f9933e09b5537ee7370 Reviewed-on: https://chromium-review.googlesource.com/376799 Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Bernie Thompson <bhthompson@chromium.org>	2016-08-29 17:24:47 +00:00
Mike Frysinger	a929c2755e	image_signing: drop board hacking for lsb appid checks BUG=chromium:605595 TEST=None BRANCH=None Change-Id: I8104d80d151440bdd8f419c88bd98592d9f44612 Reviewed-on: https://chromium-review.googlesource.com/371678 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>	2016-08-25 01:46:24 -07:00
Victor Hsieh	8145468859	Skip Android signing if executables are not found TEST=./fm_and_key_version_test_prep ... in chroot BUG=chrome-os-partner:56279 Change-Id: I0c76aed757ae30245e07873180dbc9b609a8ec13 Reviewed-on: https://chromium-review.googlesource.com/374078 Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: danny chan <dchan@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-08-23 17:58:01 +00:00
Victor Hsieh	16f1b29e76	Refer keytool using relative path We will assume JDK bin/ is in the PATH, instead of using an absolute path. TEST=sign_official_image.sh BUG=b:29915721,chrome-os-partner:56279 Change-Id: I55379a8409b7d81f213d4d7418133691fa8152cf Reviewed-on: https://chromium-review.googlesource.com/373558 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org>	2016-08-19 21:48:31 +00:00
Victor Hsieh	928f2405b8	Fix file ownership during Android apk signing Several files were changed to own by root instead of the original owner in the squashfs image. This has caused problem to boot Android. TEST=./sign_official_image with local keys, extract system.raw.img and override device copy. Able to launch ARC. BUG=b:29915721,b:30919855 Change-Id: Ic2595c99cbb7f7c2a2c543612a368681220cb3d9 Reviewed-on: https://chromium-review.googlesource.com/372312 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org>	2016-08-18 23:51:30 +00:00
Victor Hsieh	7be7de4506	Only re-sign ARC apks when lsb-release looks legit TEST=sign_official_build.sh with veyron_minnie image # works TEST=sign_official_build.sh with veyron_shark image # skipped BUG=chromium:638289 Change-Id: Ic00b5c73fc094ad1146ffb1f29d2dcc5cfdb839d Reviewed-on: https://chromium-review.googlesource.com/371458 Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-08-16 21:02:11 +00:00
Mike Frysinger	59c4501d8e	image_signing: avoid leaking rootfs mount in android code When we return early from the release check, we leaked the mount point. This could in turn cause issues with data syncing and hash calculation. BUG=b:30891460 TEST=None BRANCH=None Change-Id: I7a40007e371b8e64ca7e8210ad9121dc1a4bcf9f Reviewed-on: https://chromium-review.googlesource.com/370739 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>	2016-08-16 17:47:47 +00:00
Victor Hsieh	7573ff7efb	Add script to sign Android image sign_android_image.sh is the main script that signs the image. It makes similar changes to an image like the Android official signing tool (sign_target_files_apks.py) does, but more Chrome OS specific. TEST=./sign_official_build.sh recovery recovery_image.bin \ ../../tests/devkeys/ out_img TEST=Same above but with a recovery image without Android image. Android signing was skipping. TEST=Same above but with a M53 image. Android signing was skipped. TEST=Unpack the image and diff the before and after. Looks correct. BUG=b:29915721 Change-Id: I0ae5f0ad8d2b05e485d60262558517ea563bf527 Reviewed-on: https://chromium-review.googlesource.com/366794 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-08-15 15:19:52 -07:00
Amey Deshpande	48b1a50b08	Revert "image_signing: use sparse partition extraction [reland]" This reverts commit `f482470b72`. The original change is the suspected root cause of chromium:606738. TEST=signing_unittests.py in cros-signing passes (with updated vboot_stable_hash). BUG=chromium:606738 BRANCH=None Change-Id: I21ea027bbda123ee26c6deb4437b07d2fc6e8575 Reviewed-on: https://chromium-review.googlesource.com/340895 Commit-Ready: Amey Deshpande <ameyd@google.com> Tested-by: Amey Deshpande <ameyd@google.com> Reviewed-by: Amey Deshpande <ameyd@google.com>	2016-04-27 18:12:33 -07:00
Amey Deshpande	8de46d0af9	sign_official_build: retain /boot for EFI devices TEST=Ran sign_official_build locally on image w/ cros_efi and checked the signed image had /boot in rootfs. BUG=chromium:604967 BRANCH=None Change-Id: Id6e1a6409e07fa37a5c116c66ac937dd9aec1481 Reviewed-on: https://chromium-review.googlesource.com/335469 Commit-Ready: Amey Deshpande <ameyd@google.com> Tested-by: Amey Deshpande <ameyd@google.com> Reviewed-by: Don Garrett <dgarrett@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-04-22 15:43:26 -07:00
Mike Frysinger	f482470b72	image_signing: use sparse partition extraction [reland] Often the partitions we extract have extra space in them, but the dd utility will still write out the excess zeros. That can mean we write out hundreds of megs of data which could otherwise be skipped. We thus waste a good amount of I/O and storage. For now, only use this flag when extracting a partition to a new file as this should be safe (there's no pre-existing data to clobber/merge). Now that the signers have been upgraded to Trusty, we can land this. BUG=chromium:530730 TEST=`./signing_unittests.py` passes BRANCH=None Change-Id: I275973ebfc028c15a8d1ef33dd9b3dcf6ca726a2 Reviewed-on: https://chromium-review.googlesource.com/306420 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Amey Deshpande <ameyd@google.com>	2016-04-04 20:05:00 -07:00
Amey Deshpande	65f61f90cc	signer: improve error handling in update_legacy_bootloader() BRANCH=None BUG=chromium:590933 TEST=Ran sign_official_build.sh locally and booted the image on kvm (using BIOS). $ ./sign_official_build.sh base chromiumos_base_image.bin \ ../../tests/devkeys chromiumos_base_image_signed.bin Change-Id: I2e1aad6e2073dea8e92d6ee25ac6972a5d555d71 Reviewed-on: https://chromium-review.googlesource.com/331661 Commit-Ready: Amey Deshpande <ameyd@google.com> Tested-by: Amey Deshpande <ameyd@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-03-08 19:43:11 -08:00
Furquan Shaikh	478b6d34af	sign_nv_cbootimage: Update signing scripts for nv bootloader and lp0 Currently, nvidia tools do not provide the support to perform signing of bootloader or lp0 image. Thus, the signing script is updated to support this. Once, we have the required tools, this script can be simplified again. CQ-DEPEND=CL:*244234 BUG=chrome-os-partner:43018 BRANCH=none TEST=Verified that signed bootloader and lp0 work fine on dev-PKC fused devices. Reference: https://code.google.com/p/chrome-os-partner/issues/attachmentText?id=43018&aid=430180067000&name=sign-lp0.sh&token=ABZ6GAcjz4b2mEk55WqREzwTnWWpEyE_7A%3A1452631308268 https://code.google.com/p/chrome-os-partner/issues/attachmentText?id=43018&aid=430180060000&name=sign.sh&token=ABZ6GAcRky67XrzMOgKZfkJxr70qm-tTAg%3A1452631308240 Change-Id: Icb024a1d9a61714df6e52d94c96cf43481cac869 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/321459 Commit-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-02-03 14:59:16 -08:00
Vincent Palatin	368594b3fc	sign_official_build: add a fallback key for standalone accessories The standalone accessories are using a key name like this: key_<product>.pem or key_<product>.vbprik2 when it doesn't exist, fallback using key.pem or key.vbprik2. BRANCH=none BUG=chrome-os-partner:47557 TEST=manual: ./scripts/image_signing/sign_official_build.sh accessory_usbpd ../ec/build/zinger/ec.bin tests/devkeys-acc /tmp/ec-zinger.TEST.SIGNED.bin ./scripts/image_signing/sign_official_build.sh accessory_rwsig ../ec/private/build/hadoken/keyboard_app.bin tests/devkeys-acc /tmp/ec-hadoken.TEST.SIGNED.bin ./scripts/image_signing/sign_official_build.sh accessory_rwsig ../ec/private/build/hadoken/keyboard_app.bin /tmp /tmp/ec-hadoken.TEST.SIGNED.bin Change-Id: I68863664bdb9da1695e91b1986f3a0148af7da26 Reviewed-on: https://chromium-review.googlesource.com/312836 Commit-Ready: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2015-11-17 18:34:48 -08:00

1 2 3 4 5 ...

328 Commits