OpenCellular

mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-07 00:15:21 +00:00

Author	SHA1	Message	Date
Marco Chen	e0a9a13c82	Add a script to generate a keypair for signing Staff RW firmware. Staff decided to leverage the key format of Hammer therefore this script calls Hammer's one to generate a key pair and renames them to key_staff*. BUG=b:66889892 TEST=Run this script in the chroot and verify the generated key pair. BRANCH=None Change-Id: I73162efaba47a8c08336805130ced0be25ab262a Reviewed-on: https://chromium-review.googlesource.com/688522 Commit-Ready: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-10-03 08:16:14 -07:00
Mike Frysinger	fb3c262eb0	keygeneration: keyset_version_check.sh: support loem keysets BUG=None TEST=ran against local devkeys BRANCH=None Change-Id: Ib1c88ae187f12aad4531e9c22da6cda2af1503e3 Reviewed-on: https://chromium-review.googlesource.com/691340 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-09-29 20:16:18 -07:00
Mike Frysinger	60dd468de6	keygeneration: keyset_version_check.sh: fix indentation BUG=None TEST=ran against local devkeys BRANCH=None Change-Id: I76470e18ea2e66f6abb5a912c4055fc245cedc8a Reviewed-on: https://chromium-review.googlesource.com/691339 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-09-29 20:16:17 -07:00
Garfield Tan	d4af2cdb1b	Use globbing to fetch mac_permissions.xml. Android master puts that file at a different location, so use similar logic to official signing script. TEST="sign_android_image.sh passed locally for both caroline (NYC) & caroline-bertha (master)." BUG=b:65610114 BRANCH=none Change-Id: If33bfbcaa7e6cff95f26ff26a91735c87880f3db Reviewed-on: https://chromium-review.googlesource.com/686046 Commit-Ready: Garfield Tan <xutan@chromium.org> Tested-by: Garfield Tan <xutan@chromium.org> Reviewed-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-09-27 16:29:29 -07:00
Mike Frysinger	8e8be427ab	image_signing: fix under quoting of channel If the channel is missing or has whitespace, the test triggers errors in the script because the test command has bad quoting. BUG=None TEST=script no longer fails on an empty lsb-release BRANCH=None Change-Id: Ic2e6ab91ca4ec10c298d122aee1f7f7236b52bf2 Reviewed-on: https://chromium-review.googlesource.com/680059 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-09-26 13:36:19 -07:00
Mike Frysinger	a2ccb41cbc	image_signing: allow input rootfs to be a directory This allows for quick local testing by creating a dummy rootfs. BUG=chromium:714598 TEST=signing images still works BRANCH=None Change-Id: If252b119fd64686b46e9989d55bedbd1eec45700 Reviewed-on: https://chromium-review.googlesource.com/680039 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-09-26 13:36:17 -07:00
Mike Frysinger	b613faf5cd	image_signing: allow lsb-release to contain comments Nothing needs this, just something I noticed while debugging. BUG=None TEST=`ensure_sane_lsb-release.sh` no longer complains about comment lines BRANCH=None Change-Id: Ia39e6461db79a387cc59e5f88ec1216984bb4d28 Reviewed-on: https://chromium-review.googlesource.com/680058 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-09-26 13:36:09 -07:00
Mike Frysinger	6d301ca142	image_signing: fix logging multiple args BUG=None TEST=ensure_sane_lsb-release.sh errors now include the full string BRANCH=None Change-Id: I460ec5e2127a57e7576214fe8fde9e511f940755 Reviewed-on: https://chromium-review.googlesource.com/680038 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-09-25 15:52:47 -07:00
Mike Frysinger	6129365995	image_signing: ignore blank lines in loem.ini files BUG=chromium:381862 TEST=run against a loem.ini file with blank lines doesn't barf BRANCH=None Change-Id: Icf8f8a3ba518ca0f4e64e6eee9c694d47fa32362 Reviewed-on: https://chromium-review.googlesource.com/679754 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com>	2017-09-22 22:25:35 -07:00
C Shapiro	a52fc548b4	image_signing: Remove legacy unified build feature This feature was originally implemented before go/cros-unibuild-signing. It only provided basis support to continue testing unibuilds, but didn't deal with the actual required model specific cases. Unibuilds have already been migrated away from this, so this feature is now obsolete. BUG=None TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/latest/recovery_image.bin ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: I58b569b97f0bf42a927a851e7bc0559cb1e26200 Reviewed-on: https://chromium-review.googlesource.com/660805 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-09-12 13:03:23 -07:00
C Shapiro	16426bf166	image_signing: Fix missing root key for unibuilds For model specific signatures, the root key needs to be copied also for the development case where the root key can be flashed into the RO block. BUG=b:65367246 TEST=./build_image --board=coral dev \ && ./mod_image_for_recovery.sh --board=coral \ && ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh \ recovery ../build/images/coral/latest/recovery_image.bin \ ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: I116850881d3c183b20e7d75e40deb13122f40c7a Reviewed-on: https://chromium-review.googlesource.com/650546 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: C Shapiro <shapiroc@google.com>	2017-09-05 21:07:18 -07:00
C Shapiro	3f3a496a23	image_signing: Fix loem.ini pattern for unibuilds The grep pattern was too lenient and allowed for matches with the same shared root key id. E.g. NASHER also matched NASHER360 This changes the pattern to match exactly to the end of the line. BUG=b:65284008 TEST=grep -E "[0-9]+ = NASHER$" ~/tmp/loem.ini with actual loem.ini that will exist on the signers BRANCH=None Change-Id: I80a870cd512825d30c7a39e4ac6f3cffc9ea808d Reviewed-on: https://chromium-review.googlesource.com/647800 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: YH Lin <yueherngl@chromium.org>	2017-09-01 14:41:47 -07:00
C Shapiro	d2ee3ca7c1	image_signing: Don't create empty keyset subdir updater4.sh uses the /keyset subdir from the firmware updater shellball to indicate if it should use model specific keys or not. This won't work for any case where the signers haven't been updated with model specific keys yet. Changed the output for unibuilds to be consistent with non-uni builds where the /keyset subdir won't be created if loem.ini doesn't exist on the signer. BUG=b:65128657 TEST=crrev.com/c/626718 and crrev.com/c/636344 test cases, which cover both the shared and non-shared key use cases BRANCH=None Change-Id: I38db1385fa99ac4a9843a750c336c58b74b127b4 Reviewed-on: https://chromium-review.googlesource.com/642031 Commit-Ready: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-30 13:04:21 -07:00
C Shapiro	9b3e2cba5b	[unibuild] Fix issues with model specific fw sign Updated the current coral config to use the fake keys from the loemkeys dev keyset (ACME) and then tested/debugged this flow based on that config. Fixed issue where key_id wasn't eval'd in bash when it was passed to grep because it has ' quotes around it. BUG=b:64842314 TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/R62-9877.0.2017_08_25_1030-a1/recovery_image.bin ../platform/vboot_reference/tests/loemkeys coral_loem_signed_recovery.bin BRANCH=None Change-Id: I50a58e512e9a83dc2707951f12d709f9006d67ca Reviewed-on: https://chromium-review.googlesource.com/636344 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-25 19:54:10 -07:00
Nicolas Boichat	594eb296fe	image_signing: sign_official_build.sh: Add version to rwsig signatures We would like to have different signature versions for hammer (1=dev, 2=premp, 3=mp), so we should pass --version to futility. The default version stays 1. BRANCH=none BUG=b:35587169 TEST=openssl genrsa -3 -out key_hammer.pem 2048 futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer echo firmware_version=2 > key_hammer.version ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . \ ec-signed.bin key_hammer.version futility show ec-signed.bin => Version: 0x00000002 TEST=Without passing a version file, version is still 1. ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . ec-signed.bin futility show ec-signed.bin => Version: 0x00000001 Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d Reviewed-on: https://chromium-review.googlesource.com/631757 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-25 12:09:04 -07:00
C Shapiro	509339ce2b	[unibuild] Support for unibuild firmware signing For design context, see go/cros-unibuild-signing This adds support for multiple, shared firmware images from a unified build that needs to be signed with different OEM specific keys. It uses a signer_config.csv file (that is generated by pack_firmware.py) to determine which images need to be signed with which keys. BUG=b:64842314 TEST=./build_image --board=coral dev && ./mod_image_for_recovery.sh --board=coral && ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/latest/recovery_image.bin ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: Id3711bbe73dfe652184bc046b5f642c30b8d1627 Reviewed-on: https://chromium-review.googlesource.com/626718 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: C Shapiro <shapiroc@google.com>	2017-08-23 08:02:12 -07:00
Mike Frysinger	3f24b902e4	image_signing: convert_recovery_to_ssd.sh: rewrite to be better This converts the script in one commit as nothing uses it directly, so the chances of it breaking overall build is low. - Convert to common.sh for more helpers - Convert echo to info - Convert to loopback devices to speed things up - Fix quoting in a few places - Drop cgpt usage since we use loopback partitions everywhere now BRANCH=None BUG=chromium:714598 TEST=running on an image still works Change-Id: I6608db77792502f35522a6f793ccd800fdd6af4e Reviewed-on: https://chromium-review.googlesource.com/505482 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-08-09 21:46:13 -07:00
Mike Frysinger	ca97b25a33	image_signing: sign_official_build.sh: use loopbacks kernel configs w/boot loader updates This is the last place that uses grab_kernel_config. Convert it over to accessing the kernel directly via loopbacks and delete the helper function entirely. This avoids unnecessary copies and prevents any more code from using it. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I16aa2c2568d15c43bb20b9d5dc18060915047506 Reviewed-on: https://chromium-review.googlesource.com/505481 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-08-03 10:11:42 -07:00
Mike Frysinger	68466c6d0a	image_signing: sign_official_build.sh: use loopbacks for rootfs hash updates This avoids copying GB of data for the rootfs & kernels by using loopback devices instead. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I41cd71db3c567be811c4a59523c797c128a8e493 Reviewed-on: https://chromium-review.googlesource.com/505480 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-15 14:45:13 -07:00
Mike Frysinger	8e556f4e23	image_signing: sign_official_build.sh: use loopbacks for dump_config This avoids copying out the kernels just to read their configs. Not super important as the signer doesn't use it, but we want to kill off the grab_kernel_config helper. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I2533b1d4de6980120f277fea3a1d964cb4fbaf0d Reviewed-on: https://chromium-review.googlesource.com/505479 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-13 19:46:10 -07:00
Mike Frysinger	06beb42e11	image_signing: sign_official_build.sh: use loopbacks when updating recovery kernels This avoids copying in/out the kernels for their configs and to resign. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12 Reviewed-on: https://chromium-review.googlesource.com/505478 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-06 21:13:56 -07:00
Mike Frysinger	3abb4fe45e	image_signing: sign_official_build.sh: switch initial image signing to loopbacks This changes the kernel config reading and the stateful vblock updating to use loopback devices. This avoids having to copy out the kernels many times over just to read them. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ibb49791a7db998e45b35ed15ddc12126e669c730 Reviewed-on: https://chromium-review.googlesource.com/505477 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>	2017-06-23 22:56:47 -07:00
Hung-Te Lin	01dc818924	Change invocation of "gbb_utility" to "futility gbb" Replace commands using gbb_utility by the new 'gbb' futility command. BRANCH=none BUG=None TEST=USE=test emerge-$BOARD vboot_reference Change-Id: I8c1547d295a955373413482509a33964b0e0c06f Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/538442 Reviewed-by: Stefan Reinauer <reinauer@google.com>	2017-06-21 23:38:08 -07:00
C Shapiro	4007d6ff21	Unified build support for multi-firmware signing Unified builds break down multiple firmware images for each model; however, the signing script didn't have support for this. This updates the signing script to iterate over all models in a unified build and sign each firmware image separately. BUG=chromium:734485 TEST=sign_official_build.sh recovery for reef and reef-uni BRANCH=none Change-Id: Ia2b5b8bd36ac77aeb7944362186d1d5739e6ff3d Reviewed-on: https://chromium-review.googlesource.com/540131 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jason Clinton <jclinton@chromium.org>	2017-06-20 13:38:10 -07:00
Mike Frysinger	2d160adf72	image_signing: sign_official_build.sh: switch verification to loopbacks Rather than copy out the rootfs to a temp file and perform checks on that, run the checks directly on the image. This saves us from having to copy many GB worth of data which can be expensive on the VMs (slow disk I/O). BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ie7d1c432aacb69e57b6c5fd9ab810b8d0b054860 Reviewed-on: https://chromium-review.googlesource.com/505476 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-06-15 15:17:17 -07:00
Marco Chen	04b3835b69	Add a script to generate a keypair for signing Rose RW firmware. Rose decided to leverage the key format of Hammer therefore this script calls Hammer's one to generate a key pair and renames them to key_rose*. BUG=b:37693819 TEST=None BRANCH=None Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403 Reviewed-on: https://chromium-review.googlesource.com/529504 Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-12 06:47:41 -07:00
Mike Frysinger	4df2f6f4e2	keygeneration: make helper script executable BUG=b:35587169 TEST=None BRANCH=None Change-Id: I2098f39dd17893c5e30ed495eaa87935efbcb0ee Reviewed-on: https://chromium-review.googlesource.com/526613 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Marco Chen <marcochen@chromium.org>	2017-06-10 03:10:21 -07:00
Marco Chen	670ca01555	Add a script to generate a keypair for signing accessory RW firmware. BUG=b:35587169 TEST=None BRANCH=None Change-Id: Ibb309c34ca22d30138cb62d698eafb6ee77add8c Reviewed-on: https://chromium-review.googlesource.com/520368 Commit-Ready: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-06 08:52:17 -07:00
Mike Frysinger	fda1300464	keygeneration: add some output helpers These use the same forms as in other shell projects in CrOS. BUG=b:35587169 TEST=ran create_new_android_keys.sh and new output works BRANCH=None Change-Id: Id75fd77203795d7837537f12ab948376a7ad105e Reviewed-on: https://chromium-review.googlesource.com/520786 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>	2017-06-01 23:49:33 -07:00
Mike Frysinger	b568c66bd7	image_signing: ensure_secure_kernelparams.sh: use loopback devices for speed Rather than read out the whole kernel partition just to dump the kernel config, set the image up via a loopback device and read from there. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a Reviewed-on: https://chromium-review.googlesource.com/505475 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-05-23 23:59:31 -07:00
Mike Frysinger	9d11bb1b1d	image_signing: unify output helpers We have `err_die` and `die` helpers that do the same thing, but some scripts just have to know which one to use based on their runtime. Just unify them as the more common `die` so all scripts can use it. Similarly, we provide info, warn, and error to dev scripts, but not to the runtime ones. Add small stubs in common_minimal.sh so the API is consistent. BRANCH=None BUG=chromium:718184 TEST=scripts still work Change-Id: Id44fb27900c37f4e357d20817f909e4534d1c5b3 Reviewed-on: https://chromium-review.googlesource.com/507990 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-19 04:13:09 +00:00
Mike Frysinger	b660356d51	image_signing: fix key insert logic We don't want to override the common trap as the common sh files already have handlers installed to clean up files/mounts. Re-use those helpers to avoid leaking loopback mounts. BRANCH=None BUG=chromium:718184 TEST=signing images still works Change-Id: I749ce5075194356219fea51152154fdc5a2e3b99 Reviewed-on: https://chromium-review.googlesource.com/505575 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-16 17:43:14 +00:00
Mike Frysinger	36e030df80	image_signing: strip_boot_from_image.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I48edde260e1d1db88f65624c7ff46ad2ac1cc2f4 Reviewed-on: https://chromium-review.googlesource.com/498100 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 15:25:43 -07:00
Mike Frysinger	9e7caccd35	image_signing: resign_image.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ief4256a8ceab753d5c1fd6d0f3d81609e11f62a9 Reviewed-on: https://chromium-review.googlesource.com/500329 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	3c8496cc86	image_signing: sign_official_build.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4097fd58f349dc84c242dd12d6a94e12f387a1f0 Reviewed-on: https://chromium-review.googlesource.com/498232 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	ad16cf327e	image_signing: ensure_sane_lsb-release.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I7351e1ff63bb7e88e4449dd2718685fef7ec031d Reviewed-on: https://chromium-review.googlesource.com/498267 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 01:04:43 -07:00
Mike Frysinger	5fa64e2eae	image_signing: ensure_no_nonrelease_files.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I666d3f5beee4b4e3e9903d546ef66917990a659e Reviewed-on: https://chromium-review.googlesource.com/498231 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 22:49:01 -07:00
Mike Frysinger	eb7c7632fe	image_signing: make_dev_ssd.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I96e20f38b6a51ad4dc8064fa3fb3d4302c47888f Reviewed-on: https://chromium-review.googlesource.com/497302 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 20:58:06 -07:00
Mike Frysinger	3a6d6f886e	image_signing: common.sh: prefix helper messages with $PROG by default This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I072994dd07cf559a60e8a139eaeaf000cbbf72e3 Reviewed-on: https://chromium-review.googlesource.com/497301 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:55 -07:00
Mike Frysinger	f68d76c1cd	image_signing: do not fail when chronos does not exist If the device doesn't create a chronos user, don't throw errors. For some embedded systems, they don't need a chronos user. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4604beae1e647e024a04583471b8a7d0d4f188fa Reviewed-on: https://chromium-review.googlesource.com/500027 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:53 -07:00
Mike Frysinger	0dfff398fc	image_signing: swap_rootfs.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ic9cf90929f949a7f6b4e41e5b819d6f786c1c833 Reviewed-on: https://chromium-review.googlesource.com/500328 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-10 11:58:28 -07:00
Mike Frysinger	1aabe7111e	image_signing: output pubkey in DER format BRANCH=None BUG=chromium:718184 TEST=new imageloader works Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f Reviewed-on: https://chromium-review.googlesource.com/497914 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org>	2017-05-10 11:58:19 -07:00
Mike Frysinger	f3df71d44c	image_signing: set_channel: use new lsbval helper Minor clean up to the logic. BUG=None TEST=`./set_channel recovery_image.bin stable-channel` changed the lsb-release file to stable BRANCH=None Change-Id: Idf12b643f88e373b528b50e269537b861052b448 Reviewed-on: https://chromium-review.googlesource.com/414225 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>	2017-05-07 09:45:58 -07:00
Mike Frysinger	febef2af40	image_signing: fix signing of zip/crx files Restore the search logic for manifests in subdirs. BRANCH=None BUG=chromium:697645 TEST=signed adb/fastboot zip archives Change-Id: I07a417216ea463cb00d6ead7cd3b61d6e6fa507d Reviewed-on: https://chromium-review.googlesource.com/494207 Commit-Ready: Hsinyu Chao <hychao@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org>	2017-05-04 06:07:01 -07:00
Eric Caruso	1919b169bf	image_signing: change files sign_oci_container looks for Since we're packing containers in a format imageloader understands, we need to consume imageloader's manifest and produce a signature it knows to look for. BRANCH=ToT BUG=chromium:697645 TEST=package adb container, verify imageloader.sig.2 is present Change-Id: Ied9cdacf1d448a094c1b171bc2bf3b2ae54eb517 Reviewed-on: https://chromium-review.googlesource.com/457102 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-04-26 16:19:51 -07:00
Victor Hsieh	cfbc083efe	Preserve compress method when re-sign Android image TEST=sign_android_image.sh rootfs /path/to/tests/devkeys/android # unsquash -s still shows gzip (previous script always use lzo) BUG=chromium:705247 BRANCH=none Change-Id: If95686d293123a069ce36bc53cbea3a08aa3e7ab Reviewed-on: https://chromium-review.googlesource.com/461205 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-03-28 17:16:52 -07:00
Mike Frysinger	62461d719f	image_signing: support signing of OCI containers BUG=chromium:660209 TEST=`./sign_official_build.sh oci-container fastboot/ ../tests/devkeys` works TEST=signing an image inserted the container pubkey BRANCH=None Change-Id: I75793b03e93f2c18b1495a3ec729ad04d2e17401 Reviewed-on: https://chromium-review.googlesource.com/427538 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-01-14 20:19:06 -08:00
Hung-Te Lin	d140800050	scripts: Add "-p host" to make_dev_firmware.sh. Always add "-p host" for flashrom to find right programmer. BRANCH=None BUG=chrome-os-partner:60894 TEST=./make_dev_firmware.sh Change-Id: Iee66e143e77ea258a2a9ff3757d9446b7cf37dbc Reviewed-on: https://chromium-review.googlesource.com/419860 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Ting Shen <phoenixshen@chromium.org>	2016-12-28 00:55:50 -08:00
Ting Shen	e5500a319b	set_gbb_flags: add '-p host' to flashrom command BRANCH=none BUG=chrome-os-partner:60894 TEST=set_gbb_flags 0 Change-Id: I22f372590bfe7705d4312588f971ad37f229a216 Reviewed-on: https://chromium-review.googlesource.com/418519 Commit-Ready: Ting Shen <phoenixshen@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Reviewed-by: David Hendricks <dhendrix@chromium.org>	2016-12-20 06:47:09 -08:00
Hung-Te Lin	1a0679c1a4	scripts: Change anti-rollback check from error to warning for make_dev_firmware. Currently make_dev_firmware will abort if the stored TPM version is higher and ask user to reset TPM; however that is not very feasible because: (1) If the device is still MP-signed, external users can't boot dev-signed factory shim or recovery or test images. (2) Even if the user is able to reset TPM, the stored TPM version will be increased again when user boots into the image for running make_dev_firmware. As a result, the right flow is to allow user (with warning and instructions) resign firmware with dev-keys, boot into recovery mode due to anti-rollback check, and then boot any dev-signed image to reset TPM. BRANCH=none BUG=None TEST=./make_dev_firmware.sh # see warning message. Change-Id: Ifd4cd9912ab505427c985154b3f469e1485789b2 Reviewed-on: https://chromium-review.googlesource.com/419898 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>	2016-12-14 06:03:12 -08:00

1 2 3 4 5 ...

352 Commits