scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-01 05:33:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0500524edda44c770690bb942e916522f1eca5cd
OpenCellular/scripts/image_signing/common.sh
Gaurav Shah 0c4c9bac3c Make signing script re-sign Firmware AU payload, and update rootfs hash. 
The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys.

BUG=3496, 5264
TEST=manual

>>>>>For testing rootfs hash updates

1) Ensure that image was build with the --enable_rootfs_verification flag
2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file)
3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output.
4) You should see dm-bht complaining about block hash mismatches
    $ dmesg | grep dm
      ..... <dm-bht errors>.......
      <errors of the form "dm-bht: Block hash match failed">

4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash.
5) Boot from the re-signed image. Look at dmesg output.
6) You should see NO dm-bht errors.

>>>>>For testing re-signing of firmware payload

Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory.
   $ unpack_firmwarefd.sh bios.bin
   $ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data
    [Verification should succeed]
   $ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey
   "rootkey" should be the same as KEY_DIR/root_key.vbpubk
   "recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk

KEY_DIR: Directory containing the keys used to generate the output image.

Review URL: http://codereview.chromium.org/3083025
2010-08-16 13:29:00 -07:00

96 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Determine script directory
SCRIPT_DIR=$(dirname $0)
PROG=$(basename $0)
GPT=cgpt
# List of Temporary files and mount points.
TEMP_FILE_LIST=$(mktemp)
TEMP_DIR_LIST=$(mktemp)
# Read GPT table to find the starting location of a specific partition.
# Args: DEVICE PARTNUM
# Returns: offset (in sectors) of partition PARTNUM
partoffset() {
sudo $GPT show -b -i $2 $1
}
# Read GPT table to find the size of a specific partition.
# Args: DEVICE PARTNUM
# Returns: size (in sectors) of partition PARTNUM
partsize() {
sudo $GPT show -s -i $2 $1
}
# Mount a partition from an image into a local directory
# Args: IMAGE PARTNUM MOUNTDIRECTORY
mount_image_partition() {
local image=$1
local partnum=$2
local mount_dir=$3
local offset=$(partoffset "$image" "$partnum")
sudo mount -o loop,offset=$((offset * 512)) "$image" "$mount_dir"
}
# Extract a partition to a file
# Args: IMAGE PARTNUM OUTPUTFILE
extract_image_partition() {
local image=$1
local partnum=$2
local output_file=$3
local offset=$(partoffset "$image" "$partnum")
local size=$(partsize "$image" "$partnum")
dd if=$image of=$output_file bs=512 skip=$offset count=$size conv=notrunc
}
# Replace a partition in an image from file
# Args: IMAGE PARTNUM INPUTFILE
replace_image_partition() {
local image=$1
local partnum=$2
local input_file=$3
local offset=$(partoffset "$image" "$partnum")
local size=$(partsize "$image" "$partnum")
dd if=$input_file of=$image bs=512 seek=$offset count=$size conv=notrunc
}
# Create a new temporary file and return its name.
# File is automatically cleaned when cleanup_temps_and_mounts() is called.
make_temp_file() {
local tempfile=$(mktemp)
echo "$tempfile" >> $TEMP_FILE_LIST
echo $tempfile
}
# Create a new temporary directory and return its name.
# Directory is automatically deleted and any filesystem mounted on it unmounted
# when cleanup_temps_and_mounts() is called.
make_temp_dir() {
local tempdir=$(mktemp -d)
echo "$tempdir" >> $TEMP_DIR_LIST
echo $tempdir
}
cleanup_temps_and_mounts() {
for i in "$(cat $TEMP_FILE_LIST)"; do
rm -f $i
done
set +e # umount may fail for unmounted directories
for i in "$(cat $TEMP_DIR_LIST)"; do
if [ -n "$i" ]; then
sudo umount -d $i 2>/dev/null
rm -rf $i
fi
done
set -e
rm -rf $TEMP_DIR_LIST $TEMP_FILE_LIST
}
trap "cleanup_temps_and_mounts" EXIT
Reference in New Issue View Git Blame Copy Permalink