mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-14 16:46:23 +00:00
a696908bf3
A recent codebase change included the test RMA reset server public key
in the Cr50 image by default.
Prod images must not include the test key, and luckily recent
modifications of the cr50-codesigner utility allow to swap the keys
before signing. This patch adds the command line option for swapping
the keys and a check to ensure that the signed image includes the
prod key and does not include the test key.
Note that cr50-codesigner would fail to sign if the swap was requested
but the test RMA key was not found in the input .efl file. Thus both
conditions are verified: that the original image includes the test key
and that the signed image includes the prod key.
BRANCH=none
BUG=b:73296144
TEST=prod signed an image, verified that it can be RMA reset using the
prod RMA reset server.
Change-Id: Ic084d0c5e1de9f027db05c63f82542c2b7cbd916
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1000756
Reviewed-by: Randall Spangler <rspangler@chromium.org>