scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-24 16:57:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c1f3c8e540beab8f44e48877611a01e98fd9a40
OpenCellular/scripts/image_signing/sign_firmware.sh
Gaurav Shah 4c1f3c8e54 Replace root and recovery keys in the GBB after firmware sections have been re-signed 
resign_firmwarefd.sh needs a verifiable copy of the firmware (and associated root key)
to determine the preamble flag value to use.

BUG=chrome-os-partner:6874
TEST=manually tested resigning a firmware .bin using sign_firmware.sh. Verified correct
     preamble flag determination.

Change-Id: Ifb132f54f4891dec4fa7250d3a00e7b4feda24c1
Reviewed-on: https://gerrit.chromium.org/gerrit/11776
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
2011-11-16 10:50:56 -08:00

52 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Wrapper script for re-signing a firmware image.
# Determine script directory
SCRIPT_DIR=$(dirname $0)
# Abort on error.
set -e
FIRMWARE_VERSION=1
if [ $# -ne 3 ]; then
cat<<EOF
Usage: $0 <input_firmware> <key_dir> <output_firmware>
Signs <input_firmware> with keys in <key_dir> and outputs signed firmware to
<output_firmware>.
EOF
exit 1
fi
IN_FIRMWARE=$1
KEY_DIR=$2
OUT_FIRMWARE=$3
temp_fw=$(mktemp)
trap "rm ${temp_fw}" EXIT
# Resign the firmware with new keys
${SCRIPT_DIR}/resign_firmwarefd.sh ${IN_FIRMWARE} ${temp_fw} \
${KEY_DIR}/firmware_data_key.vbprivk \
${KEY_DIR}/firmware.keyblock \
${KEY_DIR}/dev_firmware_data_key.vbprivk \
${KEY_DIR}/dev_firmware.keyblock \
${KEY_DIR}/kernel_subkey.vbpubk \
${FIRMWARE_VERSION}
# Replace the root and recovery key in the Google Binary Block of the firmware.
# Note: This needs to happen after calling resign_firmwarefd.sh since it needs
# to be able to verify the firmware using the root key to determine the preamble
# flags.
gbb_utility -s \
--rootkey=${KEY_DIR}/root_key.vbpubk \
--recoverykey=${KEY_DIR}/recovery_key.vbpubk \
${temp_fw} ${OUT_FIRMWARE}
Reference in New Issue View Git Blame Copy Permalink