mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-30 18:41:11 +00:00
70b1752c31
Presently the CR50_DEV make variable is loaded: it enables debug
extensions in the produced cr50 image AND requires that the image is
signed with the key from the signing fob.
In fact these are two independent requirements: it is possible to use
an image built with CR50_DEV set for a dev H1 which does not require
fob signing.
A proper indication of the need to use the signing fob would be the
fact that H1_DEVIDS is defined, as it means a that node locked image
is being produced.
Images built without H1_DEVIDS set can be used on H1s which run with
the dev RO and as such do not need to be node locked, they are
signed with a well known key from util/signer/loader-testkey-A.pem.
This patch also tweaks passing the H1_DEVIDS variable to the shell
when altering the manifest. Without this tweak H1_DEVIDS definition as
make command line argument (as opposed to environment variable) was
not making it into the subshell invoked by make.
BRANCH=none
BUG=chrome-os-partner:62457
TEST=ran the following:
- built cr50 images with H1_DEVIDS defined in the environment and
in the command line, observed that the properly signed prod
image is produced (boots on a prod H1 in node locked mode).
- verified that adding CR50_DEV=1 to H1_DEVIDS in either
environment or the command line produces a properly signed
DEV image.
- verified that specifying CR50_DEV=1 alone in either environment
of command line produces a DEV image which does not require fob
signing.
Change-Id: Ied65a0bc50926aa5b6fa65e51805c2368522dcf2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/434926
Reviewed-by: Randall Spangler <rspangler@chromium.org>