mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-28 02:35:28 +00:00
c17c447a25
Creating bootloader for the chip involves signing the image with an 'air gap' - some physical presence action is required. We don't want this to be required when the builder is building cr50 for test purposes. The solution is to keep using the dummy private key when building by default, and invoking make differently when building an image which would be accepted by the hardware. Setting CR50_RO_KEY variable in the environment or in the make command line will cause the signer use the value of this variable as the name of the file containing the key to use for signing the RO image. Should this file be a public key, the signer will stop and look for a fob containing the matching private key, and will stream the RO image through the fob for signing. Using the fob requires that the signer runs under sudo, but we do not want the generated files to belong to root, some more code is added to change the generated files' ownership to user running the make. BRANCH=none BUG=chrome-os-partner:49950 TEST=ran the following tests: - verified that the build still succeeds by default. - invoked make as follows: CR50_RO_KEY=cr50_rom0-dev-blsign.pem.pub make BOARD=cr50 observed the signer stop to wait for the user to interact with the USB fob and proceed. Made sure that the generated image runs successfully on the evaluation board. - verified that 'make BOARD=cr50 clean' still works (i.e. none of the generated files is owned by root). Change-Id: I733ec6386c1dfd838d83d22fb589fa64e5eeaced Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/326484 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
For an overview of the Embedded Controller firmware, refer to http://www.chromium.org/chromium-os/2014-firmware-summit For instructions on building from source, refer to http://www.chromium.org/chromium-os/ec-development/getting-started-building-ec-images-quickly