| 190eefb3ff227a229396091eef9012ad69d956df |
|
31-Jan-2015 |
Bill Richardson <wfrichar@chromium.org> |
sign_official_build.sh should work without dev-firmware keys
The signing scripts pass a bunch of args around, including paths
to the keys used to sign dev-mode-specific firmware. That was
only used on Alex and ZGB, so all the newer systems don't have
those keys and the script falls over.
This uses the normal firmware keys if the dev-firmware keys don't
exist. This was an oversight with the original CL that touched
resign_firmwarefd.sh
BUG=chromium:453901
BRANCH=ToT
TEST=manual
Download a newer signed recovery image, say for nyan, and save it as
scripts/image_signing/nyan-recovery-mp.bin
Temporarily delete the developer firmware keys from the devkeys:
rm -f tests/devkeys/dev_firmware*
Now try resigning the recovery image:
cd scripts/image_signing
./sign_official_build.sh recovery nyan-recovery-mp.bin \
../../tests/devkeys/ signed.bin \
../../tests/devkeys/key.versions
It should work.
Change-Id: I474811158cb33e16ad09c16b0db825c40217dd70
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245151
Reviewed-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| a19b00dfd0c17681b71bd61994854dff3f3576a3 |
|
05-Sep-2014 |
Bill Richardson <wfrichar@chromium.org> |
futility: make resign_firmwarefd.sh simply invoke futility
Since all of the functionality of the resign_firmwarefd.sh script
is built in to futility, let's just make that script invoke
futility to do the work. We'll come back and remove the script
entirely, once all outside references to it have been changed to
do the right thing.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Also tested by editing tests/futility/test_resign_firmware.sh to
invoke the resign_firmwarefd.sh script instead of futility.
Everything passed.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id068e551067a956cd7ddc3f9b9e23488261d8d94
Reviewed-on: https://chromium-review.googlesource.com/216716
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 119140eae54f61c9aa25b063702aa6c25c2bda8d |
|
16-Jul-2014 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: Correct output file name for VBLOCK B.
In commit https://chromium-review.googlesource.com/203682 the output file names
were always vblock_A, and should be changed to vblock_A and vblock_B.
BUG=chrome-os-partner:30611
TEST=Signed a recovery image and checked output.
BRANCH=none
Change-Id: I91901ba2c24032c6af3e6ab3f731bb7dd384ae2d
Reviewed-on: https://chromium-review.googlesource.com/208610
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 4521c1f19f3b3f6000bb437140b85389d38bf655 |
|
17-Jun-2014 |
Mike Frysinger <vapier@chromium.org> |
image_signing: tweak loem firmware signing to have real keys
Rather than leave the default set of keys in the firmware untouched
(which are dev keys), insert the first loem keyset we find. This is
for people who extract the bios.bin by hand and then blindly burn it
into their flash. This way they'll still get some valid loem keys.
It's not a great solution, but it's better than nothing.
BUG=chromium:381862
TEST=signed recovery image by hand w/loemkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/devkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/custom loemkeys and looked at packed bios.bin
BRANCH=none
Change-Id: I8db1e34d9f4d85be6edf81fecf79a72031571b01
Reviewed-on: https://chromium-review.googlesource.com/204262
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| aa888463b860c2852f3fcb17baf8de395fcca294 |
|
13-Jun-2014 |
Mike Frysinger <vapier@chromium.org> |
image_signing: support loem keysets with firmware shellballs
With an loem keyset in a recovery shellball, we don't want to write the
rootkeys & vblocks to the firmware image directly. Instead, we'll put
them into a keyset subdir that the firmware updater will process later.
bios.bin
keyset/
rootkey.LOEMID
vblock_A.LOEMID
vblock_B.LOEMID
We still write the recovery key to the firmware image though as that is
shared between all the keysets.
BUG=chromium:381862
TEST=Ran against a recovery image with devkeys & loemkeys and checked shellball
TEST=`cbuildbot daisy-release` works
BRANCH=none
Change-Id: I6fc99c71e6c7dee25f7f9a466a97314ff750fda9
Reviewed-on: https://chromium-review.googlesource.com/203682
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 9bf0d535fefabeb6d04f4c837d1101fb00db08fc |
|
12-Oct-2012 |
Gaurav Shah <gauravsh@google.com> |
resign_firmwarefd.sh: Fix flag option name
We didn't get bit by this bug because getlong_opt does partial matching
on long option names. So --flag also works.
BUG=none
TEST=resign a test firmware; ensure preamble flag is preserved.
BRANCH=none
Change-Id: Ifd87c627b82468529fe1241be3629198d194027b
Reviewed-on: https://gerrit.chromium.org/gerrit/35350
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 3ae4dd70522d06dda08db8e7dd0b5df41bea273e |
|
28-Aug-2012 |
Che-Liang Chiou <clchiou@chromium.org> |
signing script: Resign just firmware body, not the entire section
The signing script extracted firmware body sections FW_MAIN_{A,B} and
resigned the whole section instead of just firmware body.
As a result, read-only firmware spends more time loading read-write
firmware from SPI flash.
Since vblock has firmware body size information, signing script should
retrieve it and use it to sign just firmware body.
This may reduce boot time for ~560ms, depending on firmware image size,
section size and SPI flash/bus throughput.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=snow,link
BUG=chrome-os-partner:13094
TEST=For Snow (or boards that use cros_bundle_firmware), check that
after resigning, VBLOCK_{A,B} and FW_MAIN_{A,B} are unchanged
For Alex and ZGB, check that old and new resign_firmwarefd.sh
generates identical output
(Test for Snow; repeat for A and B)
dump_fmap -x image.bin VBLOCK_A FW_MAIN_A
mv VBLOCK_A VBLOCK_A.orig
mv FW_MAIN_A FW_MAIN_A.orig
resign_firmwarefd.sh image.bin image-resigned.bin \
firmware_data_key.vbprivk \
firmware.keyblock \
dev_firmware_data_key.vbprivk \
dev_firmware.keyblock \
kernel_subkey.vbpubk
dump_fmap -x image-resigned.bin VBLOCK_A FW_MAIN_A
cmp VBLOCK_A.orig VBLOCK_A
cmp FW_MAIN_A.orig FW_MAIN_A
(Test for Alex and ZGB; repeat for old and new resign_firmwarefd.sh)
resign_firmwarefd.sh image.bin image-resigned-{old or new}.bin \
firmware_data_key.vbprivk \
firmware.keyblock \
dev_firmware_data_key.vbprivk \
dev_firmware.keyblock \
kernel_subkey.vbpubk
cmp image-resigned-old.bin image-resigned-new.bin
Change-Id: Ie70b6c91614343ad9f991ae369a0f8e74ec213fe
Reviewed-on: https://gerrit.chromium.org/gerrit/31572
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| ce6649250583a8f3a7aeac78ee3a00679cf6223d |
|
07-Dec-2011 |
Gaurav Shah <gauravsh@chromium.org> |
signing script: Check for errors on extracted dm params in kernel command line.
Correctly handle the lack of valid dm config parameters in the kernel
command line (dm="..."). In particular, skip trying to perform a rootfs
hash update for that kernel partition.
This change has the side effect of properly signing new recovery images
with the in-flight changes recovery install changes being done as part of
crosbug.com/22530.
Also fix verification of recovery images to consider both kernel partitions
for determing the hash to compare the calculated value against.
Finally, remove dd's verbose output while signing the firmware.
BUG=chromium-os:22530
TEST=manually re-signed new (Alex) and old (Lumpy) recovery image. Verified
that recovery install works.
Change-Id: Ied9f82f2e77ed581875cec0b43ce45fd98186db2
Reviewed-on: https://gerrit.chromium.org/gerrit/12588
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 505a047c853b87caf808a180ec2eaf1381b68279 |
|
02-Dec-2011 |
Hung-Te Lin <hungte@chromium.org> |
vboot_reference: sanity check firmware A/B content when resigning
If the FW_A and FW_B contents are the same, we should not resign with
DEV/NORM keyblocks.
BUG=chrome-os-partner:6942
TEST=(to sign) ./resign_firmwarefd.sh bios.bin new.bin \
../../tests/devkeys/firmware_data_key.vbprivk
../../tests/devkeys/firmware.keyblock \
../../tests/devkeys/dev_firmware_data_key.vbprivk \
../../tests/devkeys/dev_firmware.keyblock \
../../tests/devkeys/kernel_subkey.vbpubk
(to verify) dump_fmap -x new.bin
vbutil_keyblock --unpack VBLOCK_A | grep Flags
vbutil_keyblock --unpack VBLOCK_B | grep Flags
When the input (bios.bin) have DEV FW (ex, zgb/alex), then output
is A=6, B=7; when the input is old or new firmware without DEV
(ex, mario/s*y/l*y), output is A=7, B=7, and you'lll see
"Found firmware with same A/B content - ignore DEV keyblock."
meessage during resign process.
Change-Id: I10cbbf7370f35a40673b328b70c83e7d1213a45d
Reviewed-on: https://gerrit.chromium.org/gerrit/12371
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| a24e30cdc2f81e619f2441cdf372a7b6064e1844 |
|
22-Nov-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Make dev firmware keyblock/data key generation and use optional
For key generation, only generate dev firmware keyblocks, if the
--devkeyblock option is passed. For signing, re-use normal firmware
keyblock and data key if no dev keyblocks or data key are found in
the keyset directory.
BUG=chrome-os-partner:6942
TEST=manual
- tested key generation with/without the new flag
- tested signing with or without the presence of dev keyblock
Change-Id: Ic4bf72cb194461e07fcc0f6de39d4e16d1c979a6
Reviewed-on: https://gerrit.chromium.org/gerrit/12038
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| c88331f18b846ee3fb5d2f2a624c5ecb3e724de3 |
|
02-Aug-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: replace mosys by "dump_fmap -p"
Parsing fmap information becomes easier after dump_fmap adds "-p" mode, and
prevents the dependency because dump_fmap is in same repo with signing scripts.
BUG=none, pure refine to reduce dependency and less error messages
TEST=./resign_firmwarefd.sh mario_bios.bin output.bin \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/kernel_subkey.vbpubk
# Also verified with modern firmware like ZGB/Alex and ARM.
Change-Id: Ia40ecd9ab641250272952e20ab058e780eb7770b
Reviewed-on: http://gerrit.chromium.org/gerrit/5132
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| b9cc9550cf8a5d8ff3e9c92999d85d2bd8a54136 |
|
02-Aug-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: don't change preamble flag by default.
When preamble_flag is not assigned manually, resign_firwmarefd should not change
the preamble flag.
BUG=chromium-os:18207
TEST=# Prepare a bios.bin with preamble_flag=1 (ex, ARM firmware)
./resign_firmwarefd.sh bios.bin ..... # do not assign preamble
vbutil_firmware --verify # see preamble_flag=1
# Repeat with firmware having preamble_flag=0 (ex, x86 firmware like ZGB/Alex)
# preamble_flag is 0 after resign_firmwarefd.
Change-Id: I50f88bbf51a28defaf1c4e5383ab856168a128fc
Reviewed-on: http://gerrit.chromium.org/gerrit/5133
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 8e17e5fe43e9407066e7cdf9dabfd3eb637817a7 |
|
22-Jul-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd.sh: support new "flag" (for hinting two-stop FW)
The two-stop firmware relies on the "flag" field which may be useful for the
resign_firmwarefd.sh.
BUG=chrome-os-partner:5095
TEST=./resign_firmwarefd [params] 1
vbutil_firmware --verify ..... # seeing flag = 1
Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b
Reviewed-on: http://gerrit.chromium.org/gerrit/4561
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 574684550064ab5ea4adcfd1b8d2c9ce92a0176b |
|
02-Mar-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Add support for using separate developer firmware keyblock while signing.
Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case).
Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance.
BUG=chrome-os-partner:2218
TEST=manually tried the following:
1) Generating an entire new keyset.
2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets)
3) Firmware signing via sign_official_build.sh of an image with a firmware payload/
Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda
Review URL: http://codereview.chromium.org/6594131
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| e1649e136c55300962079b72035498bbdd1c1a52 |
|
14-Feb-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Support new style flashmap labels for firmware signing
BUG=chrome-os-partner:2316
TEST=tried signing firmware with old style and new style fmap and verified that it works.
Change-Id: I9076fe60308bdb787440486d592c9d5e72602199
Review URL: http://codereview.chromium.org/6516004
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 8ae7b0e41a1252f98e6662a298efb97624431c44 |
|
07-Feb-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Allow signing scripts to (optionally) set the firmware and kernel versions
Versions are (optionally) read from a file with the format
firmware_version=<firmware version>
kernel_version=<kernel version>
The new scripts and arguments are compatible with older versions of the script.
Change-Id: I502df69d6c02caee75cdf010e61812be408a64e0
BUG=chromium-os:8016
TEST=manually tested all invocations of sign_official_build {verify|usb|ssd|install|recovery} with and without versions.
Review URL: http://codereview.chromium.org/6368064
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 605500b88cd99097d482ddcefee4ba04898781ae |
|
18-Jan-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Split common.sh into bash-only and dash-only sections
Change-Id: I044331dc3558a4f7428b75fe43ef739498d65803
BUG=chromium-os:10836
TEST=scripts that use common.sh seem to work, would appreciate help in testing Chrome OS client scripts!
Review URL: http://codereview.chromium.org/6294002
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 89feaed8dc146a8dde63556650610585d2b70e4d |
|
15-Sep-2010 |
Hung-Te Lin <hungte@chromium.org> |
Change tool "fmap_decode" to "mosys"
The fmap_decode tool from flashmap project is deprecated.
mosys provides more functionality and fit better into the
host environment.
BUG=chromium-os:6264
TEST=manually
Change-Id: I513d36c8a8f657fdb4cb10d08a867876c32d36b6
Review URL: http://codereview.chromium.org/3388002
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| 0c4c9bac3c390445066f08010a753ce76ccb4a5e |
|
16-Aug-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Make signing script re-sign Firmware AU payload, and update rootfs hash.
The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys.
BUG=3496, 5264
TEST=manual
>>>>>For testing rootfs hash updates
1) Ensure that image was build with the --enable_rootfs_verification flag
2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file)
3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output.
4) You should see dm-bht complaining about block hash mismatches
$ dmesg | grep dm
..... <dm-bht errors>.......
<errors of the form "dm-bht: Block hash match failed">
4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash.
5) Boot from the re-signed image. Look at dmesg output.
6) You should see NO dm-bht errors.
>>>>>For testing re-signing of firmware payload
Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory.
$ unpack_firmwarefd.sh bios.bin
$ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data
[Verification should succeed]
$ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey
"rootkey" should be the same as KEY_DIR/root_key.vbpubk
"recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk
KEY_DIR: Directory containing the keys used to generate the output image.
Review URL: http://codereview.chromium.org/3083025
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
| aa22a5dea505e23516063829fa43a34db3ae412f |
|
27-Jul-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Add script for re-signing final firmware images with the correct keys.
Also add a script for splitting a firmware image into component firmware data, vblocks and the GBB.
Note: The script uses fmap_decode, a utility to parse flashmap of a firmware image, and a part of the flashmap project:
http://code.google.com/p/flashmap/
BUG=3496
TEST=Tested with newer builds of firmware images with flashmaps enabled. Steps to verify:
1) Use script to re-sign an existing image with a new set of keys.
2) Use unpack_firmwarefd.sh to get individual firmware data and vblocks.
3) Use vbutil_firmware with the new keys. Verification should succeed with
the newer keys but fail with the older ones.
Review URL: http://codereview.chromium.org/3026018
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|