190eefb3ff227a229396091eef9012ad69d956df |
|
31-Jan-2015 |
Bill Richardson <wfrichar@chromium.org> |
sign_official_build.sh should work without dev-firmware keys The signing scripts pass a bunch of args around, including paths to the keys used to sign dev-mode-specific firmware. That was only used on Alex and ZGB, so all the newer systems don't have those keys and the script falls over. This uses the normal firmware keys if the dev-firmware keys don't exist. This was an oversight with the original CL that touched resign_firmwarefd.sh BUG=chromium:453901 BRANCH=ToT TEST=manual Download a newer signed recovery image, say for nyan, and save it as scripts/image_signing/nyan-recovery-mp.bin Temporarily delete the developer firmware keys from the devkeys: rm -f tests/devkeys/dev_firmware* Now try resigning the recovery image: cd scripts/image_signing ./sign_official_build.sh recovery nyan-recovery-mp.bin \ ../../tests/devkeys/ signed.bin \ ../../tests/devkeys/key.versions It should work. Change-Id: I474811158cb33e16ad09c16b0db825c40217dd70 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/245151 Reviewed-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
a19b00dfd0c17681b71bd61994854dff3f3576a3 |
|
05-Sep-2014 |
Bill Richardson <wfrichar@chromium.org> |
futility: make resign_firmwarefd.sh simply invoke futility Since all of the functionality of the resign_firmwarefd.sh script is built in to futility, let's just make that script invoke futility to do the work. We'll come back and remove the script entirely, once all outside references to it have been changed to do the right thing. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Also tested by editing tests/futility/test_resign_firmware.sh to invoke the resign_firmwarefd.sh script instead of futility. Everything passed. Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Id068e551067a956cd7ddc3f9b9e23488261d8d94 Reviewed-on: https://chromium-review.googlesource.com/216716 Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
119140eae54f61c9aa25b063702aa6c25c2bda8d |
|
16-Jul-2014 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: Correct output file name for VBLOCK B. In commit https://chromium-review.googlesource.com/203682 the output file names were always vblock_A, and should be changed to vblock_A and vblock_B. BUG=chrome-os-partner:30611 TEST=Signed a recovery image and checked output. BRANCH=none Change-Id: I91901ba2c24032c6af3e6ab3f731bb7dd384ae2d Reviewed-on: https://chromium-review.googlesource.com/208610 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
4521c1f19f3b3f6000bb437140b85389d38bf655 |
|
17-Jun-2014 |
Mike Frysinger <vapier@chromium.org> |
image_signing: tweak loem firmware signing to have real keys Rather than leave the default set of keys in the firmware untouched (which are dev keys), insert the first loem keyset we find. This is for people who extract the bios.bin by hand and then blindly burn it into their flash. This way they'll still get some valid loem keys. It's not a great solution, but it's better than nothing. BUG=chromium:381862 TEST=signed recovery image by hand w/loemkeys and looked at packed bios.bin TEST=signed recovery image by hand w/devkeys and looked at packed bios.bin TEST=signed recovery image by hand w/custom loemkeys and looked at packed bios.bin BRANCH=none Change-Id: I8db1e34d9f4d85be6edf81fecf79a72031571b01 Reviewed-on: https://chromium-review.googlesource.com/204262 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
aa888463b860c2852f3fcb17baf8de395fcca294 |
|
13-Jun-2014 |
Mike Frysinger <vapier@chromium.org> |
image_signing: support loem keysets with firmware shellballs With an loem keyset in a recovery shellball, we don't want to write the rootkeys & vblocks to the firmware image directly. Instead, we'll put them into a keyset subdir that the firmware updater will process later. bios.bin keyset/ rootkey.LOEMID vblock_A.LOEMID vblock_B.LOEMID We still write the recovery key to the firmware image though as that is shared between all the keysets. BUG=chromium:381862 TEST=Ran against a recovery image with devkeys & loemkeys and checked shellball TEST=`cbuildbot daisy-release` works BRANCH=none Change-Id: I6fc99c71e6c7dee25f7f9a466a97314ff750fda9 Reviewed-on: https://chromium-review.googlesource.com/203682 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
9bf0d535fefabeb6d04f4c837d1101fb00db08fc |
|
12-Oct-2012 |
Gaurav Shah <gauravsh@google.com> |
resign_firmwarefd.sh: Fix flag option name We didn't get bit by this bug because getlong_opt does partial matching on long option names. So --flag also works. BUG=none TEST=resign a test firmware; ensure preamble flag is preserved. BRANCH=none Change-Id: Ifd87c627b82468529fe1241be3629198d194027b Reviewed-on: https://gerrit.chromium.org/gerrit/35350 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
3ae4dd70522d06dda08db8e7dd0b5df41bea273e |
|
28-Aug-2012 |
Che-Liang Chiou <clchiou@chromium.org> |
signing script: Resign just firmware body, not the entire section The signing script extracted firmware body sections FW_MAIN_{A,B} and resigned the whole section instead of just firmware body. As a result, read-only firmware spends more time loading read-write firmware from SPI flash. Since vblock has firmware body size information, signing script should retrieve it and use it to sign just firmware body. This may reduce boot time for ~560ms, depending on firmware image size, section size and SPI flash/bus throughput. Signed-off-by: Che-Liang Chiou <clchiou@chromium.org> BRANCH=snow,link BUG=chrome-os-partner:13094 TEST=For Snow (or boards that use cros_bundle_firmware), check that after resigning, VBLOCK_{A,B} and FW_MAIN_{A,B} are unchanged For Alex and ZGB, check that old and new resign_firmwarefd.sh generates identical output (Test for Snow; repeat for A and B) dump_fmap -x image.bin VBLOCK_A FW_MAIN_A mv VBLOCK_A VBLOCK_A.orig mv FW_MAIN_A FW_MAIN_A.orig resign_firmwarefd.sh image.bin image-resigned.bin \ firmware_data_key.vbprivk \ firmware.keyblock \ dev_firmware_data_key.vbprivk \ dev_firmware.keyblock \ kernel_subkey.vbpubk dump_fmap -x image-resigned.bin VBLOCK_A FW_MAIN_A cmp VBLOCK_A.orig VBLOCK_A cmp FW_MAIN_A.orig FW_MAIN_A (Test for Alex and ZGB; repeat for old and new resign_firmwarefd.sh) resign_firmwarefd.sh image.bin image-resigned-{old or new}.bin \ firmware_data_key.vbprivk \ firmware.keyblock \ dev_firmware_data_key.vbprivk \ dev_firmware.keyblock \ kernel_subkey.vbpubk cmp image-resigned-old.bin image-resigned-new.bin Change-Id: Ie70b6c91614343ad9f991ae369a0f8e74ec213fe Reviewed-on: https://gerrit.chromium.org/gerrit/31572 Commit-Ready: Che-Liang Chiou <clchiou@chromium.org> Tested-by: Che-Liang Chiou <clchiou@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
ce6649250583a8f3a7aeac78ee3a00679cf6223d |
|
07-Dec-2011 |
Gaurav Shah <gauravsh@chromium.org> |
signing script: Check for errors on extracted dm params in kernel command line. Correctly handle the lack of valid dm config parameters in the kernel command line (dm="..."). In particular, skip trying to perform a rootfs hash update for that kernel partition. This change has the side effect of properly signing new recovery images with the in-flight changes recovery install changes being done as part of crosbug.com/22530. Also fix verification of recovery images to consider both kernel partitions for determing the hash to compare the calculated value against. Finally, remove dd's verbose output while signing the firmware. BUG=chromium-os:22530 TEST=manually re-signed new (Alex) and old (Lumpy) recovery image. Verified that recovery install works. Change-Id: Ied9f82f2e77ed581875cec0b43ce45fd98186db2 Reviewed-on: https://gerrit.chromium.org/gerrit/12588 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
505a047c853b87caf808a180ec2eaf1381b68279 |
|
02-Dec-2011 |
Hung-Te Lin <hungte@chromium.org> |
vboot_reference: sanity check firmware A/B content when resigning If the FW_A and FW_B contents are the same, we should not resign with DEV/NORM keyblocks. BUG=chrome-os-partner:6942 TEST=(to sign) ./resign_firmwarefd.sh bios.bin new.bin \ ../../tests/devkeys/firmware_data_key.vbprivk ../../tests/devkeys/firmware.keyblock \ ../../tests/devkeys/dev_firmware_data_key.vbprivk \ ../../tests/devkeys/dev_firmware.keyblock \ ../../tests/devkeys/kernel_subkey.vbpubk (to verify) dump_fmap -x new.bin vbutil_keyblock --unpack VBLOCK_A | grep Flags vbutil_keyblock --unpack VBLOCK_B | grep Flags When the input (bios.bin) have DEV FW (ex, zgb/alex), then output is A=6, B=7; when the input is old or new firmware without DEV (ex, mario/s*y/l*y), output is A=7, B=7, and you'lll see "Found firmware with same A/B content - ignore DEV keyblock." meessage during resign process. Change-Id: I10cbbf7370f35a40673b328b70c83e7d1213a45d Reviewed-on: https://gerrit.chromium.org/gerrit/12371 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
a24e30cdc2f81e619f2441cdf372a7b6064e1844 |
|
22-Nov-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Make dev firmware keyblock/data key generation and use optional For key generation, only generate dev firmware keyblocks, if the --devkeyblock option is passed. For signing, re-use normal firmware keyblock and data key if no dev keyblocks or data key are found in the keyset directory. BUG=chrome-os-partner:6942 TEST=manual - tested key generation with/without the new flag - tested signing with or without the presence of dev keyblock Change-Id: Ic4bf72cb194461e07fcc0f6de39d4e16d1c979a6 Reviewed-on: https://gerrit.chromium.org/gerrit/12038 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
c88331f18b846ee3fb5d2f2a624c5ecb3e724de3 |
|
02-Aug-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: replace mosys by "dump_fmap -p" Parsing fmap information becomes easier after dump_fmap adds "-p" mode, and prevents the dependency because dump_fmap is in same repo with signing scripts. BUG=none, pure refine to reduce dependency and less error messages TEST=./resign_firmwarefd.sh mario_bios.bin output.bin \ devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \ devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \ devkeys/kernel_subkey.vbpubk # Also verified with modern firmware like ZGB/Alex and ARM. Change-Id: Ia40ecd9ab641250272952e20ab058e780eb7770b Reviewed-on: http://gerrit.chromium.org/gerrit/5132 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
b9cc9550cf8a5d8ff3e9c92999d85d2bd8a54136 |
|
02-Aug-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd: don't change preamble flag by default. When preamble_flag is not assigned manually, resign_firwmarefd should not change the preamble flag. BUG=chromium-os:18207 TEST=# Prepare a bios.bin with preamble_flag=1 (ex, ARM firmware) ./resign_firmwarefd.sh bios.bin ..... # do not assign preamble vbutil_firmware --verify # see preamble_flag=1 # Repeat with firmware having preamble_flag=0 (ex, x86 firmware like ZGB/Alex) # preamble_flag is 0 after resign_firmwarefd. Change-Id: I50f88bbf51a28defaf1c4e5383ab856168a128fc Reviewed-on: http://gerrit.chromium.org/gerrit/5133 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
8e17e5fe43e9407066e7cdf9dabfd3eb637817a7 |
|
22-Jul-2011 |
Hung-Te Lin <hungte@chromium.org> |
resign_firmwarefd.sh: support new "flag" (for hinting two-stop FW) The two-stop firmware relies on the "flag" field which may be useful for the resign_firmwarefd.sh. BUG=chrome-os-partner:5095 TEST=./resign_firmwarefd [params] 1 vbutil_firmware --verify ..... # seeing flag = 1 Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b Reviewed-on: http://gerrit.chromium.org/gerrit/4561 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
574684550064ab5ea4adcfd1b8d2c9ce92a0176b |
|
02-Mar-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Add support for using separate developer firmware keyblock while signing. Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case). Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance. BUG=chrome-os-partner:2218 TEST=manually tried the following: 1) Generating an entire new keyset. 2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets) 3) Firmware signing via sign_official_build.sh of an image with a firmware payload/ Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda Review URL: http://codereview.chromium.org/6594131
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
e1649e136c55300962079b72035498bbdd1c1a52 |
|
14-Feb-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Support new style flashmap labels for firmware signing BUG=chrome-os-partner:2316 TEST=tried signing firmware with old style and new style fmap and verified that it works. Change-Id: I9076fe60308bdb787440486d592c9d5e72602199 Review URL: http://codereview.chromium.org/6516004
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
8ae7b0e41a1252f98e6662a298efb97624431c44 |
|
07-Feb-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Allow signing scripts to (optionally) set the firmware and kernel versions Versions are (optionally) read from a file with the format firmware_version=<firmware version> kernel_version=<kernel version> The new scripts and arguments are compatible with older versions of the script. Change-Id: I502df69d6c02caee75cdf010e61812be408a64e0 BUG=chromium-os:8016 TEST=manually tested all invocations of sign_official_build {verify|usb|ssd|install|recovery} with and without versions. Review URL: http://codereview.chromium.org/6368064
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
605500b88cd99097d482ddcefee4ba04898781ae |
|
18-Jan-2011 |
Gaurav Shah <gauravsh@chromium.org> |
Split common.sh into bash-only and dash-only sections Change-Id: I044331dc3558a4f7428b75fe43ef739498d65803 BUG=chromium-os:10836 TEST=scripts that use common.sh seem to work, would appreciate help in testing Chrome OS client scripts! Review URL: http://codereview.chromium.org/6294002
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
89feaed8dc146a8dde63556650610585d2b70e4d |
|
15-Sep-2010 |
Hung-Te Lin <hungte@chromium.org> |
Change tool "fmap_decode" to "mosys" The fmap_decode tool from flashmap project is deprecated. mosys provides more functionality and fit better into the host environment. BUG=chromium-os:6264 TEST=manually Change-Id: I513d36c8a8f657fdb4cb10d08a867876c32d36b6 Review URL: http://codereview.chromium.org/3388002
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
0c4c9bac3c390445066f08010a753ce76ccb4a5e |
|
16-Aug-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Make signing script re-sign Firmware AU payload, and update rootfs hash. The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys. BUG=3496, 5264 TEST=manual >>>>>For testing rootfs hash updates 1) Ensure that image was build with the --enable_rootfs_verification flag 2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file) 3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output. 4) You should see dm-bht complaining about block hash mismatches $ dmesg | grep dm ..... <dm-bht errors>....... <errors of the form "dm-bht: Block hash match failed"> 4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash. 5) Boot from the re-signed image. Look at dmesg output. 6) You should see NO dm-bht errors. >>>>>For testing re-signing of firmware payload Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory. $ unpack_firmwarefd.sh bios.bin $ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data [Verification should succeed] $ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey "rootkey" should be the same as KEY_DIR/root_key.vbpubk "recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk KEY_DIR: Directory containing the keys used to generate the output image. Review URL: http://codereview.chromium.org/3083025
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|
aa22a5dea505e23516063829fa43a34db3ae412f |
|
27-Jul-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Add script for re-signing final firmware images with the correct keys. Also add a script for splitting a firmware image into component firmware data, vblocks and the GBB. Note: The script uses fmap_decode, a utility to parse flashmap of a firmware image, and a part of the flashmap project: http://code.google.com/p/flashmap/ BUG=3496 TEST=Tested with newer builds of firmware images with flashmaps enabled. Steps to verify: 1) Use script to re-sign an existing image with a new set of keys. 2) Use unpack_firmwarefd.sh to get individual firmware data and vblocks. 3) Use vbutil_firmware with the new keys. Verification should succeed with the newer keys but fail with the older ones. Review URL: http://codereview.chromium.org/3026018
/external/vboot_reference/scripts/image_signing/resign_firmwarefd.sh
|