Cross Reference: /external/vboot_reference/scripts/image_signing/sign_official

History log of /external/vboot_reference/scripts/image_signing/sign_official_build.sh
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
b6ebb1ab1c5a181f08b80f9a77434134645bc294	28-Jan-2015	Hung-Te Lin <hungte@chromium.org>	sign_official_build: Support old images without kernel in partition 4. Old images don't put kernel on partition 4 and rely on vblock for installation. The signer script has to support both old and new images, by testing if kernel partition has valid data. BRANCH=signer BUG=chromium:449450 TEST=(get old image without kernel blob on partition 4) sign_official_build.sh usb image.bin ../../tests/devkeys signed.bin \ ../../tests/devkeys/key.versions Change-Id: I92542ffb162660d86c30d9598fe1ca59ff69afe4 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/243874 Reviewed-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
40837258677fca4b9bfb37b7bfb288baf40831e0	28-Jan-2015	Hung-Te Lin <hungte@chromium.org>	sign_official_buid: Fix "incorrect rootfs hash" when image has no firmware updater . For each mount_image_partition, we have to unmount explicitly before doing other changes (especially when using dd) to image. Otherwise system may flush data when releaseing loop device and cause output image to be corrupted. BUG=chromium:449450 TEST=sign_official_build.sh factory factory_install_shim.bin \ ../../../tests/devkeys signed.bin ../../../tests/devkeys/key.versions sign_official_build.sh verify signed.bin BRANCH=signer Change-Id: I20756d9769c3737e25cfea348a9a4d64cc43b202 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/243496 Reviewed-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
4edc75daa696f9e6fa39205117233ed68dcbed43	16-Jan-2015	Mike Frysinger <vapier@chromium.org>	image_signing: work around shar invocation changing The shar utility changed the flag name and newer versions no longer accept -w. Mung the shellball on the fly to use the newer flag. BUG=chrome-os-partner:33719 TEST=signing old firmware shellball inside chroot passes BRANCH=none Change-Id: If5c2da3062bd72062baa779bb26ea56304c31558 Reviewed-on: https://chromium-review.googlesource.com/241064 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
e54e656b9f1b8f8f1bbcad86569b4aaf9e8bd594	06-Oct-2014	Hung-Te Lin <hungte@chromium.org>	sign_official_build: Support new image layout (always installable kernel in B). ChromiumOS images have recently changed the installable vblock from stateful partition to kernel + vblock in slot B. sign_official_build script should follow that layout so other scripts (ex, cros_generate_update_payload) won't find wrong blob. BRANCH=none BUG=chrome-os-partner:32156 TEST=for image_t in ssd usb install recovery; do ./sign_official_build.sh $image_t IMAGE KEYDIR output$image_t.bin ./sign_official_build.sh verify output$image_t.bin done # Also boots images without problem. Change-Id: I04e2b50f3f3355263ba6de9567b4a82c040c5826 Reviewed-on: https://chromium-review.googlesource.com/221890 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
aa888463b860c2852f3fcb17baf8de395fcca294	13-Jun-2014	Mike Frysinger <vapier@chromium.org>	image_signing: support loem keysets with firmware shellballs With an loem keyset in a recovery shellball, we don't want to write the rootkeys & vblocks to the firmware image directly. Instead, we'll put them into a keyset subdir that the firmware updater will process later. bios.bin keyset/ rootkey.LOEMID vblock_A.LOEMID vblock_B.LOEMID We still write the recovery key to the firmware image though as that is shared between all the keysets. BUG=chromium:381862 TEST=Ran against a recovery image with devkeys & loemkeys and checked shellball TEST=`cbuildbot daisy-release` works BRANCH=none Change-Id: I6fc99c71e6c7dee25f7f9a466a97314ff750fda9 Reviewed-on: https://chromium-review.googlesource.com/203682 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
7a3a4676672525231c38612e6c8a820305d99de5	03-Jul-2013	Don Garrett <dgarrett@google.com>	Add a script to remove /boot and its contents from an image. This is a helper script intended for the signing servers to use to strip out the /boot directory from images just before signing. BUG=chromium:210352 TEST=Manually used to strip and image and validated the results. BRANCH=None Change-Id: I814522284143d8f90651e13000d428718aeca1e4 Reviewed-on: https://gerrit.chromium.org/gerrit/60828 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Don Garrett <dgarrett@chromium.org> Tested-by: Don Garrett <dgarrett@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
f5c62bd7dc1ef3d76d6e5f9119ad73ec95a926d7	13-Jul-2013	Paul Taysom <taysom@chromium.org>	Fixed sign_official_build.sh to work with PARTUUID Fixed sign_official_build.sh to work with PARTUUID in the linux format, PARTUUID=%U/PARTNROFF=1. Had to handle the '/'. Also fixed a misspelled variable name, devcie -> device. It worked before because a NULL string generated the right results in the current configuration. BUG=chromium:224066 TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery /home/taysom/trunk/src/build/images/$B/latest/recovery_image.bin /home/taysom/trunk/src/platform/vboot_reference/tests/devkeys /tmp/taysom.bin BRANCH=none Change-Id: Id201885a63c6eba4cdb7c9216c0d3d35e6d3f0c4 Reviewed-on: https://gerrit.chromium.org/gerrit/61889 Tested-by: Paul Taysom <taysom@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Queue: Paul Taysom <taysom@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
c8c8dfd90992808a91ce85110218cf1f78fd7f92	29-Jan-2013	Paul Taysom <taysom@chromium.org>	Fixed error in verify Fixed the error when running "sign_official_build.sh verify" that was introduced by https://gerrit.chromium.org/gerrit/#/c/40052/ BUG=chromium-os:38229 TEST=sign_official_buils.sh verify on parrot recovery image BRANCH=none Change-Id: Ice1933347811c006005f622d178869df12344998 Reviewed-on: https://gerrit.chromium.org/gerrit/42231 Tested-by: Paul Taysom <taysom@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Paul Taysom <taysom@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
96d16de52ebb6785f7d34dcecc030d1b4e3f9c09	21-Dec-2012	Paul Taysom <taysom@chromium.org>	Fixed the cmdline modification for bootcache Changed the manipulation of the device mapper arguments in the command line to handle bootcache. Had to maintain backwards compatibility with older versions because the signer is used with older images. BUG=chromium-os:37114, 37061 TEST=On a parrot with dev signed keys, signed and installed an R-23 image (2913), a image with bootcache disabled and an image with bootcache enabled. BRANCH=none Change-Id: I59c46ccc3ff8b89ae9c4515f020ea9fbe6d96c7c Reviewed-on: https://gerrit.chromium.org/gerrit/40052 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Paul Taysom <taysom@chromium.org> Tested-by: Paul Taysom <taysom@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
b55c538fca8939e58d20c127a9f42ce4eba7282c	12-Dec-2012	Mike Frysinger <vapier@chromium.org>	sign_official_build: add a dump_config helper and clean up argument processing For debugging purposes, we like to see the kernel command line that a particular kernel is using. We have all the tools to do this already, but not easy to leverage (you have to manually extract/etc...). So add a "dump_config" helper to help people out. Further, the existing argc processing is incomplete and not terribly friendly. Add some useful error messages explaining why we quit. BUG=None TEST=`./sign_official_build.sh dump_config <bin>` works TEST=`./sign_official_build.sh verify <bin>` works TEST=`./sign_official_build.sh` shows usage TEST=`./sign_official_build.sh recovery <bin>` shows usage TEST=`./sign_official_build.sh recovery <bin> / /tmp/foo` tries to sign BRANCH=None Change-Id: I9f94250b8c299783bdcba704733974c6a5491101 Reviewed-on: https://gerrit.chromium.org/gerrit/39603 Reviewed-by: Paul Taysom <taysom@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
ca8c372e60d249cc49ecaf1d33ace2d53caadfae	30-Oct-2012	Hung-Te Lin <hungte@chromium.org>	sign_official_build: Support signing additional RW firmware in shellball. There will be more bios*.bin (ex, bios_rw.bin) in firmware updater, and we do want to sign all files. BRANCH=signer BUG=chromium-os:35369 TEST=sign_official_build.sh ssd DEV_IMAGE ../../tests/devkeys Change-Id: I2ea0c5c3d7a18c43df581f50b4bd907206dcd7ad Reviewed-on: https://gerrit.chromium.org/gerrit/36890 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Hung-Te Lin <hungte@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
283cbf89a9893f3a024809eb7d6c84ed353df6b4	18-Sep-2012	Mike Frysinger <vapier@chromium.org>	sign_official_build.sh: add an update payload operation This enables the signer script to sign update payloads. BUG=chromium-os:34521 TEST=`./sign_official_build.sh update_payload testcase.sha256 . foo` produced a signed foo file BRANCH=None Change-Id: I27a9de89e760427251538deec38161944388a152 Reviewed-on: https://gerrit.chromium.org/gerrit/33535 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Don Garrett <dgarrett@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
22bd8b0c29b485ccdaa4f63e6fdac9f097b60aab	12-Sep-2012	Mike Frysinger <vapier@chromium.org>	sign_official_build.sh: rename "install" to "factory" This lines up with the terminology that people have been using, and the valid types that can appear in signer instruction files. We keep around the old "install" so that other code continues to work. BUG=None TEST=None BRANCH=none Change-Id: I8d0d2ab4c0ae61f6bcdbcc24ec9796d9eabe386e Reviewed-on: https://gerrit.chromium.org/gerrit/33056 Reviewed-by: David McMahon <djmm@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
9c783ce3c132491e28efe84751b20d82fc571560	06-Jun-2012	Gaurav Shah <gauravsh@chromium.org>	Signing scripts: Add firmware signing to sign_official_build.sh This makes it easy to integrate firmware signing into the signer since we can reuse the base signing script. BUG=chromium-os:10094 TEST=try signing both firmware and normal images. Change-Id: I8beb598e267de33a2c3468dcf8d7c4b74d4de9fd Reviewed-on: https://gerrit.chromium.org/gerrit/24654 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
d170a9d542dd4770c25d5ed82429a55391d88218	10-Apr-2012	Gaurav Shah <gauravsh@chromium.org>	signer scripts: unmount loop devices without -d arg to umount Investigations in crosbug.com/26483 revealed a bug in loop device handling if 'umount -d' was called on loop devices mounted using 'mount -o loop'. This CL changes all invocations of umount to remove the -d option since they are always in the context of a loop device creating using -o loop. BUG=chrome-os-partner:8156 TEST=none Change-Id: I96f30664c3f9148d3b57d430002512d8e94b66bc Reviewed-on: https://gerrit.chromium.org/gerrit/19858 Reviewed-by: David James <davidjames@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
ce6649250583a8f3a7aeac78ee3a00679cf6223d	07-Dec-2011	Gaurav Shah <gauravsh@chromium.org>	signing script: Check for errors on extracted dm params in kernel command line. Correctly handle the lack of valid dm config parameters in the kernel command line (dm="..."). In particular, skip trying to perform a rootfs hash update for that kernel partition. This change has the side effect of properly signing new recovery images with the in-flight changes recovery install changes being done as part of crosbug.com/22530. Also fix verification of recovery images to consider both kernel partitions for determing the hash to compare the calculated value against. Finally, remove dd's verbose output while signing the firmware. BUG=chromium-os:22530 TEST=manually re-signed new (Alex) and old (Lumpy) recovery image. Verified that recovery install works. Change-Id: Ied9f82f2e77ed581875cec0b43ce45fd98186db2 Reviewed-on: https://gerrit.chromium.org/gerrit/12588 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
59c4b30d00e08e27323c5615731bfba5a9fd9c86	06-Dec-2011	Gaurav Shah <gauravsh@chromium.org>	sign_official_build: Do not ignore the firmware version while re-signing firmware Change https://gerrit.chromium.org/gerrit/12471 introduced a regression where by we always sign a firmware with version 1. This change fixes that bug. BUG=chromium-os:23817 TEST=ran sign_official_build and made sure the firmware was signed with the right firmware version. Change-Id: I6c8d3e8b103f3f7329b7a4db5a78a8f1ce4415a2 Reviewed-on: https://gerrit.chromium.org/gerrit/12496 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
42d23c664dbd1334c82b48b504b7d8499955963d	06-Dec-2011	Gaurav Shah <gauravsh@chromium.org>	sign_official_build: Use sign_firmware.sh for in-place firmware signing. We recently fixed a bug in the sign_firmware.sh script to perform root key replacement after signing FWA and FWB to allow resign_firmwarefd.sh to correctly determine the preamble flag to use. As it turns out, the sign_official_build.sh script used by the signer for in-place firmware re-signing was using a different code path (by directly calling resign_firmwarefd.sh). This change makes sign_official_build script call sign_firmware.sh instead. BUG=chrome-os-partner:6874 TEST=tried signing a vanilla lumpy image with and without the fix, and observed the value of preamble flag used. Change-Id: Icffb1d86fbe44f69e444da51fe251ad3427635c6 Reviewed-on: https://gerrit.chromium.org/gerrit/12471 Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
bd3dad01b0c2d934462d70eeabb31abcd0310b3f	26-Sep-2011	Hung-Te Lin <hungte@chromium.org>	sign_official_build: allow repacking firmware when executed by sudo To prevent execution permissions lost after being copied to /tmp, force adding a+rx to the staging file. BUG=chromium-os:20797 TEST=sudo sign_official_build.sh ssd \ x86-zgb-0.16.1089.0.bin ../../tests/devkeys ssd_image.bin Change-Id: Ibee12dbb3faea9f6b05600d1343620e0af8633fb Reviewed-on: http://gerrit.chromium.org/gerrit/8263 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
132e6e0c8cfa49a470199374e2331e3bb2ea21d6	23-Sep-2011	Gaurav Shah <gauravsh@chromium.org>	sign_official_build: Work around different verity arguments across images Work around the fact that we have 3 different verity kernel arguments depending on the image being signed (legacy parameters, new key=value parameters, new key= value parameters with salt). Since the signer is not branch conscious, expect and use the old verity binary to be present when legacy kernel arguments are specified. The last 2 types of verity arguments can be distinguished based on whether a salt is present. BUG=chromium-os:20640 TEST=manually tested by signing r14, r15 and r16 images and verifying that kernel parameters are set correctly. Change-Id: I96ecf6f506a94509a64ef12d7a108e977f94c23c Reviewed-on: http://gerrit.chromium.org/gerrit/8214 Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: David McMahon <djmm@chromium.org> Tested-by: David McMahon <djmm@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
9137e8df481906c7de15d92f639a6129adedd892	03-Sep-2011	Hung-Te Lin <hungte@chromium.org>	sign_official_build: support new firmware updater repacking method To prevent hard-coding the procedure to repack a firmware updater, this CL supports using new "--sb_repack" mode supported by updater so that signer does not need to care about how the updater is packed anymore. BUG=chromium-os:20027 TEST=./sign_official_build.sh ssd \ ~/trunk/src/build/images/x86-zgb/latest/chromiumos_image.bin \ ../../tests/devkeys \ ~/trunk/src/build/images/x86-zgb/latest/chromiumos_new_image.bin # success Change-Id: I035dfaa86b05b85748e69ec039769b0c08d33f64 Reviewed-on: http://gerrit.chromium.org/gerrit/7311 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
c0911e27b93eae772088ed09d7a41561b7a5b0b6	24-Aug-2011	Gaurav Shah <gauravsh@chromium.org>	Fix image verify with new key-value verity params BUG=chromium-os:18492 TEST=manually on new and old image. Change-Id: Ifa7ab70cd2cd3629656d167cd6f4bfaae8f7f03a Reviewed-on: http://gerrit.chromium.org/gerrit/6589 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
69b88dc99b0c3ed12ad66f8df7b65ecc3682204f	23-Aug-2011	Gaurav Shah <gauravsh@chromium.org>	Add support for new verity key-value style kernel parameters BUG=chromium-os:18492 TEST=manually tested with both an old verity image, as well as a new one (with the pending http://gerrit.chromium.org/gerrit/6085) Change-Id: I347de9185db1c4ea949d37121c63e08184e8fcfe Reviewed-on: http://gerrit.chromium.org/gerrit/6516 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
cba0e83d91b33c3ef9c71fc7dc24c1370e7f3e9a	21-Jul-2011	Gaurav Shah <gauravsh@chromium.org>	Fix script to use new key=value style /bin/verity arguments BUG=chromium-os:17953 TEST=Run sign_official_build.sh verify from the chroot on an image, now it succeeds. Change-Id: Idd923716c95f4f12bd0a1236e2894af276e26d71 Reviewed-on: http://gerrit.chromium.org/gerrit/4499 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
6bd03d4a88fa049bd72cf18fec701cec1dfc042b	26-May-2011	Gaurav Shah <gauravsh@chromium.org>	Update the install kernel on the recovery image with the right vblock This avoids the need to read the vblock off the stateful partition to re-construct the right SSD install kernel. The recovery installer can also perform its verification checks (e.g. rollback to old version) by directly reading kernel partition B instead of re-constructing it by mounting the stateful partition. We still copy the SSD vblock on the stateful for tools that still use them (by overwriting the SSD kernel vblock). That operation is basically a no-op now. This unnecessary step will be removed from the tools as part of separate CLs. BUG=chromium-os:8378, chrome-os-partner:3309 TEST=signed a new recovery image, made sure it installs Change-Id: Ic4308fba1355f67a3b2821ae7e8d438bf658b0d1 Reviewed-on: http://gerrit.chromium.org/gerrit/1648 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
9dc90d36f8f2e2029adbfece0831c1a840e899ca	13-May-2011	Gaurav Shah <gauravsh@chromium.org>	Add /sbin and /usr/sbin to the search path Some tools (such as dumpe2fs) may reside in paths that are not in the system non-root path. BUG=chromium-os:13564 TEST=Can now run sign_official_build without sudo. Change-Id: I48737e7735551c9004a6fa19359da664ca67b423 Reviewed-on: http://gerrit.chromium.org/gerrit/867 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> /external/vboot_reference/scripts/image_signing/sign_official_build.sh
c3fe59f72c95597a2d5becc8511e9d5eaf97c391	05-Apr-2011	Gaurav Shah <gauravsh@chromium.org>	Fail verification if the rootfs hash is empty. This should let the signer catch errors where there are errors parsing verity output. And failing verification if rootfs hash verification is turned off for whatever reason. Change-Id: I1e3f239a5b6afab31accdd8f0a737b8685530e8d BUG=chrome-os-partner:3093, chrome-os-partner:3104 TEST=manually on a badly signed image (verification fails now) Review URL: http://codereview.chromium.org/6720043 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
276f846a142a3c2c7c2c575d4403c71eca18a92a	14-Mar-2011	Gaurav Shah <gauravsh@chromium.org>	Do not modify the input image while signing. Change-Id: I17e1a5abcc4f2fab970a587b338594a7d51ecb2e BUG=chromium-os:13026 TEST=manually tested all signing modes(usb, ssd, recovery, install), input image was not modified in each case. Review URL: http://codereview.chromium.org/6686004 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
574684550064ab5ea4adcfd1b8d2c9ce92a0176b	02-Mar-2011	Gaurav Shah <gauravsh@chromium.org>	Add support for using separate developer firmware keyblock while signing. Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case). Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance. BUG=chrome-os-partner:2218 TEST=manually tried the following: 1) Generating an entire new keyset. 2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets) 3) Firmware signing via sign_official_build.sh of an image with a firmware payload/ Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda Review URL: http://codereview.chromium.org/6594131 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
e77bec95d57ad8937e005ec7ebf183c925e656d9	24-Feb-2011	Gaurav Shah <gauravsh@chromium.org>	Add script to in-place modify a recovery image to ssd Change-Id: I6435a4b0f40a571f8e44830e6d32f42d2d3213ff BUG=none TEST=manually tested with a signed image and comparing the kernel, and rootfs partitions. Review URL: http://codereview.chromium.org/6533015 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
8ae7b0e41a1252f98e6662a298efb97624431c44	07-Feb-2011	Gaurav Shah <gauravsh@chromium.org>	Allow signing scripts to (optionally) set the firmware and kernel versions Versions are (optionally) read from a file with the format firmware_version=<firmware version> kernel_version=<kernel version> The new scripts and arguments are compatible with older versions of the script. Change-Id: I502df69d6c02caee75cdf010e61812be408a64e0 BUG=chromium-os:8016 TEST=manually tested all invocations of sign_official_build {verify\|usb\|ssd\|install\|recovery} with and without versions. Review URL: http://codereview.chromium.org/6368064 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
527612e3565be00030a082c262204a0562bc0d4a	30-Nov-2010	Gaurav Shah <gauravsh@chromium.org>	Fix return code on verify (should be 0, not 1 on no errors) BUG=chromium-os:9578 TEST=manually tested before and after the change (echo $? after running verify on an image) Change-Id: I7d7e36b63482ef3a447cf07b09abdc6fb37b22c1 Review URL: http://codereview.chromium.org/5273010 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
5f500b19ba0cdc174a47a68e40f939a4ed69861c	24-Nov-2010	Gaurav Shah <gauravsh@chromium.org>	Make sign_official_build.sh verify perform an additional rootfs sanity check using e2fsck. This mirrors the change made for cros_make_image_bootable. BUG=chromium-os:9578 TEST=manually ran verify on signed images including those with known rootfs corruptions. Change-Id: I5dfdf1bfa975fbbbb4e010cd2adc6a3a7f08da15 Review URL: http://codereview.chromium.org/5367004 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
baa09de3a426936de697895b95641254ebf2c01f	05-Nov-2010	Gaurav Shah <gauravsh@chromium.org>	sign_official_build install mode should use the installer kernel data key Earlier we used to reuse the recovery kernel data key in the installer, however now we make them different, and so installer keyblock nolonger corresponds to the recovery kernel data key. This CL fixes that. BUG=7202 TEST=manually tested by using the new key generation scripts, and verifying that the old install signing no longer worked. Making the fix again makes the image verify only in dev mode. Change-Id: Ic83e90397132da9f88b36e69198773350eb3691f Review URL: http://codereview.chromium.org/4527004 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
4b86514d8581315fafc196d47d4412677f193750	04-Nov-2010	Bill Richardson <wfrichar@google.com>	Produce the correct vvmlinuz_hd.vblock when signing for direct USB. BUG=chromium-os:8686 TEST=manual Follow all the steps to validate http://code.google.com/p/chromium-os/issues/detail?id=8679 While booted from the USB image, open a shell and run (as chronos) /usr/sbin/chromeos-install Reboot, and the device should boot the image installed from the USB. Change-Id: Iedd595de8dbafabb3e9c8b638cb7e75eea02f165 Review URL: http://codereview.chromium.org/4457001 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
64bd77e1d8b16f6f182184092114a0d8779bdf52	04-Nov-2010	Bill Richardson <wfrichar@google.com>	Add 'usb' option back to sign_official_build.sh script We still need a way to re-sign non-installer images so that they can be booted directly from USB. BUG=chromium-os:8679 TEST=manual, from within the build chroot Obtain a chromiumos_base_image from buildbot or your own build. Ensure that it's signed with the dev-keys (it should be). Modify it somehow. For example: (cros-chroot)$ cd src/platform/vboot_reference/scripts/image_signing (cros-chroot)$ ./set_chronos_password.sh chromiumos_base_image.bin mypassword Now resign the image: (cros-chroot)$ cd src/platform/vboot_reference/scripts/image_signing (cros-chroot)$ ./sign_official_build.sh usb chromiumos_base_image.bin \ /usr/share/vboot/devkeys usb_image.bin Then copy the usb_image to a USB stick: sudo dd if=usb_image of=/dev/WHATEVER The resulting USB stick should boot in recovery mode, and assuming you changed the password as shown above, should let you use that password to get a shell. Change-Id: I3aaa2b8787c52940249fd15007e075de7e017d78 Review URL: http://codereview.chromium.org/4424003 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
d7947a197edc905d3f0a14a661de83573dd6c650	03-Nov-2010	Gaurav Shah <gauravsh@chromium.org>	Fix signing script to work with new recovery image format. BUG=chrome-os-partner:1573 TEST=Manually tested with the latest signed release build. Recovery installer successfully completed and installed the image on the SSD. Change-Id: I92706e957a1d339db516600ef0d86141d914b0d2 Review URL: http://codereview.chromium.org/4262004 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
aaae959412acc95ba2f4a0b5af44d67186c7a3d2	22-Oct-2010	Will Drewry <wad@chromium.org>	common.sh, ...: add support for ext2-ro/rw hack Copies the helpers from crosutils.git/common.sh but uses printf with octals for portability. This should update all locations where we mount root rw and disable_rw_mounts just before a final sign. TEST= in progres; plz help :) BUG=chromium-os:7972 Change-Id: Ibdd23cb30335942c36d537663aabea605a2f8704 Review URL: http://codereview.chromium.org/3987001 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
e2baaec4748d5ac89854a8003f75dd48ddd0e557	16-Oct-2010	Hung-Te Lin <hungte@chromium.org>	vboot_reference: remove source trailing space Found a trailing space in souce comments, remove it for coding style (and to force ebuild version bump) BUG=none TEST=none Change-Id: Ie7cb295085b73fe9e274a89e5b4ee5eda9aae66f Review URL: http://codereview.chromium.org/3799006 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
815193daeeef8913dce878e36c6608adb1c56bb5	01-Oct-2010	Gaurav Shah <gauravsh@chromium.org>	Add a script to put in a rootfs from one image into another. Also add an option to prevent sign_official_build from attempting to re-sign the firmware. This is needed because we want both the SSD and RECOVERY images to have the same rootfs for delta updates to work correctly. BUG=chromium-os:7242 TEST=manually verified that rootfs gets replaced correctly (by verifying the rootfs hash). Change-Id: I2ca4f2bef938ca14301fed6a0b16c1a7dc2ba6d9 Review URL: http://codereview.chromium.org/3529007 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
04c00e19c6fd1d9ad09d2bf5e06518c249d62b31	30-Sep-2010	Hung-Te Lin <hungte@chromium.org>	Add a utility to tag/stamp image There are several procedures in Chrome OS post-processing before being released: stamping, tagging, mod image for URLs, ... and signing. We need an integrated script to handle all the stamping / tagging. This CL can handle empty tag files like /root/.force_update_firmware or /root/.dev_mode. This CL deprecates http://codereview.chromium.org/3421040 and moved script from crosutils to vboot_reference. In the future we may isolate the non-signing post-processing scripts (set_lsb, tag_image, remove_label, ...) into crosutils. BUG=none TEST=manually: (1) Build a general dev image without firmware updates (default behavior of build_image for x86-generic ToT) (2) Enter chroot and then execute: cd ~/trunk/src/platform/vboot_reference/scripts; ./tag_image.sh \ --from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin Expected: output message: Update Firmware: disabled Developer Mode: Enabled (3) ./tag_image.sh --update_firmware=1 --dev_mode=0 \ --from ~/trunk/src//build/images/x86-generic/latest/chromiumos_image.bin Expected: output message: Update Firmware: disabled => Enabled Developer Mode: Enabled => disabled Manually verify: pushd ../../build/images/x86-generic/latest unpack_partitions.sh chromiumos_image.bin sudo mount -o loop,ro part_3 rootfs ls -l rootfs/root/.force_update_firmware # this file should exist ls -l rootfs/root/.dev_mode # this file should NOT exist (i.e., error) sudo umount rootfs (4) ./tag_image.sh --update_firmware=0 --dev_mod=1 \ --from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin Expected: output message: Update Firmware: Enabled => disabled Developer Mode: disabled => Enabled Manually verify: pushd ../../build/images/x86-generic/latest unpack_partitions.sh chromiumos_image.bin sudo mount -o loop,ro part_3 rootfs ls -l rootfs/root/.force_update_firmware # this file should NOT exist (i.e., error) ls -l rootfs/root/.dev_mode # this file should exist sudo umount rootfs Change-Id: I96af3c7201372bb904426d10cff142467a1fa2e7 Review URL: http://codereview.chromium.org/3604001 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
14805f555173cf430902ab415cef9d0d83182578	16-Sep-2010	Gaurav Shah <gauravsh@chromium.org>	Don't forget to umount rootfs in case we bail on firmware re-signing. BUG=chrome-os-partner:1097 TEST=manual + independently verified by drewry@ 1) Extract rootfs from the original image. 2) run tune2fs -l <original rootfs> on it. Observe filesystem features has no "needs_recovery" 3) run sign_official_build.sh 4) Extract new rootfs 6) run tune2fs -l <new rootfs>. "needs_recovery" should still not be there (it was before this fix) Change-Id: I3a03245886844d3dbfe1f8b2b73ce624ec67808f Review URL: http://codereview.chromium.org/3436010 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
71bff41d6f0ff9912b9c56d14ba2ea0dd0331a9c	10-Sep-2010	Gaurav Shah <gauravsh@chromium.org>	If found, sign the packaged firmware autoupdate. Previously this was hidden behind an environment variable. With this change, the signing script will always try to sign the firmware update if found. If not, it will still perform the remaining steps (rootfs calculation, kernel partition signature etc.). Also fixed a few minor bugs with the firmware update code. BUG=chrome-os-partner:925, chrome-os:3496 TEST=created a ToT semi-official build, and ran the signing script on the image. Verified that the firmware got correctly updated (by running chromeos-firmwareupdate on the device). Also tested on images without the packaged firmware update. Change-Id: I0921ce36a880e18167a8e3a2b63d8f246693d488 Review URL: http://codereview.chromium.org/3292016 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
1a2e6fc765a13b636d3dd75dc7cae709e9e8d218	08-Sep-2010	Gaurav Shah <gauravsh@chromium.org>	Adds a sudo before dumpe2fs. Looks like dumpe2fs is not in the path otherwise. Also added a check to look for it as a pre-requisite. BUG=none TEST=none Change-Id: I329c894597bc1638043a67359465e55b2ce6d0f7 Review URL: http://codereview.chromium.org/3355013 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
1cd4cdbbae7cd51d0c0ab247aab53ebc6a8cc8a9	03-Sep-2010	Gaurav Shah <gauravsh@chromium.org>	Add a "verify" option to sign_official_build.sh. This option will perform verification operations on an image. 1) Check if the RootFS hash is correct. 2) Check if the image will verify using recovery keys (in recovery mode) 3) Check if the image will verify using SSD keys (in non-recovery mode) 2) and 3) are both tested with and without dev mode. Also re-factor existing code for rootfs calculation and update. BUG=5830,3496 TEST=manual Example usage and output follows: # Verifying an image meant for factory install. sudo ./sign_official_build.sh verify factory_install_image.sh ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): YES With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Verifying an image meant for recovery mode. sudo ./sign_official_build.sh verify recovery_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): YES With Recovery Key (Recovery Mode ON, Dev Mode ON): YES With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Verifying an image meant for the SSD drive. sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Image with an incorrect rootfs hash but otherwise validly signed sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/ Verifying RootFS hash... FAILED: RootFS hash is incorrect. Expected: ebce345727ca05ea9368d3b8d5ce1c81471d7d3b Got: 9b092985996bb2422b11487a66929a1a004df4fc Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Image signed using a different set of keys (but validly signed). sudo ./sign_official_build.sh verify invalid_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct (70e6f2de0220991fd503a6fcc7edac131b4a48ca) Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES Change-Id: I4960cdbbbe93e685346417b882739f9cfd5f6b75 Review URL: http://codereview.chromium.org/3327005 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
33c44fc14f6981601d0f0743d0705587d5f11c56	20-Aug-2010	Gaurav Shah <gauravsh@chromium.org>	Fix signing script: Add missing quotes around string test. Change-Id: I01c5da48b6fdb48ae45cdb21a6ca7484ad6b09dc Review URL: http://codereview.chromium.org/3106027 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
0500524edda44c770690bb942e916522f1eca5cd	19-Aug-2010	Gaurav Shah <gauravsh@chromium.org>	Hide packaged firmware AU signing behind a flag for now. The exact firmware packaging is still very much in flux, not to mention current images don't have the firmware autoupdate package. BUG=none TEST=none Change-Id: Idc60c2c9a8fbc83e0c786b4d4f96f371cdb4a49f Review URL: http://codereview.chromium.org/3151027 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
0c4c9bac3c390445066f08010a753ce76ccb4a5e	16-Aug-2010	Gaurav Shah <gauravsh@chromium.org>	Make signing script re-sign Firmware AU payload, and update rootfs hash. The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys. BUG=3496, 5264 TEST=manual >>>>>For testing rootfs hash updates 1) Ensure that image was build with the --enable_rootfs_verification flag 2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file) 3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output. 4) You should see dm-bht complaining about block hash mismatches $ dmesg \| grep dm ..... <dm-bht errors>....... <errors of the form "dm-bht: Block hash match failed"> 4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash. 5) Boot from the re-signed image. Look at dmesg output. 6) You should see NO dm-bht errors. >>>>>For testing re-signing of firmware payload Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory. $ unpack_firmwarefd.sh bios.bin $ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data [Verification should succeed] $ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey "rootkey" should be the same as KEY_DIR/root_key.vbpubk "recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk KEY_DIR: Directory containing the keys used to generate the output image. Review URL: http://codereview.chromium.org/3083025 /external/vboot_reference/scripts/image_signing/sign_official_build.sh
37522c9c0ccf48e63e0ab6c2b35b50948d15a003	05-Aug-2010	Gaurav Shah <gauravsh@chromium.org>	Add a script to generate builds signed using the official keys. The script sign_official_build.sh does the appropriate signing depending on whether an ssd, recovery or factory-install image is desired. Also re-factors some common functionality into common.sh. BUG=3496 TEST=manual I haven't had a chance to test this on an actual machine running our firmware but will do that before I actually check-in. Thoughts I'd atleast get this out to get the review going. Review URL: http://codereview.chromium.org/3066034 /external/vboot_reference/scripts/image_signing/sign_official_build.sh