sign_official_build: add support for signing standalone accessories
authorVincent Palatin <vpalatin@chromium.org>
Tue, 20 Oct 2015 00:22:07 +0000 (17:22 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Tue, 27 Oct 2015 17:13:38 +0000 (10:13 -0700)
Use futility to re-sign standalone accessory firmware images either the
former "usbpd1" used by USB Power Delivery firmware generated from the
EC codebase or the new "rwsig" format.

BRANCH=smaug, samus
BUG=chrome-os-partner:46635
TEST=manual:
openssl genrsa -F4 -out key_zinger.pem 2048
openssl genrsa -F4 -out key_hadoken.pem 2048
futility create --desc="Hadoken fake MP key" key_hadoken.pem key_hadoken
./scripts/image_signing/sign_official_build.sh accessory_usbpd build/zinger/ec.bin . build/zinger/ec.SIGNED.bin
./scripts/image_signing/sign_official_build.sh accessory_rwsig build/hadoken/keyboard_app.bin . build/hadoken/keyboard_app.SIGNED.bin
and compare the re-signed files with the original files.

Change-Id: I586ba3e4349929782e734af1590f394824e7dd44
Reviewed-on: https://chromium-review.googlesource.com/306795
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
scripts/image_signing/sign_official_build.sh

index d1c8768..145e92d 100755 (executable)
@@ -37,6 +37,8 @@ where <type> is one of:
              usb  (sign an image to boot directly from USB)
              verify (verify an image including rootfs hashes)
              nv_lp0_firmware (sign nvidia lp0 firmware)
+             accessory_usbpd (sign USB-PD accessory firmware)
+             accessory_rwsig (sign accessory RW firmware)
 
 output_image: File name of the signed output image
 version_file: File name of where to read the kernel and firmware versions.
@@ -879,6 +881,14 @@ elif [[ "${TYPE}" == "recovery_kernel" ]]; then
   sign_recovery_kernel "${OUTPUT_IMAGE}" "${KEY_DIR}" "${KERNEL_VERSION}"
 elif [[ "${TYPE}" == "update_payload" ]]; then
   sign_update_payload ${INPUT_IMAGE} ${KEY_DIR} ${OUTPUT_IMAGE}
+elif [[ "${TYPE}" == "accessory_usbpd" ]]; then
+  KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+  cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
+  futility sign --type usbpd1 --pem "${KEY_NAME}.pem" "${OUTPUT_IMAGE}"
+elif [[ "${TYPE}" == "accessory_rwsig" ]]; then
+  KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+  cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
+  futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}"
 else
   echo "Invalid type ${TYPE}"
   exit 1