EC-EFS: Fix in-place signature replacement

When futility replaces the old signature in the input file with a
new one, it assumes the signature is at the end of RW region. This
assumption is wrong for EC-EFS binaries because they place a
signature at each end of two EC_RW areas.

This patch fixes the issue by specifying the signature address via
'old_sig', which points to the (first) signature address regardless
of the input file format (EFS v.s. non-EFS, FMAP v.s. no FMAP).

'futility sign --type rwsig --prikey key_ec_efs.vbprik2 ec.bin'.
Then run 'futility show --type rwsig ec.bin', which prints
'Signature verification succeeded.'
make runtests

Change-Id: I730fd31be640de3e9381f156d084162dd4093ba6
Signed-off-by: Daisuke Nojiri <>
1 file changed