| #!/bin/bash |
| |
| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Standalone version of cros_resign_image.sh script from |
| # chromeos/src/scripts/bin/ for use on signing servers. |
| |
| # Both the cgpt tool and vbutil_kernel should be in the system path. |
| |
| # Load common constants and variables. |
| . "$(dirname "$0")/common.sh" |
| |
| # Abort on error |
| set -e |
| |
| # Check arguments |
| if [ $# -lt 4 ] || [ $# -gt 5 ] ; then |
| echo "usage: $PROG src_bin dst_bin kernel_datakey kernel_keyblock [version]" |
| exit 1 |
| fi |
| |
| # Make sure the tools we need are available. |
| for prereqs in vbutil_kernel cgpt; |
| do |
| type -P "${prereqs}" &>/dev/null || \ |
| { echo "${prereqs} tool not found."; exit 1; } |
| done |
| |
| SRC_BIN=$1 |
| DST_BIN=$2 |
| KERNEL_DATAKEY=$3 |
| KERNEL_KEYBLOCK=$4 |
| VERSION=$5 |
| |
| if [ -z $VERSION ]; then |
| VERSION=1 |
| fi |
| echo "Using kernel version: $VERSION" |
| |
| temp_kimage=$(make_temp_file) |
| extract_image_partition ${SRC_BIN} 2 ${temp_kimage} |
| updated_kimage=$(make_temp_file) |
| |
| vbutil_kernel --repack "${updated_kimage}" \ |
| --keyblock "${KERNEL_KEYBLOCK}" \ |
| --signprivate "${KERNEL_DATAKEY}" \ |
| --version "${VERSION}" \ |
| --oldblob "${temp_kimage}" |
| |
| # Create a copy of the input image and put in the new vblock |
| cp "${SRC_BIN}" "${DST_BIN}" |
| replace_image_partition ${DST_BIN} 2 ${updated_kimage} |
| echo "New signed image was output to ${DST_BIN}" |
| |