Only sign kernel for x86 for now. Leave ARM unsigned.

The signing work is being tested and developed on x86, and ARM isn't ready to use it. Signing the ARM kernel is disruptive. We'll enable it for ARM later. Review URL: http://codereview.chromium.org/2599001
2025-12-07 10:22:12 +01:00 · 2010-06-03 11:03:27 -07:00 · 2010-06-03 11:03:27 -07:00 · 3fefd2ad79
commit 3fefd2ad79
parent a40ed448fc
1 changed files with 31 additions and 21 deletions
--- a/52
+++ b/52
@ -458,11 +458,15 @@ menuentry "local image B" {

 EOF

-# Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
-# standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS
-# will use a separate signed kernel partition, which we'll create now.
-# FIXME: remove serial output, debugging messages
-cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
+# FIXME: At the moment, we're working on signed images for x86 only. ARM will
+# support this before shipping, but at the moment they don't.
+if [[ "$ARCH" = "x86" ]]; then
+  
+  # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
+  # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS BIOS
+  # will use a separate signed kernel partition, which we'll create now.
+  # FIXME: remove serial output, debugging messages
+  cat <<'EOF' > "${OUTPUT_DIR}/config.txt"
 earlyprintk=serial,ttyS0,115200
 console=ttyS0,115200
 init=/sbin/init
@ -477,23 +481,29 @@ i915.modeset=1
 loglevel=7
 Hi_Mom
 EOF
+  
+  # FIXME: We need to specify the real keys and certs here!
+  SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
+  
+  # Create the kernel partition image.
+  kernel_utility --generate \
+      --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
+      --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
+      --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
+      --firmware_sign_algorithm 8 \
+      --kernel_sign_algorithm 2 \
+      --kernel_key_version 1 \
+      --kernel_version 1 \
+      --config "${OUTPUT_DIR}/config.txt" \
+      --bootloader /lib64/bootstub/bootstub.efi \
+      --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
+      --out "${OUTPUT_DIR}/vmlinuz.image"
+  
+else
+  # FIXME: For now, ARM just uses the unsigned kernel by itself.
+  cp -f "${ROOT_FS_DIR}/boot/vmlinuz" "${OUTPUT_DIR}/vmlinuz.image"
+fi

-# FIXME: We need to specify the real keys and certs here!
-SIG_DIR="${SRC_ROOT}/platform/vboot_reference/tests/testkeys"
-
-# Create the kernel partition image.
-kernel_utility --generate \
-    --firmware_key "${SIG_DIR}/key_rsa4096.pem" \
-    --kernel_key "${SIG_DIR}/key_rsa1024.pem" \
-    --kernel_key_pub "${SIG_DIR}/key_rsa1024.keyb" \
-    --firmware_sign_algorithm 8 \
-    --kernel_sign_algorithm 2 \
-    --kernel_key_version 1 \
-    --kernel_version 1 \
-    --config "${OUTPUT_DIR}/config.txt" \
-    --bootloader /lib64/bootstub/bootstub.efi \
-    --vmlinuz "${ROOT_FS_DIR}/boot/vmlinuz" \
-    --out "${OUTPUT_DIR}/vmlinuz.image"

 # Perform any customizations on the root file system that are needed.
 "${SCRIPTS_DIR}/customize_rootfs" \