Add transitional flag for enabling arm kernel signing

For now arm kernel partitions are not signed. This CL is a transitionsl. That is, the added flag should be removed after arm verified boot is stable. To properly create an arm kernel partition, we also need another CL for vbutil_kernel utility that turns off x86-only modifications on kernel image. See CL:6538015. BUG=chromium-os:3790,chromium-os:12352 TEST=see below Build images for x86 and arm successfully, and notice that load_kernel_test passes for x86 and signed arm image. $ build_image --board=tegra2_seaboard --crosbug12352_arm_kernel_signing $ build_image --board=tegra2_seaboard --nocrosbug12352_arm_kernel_signing $ build_image --board=x86-generic Review URL: http://codereview.chromium.org/6538014 Change-Id: I1be381bae2fc367a0603ac2ec67ee70fc9a257e4
2026-05-04 19:56:32 +02:00 · 2011-02-24 12:00:16 +08:00 · 2011-02-24 12:00:16 +08:00 · 75ac2beb67
commit 75ac2beb67
parent 3635aaa55e
3 changed files with 70 additions and 26 deletions
--- a/bin/cros_make_image_bootable
+++ b/bin/cros_make_image_bootable
@ -117,6 +117,10 @@ DEFINE_string espfs_mountpoint "/tmp/espfs" \
 DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
  "Use developer keys for signing. (Default: false)"

+# TODO(clchiou): Remove this flag after arm verified boot is stable
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+  "Sign kernel partition for ARM images (temporary hack)."
+
 # TODO(sosa):  Remove once known images no longer use this in their config.
 DEFINE_string arm_extra_bootargs "" "DEPRECATED FLAG.  Do not use."

@ -128,6 +132,12 @@ FLAGS "${@}" || exit 1
 # so will die prematurely if 'set -e' is specified before now.
 set -e -u

+if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
+  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
+else
+  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
+fi
+
 # $1 - Directory where developer rootfs is mounted.
 # $2 - Directory where developer stateful_partition is mounted.
 # $3 - Directory where the ESP partition is mounted.
@ -195,6 +205,7 @@ make_image_bootable() {
    --verity_error_behavior=${FLAGS_verity_error_behavior} \
    --root=${cros_root} \
    --keys_dir="${FLAGS_keys_dir}" \
+    ${crosbug12352_flag} \
    ${use_dev_keys}

  local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash})
--- a/23
+++ b/23
@ -92,6 +92,10 @@ DEFINE_string boot_args "noinitrd" \
 DEFINE_string usb_disk /dev/sdb3 \
  "Path syslinux should use to do a usb boot. Default: /dev/sdb3"

+# TODO(clchiou): Remove this flag after arm verified boot is stable
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+  "Sign kernel partition for ARM images (temporary hack)."
+
 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
  "Default all bootloaders to use kernel-based root fs integrity checking."
 DEFINE_integer verity_error_behavior 3 \
@ -286,6 +290,11 @@ case "${TC_ARCH}" in
    exit 1
 esac

+if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
+  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
+else
+  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
+fi
 if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
  enable_rootfs_verification_flag="--enable_rootfs_verification"
 fi
@ -409,6 +418,7 @@ create_boot_desc() {
  --keys_dir="${DEVKEYSDIR}"
  --usb_disk="${FLAGS_usb_disk}"
  --nocleanup_dirs
+  ${crosbug12352_flag}
  ${enable_rootfs_verification_flag}
 EOF
 }
@ -800,10 +810,14 @@ fi
 # Place flags before positional args
 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
                                            "${PRISTINE_IMAGE_NAME}" \
-                                            ${USE_DEV_KEYS}
+                                            ${USE_DEV_KEYS} \
+                                            ${crosbug12352_flag}

-# FIXME: only signing things for x86 right now.
-if [[ "${ARCH}" = "x86" ]]; then
+# FIXME Test x86 image, and test arm image if enabled;
+# should unconditionally test an image after crosbug12352 is fixed
+if [[ "${ARCH}" = "x86" ]] ||
+   [[ "${ARCH}" = "arm" &&
+      "${FLAGS_crosbug12352_arm_kernel_signing}" -eq "${FLAGS_TRUE}" ]]; then
  BOOT_FLAG=
  if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] ||
     [ "${FLAGS_factory_install}" -eq "${FLAGS_TRUE}" ]; then
@ -825,7 +839,8 @@ if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ] ; then

  update_dev_packages ${DEVELOPER_IMAGE_NAME}
  ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
-                                              "${DEVELOPER_IMAGE_NAME}"
+                                              "${DEVELOPER_IMAGE_NAME}" \
+                                              ${crosbug12352_flag}
 fi

 # Clean up temporary files.
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@ -71,6 +71,10 @@ DEFINE_integer verity_max_ios -1 \
 DEFINE_string verity_hash_alg "sha1" \
  "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"

+# TODO(clchiou): Remove this flag after arm verified boot is stable
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+  "Sign kernel partition for ARM images (temporary hack)."
+
 # Parse flags
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
@ -145,15 +149,11 @@ EOF
 WORK="${WORK} ${FLAGS_working_dir}/boot.config"
 info "Emitted cross-platform boot params to ${FLAGS_working_dir}/boot.config"

-# FIXME: At the moment, we're working on signed images for x86 only. ARM will
-# support this before shipping, but at the moment they don't.
 if [[ "${FLAGS_arch}" = "x86" ]]; then
-
  # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will
  # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS
  # BIOS will use a separate signed kernel partition, which we'll create now.
  # FIXME: remove serial output, debugging messages.
-  mkdir -p ${FLAGS_working_dir}
  cat <<EOF | cat - "${FLAGS_working_dir}/boot.config" \
    > "${FLAGS_working_dir}/config.txt"
 console=tty2
@ -170,6 +170,35 @@ tpm_tis.interrupts=0
 EOF
  WORK="${WORK} ${FLAGS_working_dir}/config.txt"

+  bootloader_path="/lib64/bootstub/bootstub.efi"
+  kernel_image="${FLAGS_vmlinuz}"
+
+  sign_the_kernel=${FLAGS_TRUE}
+elif [[ "${FLAGS_arch}" = "arm" ]]; then
+  cp "${FLAGS_working_dir}/boot.config" "${FLAGS_working_dir}/config.txt"
+  WORK="${WORK} ${FLAGS_working_dir}/config.txt"
+
+  kernel_script="${FLAGS_working_dir}/kernel.scr"
+  kernel_script_img="${FLAGS_working_dir}/kernel.scr.uimg"
+
+  echo -n 'setenv bootargs ${bootargs} ' > "${kernel_script}"
+  tr '\n' ' ' < "${FLAGS_working_dir}/boot.config" >> "${kernel_script}"
+  echo >> "${kernel_script}"
+
+  mkimage -A arm -O linux -T script -C none -a 0 -e 0 \
+    -n kernel_script -d "${kernel_script}" "${kernel_script_img}"
+
+  WORK="${WORK} ${kernel_script} ${kernel_script_img}"
+
+  bootloader_path="${kernel_script_img}"
+  kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}"
+
+  sign_the_kernel=${FLAGS_crosbug12352_arm_kernel_signing}
+else
+  error "Unknown arch: ${FLAGS_arch}"
+fi
+
+if [[ "${sign_the_kernel}" -eq "${FLAGS_TRUE}" ]]; then
  # We sign the image with the recovery_key, because this is what goes onto the
  # USB key. We can only boot from the USB drive in recovery mode.
  # For dev install shim, we need to use the installer keyblock instead of
@ -189,8 +218,9 @@ EOF
    --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
    --version 1 \
    --config "${FLAGS_working_dir}/config.txt" \
-    --bootloader /lib64/bootstub/bootstub.efi \
-    --vmlinuz "${FLAGS_vmlinuz}"
+    --bootloader "${bootloader_path}" \
+    --vmlinuz "${kernel_image}" \
+    --arch "${FLAGS_arch}"

  # And verify it.
  vbutil_kernel \
@ -223,24 +253,14 @@ EOF
  rm -f $tempfile
  trap - EXIT

-elif [[ "${FLAGS_arch}" = "arm" ]]; then
-  # FIXME: This stuff is unsigned, and will likely change with vboot_reference
-  # but it doesn't technically have to.
-
-  kernel_script="${FLAGS_working_dir}/kernel.scr"
-  kernel_script_img="${FLAGS_working_dir}/kernel.scr.uimg"
-  # HACK: !! Kernel image construction requires some stuff from portage, not
-  # sure how to get that information here cleanly !!
-  kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}"
-  WORK="${WORK} ${kernel_script} ${kernel_script_img}"
+else
+  # FIXME: This stuff is unsigned. This part should be removed or made
+  # non-default after ARM verified boot is stable.

  kernel_size=$((($(stat -c %s "${kernel_image}") + 511) / 512))
  script_size=16

-  # Build boot script image
-  echo -n 'setenv bootargs ${bootargs} ' > "${kernel_script}"
-  tr '\n' ' ' <"${FLAGS_working_dir}/boot.config" >> "${kernel_script}"
-  echo >> "${kernel_script}"
+  # Add more scripts to boot script image for loading kernel image
  printf 'read ${devtype} ${devnum}:${kernelpart} ${loadaddr} %x %x\n' \
    ${script_size} ${kernel_size} >> "${kernel_script}"
  echo 'bootm ${loadaddr}' >> ${kernel_script}
@ -262,8 +282,6 @@ elif [[ "${FLAGS_arch}" = "arm" ]]; then
  # phony hd.vblock to keep chromeos-install and cros_generate_update_payload
  # working.
  dd if="${FLAGS_to}" of="${FLAGS_hd_vblock}" bs=64K count=1
-else
-  error "Unknown arch: ${FLAGS_arch}"
 fi

 set +e  # cleanup failure is a-ok