mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-29 06:21:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Issue 5183: Create a developer shim for release builds

Browse Source 
Change-Id: I14cd9dc365093c0450210d7853ad5f67ffa0ddd0

BUG=chromium-os:5183
TEST=1) manually built a dev install shim and verified it's only bootable when dev switch is ON

Review URL: http://codereview.chromium.org/3153001
This commit is contained in:
Tan Gao 2010-08-17 09:41:48 -07:00
parent e122814469
commit 843b70acf4
3 changed files with 79 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
bin/cros_make_image_bootable
View File

@ -19,10 +19,6 @@ fi
set -e set -e
. "$(dirname "$0")/../chromeos-common.sh" # for partoffset and partsize . "$(dirname "$0")/../chromeos-common.sh" # for partoffset and partsize
if [ ${#} -ne 2 ]; then
die "Usage: $0 /path/to/image/dir image_name"
fi
BOOT_DESC_FILE="${1}/boot.desc" BOOT_DESC_FILE="${1}/boot.desc"
IMAGE="${1}/${2}" IMAGE="${1}/${2}"
@ -93,10 +89,16 @@ DEFINE_string statefulfs_mountpoint "/tmp/statefulfs" \
DEFINE_string espfs_mountpoint "/tmp/espfs" \ DEFINE_string espfs_mountpoint "/tmp/espfs" \
"Path where the espfs can be safely mounted" "Path where the espfs can be safely mounted"
DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
"Use developer keys for signing. (Default: false)"
# Parse command-line flags present after positional args, if any. This needs
# to happen before we parse boot.desc (otherwise the flags would be lost)
FLAGS "${@}" || exit 1
# Parse the boot.desc # Parse the boot.desc
eval set -- "${BOOT_DESC}" eval set -- "${BOOT_DESC}"
FLAGS "${@}" || exit 1 FLAGS "${@}" || exit 1
eval set -- "${FLAGS_ARGV}"
# Only now can we die on error. shflags functions leak non-zero error codes, # Only now can we die on error. shflags functions leak non-zero error codes,
# so will die prematurely if 'set -e' is specified before now. # so will die prematurely if 'set -e' is specified before now.
@ -115,6 +117,7 @@ mount_gpt_cleanup() {
make_image_bootable() { make_image_bootable() {
local image="$1" local image="$1"
local use_dev_keys=
cros_root=/dev/sd%D%P cros_root=/dev/sd%D%P
if [[ "${FLAGS_arch}" = "arm" ]]; then if [[ "${FLAGS_arch}" = "arm" ]]; then
@ -136,6 +139,10 @@ make_image_bootable() {
root_dev=$(mount | grep -- "on ${FLAGS_rootfs_mountpoint} type" | root_dev=$(mount | grep -- "on ${FLAGS_rootfs_mountpoint} type" |
cut -f1 -d' ' | tail -1) cut -f1 -d' ' | tail -1)
if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
use_dev_keys="--use_dev_keys"
fi
# Builds the kernel partition image. The temporary files are kept around # Builds the kernel partition image. The temporary files are kept around
# so that we can perform a load_kernel_test later on the final image. # so that we can perform a load_kernel_test later on the final image.
${SCRIPTS_DIR}/build_kernel_image.sh \ ${SCRIPTS_DIR}/build_kernel_image.sh \
@ -152,7 +159,8 @@ make_image_bootable() {
--verity_max_ios=${FLAGS_verity_max_ios} \ --verity_max_ios=${FLAGS_verity_max_ios} \
--verity_error_behavior=${FLAGS_verity_error_behavior} \ --verity_error_behavior=${FLAGS_verity_error_behavior} \
--root=${cros_root} \ --root=${cros_root} \
--keys_dir="${FLAGS_keys_dir}" --keys_dir="${FLAGS_keys_dir}" \
${use_dev_keys}
local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash})
info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs" info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs"

62
build_image
View File

@ -45,6 +45,8 @@ DEFINE_string to "" \
DEFINE_boolean factory_install ${FLAGS_FALSE} \ DEFINE_boolean factory_install ${FLAGS_FALSE} \
"Build a smaller image to overlay the factory install shim on; this argument \ "Build a smaller image to overlay the factory install shim on; this argument \
is also required in image_to_usb." is also required in image_to_usb."
DEFINE_boolean dev_install ${FLAGS_FALSE} \
"Build a smaller image to overlay the dev recovery install shim on"
DEFINE_string arm_extra_bootargs "" \ DEFINE_string arm_extra_bootargs "" \
"Additional command line options to pass to the ARM kernel." "Additional command line options to pass to the ARM kernel."
DEFINE_integer rootfs_partition_size 1024 \ DEFINE_integer rootfs_partition_size 1024 \
@ -100,6 +102,24 @@ bigger than partition (${FLAGS_rootfs_partition_size} MB)."
exit 1 exit 1
fi fi
# Verify user didn't specify incompatible flags for dev install shim
if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] &&
[ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
error "Incompatible flags: --factory_install and --dev_install cannot be \
both set to True. Please specify one or none."
exit 1
fi
# Disable --withdev flag when --dev_install is set to True. Otherwise, the
# dev image produced will be based on dev install shim, rather than a pristine
# image
if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] &&
[ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
info "Incompatible flags: --withdev and --dev_install cannot be both set to \
True. Reset --withdev to False."
FLAGS_withdev=${FLAGS_FALSE}
fi
EMERGE_BOARD_CMD="emerge-${FLAGS_board}" EMERGE_BOARD_CMD="emerge-${FLAGS_board}"
if [ "${FLAGS_fast}" -eq "${FLAGS_TRUE}" ]; then if [ "${FLAGS_fast}" -eq "${FLAGS_TRUE}" ]; then
echo "Using alternate emerge" echo "Using alternate emerge"
@ -125,6 +145,11 @@ if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]; then
DEVELOPER_IMAGE_NAME=chromiumos_image.bin DEVELOPER_IMAGE_NAME=chromiumos_image.bin
fi fi
# Rename pristine image for dev install shim
if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ]; then
PRISTINE_IMAGE_NAME=dev_install_shim.bin
fi
PRISTINE_IMG="${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" PRISTINE_IMG="${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}"
DEVELOPER_IMG="${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}" DEVELOPER_IMG="${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}"
@ -167,7 +192,8 @@ fi
# Reduce the size of factory install shim. # Reduce the size of factory install shim.
# TODO: Build a separated ebuild for the factory install shim to reduce size. # TODO: Build a separated ebuild for the factory install shim to reduce size.
if [[ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]] ; then if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] ||
[ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
INSTALL_MASK="${INSTALL_MASK} ${FACTORY_INSTALL_MASK}" INSTALL_MASK="${INSTALL_MASK} ${FACTORY_INSTALL_MASK}"
fi fi
@ -368,9 +394,10 @@ update_dev_packages() {
fi fi
# Check that the image has been correctly created. Only do it if not # Check that the image has been correctly created. Only do it if not
# building a factory install image, as the INSTALL_MASK for it will # building a factory install image and not a dev install shim, as the
# make test_image fail. # INSTALL_MASK for it will make test_image fail.
if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then if [ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ] &&
[ ${FLAGS_dev_install} -eq ${FLAGS_FALSE} ] ; then
"${SCRIPTS_DIR}/test_image" \ "${SCRIPTS_DIR}/test_image" \
--root="${ROOT_FS_DIR}" \ --root="${ROOT_FS_DIR}" \
--target="${ARCH}" --target="${ARCH}"
@ -428,7 +455,9 @@ create_base_image() {
# Create root file system disk image to fit on a 1GB memory stick. # Create root file system disk image to fit on a 1GB memory stick.
# 1 GB in hard-drive-manufacturer-speak is 10^9, not 2^30. 950MB < 10^9 bytes. # 1 GB in hard-drive-manufacturer-speak is 10^9, not 2^30. 950MB < 10^9 bytes.
if [[ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]] ; then # Minimize rootfs size for dev install shim and factory installer
if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] ||
[ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
ROOT_SIZE_BYTES=$((1024 * 1024 * 300)) ROOT_SIZE_BYTES=$((1024 * 1024 * 300))
else else
ROOT_SIZE_BYTES=$((1024 * 1024 * ${FLAGS_rootfs_size})) ROOT_SIZE_BYTES=$((1024 * 1024 * ${FLAGS_rootfs_size}))
@ -565,8 +594,9 @@ create_base_image() {
--install \ --install \
${enable_rootfs_verification} ${enable_rootfs_verification}
# Don't test the factory install shim. # Don't test the factory install shim or the dev install shim
if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then if [ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ] &&
[ ${FLAGS_dev_install} -eq ${FLAGS_FALSE} ]; then
# Check that the image has been correctly created. # Check that the image has been correctly created.
"${SCRIPTS_DIR}/test_image" \ "${SCRIPTS_DIR}/test_image" \
--root="${ROOT_FS_DIR}" \ --root="${ROOT_FS_DIR}" \
@ -635,14 +665,28 @@ if [[ -f ${PRISTINE_IMG} ]] ; then
else else
create_base_image ${PRISTINE_IMAGE_NAME} create_base_image ${PRISTINE_IMAGE_NAME}
fi fi
USE_DEV_KEYS=
if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ]; then
USE_DEV_KEYS="--use_dev_keys"
fi
# Place flags before positional args
${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \ ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
"${PRISTINE_IMAGE_NAME}" "${PRISTINE_IMAGE_NAME}" \
${USE_DEV_KEYS}
# FIXME: only signing things for x86 right now. # FIXME: only signing things for x86 right now.
if [[ "${ARCH}" = "x86" ]]; then if [[ "${ARCH}" = "x86" ]]; then
BOOT_FLAG=
if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] ; then
BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h
info "--dev_install set, pass BOOT_FLAG_DEVELOPER flag to load_kernel_test"
fi
# Verify the final image. # Verify the final image.
load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \ load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \
"${DEVKEYSDIR}/recovery_key.vbpubk" "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}
fi fi
# Create a developer image based on the chromium os base image. # Create a developer image based on the chromium os base image.

13
build_kernel_image.sh
View File

@ -25,6 +25,8 @@ DEFINE_boolean keep_work ${FLAGS_FALSE} \
"Keep temporary files (*.keyblock, *.vbpubk). (Default: false)" "Keep temporary files (*.keyblock, *.vbpubk). (Default: false)"
DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \ DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \
"Directory with the RSA signing keys. (Defaults to test keys)" "Directory with the RSA signing keys. (Defaults to test keys)"
DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
"Use developer keys for signing. (Default: false)"
# Note, to enable verified boot, the caller would manually pass: # Note, to enable verified boot, the caller would manually pass:
# --boot_args='dm="... /dev/sd%D%P /dev/sd%D%P ..." \ # --boot_args='dm="... /dev/sd%D%P /dev/sd%D%P ..." \
# --root=/dev/dm-0 # --root=/dev/dm-0
@ -134,11 +136,20 @@ EOF
# We sign the image with the recovery_key, because this is what goes onto the # We sign the image with the recovery_key, because this is what goes onto the
# USB key. We can only boot from the USB drive in recovery mode. # USB key. We can only boot from the USB drive in recovery mode.
# For dev install shim, we need to use the installer keyblock instead of
# the recovery keyblock because of the difference in flags.
if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
USB_KEYBLOCK=installer_kernel.keyblock
info "DEBUG: use dev install signing key"
else
USB_KEYBLOCK=recovery_kernel.keyblock
info "DEBUG: use recovery signing key"
fi
# Create and sign the kernel blob # Create and sign the kernel blob
vbutil_kernel \ vbutil_kernel \
--pack "${FLAGS_to}" \ --pack "${FLAGS_to}" \
--keyblock "${FLAGS_keys_dir}/recovery_kernel.keyblock" \ --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \
--signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \ --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
--version 1 \ --version 1 \
--config "${FLAGS_working_dir}/config.txt" \ --config "${FLAGS_working_dir}/config.txt" \