From 9c5d88573f1c92a089c89dd60838c26ae15e6422 Mon Sep 17 00:00:00 2001
From: Che-Liang Chiou <clchiou@chromium.org>
Date: Mon, 9 May 2011 10:13:25 +0800
Subject: [PATCH] ARM: enable kernel signing by default

This commit is a part of transition to enable ARM kernel signing. It is
at first an option that is enabled manually, and then (in this commit)
enabled by default. After more tests, the scripts that generate unsigned
ARM kernel partition will probably be removed.

BUG=chromium-os:12352
TEST=./build_image && load_kernel_test -b 2 /path/to/chromiumos_image.bin /usr/share/vboot/devkeys/recovery_key.vbpubk

Change-Id: I6d48d1603cd7c96514892bcbbf8994b2d4cc2a08
Reviewed-on: http://gerrit.chromium.org/gerrit/512
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
---
 bin/cros_make_image_bootable | 2 +-
 build_image                  | 2 +-
 build_kernel_image.sh        | 2 +-
 mod_image_for_recovery.sh    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable
index d4eb9c81db..ef58dba8c8 100755
--- a/bin/cros_make_image_bootable
+++ b/bin/cros_make_image_bootable
@@ -116,7 +116,7 @@ DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
   "Use developer keys for signing. (Default: false)"
 
 # TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
   "Sign kernel partition for ARM images (temporary hack)."
 
 # TODO(sosa):  Remove once known images no longer use this in their config.
diff --git a/build_image b/build_image
index cb2f173f10..973407ef93 100755
--- a/build_image
+++ b/build_image
@@ -91,7 +91,7 @@ DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
 
 # TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
   "Sign kernel partition for ARM images (temporary hack)."
 
 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index 736d72a8b6..691906dce8 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -70,7 +70,7 @@ DEFINE_string verity_hash_alg "sha1" \
   "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 
 # TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
   "Sign kernel partition for ARM images (temporary hack)."
 
 # Parse flags
diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh
index 1f05010dd5..d3f5d35be2 100755
--- a/mod_image_for_recovery.sh
+++ b/mod_image_for_recovery.sh
@@ -82,7 +82,7 @@ DEFINE_string keys_dir "/usr/share/vboot/devkeys" \
   "Directory containing the signing keys."
 
 # TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \
+DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
   "Sign kernel partition for ARM images (temporary hack)."
 
 # Parse command line