From e51bdf284c4c75ad0b0135add1e6aaf9e8191eb9 Mon Sep 17 00:00:00 2001 From: Che-Liang Chiou Date: Tue, 26 Jul 2011 21:19:24 +0800 Subject: [PATCH] Obsolete --crosbug12352_arm_kernel_signing flag This reverts commit 451f36e4a8635672cc3c6e555806a895def52608. Last time I removed the --crosbug12352_arm_kernel_signing flag, buildbot failed. The reason seemed to be that buildbot still passing this flag to build_image. However, I cannot find anywhere in the log that indicates buildbot did pass this flag to build_image. So I think the last failure should be transient and it is good to obsolete this flag. BUG=chromium-os:12352 TEST=build_image TEST=load_kernel_test -b 2 /path/to/image /path/to/recovery_key.vbpubk Change-Id: Ic757eb2dc4304e7205b483063335f8816b536433 Reviewed-on: http://gerrit.chromium.org/gerrit/4794 Reviewed-by: Che-Liang Chiou Tested-by: Che-Liang Chiou --- bin/cros_make_image_bootable | 11 --- build_image | 37 +++------ build_kernel_image.sh | 142 +++++++++++++---------------------- mod_image_for_recovery.sh | 11 --- mod_image_for_test.sh | 10 --- 5 files changed, 60 insertions(+), 151 deletions(-) diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable index 185be73c9b..a39d1c15bd 100755 --- a/bin/cros_make_image_bootable +++ b/bin/cros_make_image_bootable @@ -118,10 +118,6 @@ DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \ DEFINE_boolean fsck_rootfs ${FLAGS_FALSE} \ "Check integrity of the rootfs on the modified image." -# TODO(clchiou): Remove this flag after arm verified boot is stable -DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ - "Sign kernel partition for ARM images (temporary hack)." - # TODO(sosa): Remove once known images no longer use this in their config. DEFINE_string arm_extra_bootargs "" "DEPRECATED FLAG. Do not use." @@ -136,12 +132,6 @@ FLAGS "${@}" || exit 1 # so will die prematurely if 'set -e' is specified before now. set -e -u -if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then - crosbug12352_flag="--crosbug12352_arm_kernel_signing" -else - crosbug12352_flag="--nocrosbug12352_arm_kernel_signing" -fi - # $1 - Directory where developer rootfs is mounted. # $2 - Directory where developer stateful_partition is mounted. # $3 - Directory where the ESP partition is mounted. @@ -208,7 +198,6 @@ make_image_bootable() { --verity_error_behavior=${FLAGS_verity_error_behavior} \ --root=${cros_root} \ --keys_dir="${FLAGS_keys_dir}" \ - ${crosbug12352_flag} \ ${use_dev_keys} local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) diff --git a/build_image b/build_image index bf2ddbece4..595714c39b 100755 --- a/build_image +++ b/build_image @@ -62,10 +62,6 @@ DEFINE_string boot_args "noinitrd" \ DEFINE_string usb_disk /dev/sdb3 \ "Path syslinux should use to do a usb boot. Default: /dev/sdb3" -# TODO(clchiou): Remove this flag after arm verified boot is stable -DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ - "Sign kernel partition for ARM images (temporary hack)." - DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ "Default all bootloaders to use kernel-based root fs integrity checking." DEFINE_integer verity_error_behavior 3 \ @@ -295,11 +291,6 @@ if [ ${FLAGS_jobs} -ne -1 ]; then EMERGE_JOBS="--jobs=${FLAGS_jobs}" fi -if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then - crosbug12352_flag="--crosbug12352_arm_kernel_signing" -else - crosbug12352_flag="--nocrosbug12352_arm_kernel_signing" -fi if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then enable_rootfs_verification_flag="--enable_rootfs_verification" fi @@ -413,7 +404,6 @@ create_boot_desc() { --keys_dir="${DEVKEYSDIR}" --usb_disk="${FLAGS_usb_disk}" --nocleanup_dirs - ${crosbug12352_flag} ${enable_rootfs_verification_flag} EOF } @@ -839,7 +829,6 @@ mod_image_for_test () { # Now make it bootable with the flags from build_image "${SCRIPTS_DIR}/bin/cros_make_image_bootable" "${image_dir}" "${image_name}" \ - ${crosbug12352_flag} \ --force_developer_mode print_time_elapsed @@ -888,26 +877,19 @@ fi # Place flags before positional args ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \ "${PRISTINE_IMAGE_NAME}" \ - ${USE_DEV_KEYS} \ - ${crosbug12352_flag} + ${USE_DEV_KEYS} -# FIXME Test x86 image, and test arm image if enabled; -# should unconditionally test an image after crosbug12352 is fixed -if [[ "${ARCH}" = "x86" ]] || - [[ "${ARCH}" = "arm" && - ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then - BOOT_FLAG= - if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then - BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h - info "--factory_install set, pass BOOT_FLAG_DEVELOPER flag to \ +BOOT_FLAG= +if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then + BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h + info "--factory_install set, pass BOOT_FLAG_DEVELOPER flag to \ load_kernel_test" - fi - - # Verify the final image. - load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \ - "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG} fi +# Verify the final image. +load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \ + "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG} + # Create a developer image based on the chromium os base image. if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] ; then if [[ ! -f ${DEVELOPER_IMG} ]] ; then @@ -918,7 +900,6 @@ if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] ; then update_dev_packages ${DEVELOPER_IMAGE_NAME} ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \ "${DEVELOPER_IMAGE_NAME}" \ - ${crosbug12352_flag} \ --force_developer_mode fi diff --git a/build_kernel_image.sh b/build_kernel_image.sh index c1402242de..c50521ea75 100755 --- a/build_kernel_image.sh +++ b/build_kernel_image.sh @@ -69,10 +69,6 @@ DEFINE_integer verity_max_ios -1 \ DEFINE_string verity_hash_alg "sha1" \ "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" -# TODO(clchiou): Remove this flag after arm verified boot is stable -DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ - "Sign kernel partition for ARM images (temporary hack)." - # Parse flags FLAGS "$@" || exit 1 eval set -- "${FLAGS_ARGV}" @@ -168,8 +164,6 @@ EOF bootloader_path="/lib64/bootstub/bootstub.efi" kernel_image="${FLAGS_vmlinuz}" - - sign_the_kernel=${FLAGS_TRUE} elif [[ "${FLAGS_arch}" = "arm" ]]; then cat < "${FLAGS_working_dir}/config.txt" @@ -184,98 +178,64 @@ EOF bootloader_path="${FLAGS_working_dir}/bootloader.bin" kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}" - - sign_the_kernel=${FLAGS_crosbug12352_arm_kernel_signing} else error "Unknown arch: ${FLAGS_arch}" fi -if [[ "${sign_the_kernel}" -eq "${FLAGS_TRUE}" ]]; then - # We sign the image with the recovery_key, because this is what goes onto the - # USB key. We can only boot from the USB drive in recovery mode. - # For dev install shim, we need to use the installer keyblock instead of - # the recovery keyblock because of the difference in flags. - if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then - USB_KEYBLOCK=installer_kernel.keyblock - info "DEBUG: use dev install signing key" - else - USB_KEYBLOCK=recovery_kernel.keyblock - info "DEBUG: use recovery signing key" - fi - - # Create and sign the kernel blob - vbutil_kernel \ - --pack "${FLAGS_to}" \ - --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \ - --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \ - --version 1 \ - --config "${FLAGS_working_dir}/config.txt" \ - --bootloader "${bootloader_path}" \ - --vmlinuz "${kernel_image}" \ - --arch "${FLAGS_arch}" - - # And verify it. - vbutil_kernel \ - --verify "${FLAGS_to}" \ - --signpubkey "${FLAGS_keys_dir}/recovery_key.vbpubk" - - - # Now we re-sign the same image using the normal keys. This is the kernel - # image that is put on the hard disk by the installer. Note: To save space on - # the USB image, we're only emitting the new verfication block, and the - # installer just replaces that part of the hard disk's kernel partition. - vbutil_kernel \ - --repack "${FLAGS_hd_vblock}" \ - --vblockonly \ - --keyblock "${FLAGS_keys_dir}/kernel.keyblock" \ - --signprivate "${FLAGS_keys_dir}/kernel_data_key.vbprivk" \ - --oldblob "${FLAGS_to}" - - - # To verify it, we have to replace the vblock from the original image. - tempfile=$(mktemp) - trap "rm -f $tempfile" EXIT - cat "${FLAGS_hd_vblock}" > $tempfile - dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile - - vbutil_kernel \ - --verify $tempfile \ - --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk" - - rm -f $tempfile - trap - EXIT - +# We sign the image with the recovery_key, because this is what goes onto the +# USB key. We can only boot from the USB drive in recovery mode. +# For dev install shim, we need to use the installer keyblock instead of +# the recovery keyblock because of the difference in flags. +if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then + USB_KEYBLOCK=installer_kernel.keyblock + info "DEBUG: use dev install signing key" else - # FIXME: This stuff is unsigned. This part should be removed or made - # non-default after ARM verified boot is stable. - - kernel_size=$((($(stat -c %s "${kernel_image}") + 511) / 512)) - script_size=16 - - # Add more scripts to boot script image for loading kernel image - printf 'read ${devtype} ${devnum}:${kernelpart} ${loadaddr} %x %x\n' \ - ${script_size} ${kernel_size} >> "${kernel_script}" - echo 'bootm ${loadaddr}' >> ${kernel_script} - mkimage -A arm -O linux -T script -C none -a 0 -e 0 \ - -n kernel_script -d "${kernel_script}" "${kernel_script_img}" - - if [ $(stat -c %s "${kernel_script_img}") -gt $((512 * ${script_size})) ] - then - echo 'Kernel script too large for reserved space.' - exit 1 - fi - - # Assemble image - rm -f "${FLAGS_to}" - dd if="${kernel_script_img}" of="${FLAGS_to}" bs=512 count="${script_size}" - dd if="${kernel_image}" of="${FLAGS_to}" bs=512 seek="${script_size}" - - # TODO: HACK: Until the kernel partition contains a signed image, create a - # phony hd.vblock to keep chromeos-install and cros_generate_update_payload - # working. - dd if="${FLAGS_to}" of="${FLAGS_hd_vblock}" bs=64K count=1 + USB_KEYBLOCK=recovery_kernel.keyblock + info "DEBUG: use recovery signing key" fi +# Create and sign the kernel blob +vbutil_kernel \ + --pack "${FLAGS_to}" \ + --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \ + --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \ + --version 1 \ + --config "${FLAGS_working_dir}/config.txt" \ + --bootloader "${bootloader_path}" \ + --vmlinuz "${kernel_image}" \ + --arch "${FLAGS_arch}" + +# And verify it. +vbutil_kernel \ + --verify "${FLAGS_to}" \ + --signpubkey "${FLAGS_keys_dir}/recovery_key.vbpubk" + + +# Now we re-sign the same image using the normal keys. This is the kernel +# image that is put on the hard disk by the installer. Note: To save space on +# the USB image, we're only emitting the new verfication block, and the +# installer just replaces that part of the hard disk's kernel partition. +vbutil_kernel \ + --repack "${FLAGS_hd_vblock}" \ + --vblockonly \ + --keyblock "${FLAGS_keys_dir}/kernel.keyblock" \ + --signprivate "${FLAGS_keys_dir}/kernel_data_key.vbprivk" \ + --oldblob "${FLAGS_to}" + + +# To verify it, we have to replace the vblock from the original image. +tempfile=$(mktemp) +trap "rm -f $tempfile" EXIT +cat "${FLAGS_hd_vblock}" > $tempfile +dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile + +vbutil_kernel \ + --verify $tempfile \ + --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk" + +rm -f $tempfile +trap - EXIT + set +e # cleanup failure is a-ok if [[ ${FLAGS_keep_work} -eq ${FLAGS_FALSE} ]]; then diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh index 485fa11b38..9d8c0e774c 100755 --- a/mod_image_for_recovery.sh +++ b/mod_image_for_recovery.sh @@ -51,10 +51,6 @@ DEFINE_boolean verbose $FLAGS_FALSE \ DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ "Directory containing the signing keys." -# TODO(clchiou): Remove this flag after arm verified boot is stable -DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ - "Sign kernel partition for ARM images (temporary hack)." - # Parse command line FLAGS "$@" || exit 1 eval set -- "${FLAGS_ARGV}" @@ -116,12 +112,6 @@ case "${TC_ARCH}" in exit 1 esac -if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then - crosbug12352_flag="--crosbug12352_arm_kernel_signing" -else - crosbug12352_flag="--nocrosbug12352_arm_kernel_signing" -fi - get_install_vblock() { # If it exists, we need to copy the vblock over to stateful # This is the real vblock and not the recovery vblock. @@ -232,7 +222,6 @@ create_recovery_kernel_image() { --root=${cros_root} \ --keys_dir="${FLAGS_keys_dir}" \ --nouse_dev_keys \ - ${crosbug12352_flag} \ ${verity_args} 1>&2 || failboat "build_kernel_image" sudo rm "$FLAGS_rootfs_hash" sudo losetup -d "$root_dev" diff --git a/mod_image_for_test.sh b/mod_image_for_test.sh index 48793c6f59..fecf7136e9 100755 --- a/mod_image_for_test.sh +++ b/mod_image_for_test.sh @@ -42,9 +42,6 @@ Otherwise the image will be copied to $CHROMEOS_TEST_IMAGE_NAME \ modified there" DEFINE_boolean force_copy $FLAGS_FALSE \ "Always rebuild test image if --noinplace" -# TODO(clchiou): Remove this flag after arm verified boot is stable -DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ - "Sign kernel partition for ARM images (temporary hack)." DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \ "Install standard backdoor credentials for testing" @@ -96,12 +93,6 @@ case "$TC_ARCH" in exit 1 esac -if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then - crosbug12352_flag="--crosbug12352_arm_kernel_signing" -else - crosbug12352_flag="--nocrosbug12352_arm_kernel_signing" -fi - # Make sure anything mounted in the rootfs/stateful is cleaned up ok on exit. cleanup_mounts() { # Occasionally there are some daemons left hanging around that have our @@ -263,7 +254,6 @@ cleanup # Now make it bootable with the flags from build_image "$SCRIPTS_DIR/bin/cros_make_image_bootable" "$(dirname "$FLAGS_image")" \ "$(basename "$FLAGS_image")" \ - ${crosbug12352_flag} \ --force_developer_mode