Obsolete --crosbug12352_arm_kernel_signing flag

This reverts commit 451f36e4a8635672cc3c6e555806a895def52608.

Last time I removed the --crosbug12352_arm_kernel_signing flag, buildbot
failed. The reason seemed to be that buildbot still passing this flag to
build_image. However, I cannot find anywhere in the log that indicates
buildbot did pass this flag to build_image. So I think the last failure
should be transient and it is good to obsolete this flag.

BUG=chromium-os:12352
TEST=build_image
TEST=load_kernel_test -b 2 /path/to/image /path/to/recovery_key.vbpubk

Change-Id: Ic757eb2dc4304e7205b483063335f8816b536433
Reviewed-on: http://gerrit.chromium.org/gerrit/4794
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>

bin/cros_make_image_bootable

@@ -118,10 +118,6 @@ DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
 DEFINE_boolean fsck_rootfs ${FLAGS_FALSE} \
   "Check integrity of the rootfs on the modified image."
 
-# TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
-  "Sign kernel partition for ARM images (temporary hack)."
-
 # TODO(sosa):  Remove once known images no longer use this in their config.
 DEFINE_string arm_extra_bootargs "" "DEPRECATED FLAG.  Do not use."
 
@@ -136,12 +132,6 @@ FLAGS "${@}" || exit 1
 # so will die prematurely if 'set -e' is specified before now.
 set -e -u
 
-if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
-  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
-else
-  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
-fi
-
 # $1 - Directory where developer rootfs is mounted.
 # $2 - Directory where developer stateful_partition is mounted.
 # $3 - Directory where the ESP partition is mounted.
@@ -208,7 +198,6 @@ make_image_bootable() {
     --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
     --keys_dir="${FLAGS_keys_dir}" \
-    ${crosbug12352_flag} \
     ${use_dev_keys}
 
   local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash})

build_image

@@ -62,10 +62,6 @@ DEFINE_string boot_args "noinitrd" \
 DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
 
-# TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
-  "Sign kernel partition for ARM images (temporary hack)."
-
 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
   "Default all bootloaders to use kernel-based root fs integrity checking."
 DEFINE_integer verity_error_behavior 3 \
@@ -295,11 +291,6 @@ if [ ${FLAGS_jobs} -ne -1 ]; then
   EMERGE_JOBS="--jobs=${FLAGS_jobs}"
 fi
 
-if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
-  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
-else
-  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
-fi
 if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
   enable_rootfs_verification_flag="--enable_rootfs_verification"
 fi
@@ -413,7 +404,6 @@ create_boot_desc() {
   --keys_dir="${DEVKEYSDIR}"
   --usb_disk="${FLAGS_usb_disk}"
   --nocleanup_dirs
-  ${crosbug12352_flag}
   ${enable_rootfs_verification_flag}
 EOF
 }
@@ -839,7 +829,6 @@ mod_image_for_test () {
 
   # Now make it bootable with the flags from build_image
   "${SCRIPTS_DIR}/bin/cros_make_image_bootable" "${image_dir}" "${image_name}" \
-                                              ${crosbug12352_flag} \
                                               --force_developer_mode
 
   print_time_elapsed
@@ -888,26 +877,19 @@ fi
 # Place flags before positional args
 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
                                             "${PRISTINE_IMAGE_NAME}" \
-                                            ${USE_DEV_KEYS} \
-                                            ${crosbug12352_flag}
+                                            ${USE_DEV_KEYS}
 
-# FIXME Test x86 image, and test arm image if enabled;
-# should unconditionally test an image after crosbug12352 is fixed
-if [[ "${ARCH}" = "x86" ]] ||
-   [[ "${ARCH}" = "arm" &&
-      ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
-  BOOT_FLAG=
-  if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
-    BOOT_FLAG="-b 1"  # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h
-    info "--factory_install set, pass BOOT_FLAG_DEVELOPER flag to \
+BOOT_FLAG=
+if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
+  BOOT_FLAG="-b 1"  # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h
+  info "--factory_install set, pass BOOT_FLAG_DEVELOPER flag to \
 load_kernel_test"
-  fi
-
-  # Verify the final image.
-  load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \
-    "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}
 fi
 
+# Verify the final image.
+load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \
+  "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}
+
 # Create a developer image based on the chromium os base image.
 if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] ; then
   if [[ ! -f ${DEVELOPER_IMG} ]] ; then
@@ -918,7 +900,6 @@ if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] ; then
   update_dev_packages ${DEVELOPER_IMAGE_NAME}
   ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
                                               "${DEVELOPER_IMAGE_NAME}" \
-                                              ${crosbug12352_flag} \
                                               --force_developer_mode
 fi
 

build_kernel_image.sh

@@ -69,10 +69,6 @@ DEFINE_integer verity_max_ios -1 \
 DEFINE_string verity_hash_alg "sha1" \
   "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 
-# TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
-  "Sign kernel partition for ARM images (temporary hack)."
-
 # Parse flags
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
@@ -168,8 +164,6 @@ EOF
 
   bootloader_path="/lib64/bootstub/bootstub.efi"
   kernel_image="${FLAGS_vmlinuz}"
-
-  sign_the_kernel=${FLAGS_TRUE}
 elif [[ "${FLAGS_arch}" = "arm" ]]; then
   cat <<EOF | cat - "${FLAGS_working_dir}/boot.config" \
     > "${FLAGS_working_dir}/config.txt"
@@ -184,98 +178,64 @@ EOF
 
   bootloader_path="${FLAGS_working_dir}/bootloader.bin"
   kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}"
-
-  sign_the_kernel=${FLAGS_crosbug12352_arm_kernel_signing}
 else
   error "Unknown arch: ${FLAGS_arch}"
 fi
 
-if [[ "${sign_the_kernel}" -eq "${FLAGS_TRUE}" ]]; then
-  # We sign the image with the recovery_key, because this is what goes onto the
-  # USB key. We can only boot from the USB drive in recovery mode.
-  # For dev install shim, we need to use the installer keyblock instead of
-  # the recovery keyblock because of the difference in flags.
-  if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
-    USB_KEYBLOCK=installer_kernel.keyblock
-    info "DEBUG: use dev install signing key"
-  else
-    USB_KEYBLOCK=recovery_kernel.keyblock
-    info "DEBUG: use recovery signing key"
-  fi
-
-  # Create and sign the kernel blob
-  vbutil_kernel \
-    --pack "${FLAGS_to}" \
-    --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \
-    --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
-    --version 1 \
-    --config "${FLAGS_working_dir}/config.txt" \
-    --bootloader "${bootloader_path}" \
-    --vmlinuz "${kernel_image}" \
-    --arch "${FLAGS_arch}"
-
-  # And verify it.
-  vbutil_kernel \
-    --verify "${FLAGS_to}" \
-    --signpubkey "${FLAGS_keys_dir}/recovery_key.vbpubk"
-
-
-  # Now we re-sign the same image using the normal keys. This is the kernel
-  # image that is put on the hard disk by the installer. Note: To save space on
-  # the USB image, we're only emitting the new verfication block, and the
-  # installer just replaces that part of the hard disk's kernel partition.
-  vbutil_kernel \
-    --repack "${FLAGS_hd_vblock}" \
-    --vblockonly \
-    --keyblock "${FLAGS_keys_dir}/kernel.keyblock" \
-    --signprivate "${FLAGS_keys_dir}/kernel_data_key.vbprivk" \
-    --oldblob "${FLAGS_to}"
-
-
-  # To verify it, we have to replace the vblock from the original image.
-  tempfile=$(mktemp)
-  trap "rm -f $tempfile" EXIT
-  cat "${FLAGS_hd_vblock}" > $tempfile
-  dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile
-
-  vbutil_kernel \
-    --verify $tempfile \
-    --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk"
-
-  rm -f $tempfile
-  trap - EXIT
-
+# We sign the image with the recovery_key, because this is what goes onto the
+# USB key. We can only boot from the USB drive in recovery mode.
+# For dev install shim, we need to use the installer keyblock instead of
+# the recovery keyblock because of the difference in flags.
+if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
+  USB_KEYBLOCK=installer_kernel.keyblock
+  info "DEBUG: use dev install signing key"
 else
-  # FIXME: This stuff is unsigned. This part should be removed or made
-  # non-default after ARM verified boot is stable.
-
-  kernel_size=$((($(stat -c %s "${kernel_image}") + 511) / 512))
-  script_size=16
-
-  # Add more scripts to boot script image for loading kernel image
-  printf 'read ${devtype} ${devnum}:${kernelpart} ${loadaddr} %x %x\n' \
-    ${script_size} ${kernel_size} >> "${kernel_script}"
-  echo 'bootm ${loadaddr}' >> ${kernel_script}
-  mkimage -A arm -O linux -T script -C none -a 0 -e 0 \
-    -n kernel_script -d "${kernel_script}" "${kernel_script_img}"
-
-  if [ $(stat -c %s "${kernel_script_img}") -gt $((512 * ${script_size})) ]
-  then
-    echo 'Kernel script too large for reserved space.'
-    exit 1
-  fi
-
-  # Assemble image
-  rm -f "${FLAGS_to}"
-  dd if="${kernel_script_img}" of="${FLAGS_to}" bs=512 count="${script_size}"
-  dd if="${kernel_image}" of="${FLAGS_to}" bs=512 seek="${script_size}"
-
-  # TODO: HACK: Until the kernel partition contains a signed image, create a
-  # phony hd.vblock to keep chromeos-install and cros_generate_update_payload
-  # working.
-  dd if="${FLAGS_to}" of="${FLAGS_hd_vblock}" bs=64K count=1
+  USB_KEYBLOCK=recovery_kernel.keyblock
+  info "DEBUG: use recovery signing key"
 fi
 
+# Create and sign the kernel blob
+vbutil_kernel \
+  --pack "${FLAGS_to}" \
+  --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \
+  --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
+  --version 1 \
+  --config "${FLAGS_working_dir}/config.txt" \
+  --bootloader "${bootloader_path}" \
+  --vmlinuz "${kernel_image}" \
+  --arch "${FLAGS_arch}"
+
+# And verify it.
+vbutil_kernel \
+  --verify "${FLAGS_to}" \
+  --signpubkey "${FLAGS_keys_dir}/recovery_key.vbpubk"
+
+
+# Now we re-sign the same image using the normal keys. This is the kernel
+# image that is put on the hard disk by the installer. Note: To save space on
+# the USB image, we're only emitting the new verfication block, and the
+# installer just replaces that part of the hard disk's kernel partition.
+vbutil_kernel \
+  --repack "${FLAGS_hd_vblock}" \
+  --vblockonly \
+  --keyblock "${FLAGS_keys_dir}/kernel.keyblock" \
+  --signprivate "${FLAGS_keys_dir}/kernel_data_key.vbprivk" \
+  --oldblob "${FLAGS_to}"
+
+
+# To verify it, we have to replace the vblock from the original image.
+tempfile=$(mktemp)
+trap "rm -f $tempfile" EXIT
+cat "${FLAGS_hd_vblock}" > $tempfile
+dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile
+
+vbutil_kernel \
+  --verify $tempfile \
+  --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk"
+
+rm -f $tempfile
+trap - EXIT
+
 set +e  # cleanup failure is a-ok
 
 if [[ ${FLAGS_keep_work} -eq ${FLAGS_FALSE} ]]; then

mod_image_for_recovery.sh

@@ -51,10 +51,6 @@ DEFINE_boolean verbose $FLAGS_FALSE \
 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \
   "Directory containing the signing keys."
 
-# TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
-  "Sign kernel partition for ARM images (temporary hack)."
-
 # Parse command line
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
@@ -116,12 +112,6 @@ case "${TC_ARCH}" in
     exit 1
 esac
 
-if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
-  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
-else
-  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
-fi
-
 get_install_vblock() {
   # If it exists, we need to copy the vblock over to stateful
   # This is the real vblock and not the recovery vblock.
@@ -232,7 +222,6 @@ create_recovery_kernel_image() {
     --root=${cros_root} \
     --keys_dir="${FLAGS_keys_dir}" \
     --nouse_dev_keys \
-    ${crosbug12352_flag} \
     ${verity_args} 1>&2 || failboat "build_kernel_image"
   sudo rm "$FLAGS_rootfs_hash"
   sudo losetup -d "$root_dev"

mod_image_for_test.sh

@@ -42,9 +42,6 @@ Otherwise the image will be copied to $CHROMEOS_TEST_IMAGE_NAME \
 modified there"
 DEFINE_boolean force_copy $FLAGS_FALSE \
     "Always rebuild test image if --noinplace"
-# TODO(clchiou): Remove this flag after arm verified boot is stable
-DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
-  "Sign kernel partition for ARM images (temporary hack)."
 DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \
   "Install standard backdoor credentials for testing"
 
@@ -96,12 +93,6 @@ case "$TC_ARCH" in
     exit 1
 esac
 
-if [[ ${FLAGS_crosbug12352_arm_kernel_signing} -eq ${FLAGS_TRUE} ]]; then
-  crosbug12352_flag="--crosbug12352_arm_kernel_signing"
-else
-  crosbug12352_flag="--nocrosbug12352_arm_kernel_signing"
-fi
-
 # Make sure anything mounted in the rootfs/stateful is cleaned up ok on exit.
 cleanup_mounts() {
   # Occasionally there are some daemons left hanging around that have our
@@ -263,7 +254,6 @@ cleanup
 # Now make it bootable with the flags from build_image
 "$SCRIPTS_DIR/bin/cros_make_image_bootable" "$(dirname "$FLAGS_image")" \
                                             "$(basename "$FLAGS_image")" \
-                                            ${crosbug12352_flag} \
                                             --force_developer_mode