mirror of
https://github.com/flatcar/scripts.git
synced 2026-01-06 00:52:14 +01:00
561be04e50
Currently the output of build_image signs the kernel partition with the recovery keys on the final image. This script allows us to replace the kernel vblock and resign the kernel with the right set of keys (for example, using the normal boot path kernel keys, or the keys for factory install, etc.) BUG=4623 TEST=Tested by running the script on one of the latest builbot images (801) and resigning with test kernel keys. The resulting image was dd-ed off to an SSD and was succesfully able to boot on one of our dev systems with our custom firmware with both dev mode and recovery mode turned off. To test (can do outside chroot): 1) Download the latest image from the buildbot (I used build 801) 2) Run script with the following arguments and paths adjusted below resign_image --from /path/to/chromiumos_image.bin \ --datakey /path/to/vboot_reference/tests/devkeys/kernel_data_key.vbprivk \ --keyblock /path/to/vboot_reference/tests/devkeys/kernel.keyblock \ --vsubkey /path/to/vboot_reference/tests/devkeys/kernel_subkey.vbpubk \ --vbutil_dir /path/to/vbutil/binaries --to image.out This re-signs the image with the normal test keys (instead of recovery as done by build_image) 3) Copy the image to an SSD drive dd if=image.out of=/dev/ssd [replace with the correct device] 4) Boot with the latest custom firmware in normal mode (recovery and dev mode turned off). 5) Profit! Review URL: http://codereview.chromium.org/2938004