Add support to sign bootable images with vboot_signer

Add vboot properties to the dictionary file, which will be packed into the target_files zip. Add support in packaging and OTA scripts to sign the generated bootable images (boot.img and recovery.img) when vboot is enabled. Change-Id: I08758ced03d173219415bca762bbdb66c464a9f5 (cherry picked from commit 5d5a3bd9e8d8b14b71d1b2105417a2958d13d3d2)
2015-03-29 23:07:41 -07:00
parent 3cc6a0f22f
commit d95e9fd267
2 changed files with 29 additions and 3 deletions
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -346,8 +346,14 @@ def BuildBootableImage(sourcedir, fs_config_file, info_dict=None):
  if args and args.strip():
    cmd.extend(shlex.split(args))

-  cmd.extend(["--ramdisk", ramdisk_img.name,
-              "--output", img.name])
+  img_unsigned = None
+  if info_dict.get("vboot", None):
+    img_unsigned = tempfile.NamedTemporaryFile()
+    cmd.extend(["--ramdisk", ramdisk_img.name,
+                "--output", img_unsigned.name])
+  else:
+    cmd.extend(["--ramdisk", ramdisk_img.name,
+                "--output", img.name])

  p = Run(cmd, stdout=subprocess.PIPE)
  p.communicate()
@@ -362,6 +368,18 @@ def BuildBootableImage(sourcedir, fs_config_file, info_dict=None):
    p.communicate()
    assert p.returncode == 0, "boot_signer of %s image failed" % path

+  # Sign the image if vboot is non-empty.
+  elif info_dict.get("vboot", None):
+    path = "/" + os.path.basename(sourcedir).lower()
+    img_keyblock = tempfile.NamedTemporaryFile()
+    cmd = [info_dict["vboot_signer_cmd"], info_dict["futility"],
+           img_unsigned.name, info_dict["vboot_key"] + ".vbpubk",
+           info_dict["vboot_key"] + ".vbprivk", img_keyblock.name,
+           img.name]
+    p = Run(cmd, stdout=subprocess.PIPE)
+    p.communicate()
+    assert p.returncode == 0, "vboot_signer of %s image failed" % path
+
  img.seek(os.SEEK_SET, 0)
  data = img.read()