3 files changed, 51 insertions, 27 deletions

diff --git a/modules/signing/preimage.10.extract.sh b/modules/signing/preimage.10.extract.sh
index 489f8b4..5a7a471 100644
--- a/modules/signing/preimage.10.extract.sh
+++ b/modules/signing/preimage.10.extract.sh
@@ -14,20 +14,31 @@ mkdir -p $tgt
 
 found=0
 echo "Extracting content for signing..."
+if [ -e "$fsmount/boot/bootfw.zip" ]; then
+	cp $fsmount/boot/bootfw.zip $tgt
+	found=1
+fi
 
-copy_out_file() {
-	local name=$1
-	local path="$fsmount"/boot/${1}.zip
-	[ -f "$path"] || return
-	cp $path $tgt
+if [ -e "$fsmount/boot/vmlinuz" ]; then
+	cp $fsmount/boot/vmlinuz $tgt/data.img
+	zip -j -n .img $tgt/runos.zip $tgt/data.img
+	rm -f $tgt/data.img
 	found=1
-}
+fi
+
+if [ -e "$fsmount/boot/initrd.img" ]; then
+	cp $fsmount/boot/initrd.img $tgt/data.img
+	zip -j -n .img $tgt/runrd.zip $tgt/data.img
+	rm -f $tgt/data.img
+	found=1
+elif [ -e "$fsmount/boot/olpcrd.img" ]; then
+	cp $fsmount/boot/olpcrd.img $tgt/data.img
+	zip -j -n .img $tgt/runrd.zip $tgt/data.img
+	rm -f $tgt/data.img
+	found=1
+fi
 
-copy_out bootfw
-copy_out runos
-copy_out runrd
-copy_out actos
-copy_out actrd
 [ "$found" == "1" ] || exit 0
 
 zip -j $outzip $tgt/*
+
diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh
index 6756eb6..19ddc3b 100644
--- a/modules/signing/preimage.40.sign-os.sh
+++ b/modules/signing/preimage.40.sign-os.sh
@@ -8,23 +8,29 @@ okey=$(read_config signing okey)
 bios_crypto=$(read_config signing bios_crypto_path)
 [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0
 
-sign_os() {
-	local path="$fsmount"/boot/$1.zip
-	[ -f "$path" ] || return
-
+if [ -e "$fsmount/boot/vmlinuz" ]; then
+	echo "Signing kernel..."
 	pushd $bios_crypto/build
-	unzip "$path"
-	mv data.img tmp.img
+	./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip
+	popd
+	[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip
+fi
 
-	rm -f $path
-	./sign-os.sh $okey tmp.img $path
+if [ -e "$fsmount/boot/initrd.img" ]; then
+	echo "Signing initramfs..."
+	pushd $bios_crypto/build
+	./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip
+	popd
+fi
 
-	rm -f tmp.img
+if [ -e "$fsmount/boot/actrd.img" ]; then
+	echo "Signing activation initramfs..."
+	pushd $bios_crypto/build
+	$bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip
 	popd
-}
+fi
+
+# If no separate activation initramfs was provided, assume that the regular
+# initramfs also handles activation.
+[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip
 
-echo "Signing initramfs/kernel..."
-sign_os runos
-sign_os actos
-sign_os runrd
-sign_os actrd
diff --git a/modules/signing/preimage.50.addsignedcontent.sh b/modules/signing/preimage.50.addsignedcontent.sh
index 3ad5f19..c110329 100644
--- a/modules/signing/preimage.50.addsignedcontent.sh
+++ b/modules/signing/preimage.50.addsignedcontent.sh
@@ -12,7 +12,14 @@ rm -rf $signdir
 mkdir -p $signdir
 unzip $content -d $signdir
 for sfile in bootfw.zip runos.zip runrd.zip actos.zip actrd.zip; do
-	[ -e $signdir/$sfile ] && cp --remove-destination $signdir/$sfile $fsmount/boot/$sfile
+	[ -e $signdir/$sfile ] && cp $signdir/$sfile $fsmount/boot/$sfile
 done
 
 rm -rf $signdir
+
+# symlink actXX to runXX (or the other way) if any of them are missing
+[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip
+[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip
+[ -e $fsmount/boot/runos.zip ] || ln -s actos.zip $fsmount/boot/runos.zip
+[ -e $fsmount/boot/runrd.zip ] || ln -s actrd.zip $fsmount/boot/runrd.zip
+