diff options
Diffstat (limited to 'modules/signing')
-rw-r--r-- | modules/signing/preimage.10.extract.sh | 33 | ||||
-rw-r--r-- | modules/signing/preimage.40.sign-os.sh | 36 | ||||
-rw-r--r-- | modules/signing/preimage.50.addsignedcontent.sh | 9 |
3 files changed, 51 insertions, 27 deletions
diff --git a/modules/signing/preimage.10.extract.sh b/modules/signing/preimage.10.extract.sh index 489f8b4..5a7a471 100644 --- a/modules/signing/preimage.10.extract.sh +++ b/modules/signing/preimage.10.extract.sh @@ -14,20 +14,31 @@ mkdir -p $tgt found=0 echo "Extracting content for signing..." +if [ -e "$fsmount/boot/bootfw.zip" ]; then + cp $fsmount/boot/bootfw.zip $tgt + found=1 +fi -copy_out_file() { - local name=$1 - local path="$fsmount"/boot/${1}.zip - [ -f "$path"] || return - cp $path $tgt +if [ -e "$fsmount/boot/vmlinuz" ]; then + cp $fsmount/boot/vmlinuz $tgt/data.img + zip -j -n .img $tgt/runos.zip $tgt/data.img + rm -f $tgt/data.img found=1 -} +fi + +if [ -e "$fsmount/boot/initrd.img" ]; then + cp $fsmount/boot/initrd.img $tgt/data.img + zip -j -n .img $tgt/runrd.zip $tgt/data.img + rm -f $tgt/data.img + found=1 +elif [ -e "$fsmount/boot/olpcrd.img" ]; then + cp $fsmount/boot/olpcrd.img $tgt/data.img + zip -j -n .img $tgt/runrd.zip $tgt/data.img + rm -f $tgt/data.img + found=1 +fi -copy_out bootfw -copy_out runos -copy_out runrd -copy_out actos -copy_out actrd [ "$found" == "1" ] || exit 0 zip -j $outzip $tgt/* + diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh index 6756eb6..19ddc3b 100644 --- a/modules/signing/preimage.40.sign-os.sh +++ b/modules/signing/preimage.40.sign-os.sh @@ -8,23 +8,29 @@ okey=$(read_config signing okey) bios_crypto=$(read_config signing bios_crypto_path) [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0 -sign_os() { - local path="$fsmount"/boot/$1.zip - [ -f "$path" ] || return - +if [ -e "$fsmount/boot/vmlinuz" ]; then + echo "Signing kernel..." pushd $bios_crypto/build - unzip "$path" - mv data.img tmp.img + ./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip + popd + [ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip +fi - rm -f $path - ./sign-os.sh $okey tmp.img $path +if [ -e "$fsmount/boot/initrd.img" ]; then + echo "Signing initramfs..." + pushd $bios_crypto/build + ./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip + popd +fi - rm -f tmp.img +if [ -e "$fsmount/boot/actrd.img" ]; then + echo "Signing activation initramfs..." + pushd $bios_crypto/build + $bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip popd -} +fi + +# If no separate activation initramfs was provided, assume that the regular +# initramfs also handles activation. +[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip -echo "Signing initramfs/kernel..." -sign_os runos -sign_os actos -sign_os runrd -sign_os actrd diff --git a/modules/signing/preimage.50.addsignedcontent.sh b/modules/signing/preimage.50.addsignedcontent.sh index 3ad5f19..c110329 100644 --- a/modules/signing/preimage.50.addsignedcontent.sh +++ b/modules/signing/preimage.50.addsignedcontent.sh @@ -12,7 +12,14 @@ rm -rf $signdir mkdir -p $signdir unzip $content -d $signdir for sfile in bootfw.zip runos.zip runrd.zip actos.zip actrd.zip; do - [ -e $signdir/$sfile ] && cp --remove-destination $signdir/$sfile $fsmount/boot/$sfile + [ -e $signdir/$sfile ] && cp $signdir/$sfile $fsmount/boot/$sfile done rm -rf $signdir + +# symlink actXX to runXX (or the other way) if any of them are missing +[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip +[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip +[ -e $fsmount/boot/runos.zip ] || ln -s actos.zip $fsmount/boot/runos.zip +[ -e $fsmount/boot/runrd.zip ] || ln -s actrd.zip $fsmount/boot/runrd.zip + |