Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / chromite / d99d9e0b81e99e70a2bf8e10ed6c41760ddeccf8^! / . / scripts / build_minios.py
commitd99d9e0b81e99e70a2bf8e10ed6c41760ddeccf8[log] [tgz]
authorJae Hoon Kim <kimjae@chromium.org>Tue Jun 15 13:56:30 2021 -0700
committerCommit Bot <commit-bot@chromium.org>Mon Jun 21 18:14:37 2021 +0000
tree22f0f64fc4b4aabded90ceaab24f129525c22cef
parentda928de205f9b7d9bae9c837aef4bbee4206e998 [diff] [blame]
chromite: Provide options to override kernel keys

When building miniOS kernel, the miniOS keyblock will be used for
signing instead of the recovery keyblock.

Provided options to override directories + keys in case they are
converted to use all miniOS keys.

BUG=b:191180137
TEST=./run_tests

Change-Id: Ie31fe953c42007dec438ce79db412cc26b40fec7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2964479
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Commit-Queue: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

diff --git a/scripts/build_minios.py b/scripts/build_minios.py
index 8e0d892..aff5658 100644
--- a/scripts/build_minios.py
+++ b/scripts/build_minios.py

@@ -10,6 +10,7 @@
 import tempfile
 
 from chromite.lib import commandline
+from chromite.lib import constants
 from chromite.lib import minios
 
 
@@ -20,6 +21,20 @@
                       help='The board name.')
   parser.add_argument('--image', type='path',
                       help='The path to the chromium os image.')
+  parser.add_argument('--keys-dir', type='path',
+                      help='The path to keyset.',
+                      default=constants.VBOOT_DEVKEYS_DIR)
+  parser.add_argument('--public-key', type='path',
+                      help='Filename to the public key whose private part '\
+                      'signed the keyblock.',
+                      default=constants.RECOVERY_PUBLIC_KEY )
+  parser.add_argument('--private-key', type='path',
+                      help='Filename to the private key whose public part is '\
+                      'baked into the keyblock.',
+                      default=constants.RECOVERY_DATA_PRIVATE_KEY )
+  parser.add_argument('--keyblock', type='path',
+                      help='Filename to the kernel keyblock.',
+                      default=constants.RECOVERY_KEYBLOCK)
   return parser
 
 
@@ -29,5 +44,7 @@
   opts.Freeze()
 
   with tempfile.TemporaryDirectory() as work_dir:
-    kernel = minios.CreateMiniOsKernelImage(opts.board, work_dir)
+    kernel = minios.CreateMiniOsKernelImage(opts.board, work_dir,
+                                            opts.keys_dir, opts.public_key,
+                                            opts.private_key, opts.keyblock)
     minios.InsertMiniOsKernelImage(opts.image, kernel)