aboutsummaryrefslogtreecommitdiff
path: root/board/chromebook/elm/sign.sh
diff options
context:
space:
mode:
Diffstat (limited to 'board/chromebook/elm/sign.sh')
-rwxr-xr-xboard/chromebook/elm/sign.sh41
1 files changed, 41 insertions, 0 deletions
diff --git a/board/chromebook/elm/sign.sh b/board/chromebook/elm/sign.sh
new file mode 100755
index 0000000000..af1f9d21c8
--- /dev/null
+++ b/board/chromebook/elm/sign.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# This script creates u-boot FIT image containing the kernel and the DT,
+# then signs it using futility from vboot-utils.
+# The resulting file is called uImage.kpart.
+
+BOARD_DIR=$(dirname $0)/${BOARD_NAME}
+mkimage=$HOST_DIR/bin/mkimage
+futility=$HOST_DIR/bin/futility
+devkeys=$HOST_DIR/share/vboot/devkeys
+
+run() { echo "$@"; "$@"; }
+die() { echo "$@" >&2; exit 1; }
+test -f $BINARIES_DIR/Image || \
+ die "No kernel image found"
+test -x $mkimage || \
+ die "No mkimage found (host-uboot-tools has not been built?)"
+test -x $futility || \
+ die "No futility found (host-vboot-utils has not been built?)"
+
+# kernel.its references Image and mt8173-elm.dtb, and all three
+# files must be in current directory for mkimage.
+run cp $BOARD_DIR/kernel.its $BINARIES_DIR/kernel.its || exit 1
+echo "# entering $BINARIES_DIR for the next command"
+(cd $BINARIES_DIR && run $mkimage -f kernel.its uImage.itb) || exit 1
+
+# futility requires non-empty file to be supplied with --bootloader
+# even if it does not make sense for the target platform.
+echo > $BINARIES_DIR/dummy.txt
+
+run $futility vbutil_kernel \
+ --keyblock $devkeys/kernel.keyblock \
+ --signprivate $devkeys/kernel_data_key.vbprivk \
+ --arch aarch64 \
+ --version 1 \
+ --config $BOARD_DIR/kernel.args \
+ --vmlinuz $BINARIES_DIR/uImage.itb \
+ --bootloader $BINARIES_DIR/dummy.txt \
+ --pack $BINARIES_DIR/uImage.kpart || exit 1
+
+rm -f $BINARIES_DIR/kernel.its $BINARIES_DIR/dummy.txt