diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2017-01-13 11:30:31 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-01-18 19:18:50 -0800 |
commit | 268b510f0b981b2bb9d861dce291172687c6a5e5 (patch) | |
tree | bc695e15d8c83ecdc4455d60d9d339f93d15a4d7 | |
parent | 5909f4ee26a21de6a8683c81f24ac01daae5326a (diff) | |
download | chrome-ec-268b510f0b981b2bb9d861dce291172687c6a5e5.tar.gz |
g: add means of building node locked images
When debug enabled cr50 image is signed, the default manifest passed
to the signer is util/signer/ec_RW-manifest-dev.json. Images signed
with this manifest will not run on devices where the RO part is fused
for production.
It is possible to build node locked images for such devices, but the
manifest must include the lines
"DEV_ID0": <value>.
"DEV_ID1": <value>,
with the values matching the chip the image is built for.
This patch allows to pass the values in the make command line or the
environment, defined as follows:
H1_DEVIDS='<num 1> <num 2>'
When this value is defined, the default manifest is edited to add the
required lines.
One side effect of this patch is that the temp file where the edited
manifest is placed to is not deleted.
BRANCH=none
BUG=none
TEST=verified that images still can be built for both dev RW and prod
RO (node locked) with both debug features enabled and disabled
(CR50_DEV set and not set)
Change-Id: I0e81fc9aa65aa4d239e60de6047e2470f6eeaf50
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428337
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | chip/g/build.mk | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/chip/g/build.mk b/chip/g/build.mk index 4a642ba59a..c6f2f47c96 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -120,10 +120,40 @@ CPPFLAGS += -DCR50_DEV=1 SIGNER = $(HOME)/bin/codesigner CR50_RW_KEY = cr50_rom0-dev-blsign.pem.pub RW_SIGNER_EXTRAS = -x util/signer/fuses.xml -RW_SIGNER_EXTRAS += -j util/signer/ec_RW-manifest-dev.json -$(out)/RW/ec.RW_B.flat: $(out)/RW/ec.RW.flat -$(out)/RW/ec.RW.flat $(out)/RW/ec.RW_B.flat: SIGNER_EXTRAS = $(RW_SIGNER_EXTRAS) -endif + +ifneq ($(CHIP_MK_INCLUDED_ONCE),) +ifneq ($(H1_DEVIDS),) +# +# When building a node locked cr50 image for an H1 device with prod RO, the +# manifest needs to be modifed to include the device ID of the chip the image +# is built for. +# +# The device ID consists of two 32 bit numbers which can be retrieved by +# running the 'sysinfo' command on the cr50 console. These two numbers +# need to be spliced into the signer manifest after the '"fuses": {' line +# for the signer to pick them up. Pass the numbers on the make command line +# like this: +# +# H1_DEVIDS='<num 1> <num 2>' make ... +# + +SIGNER_MANIFEST := $(shell mktemp /tmp/h1.signer.XXXXXX) +DUMMY := $(shell /bin/cp util/signer/ec_RW-manifest-dev.json $(SIGNER_MANIFEST)) +REPLACEMENT := $(shell printf \ + '\\n \\"DEV_ID0\\": %d,\\n \\"DEV_ID1\\": %d,' $${H1_DEVIDS}) +NODE_JSON := $(shell sed -i \ + "s/\"fuses\": {/\"fuses\": {$(REPLACEMENT)/" $(SIGNER_MANIFEST)) + +else # H1_DEVIDS ^^^^^ nonempty vvvvvv empty + +SIGNER_MANIFEST := util/signer/ec_RW-manifest-dev.json + +endif # H1_DEVIDS ^^^^^ empty + +RW_SIGNER_EXTRAS += -j $(SIGNER_MANIFEST) +endif # CHIP_MK_INCLUDED_ONCE defined +endif # CR50_DEV defined + # This file is included twice by the Makefile, once to determine the CHIP info # # and then again after defining all the CONFIG_ and HAS_TASK variables. We use @@ -133,6 +163,9 @@ ifeq ($(CHIP_MK_INCLUDED_ONCE),) CHIP_MK_INCLUDED_ONCE=1 else +$(out)/RW/ec.RW_B.flat: $(out)/RW/ec.RW.flat +$(out)/RW/ec.RW.flat $(out)/RW/ec.RW_B.flat: SIGNER_EXTRAS = $(RW_SIGNER_EXTRAS) + ifeq ($(CONFIG_DCRYPTO),y) $(out)/RW/ec.RW.elf $(out)/RW/ec.RW_B.elf: LDFLAGS_EXTRA += -L$(out)/cryptoc \ -lcryptoc |