diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2019-04-04 14:28:03 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-04-05 09:21:47 -0700 |
commit | c34791f6b3c9e25c6abe1976efecf3bdc51ba453 (patch) | |
tree | e2d144d6bc0bcdd7124e705434ed2670ed73241f | |
parent | 171578b67f40355528cbb5f34b78e8e8ed83e335 (diff) | |
download | chrome-ec-c34791f6b3c9e25c6abe1976efecf3bdc51ba453.tar.gz |
cr50 signer: make sure SQA images can not be signed with prod keys
This patch makes sure that SQA images can not be signed with prod keys.
BRANCH=none
BUG=none
TEST=manually verified that the modified grep expression triggers for
both DBG and SQA containing strings.
Change-Id: I3c8b8c45dbbf5d38bc9c35f766e80ada8257cb65
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1553575
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
-rwxr-xr-x | util/signer/bs | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/util/signer/bs b/util/signer/bs index c06d611ef0..7c07d8fc40 100755 --- a/util/signer/bs +++ b/util/signer/bs @@ -291,8 +291,8 @@ tweak_manifest count=0 for elf in ${elves[@]}; do if [[ -n "${do_prod}" ]]; then - if strings "${elf}" | grep -q "DBG/cr50"; then - echo "Will not sign debug image with prod keys" >&2 + if strings "${elf}" | egrep -q "(DBG|SQA)/cr50"; then + echo "Will not sign debug or SQA image with prod keys" >&2 exit 1 fi fi |