diff options
Diffstat (limited to 'kernel/deploy.sh')
-rwxr-xr-x | kernel/deploy.sh | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/kernel/deploy.sh b/kernel/deploy.sh new file mode 100755 index 0000000..860acc2 --- /dev/null +++ b/kernel/deploy.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +set -e + +# Kernel partition. +# +# This is where the boot image, which includes the kernel, the initramfs, +# and the device trees, is stored. +KERN_PART=/dev/sda1 + +VMLINUZ=/boot/vmlinuz + +TOPDIR=/root/kernel +BOOTITS=$TOPDIR/boot.its +KARGS=$TOPDIR/kernel.args + +BUILDDIR=$TOPDIR/build +BOOTLOADER=$BUILDDIR/dummy.bin +KERNEL=$BUILDDIR/Image +BOOTIMG=$BUILDDIR/boot.itb +SIGNEDIMG=$BUILDDIR/boot.signed + +mkdir -p $BUILDDIR + +# No bootloader, but the argument is required. +dd if=/dev/zero of=$BOOTLOADER count=1 + +# The boot firmware apparently doesn't like compressed entries. +gunzip -c $VMLINUZ > $KERNEL + +# Build the boot image, which goes into the kernel partition. +mkimage -D "-I dts -O dtb -p 2048" -f $BOOTITS $BOOTIMG + +# Build a signed image. +futility vbutil_kernel \ + --version 1 \ + --arch aarch64 \ + --keyblock /usr/share/vboot/devkeys/kernel.keyblock \ + --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \ + --bootloader $BOOTLOADER \ + --vmlinuz $BOOTIMG \ + --config $KARGS \ + --pack $SIGNEDIMG + +# Write the signed image to the kernel partition. +dd if=$SIGNEDIMG of=$KERN_PART + +rm -rf $BUILDDIR |