#!/bin/sh

set -e

# Kernel partition.
#
# This is where the boot image, which includes the kernel, the initramfs,
# and the device trees, is stored.
KERN_PART=/dev/sda1

VMLINUZ=/boot/vmlinuz

TOPDIR=/root/kernel
BOOTITS=$TOPDIR/boot.its
KARGS=$TOPDIR/kernel.args

BUILDDIR=$TOPDIR/build
BOOTLOADER=$BUILDDIR/dummy.bin
KERNEL=$BUILDDIR/Image
BOOTIMG=$BUILDDIR/boot.itb
SIGNEDIMG=$BUILDDIR/boot.signed

mkdir -p $BUILDDIR

# No bootloader, but the argument is required.
dd if=/dev/zero of=$BOOTLOADER count=1

# The boot firmware apparently doesn't like compressed entries.
gunzip -c $VMLINUZ > $KERNEL

# Build the boot image, which goes into the kernel partition.
mkimage -D "-I dts -O dtb -p 2048" -f $BOOTITS $BOOTIMG

# Build a signed image.
futility vbutil_kernel \
    --version 1 \
    --arch aarch64 \
    --keyblock /usr/share/vboot/devkeys/kernel.keyblock \
    --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
    --bootloader $BOOTLOADER \
    --vmlinuz $BOOTIMG \
    --config $KARGS \
    --pack $SIGNEDIMG

# Write the signed image to the kernel partition.
dd if=$SIGNEDIMG of=$KERN_PART

rm -rf $BUILDDIR