summaryrefslogtreecommitdiff
path: root/kernel/deploy.sh
blob: 860acc2d134b96140a464247f50375066eafbe4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/sh

set -e

# Kernel partition.
#
# This is where the boot image, which includes the kernel, the initramfs,
# and the device trees, is stored.
KERN_PART=/dev/sda1

VMLINUZ=/boot/vmlinuz

TOPDIR=/root/kernel
BOOTITS=$TOPDIR/boot.its
KARGS=$TOPDIR/kernel.args

BUILDDIR=$TOPDIR/build
BOOTLOADER=$BUILDDIR/dummy.bin
KERNEL=$BUILDDIR/Image
BOOTIMG=$BUILDDIR/boot.itb
SIGNEDIMG=$BUILDDIR/boot.signed

mkdir -p $BUILDDIR

# No bootloader, but the argument is required.
dd if=/dev/zero of=$BOOTLOADER count=1

# The boot firmware apparently doesn't like compressed entries.
gunzip -c $VMLINUZ > $KERNEL

# Build the boot image, which goes into the kernel partition.
mkimage -D "-I dts -O dtb -p 2048" -f $BOOTITS $BOOTIMG

# Build a signed image.
futility vbutil_kernel \
    --version 1 \
    --arch aarch64 \
    --keyblock /usr/share/vboot/devkeys/kernel.keyblock \
    --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
    --bootloader $BOOTLOADER \
    --vmlinuz $BOOTIMG \
    --config $KARGS \
    --pack $SIGNEDIMG

# Write the signed image to the kernel partition.
dd if=$SIGNEDIMG of=$KERN_PART

rm -rf $BUILDDIR