blob: 860acc2d134b96140a464247f50375066eafbe4e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/bin/sh
set -e
# Kernel partition.
#
# This is where the boot image, which includes the kernel, the initramfs,
# and the device trees, is stored.
KERN_PART=/dev/sda1
VMLINUZ=/boot/vmlinuz
TOPDIR=/root/kernel
BOOTITS=$TOPDIR/boot.its
KARGS=$TOPDIR/kernel.args
BUILDDIR=$TOPDIR/build
BOOTLOADER=$BUILDDIR/dummy.bin
KERNEL=$BUILDDIR/Image
BOOTIMG=$BUILDDIR/boot.itb
SIGNEDIMG=$BUILDDIR/boot.signed
mkdir -p $BUILDDIR
# No bootloader, but the argument is required.
dd if=/dev/zero of=$BOOTLOADER count=1
# The boot firmware apparently doesn't like compressed entries.
gunzip -c $VMLINUZ > $KERNEL
# Build the boot image, which goes into the kernel partition.
mkimage -D "-I dts -O dtb -p 2048" -f $BOOTITS $BOOTIMG
# Build a signed image.
futility vbutil_kernel \
--version 1 \
--arch aarch64 \
--keyblock /usr/share/vboot/devkeys/kernel.keyblock \
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
--bootloader $BOOTLOADER \
--vmlinuz $BOOTIMG \
--config $KARGS \
--pack $SIGNEDIMG
# Write the signed image to the kernel partition.
dd if=$SIGNEDIMG of=$KERN_PART
rm -rf $BUILDDIR
|