Allow --repack option to change kernel version number.
RFro TPM rollback testing we need to be able to change kernel
version number. This Cl adds this ability to the
vbutil_kernel utility.
Change-Id: I156df9b0d3467043c20a43e1c75e6d0222704f3a
BUG=chromium-os:1976
TEST=manual
1. On a target running off /dev/sda3 (as reported by
'rootdev -s') execute `/usr/bin/dev_debug_vboot' and take
note of the kernel version number in the output section
starting with 'TEST: verify HD kernel A with firmware A key',
under 'Preamble' it should read
'Kernel version: 1'
2. copy the kernel into a file:
dd if=/dev/sda2 of=/tmp/kernel
3.on the desktop (this step requires ssh setup to use the
correct keys to reach the target):
scp tests/devkeys/kernel_data_key.vbprivk <target>:/tmp
3. Modify kernel version
vbutil_kernel --repack /tmp/repacked.k --version 2 --signprivate /tmp/kernel_data_key.vbprivk --oldblob /tmp/kernel
4. Install the updated kernel
dd if=/tmp/repacked.k of=/dev/sda2
5. restart the system
6. Observe that it came up using /dev/sda3 as the root
file system
7. run /usr/bin/dev_debug_vboot and observe that the kernel
version is no set to 2
Review URL: http://codereview.chromium.org/3520019
diff --git a/utility/vbutil_kernel.c b/utility/vbutil_kernel.c
index acf156f..391f5ad 100644
--- a/utility/vbutil_kernel.c
+++ b/utility/vbutil_kernel.c
@@ -91,13 +91,14 @@
"\nOR\n\n"
"Usage: %s --repack <file> [PARAMETERS]\n"
"\n"
- " Required parameters (of --keyblock and --config at least "
- "one is required):\n"
+ " Required parameters (of --keyblock, --config, and --version \n"
+ " at least one is required):\n"
" --keyblock <file> Key block in .keyblock format\n"
" --signprivate <file>"
" Private key to sign kernel data, in .vbprivk format\n"
" --oldblob <file> Previously packed kernel blob\n"
" --config <file> New command line file\n"
+ " --version <number> Kernel version\n"
"\n"
" Optional:\n"
" --pad <number> Verification padding size in bytes\n"
@@ -846,9 +847,10 @@
return r;
case OPT_MODE_REPACK:
- if (!config_file && !key_block_file) {
+ if (!config_file && !key_block_file && !version) {
fprintf(stderr,
- "You must supply at least one of --config and --keyblock\n");
+ "You must supply at least one of "
+ "--config, --keyblock or --version\n");
return 1;
}
@@ -857,6 +859,9 @@
return 1;
r = ReplaceConfig(bp, config_file);
if (!r) {
+ if (version) {
+ bp->kernel_version = version;
+ }
r = Pack(filename, key_block_file, signprivate, bp, pad, vblockonly);
}
FreeBlob(bp);