From 85d4842c5467e54f2c55c6f14bbbb1158d50f1bc Mon Sep 17 00:00:00 2001 From: Zain Wang Date: Tue, 12 Apr 2022 17:39:30 +0800 Subject: [PATCH] build.sh: add more conspicuous tips for security Signed-off-by: Zain Wang Change-Id: I4a2dd9c785524b2610433f698cc80645f9300afa --- common/build.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/common/build.sh b/common/build.sh index 34b15d4..89b78f9 100755 --- a/common/build.sh +++ b/common/build.sh @@ -245,6 +245,7 @@ function usage() echo "createkeys -create secureboot root keys" echo "security-rootfs -build rootfs and some relevant images with security paramter (just for dm-v)" echo "security-boot -build boot with security paramter" + echo "security_check -check security paramter if it's good" echo "" echo "Default option is 'allsave'." } @@ -800,7 +801,11 @@ function defconfig_check() { echo "look for $i" result=$(cat $1 | grep "${i}=y" -w || echo "No found") if [ "$result" = "No found" ]; then - echo "${i} Not found" + echo -e "\e[41;1;37mSecurity: No found config ${i} in $1 \e[0m" + echo "make sure your config include this list" + echo "---------------------------------------" + echo "$2" + echo "---------------------------------------" return -1; fi done @@ -810,7 +815,7 @@ function defconfig_check() { function find_string_in_config(){ result=$(cat "$2" | grep "$1" || echo "No found") if [ "$result" = "No found" ]; then - echo "No found $1 in $2" + echo "Security: No found string $1 in $2" return -1; fi return 0; @@ -852,6 +857,8 @@ function check_security_condition(){ defconfig_check kernel/arch/$RK_ARCH/configs/$RK_KERNEL_DEFCONFIG "$BOOT_FIXED_CONFIGS" echo "check uboot defconfig" defconfig_check u-boot/configs/${RK_UBOOT_DEFCONFIG}_defconfig "$UBOOT_FIXED_CONFIGS" + + echo "Security: finish check" } function build_all(){ @@ -1152,6 +1159,7 @@ for option in ${OPTIONS}; do build_uboot echo "please update rootfs.img / boot.img / uboot.img" ;; + security_check) check_security_condition ;; security-boot) if [ "$RK_RAMDISK_SECURITY_BOOTUP" != "true" ]; then echo "No security paramter found in .BoardConfig.mk"