Quote:
Originally Posted by knc1
The 'full image' recovery system is in the kernel's initramfs (memory resident file system).
We do not put our key into initramfs (on purpose).
|
yeah, looking at the updater log though, it mounts the regular file system, I am not sure if it uses the signatures from there, but it does mount them
Mounted /mnt-rootfs (/dev/mmcblk2p5)
Code:
171123:174712 <12>[ 4.689153] INFO:bundle/unbundle_cognac.c:1503:do_unbundle():do_unbundle: filename=/mnt-us/update-18446744073709551615-f6dbd96f-e1f4-4043-a2bf-82fafcfe1275.bin, new_file=0x000137a0
171123:174712 <12>[ 4.697373] INFO:bundle/unbundle_common.c:320:validate_device_code():Device code matched (34A).
171123:174712 <6>[ 4.710934] kjournald starting. Commit interval 5 seconds
171123:174712 <6>[ 4.712187] EXT3-fs (mmcblk2p5): using internal journal
171123:174712 <6>[ 4.712203] EXT3-fs (mmcblk2p5): mounted filesystem with ordered data mode
171123:174712 system: I milestone:8.29:3:
171123:174712 <12>[ 4.712261] DEBUG:mount.c:260:mount_rootfs():Mounted /mnt-rootfs (/dev/mmcblk2p5)
171123:174712 <12>[ 4.755619] INFO:bundle/unbundle_cognac.c:1645:do_unbundle():Signed with developer 1K cert.
171123:174712 <12>[ 4.755649] INFO:bundle/unbundle_cognac.c:1672:do_unbundle():Verifying signature (len: 128)
171123:174712 <12>[ 42.437712] ERROR: signature is not the correct length (256 bytes versus 128 bytes)
171123:174712 <12>[ 42.437756] ERROR:bundle/unbundle_cognac.c:1694:do_unbundle():do_unbundle: signature check failed.
After playing with that a bit more, it looks like they may have made it so that you had to sign it with the production signing key, which is already 2K, and I'm not prepared to try to change that just to do a downgrade.
I cannot find the old thread that explained how to do the flashing manually, I think I remember a script that had a tool called 'flasher' that may give me somewhere to start.