I downloaded the latest enguarde signed image and reviewed the signer code and I don't see this packed into the shellball anywhere.

I see VERSION.signer, but this is an empty file that just indicates the firmware was signed.

Sorry, this is confusing. I mean it *should* write such a file. Hung-Te mentioned it is useful to know which key was used to sign (pre-mp or mp)

we already write signer_config.csv into the shellball with model, keyid, and bios path

anything past that seems redundant

the phase isn't know by the signer, it just knows which keyset it used (which we could pattern match on, but seems unnecessary to do in the signer)

Hi Hung-Te, can you please add a few more details here on what you need and how the signer might get this information?

I remember the keyset folders were named as PreMP or MPv1 etc in its path. Can we have that key folder names and try to derive phase from there?

The other thing I need is hash of root and recovery keys that is signed.

I think what I want was what carried in README.signer.
Just downloaded a Coral build and found it becoming empty.

Can we get something back?

Over to Charles to take a look

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/fde7cdc134d66ff0ad1350901b716c4d7d158fa8

commit fde7cdc134d66ff0ad1350901b716c4d7d158fa8
Author: Marco Chen <marcochen@chromium.org>
Date: Fri Jan 12 13:49:45 2018

image_signing: Fix the wrong output to VERSION.signer.

The helper function - info redirects msg to stderr and appends some
backslash escapes so
  1. it can't be redirected to VERSION.signer via stdout again.
  2. Even if change to stderr, we also don't want these appended
     msg.

BUG= chromium:760879 
TEST==~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None

Change-Id: I46d560fb4cb93756fd02e32412410afb3a4db0e2
Reviewed-on: https://chromium-review.googlesource.com/861694
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/fde7cdc134d66ff0ad1350901b716c4d7d158fa8/scripts/image_signing/sign_official_build.sh

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/281b6e35a70d7d77b7b8232d5915078de3001acd

commit 281b6e35a70d7d77b7b8232d5915078de3001acd
Author: Marco Chen <marcochen@chromium.org>
Date: Tue Jan 16 21:53:10 2018

image_signing: Fix the wrong output to VERSION.signer.

The helper function - info redirects msg to stderr and appends some
backslash escapes so
  1. it can't be redirected to VERSION.signer via stdout again.
  2. Even if change to stderr, we also don't want these appended
     msg.

BUG= chromium:760879 
TEST==~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None

Change-Id: I46d560fb4cb93756fd02e32412410afb3a4db0e2
Reviewed-on: https://chromium-review.googlesource.com/861694
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
(cherry picked from commit fde7cdc134d66ff0ad1350901b716c4d7d158fa8)
Reviewed-on: https://chromium-review.googlesource.com/868835
Reviewed-by: Shelley Chen <shchen@chromium.org>
Commit-Queue: Shelley Chen <shchen@chromium.org>
Tested-by: Shelley Chen <shchen@chromium.org>

[modify] https://crrev.com/281b6e35a70d7d77b7b8232d5915078de3001acd/scripts/image_signing/sign_official_build.sh