diff options
| author | Gaurav Shah <gauravsh@google.com> | 2011-06-10 14:43:12 -0700 |
|---|---|---|
| committer | Gaurav Shah <gauravsh@chromium.org> | 2011-06-10 15:37:18 -0700 |
| commit | 3cac6e7289070633afcc9c61503a14d09bbe56bf (patch) | |
| tree | a318b72ec3eace2c4d638d0a272035ef855a4c74 | |
| parent | ad3e3ac8a3e80c33d3db542f71bde11880b426d6 (diff) | |
| download | vboot-3cac6e7289070633afcc9c61503a14d09bbe56bf.tar.gz | |
kernel command line test: add optional regular expression parameter support
Add support for matching an optional kernel command line parameter that must
be matched via a regular expression.
BUG=none
TEST=manually on R12, R13 and R14 recovery images. Tests pass.
Change-Id: I82c1e6c9bd98f41912ab2054840fb2edec4698d9
Reviewed-on: http://gerrit.chromium.org/gerrit/2474
Reviewed-by: Jim Hebert <jimhebert@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
| -rwxr-xr-x | scripts/image_signing/ensure_secure_kernelparams.sh | 6 | ||||
| -rwxr-xr-x | scripts/image_signing/sample-test-configs/ensure_secure_kernelparams.config | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh index 29fab35e..b9dac90d 100755 --- a/scripts/image_signing/ensure_secure_kernelparams.sh +++ b/scripts/image_signing/ensure_secure_kernelparams.sh @@ -76,6 +76,7 @@ main() { cut -d = -f 2 | cut -d - -f 1,2 --output-delimiter=_) eval "required_kparams=(\${required_kparams_$board[@]})" eval "optional_kparams=(\${optional_kparams_$board[@]})" + eval "optional_kparams_regex=(\${optional_kparams_regex_$board[@]})" eval "required_dmparams=\"\$required_dmparams_$board\"" # Divide the dm params from the rest and process seperately. @@ -110,6 +111,11 @@ main() { kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") done + # Check-off each of the allowed-but-optional params that were present. + for param in ${optional_kparams_regex[@]}; do + kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") + done + # This section enforces the default-deny for any unexpected params # not already processed by one of the above loops. if [[ ! -z ${kparams_nodm// /} ]]; then diff --git a/scripts/image_signing/sample-test-configs/ensure_secure_kernelparams.config b/scripts/image_signing/sample-test-configs/ensure_secure_kernelparams.config index c74bb0e3..a3bef59b 100755 --- a/scripts/image_signing/sample-test-configs/ensure_secure_kernelparams.config +++ b/scripts/image_signing/sample-test-configs/ensure_secure_kernelparams.config @@ -15,6 +15,7 @@ required_kparams_common=( quiet console=tty2 init=/sbin/init add_efi_memmap dm_verity.dev_wait=1 noinitrd ) optional_kparams_common=( ) +optional_kparams_regex_common=( ) # use "MAGIC_HASH" in place of the unpredictable sha1 hash, comparison # functions later take care of the rest.... This set of dmparams @@ -30,6 +31,7 @@ required_dmparams_common="vroot none ro,0 1740800 verity /dev/sd%D%P \ # required_kparams_x86_mario=( ${required_kparams_common[@]} ) optional_kparams_x86_mario=( ${optional_kparams_common[@]} ) +optional_kparams_regex_x86_mario=( ${optional_kparams_regex_common[@]} ) required_dmparams_x86_mario="$required_dmparams_common" # Set up additional boards here. The "common" variables are |