diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2014-09-05 12:52:27 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-09-12 03:39:40 +0000 |
| commit | a1d9fe6eecf82540d31d34bba988e4838d295302 (patch) | |
| tree | 94bc87f0c92ca76f85fcfcbd8a709bb6d776b778 | |
| parent | a19b00dfd0c17681b71bd61994854dff3f3576a3 (diff) | |
| download | vboot-a1d9fe6eecf82540d31d34bba988e4838d295302.tar.gz | |
futility: stop using the symlink names in utility scripts
We still create the symlinks (FOO -> futility), but this
change invokes those built-in functions with "futility FOO ..."
instead of using the FOO symlink.
Note that the scripts/ directory is unchanged. That's a
separate CL, since we don't have tests for that.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
In addition to running "make runtests", I temporarily
modified the Makefile to avoid creating the symlinks at all.
The tests still passed.
Change-Id: I96863259b9df02a3611f759a7509bf4090ae03e8
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/216717
Reviewed-by: Randall Spangler <rspangler@chromium.org>
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | tests/common.sh | 1 | ||||
| -rwxr-xr-x | tests/gen_fuzz_test_cases.sh | 10 | ||||
| -rwxr-xr-x | tests/gen_test_keys.sh | 4 | ||||
| -rwxr-xr-x | tests/gen_test_vbpubks.sh | 2 | ||||
| -rwxr-xr-x | tests/load_kernel_tests.sh | 12 | ||||
| -rwxr-xr-x | tests/run_preamble_tests.sh | 8 | ||||
| -rwxr-xr-x | tests/run_vbutil_kernel_arg_tests.sh | 19 | ||||
| -rwxr-xr-x | tests/run_vbutil_tests.sh | 16 | ||||
| -rwxr-xr-x | tests/vb2_firmware_tests.sh | 17 | ||||
| -rwxr-xr-x | utility/dev_debug_vboot | 27 | ||||
| -rwxr-xr-x | utility/dev_make_keypair | 7 | ||||
| -rwxr-xr-x | utility/vbutil_what_keys | 14 |
13 files changed, 76 insertions, 65 deletions
@@ -520,7 +520,7 @@ FUTIL_STATIC_BIN = ${FUTIL_BIN}_s # These are the executables that are now built in to futility. We'll create # symlinks for these so the old names will still work. # TODO: Do we still need dev_sign_file for anything? -FUTIL_BUILTIN = \ +FUTIL_SYMLINKS = \ dev_sign_file \ dump_fmap \ dump_kernel_config \ @@ -901,7 +901,7 @@ futil_install: ${FUTIL_BIN} @$(PRINTF) " INSTALL futility\n" ${Q}mkdir -p ${UB_DIR} ${Q}${INSTALL} -t ${UB_DIR} ${FUTIL_BIN} ${FUTIL_STATIC_BIN} - ${Q}for prog in ${FUTIL_BUILTIN}; do \ + ${Q}for prog in ${FUTIL_SYMLINKS}; do \ ln -sf futility "${UB_DIR}/$$prog"; done # ---------------------------------------------------------------------------- diff --git a/tests/common.sh b/tests/common.sh index 5ae56295..5a963436 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -10,6 +10,7 @@ SCRIPT_DIR=$(dirname $(readlink -f "$0")) ROOT_DIR="$(dirname ${SCRIPT_DIR})" BUILD_DIR="${BUILD}" BIN_DIR="${BUILD_DIR}/install_for_test" +FUTILITY=${BIN_DIR}/futility TEST_DIR="${BUILD_DIR}/tests" TESTKEY_DIR=${SCRIPT_DIR}/testkeys TESTCASE_DIR=${SCRIPT_DIR}/testcases diff --git a/tests/gen_fuzz_test_cases.sh b/tests/gen_fuzz_test_cases.sh index 97c22304..9ca2043f 100755 --- a/tests/gen_fuzz_test_cases.sh +++ b/tests/gen_fuzz_test_cases.sh @@ -26,19 +26,21 @@ function generate_fuzzing_images { echo "Generating key blocks..." # Firmware key block - RSA8192/SHA512 root key, RSA4096/SHA512 firmware # signing key. - ${BIN_DIR}/vbutil_keyblock --pack ${TESTCASE_DIR}/firmware.keyblock \ + ${FUTILITY} vbutil_keyblock \ + --pack ${TESTCASE_DIR}/firmware.keyblock \ --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ --signprivate ${TESTKEY_DIR}/key_rsa8192.sha1.vbprivk # Kernel key block - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512 # kernel signing key. - ${BIN_DIR}/vbutil_keyblock --pack ${TESTCASE_DIR}/kernel.keyblock \ + ${FUTILITY} vbutil_keyblock \ + --pack ${TESTCASE_DIR}/kernel.keyblock \ --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ --signprivate ${TESTKEY_DIR}/key_rsa4096.sha1.vbprivk \ --flags 15 echo "Generating signed firmware test image..." - ${BIN_DIR}/vbutil_firmware \ + ${FUTILITY} vbutil_firmware \ --vblock ${TESTCASE_DIR}/firmware.vblock \ --keyblock ${TESTCASE_DIR}/firmware.keyblock\ --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ @@ -49,7 +51,7 @@ function generate_fuzzing_images { cp ${TESTKEY_DIR}/key_rsa8192.sha512.vbpubk ${TESTCASE_DIR}/root_key.vbpubk echo "Generating signed kernel test image..." - ${BIN_DIR}/vbutil_kernel \ + ${FUTILITY} vbutil_kernel \ --pack ${TESTCASE_DIR}/kernel.vblock.image \ --keyblock ${TESTCASE_DIR}/kernel.keyblock \ --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ diff --git a/tests/gen_test_keys.sh b/tests/gen_test_keys.sh index 5575cd56..79fabf1b 100755 --- a/tests/gen_test_keys.sh +++ b/tests/gen_test_keys.sh @@ -38,14 +38,14 @@ function generate_keys { do alg=$((${key_index} * 3 + ${alg_index})) # wrap the public key - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --pack "${key_base}.sha${sha_type}.vbpubk" \ --key "${key_base}.keyb" \ --version 1 \ --algorithm ${alg} # wrap the private key - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --pack "${key_base}.sha${sha_type}.vbprivk" \ --key "${key_base}.pem" \ --algorithm ${alg} diff --git a/tests/gen_test_vbpubks.sh b/tests/gen_test_vbpubks.sh index 3f8dee17..8ea2759d 100755 --- a/tests/gen_test_vbpubks.sh +++ b/tests/gen_test_vbpubks.sh @@ -15,7 +15,7 @@ function generate_vpubks { do for hashalgo in ${hash_algos[@]} do - ${BIN_DIR}/vbutil_key --pack \ + ${FUTILITY} vbutil_key --pack \ --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ --out ${TESTKEY_DIR}/key_rsa${keylen}.${hashalgo}.vbpubk \ --version 1 \ diff --git a/tests/load_kernel_tests.sh b/tests/load_kernel_tests.sh index 74e91e40..c7c0dc1a 100755 --- a/tests/load_kernel_tests.sh +++ b/tests/load_kernel_tests.sh @@ -25,18 +25,18 @@ dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin" dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin" # Pack kernel data key using original vboot utilities. -${BIN_DIR}/vbutil_key --pack datakey.test \ +${FUTILITY} vbutil_key --pack datakey.test \ --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 # Keyblock with kernel data key is signed by kernel subkey # Flags=5 means dev=0 rec=0 -${BIN_DIR}/vbutil_keyblock --pack keyblock.test \ +${FUTILITY} vbutil_keyblock --pack keyblock.test \ --datapubkey datakey.test \ --flags 5 \ --signprivate ${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk # Kernel preamble is signed with the kernel data key -${BIN_DIR}/futility vbutil_kernel \ +${FUTILITY} vbutil_kernel \ --pack "kernel.test" \ --keyblock "keyblock.test" \ --signprivate ${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk \ @@ -46,10 +46,10 @@ ${BIN_DIR}/futility vbutil_kernel \ --bootloader "dummy_bootloader.bin" \ --config "dummy_config.txt" -echo 'Verifying test kernel using vbutil_kernel' +echo 'Verifying test kernel' # Verify the kernel -${BIN_DIR}/futility vbutil_kernel \ +${FUTILITY} vbutil_kernel \ --verify "kernel.test" \ --signpubkey ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk @@ -67,7 +67,7 @@ dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc # And verify it using futility echo 'Verifying test disk image' -${BIN_DIR}/futility verify_kernel disk.test \ +${FUTILITY} verify_kernel disk.test \ ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk happy 'Image verification succeeded' diff --git a/tests/run_preamble_tests.sh b/tests/run_preamble_tests.sh index 80deebb0..df2f54f9 100755 --- a/tests/run_preamble_tests.sh +++ b/tests/run_preamble_tests.sh @@ -41,7 +41,8 @@ for d in $algs; do fi : $(( tests++ )) echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... " - "${BIN_DIR}/vbutil_firmware" --verify "${V2DIR}/fw_${d}_${r}.vblock" \ + "${FUTILITY}" vbutil_firmware \ + --verify "${V2DIR}/fw_${d}_${r}.vblock" \ --signpubkey "${DATADIR}/root_${rr}.vbpubk" \ --fv "${DATADIR}/FWDATA" >/dev/null 2>&1 if [ "$?" "$cmp" 0 ]; then @@ -68,7 +69,8 @@ for d in $algs; do fi : $(( tests++ )) echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... " - "${BIN_DIR}/vbutil_kernel" --verify "${V2DIR}/kern_${d}_${r}.vblock" \ + "${FUTILITY}" vbutil_kernel \ + --verify "${V2DIR}/kern_${d}_${r}.vblock" \ --signpubkey "${DATADIR}/root_${rr}.vbpubk" >/dev/null 2>&1 if [ "$?" "$cmp" 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" @@ -86,7 +88,7 @@ for d in $algs; do for r in $algs; do : $(( tests++ )) echo -n "verify kern_${d}_${r}.vblock with hash only ... " - "${BIN_DIR}/vbutil_kernel" \ + "${FUTILITY}" vbutil_kernel \ --verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1 if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" diff --git a/tests/run_vbutil_kernel_arg_tests.sh b/tests/run_vbutil_kernel_arg_tests.sh index 9558ca57..95317ec4 100755 --- a/tests/run_vbutil_kernel_arg_tests.sh +++ b/tests/run_vbutil_kernel_arg_tests.sh @@ -44,7 +44,8 @@ while [ "$k" -lt "${#KERN_VALS[*]}" ]; do while [ "$b" -lt "${#BOOT_VALS[*]}" ]; do echo -n "pack kern_${k}_${b}.vblock ... " : $(( tests++ )) - "${BIN_DIR}/vbutil_kernel" --pack "${TMPDIR}/kern_${k}_${b}.vblock" \ + "${FUTILITY}" vbutil_kernel \ + --pack "${TMPDIR}/kern_${k}_${b}.vblock" \ --keyblock "${KEYBLOCK}" \ --signprivate "${SIGNPRIVATE}" \ --version 1 \ @@ -68,7 +69,7 @@ for v in ${TMPDIR}/kern_*.vblock; do : $(( tests++ )) vv=$(basename "$v") echo -n "verify $vv ... " - "${BIN_DIR}/vbutil_kernel" --verify "$v" >/dev/null + "${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) @@ -77,7 +78,7 @@ for v in ${TMPDIR}/kern_*.vblock; do fi : $(( tests++ )) echo -n "verify $vv signed ... " - "${BIN_DIR}/vbutil_kernel" --verify "$v" \ + "${FUTILITY}" vbutil_kernel --verify "$v" \ --signpubkey "${SIGNPUBLIC}" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" @@ -99,7 +100,7 @@ USB_SIGNPRIVATE="${DEVKEYS}/recovery_kernel_data_key.vbprivk" USB_SIGNPUBKEY="${DEVKEYS}/recovery_key.vbpubk" echo -n "pack USB kernel ... " : $(( tests++ )) -"${BIN_DIR}/vbutil_kernel" \ +"${FUTILITY}" vbutil_kernel \ --pack "${USB_KERN}" \ --keyblock "${USB_KEYBLOCK}" \ --signprivate "${USB_SIGNPRIVATE}" \ @@ -118,7 +119,7 @@ fi # And verify it. echo -n "verify USB kernel ... " : $(( tests++ )) -"${BIN_DIR}/vbutil_kernel" \ +"${FUTILITY}" vbutil_kernel \ --verify "${USB_KERN}" \ --signpubkey "${USB_SIGNPUBKEY}" >/dev/null if [ "$?" -ne 0 ]; then @@ -138,7 +139,7 @@ SSD_SIGNPRIVATE="${DEVKEYS}/kernel_data_key.vbprivk" SSD_SIGNPUBKEY="${DEVKEYS}/kernel_subkey.vbpubk" echo -n "repack to SSD kernel ... " : $(( tests++ )) -"${BIN_DIR}/vbutil_kernel" \ +"${FUTILITY}" vbutil_kernel \ --repack "${SSD_KERN}" \ --vblockonly \ --keyblock "${SSD_KEYBLOCK}" \ @@ -158,7 +159,7 @@ dd if="${USB_KERN}" bs=65536 skip=1 >> $tempfile 2>/dev/null echo -n "verify SSD kernel ... " : $(( tests++ )) -"${BIN_DIR}/vbutil_kernel" \ +"${FUTILITY}" vbutil_kernel \ --verify "$tempfile" \ --signpubkey "${SSD_SIGNPUBKEY}" >/dev/null if [ "$?" -ne 0 ]; then @@ -170,7 +171,7 @@ fi # Finally make sure that the kernel command line stays good. orig=$(cat "${CONFIG}" | tr '\012' ' ') -packed=$("${BIN_DIR}/dump_kernel_config" "${USB_KERN}") +packed=$("${FUTILITY}" dump_kernel_config "${USB_KERN}") echo -n "check USB kernel config ..." : $(( tests++ )) if [ "$orig" != "$packed" ]; then @@ -180,7 +181,7 @@ else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi -repacked=$("${BIN_DIR}/dump_kernel_config" "${tempfile}") +repacked=$("${FUTILITY}" dump_kernel_config "${tempfile}") echo -n "check SSD kernel config ..." : $(( tests++ )) if [ "$orig" != "$packed" ]; then diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh index 47d8dfc0..84f66d1a 100755 --- a/tests/run_vbutil_tests.sh +++ b/tests/run_vbutil_tests.sh @@ -18,7 +18,7 @@ function test_vbutil_key_single { echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" # Pack the key - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \ --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ --version 1 \ @@ -30,7 +30,7 @@ function test_vbutil_key_single { # Unpack the key # TODO: should verify we get the same key back out? - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk if [ $? -ne 0 ] then @@ -75,7 +75,7 @@ ${datahashalgo}${COL_STOP}" rm -f ${keyblockfile} # Wrap private key - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk \ --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ --algorithm $signing_algonum @@ -86,7 +86,7 @@ ${datahashalgo}${COL_STOP}" fi # Wrap public key - ${BIN_DIR}/vbutil_key \ + ${FUTILITY} vbutil_key \ --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \ --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \ --algorithm $signing_algonum @@ -97,7 +97,7 @@ ${datahashalgo}${COL_STOP}" fi # Pack - ${BIN_DIR}/vbutil_keyblock --pack ${keyblockfile} \ + ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \ --datapubkey \ ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ --signprivate \ @@ -109,7 +109,7 @@ ${datahashalgo}${COL_STOP}" fi # Unpack - ${BIN_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ + ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \ --datapubkey \ ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \ --signpubkey \ @@ -134,7 +134,7 @@ ${datahashalgo}${COL_STOP}" external signer.${COL_STOP}" # Pack using external signer # Pack - ${BIN_DIR}/vbutil_keyblock --pack ${keyblockfile} \ + ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \ --datapubkey \ ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ --signprivate_pem \ @@ -149,7 +149,7 @@ external signer.${COL_STOP}" fi # Unpack - ${BIN_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ + ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \ --datapubkey \ ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \ --signpubkey \ diff --git a/tests/vb2_firmware_tests.sh b/tests/vb2_firmware_tests.sh index e1981dba..fccacda2 100755 --- a/tests/vb2_firmware_tests.sh +++ b/tests/vb2_firmware_tests.sh @@ -24,24 +24,25 @@ echo 'This is a test firmware body. This is only a test. Lalalalala' \ > body.test # Pack keys using original vboot utilities -${BIN_DIR}/vbutil_key --pack rootkey.test \ +${FUTILITY} vbutil_key --pack rootkey.test \ --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11 -${BIN_DIR}/vbutil_key --pack fwsubkey.test \ +${FUTILITY} vbutil_key --pack fwsubkey.test \ --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7 -${BIN_DIR}/vbutil_key --pack kernkey.test \ +${FUTILITY} vbutil_key --pack kernkey.test \ --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 # Create a GBB with the root key -${BIN_DIR}/gbb_utility -c 128,2400,0,0 gbb.test -${BIN_DIR}/gbb_utility gbb.test -s --hwid='Test GBB' --rootkey=rootkey.test +${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test +${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \ + --rootkey=rootkey.test # Keyblock with firmware subkey is signed by root key -${BIN_DIR}/vbutil_keyblock --pack keyblock.test \ +${FUTILITY} vbutil_keyblock --pack keyblock.test \ --datapubkey fwsubkey.test \ --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk # Firmware preamble is signed with the firmware subkey -${BIN_DIR}/vbutil_firmware \ +${FUTILITY} vbutil_firmware \ --vblock vblock.test \ --keyblock keyblock.test \ --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ @@ -52,6 +53,6 @@ ${BIN_DIR}/vbutil_firmware \ echo 'Verifying test firmware using vb2_verify_fw' # Verify the firmware using vboot2 utility -${BIN_DIR}/futility vb2_verify_fw gbb.test vblock.test body.test +${FUTILITY} vb2_verify_fw gbb.test vblock.test body.test happy 'vb2_verify_fw succeeded' diff --git a/utility/dev_debug_vboot b/utility/dev_debug_vboot index 698a5bd8..6e2724f5 100755 --- a/utility/dev_debug_vboot +++ b/utility/dev_debug_vboot @@ -244,7 +244,7 @@ trap cleanup EXIT # Make sure we have the programs we need -need="vbutil_key vbutil_keyblock vbutil_kernel vbutil_firmware" +need="futility" [ -z "${OPT_BIOS}" ] && need="$need flashrom" [ -z "${OPT_KERNEL}" ] && need="$need cgpt" require_utils $need @@ -269,13 +269,13 @@ set -e info "Extracting BIOS components..." if [ -n "${OPT_BIOS}" ]; then # If we've already got a file, just extract everything. - log dump_fmap -x "${OPT_BIOS}" + log futility dump_fmap -x "${OPT_BIOS}" fix_old_names else # Read it from the flash if log flashrom -p host -r bios.rom ; then # If we can read the whole BIOS at once, great. - log dump_fmap -x bios.rom + log futility dump_fmap -x bios.rom fix_old_names else # Otherwise pull just the components we want (implying new-style names) @@ -290,22 +290,25 @@ else fi info "Pulling root and recovery keys from GBB..." -log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ +log futility gbb_utility -g --rootkey rootkey.vbpubk \ + --recoverykey recoverykey.vbpubk \ "GBB" || logdie "Unable to extract keys from GBB" -log vbutil_key --unpack rootkey.vbpubk -log vbutil_key --unpack recoverykey.vbpubk -vbutil_key --unpack rootkey.vbpubk | +log futility vbutil_key --unpack rootkey.vbpubk +log futility vbutil_key --unpack recoverykey.vbpubk +futility vbutil_key --unpack rootkey.vbpubk | grep -q b11d74edd286c144e1135b49e7f0bc20cf041f10 && info " Looks like dev-keys" # Okay if one of the firmware verifications fails set +e for fw in A B; do infon "Verify firmware ${fw} with root key: " - log vbutil_firmware --verify "VBLOCK_${fw}" --signpubkey rootkey.vbpubk \ + log futility vbutil_firmware --verify "VBLOCK_${fw}" \ + --signpubkey rootkey.vbpubk \ --fv "FW_MAIN_${fw}" --kernelkey "kern_subkey_${fw}.vbpubk" ; result if [ "${LAST_RESULT}" = "0" ]; then # rerun to get version numbers - vbutil_firmware --verify "VBLOCK_${fw}" --signpubkey rootkey.vbpubk \ + futility vbutil_firmware --verify "VBLOCK_${fw}" \ + --signpubkey rootkey.vbpubk \ --fv "FW_MAIN_${fw}" > tmp.txt ver=$(format_as_tpm_version tmp.txt) info " TPM=${tpm_fwver}, this=${ver}" @@ -340,17 +343,17 @@ for kname in ${kernparts}; do fi infon "Kernel ${kname}: " - log vbutil_keyblock --unpack "${kfile}" ; result + log futility vbutil_keyblock --unpack "${kfile}" ; result if [ "${LAST_RESULT}" != "0" ]; then loghead od -Ax -tx1 "${kfile}" else # Test each kernel with each key for key in kern_subkey_A.vbpubk kern_subkey_B.vbpubk recoverykey.vbpubk; do infon " Verify ${kname} with $key: " - log vbutil_kernel --verify "${kfile}" --signpubkey "$key" ; result + log futility vbutil_kernel --verify "${kfile}" --signpubkey "$key" ; result if [ "${LAST_RESULT}" = "0" ]; then # rerun to get version numbers - vbutil_kernel --verify "${kfile}" --signpubkey "$key" > tmp.txt + futility vbutil_kernel --verify "${kfile}" --signpubkey "$key" > tmp.txt ver=$(format_as_tpm_version tmp.txt) info " TPM=${tpm_kernver} this=${ver}" fi diff --git a/utility/dev_make_keypair b/utility/dev_make_keypair index d1d34ad4..7486d9e1 100755 --- a/utility/dev_make_keypair +++ b/utility/dev_make_keypair @@ -56,14 +56,14 @@ function make_pair { dumpRSAPublicKey -cert "${base}_${len}.crt" > "${base}_${len}.keyb" # wrap the public key - vbutil_key \ + futility vbutil_key \ --pack "${base}.vbpubk" \ --key "${base}_${len}.keyb" \ --version 1 \ --algorithm $alg # wrap the private key - vbutil_key \ + futility vbutil_key \ --pack "${base}.vbprivk" \ --key "${base}_${len}.pem" \ --algorithm $alg @@ -79,4 +79,5 @@ make_pair "$1" "${2:-4}" # won't be signed, just checksummed. Developer kernels can only be run in # non-recovery mode with the developer switch enabled, but it won't hurt us to # turn on all the flags bits anyway. -vbutil_keyblock --pack "$1.keyblock" --datapubkey "$1.vbpubk" --flags 15 +futility vbutil_keyblock --pack "$1.keyblock" \ + --datapubkey "$1.vbpubk" --flags 15 diff --git a/utility/vbutil_what_keys b/utility/vbutil_what_keys index de426d89..215a7e7a 100755 --- a/utility/vbutil_what_keys +++ b/utility/vbutil_what_keys @@ -75,16 +75,16 @@ showbios() { local file="$1" space="$2" local hwid matchh rootkey matchn recoverykey matchr - hwid=$(gbb_utility --hwid "$file" | sed -e 's/^.*: *//') || return + hwid=$(futility gbb_utility --hwid "$file" | sed -e 's/^.*: *//') || return matchh=$(grep "$hwid" "$0" 2>/dev/null | sed -e 's/^# //') - gbb_utility --rootkey="$TMPFILE" "$file" >/dev/null - rootkey=$(vbutil_key --unpack "$TMPFILE" | grep sha1sum | \ + futility gbb_utility --rootkey="$TMPFILE" "$file" >/dev/null + rootkey=$(futility vbutil_key --unpack "$TMPFILE" | grep sha1sum | \ sed -e 's/^.*: *//') matchn=$(greppy "$rootkey") - gbb_utility --recoverykey="$TMPFILE" "$file" >/dev/null - recoverykey=$(vbutil_key --unpack "$TMPFILE" | grep sha1sum | \ + futility gbb_utility --recoverykey="$TMPFILE" "$file" >/dev/null + recoverykey=$(futility vbutil_key --unpack "$TMPFILE" | grep sha1sum | \ sed -e 's/^.*: *//') matchr=$(greppy "$recoverykey") @@ -116,12 +116,12 @@ dofile() { pstart=$(cgpt show -b -i "$pnum" "$file") dd if="$file" of="$TMPFILE" bs=512 count=128 skip="$pstart" 2>/dev/null - psum=$(vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \ + psum=$(futility vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \ grep sha1sum | sed -e 's/^.*: *//') if [ -n "$psum" ]; then match=$(greppy "$psum") - flags=$(vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \ + flags=$(futility vbutil_keyblock --unpack "$TMPFILE" 2>/dev/null | \ grep Flags: | sed -e 's/^.*:[ 0-9]*//') else match="" |