diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2016-09-05 11:04:52 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-07 00:16:54 -0700 |
| commit | 61c4ee12be495fe60b94b60f768be0f6a539fd05 (patch) | |
| tree | 86327aa6b1caa210cbe483d0aa8760ff40c6feba | |
| parent | 5c537e3ea8d391937938536e7170a5bfefbdafcb (diff) | |
| download | vboot-61c4ee12be495fe60b94b60f768be0f6a539fd05.tar.gz | |
tests: Prevent testing dev_firmware* if the keys do not exist.
In CL:378661 we removed dev_firmware* from tests/devkey but that also makes
futility unit tests to fail.
This changes signing test scripts to first check if dev_firmware* keys exist,
and only use it (and test ZGB signing results) if available.
BRANCH=none
BUG=chrome-os-partner:52568,chrome-os-partner:56917
TEST=make runfutiltests; make runtests;
add dev_firmware* back; run tests again and success.
Change-Id: If42c8404baf183edf5c8dbeadf537efa8ad571ec
Reviewed-on: https://chromium-review.googlesource.com/381151
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
| -rwxr-xr-x | tests/futility/test_sign_firmware.sh | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh index 7ebedcca..9a17cf07 100755 --- a/tests/futility/test_sign_firmware.sh +++ b/tests/futility/test_sign_firmware.sh @@ -18,7 +18,6 @@ INFILES=" ${SCRIPTDIR}/data/bios_link_mp.bin ${SCRIPTDIR}/data/bios_mario_mp.bin ${SCRIPTDIR}/data/bios_peppy_mp.bin -${SCRIPTDIR}/data/bios_zgb_mp.bin " # We also want to test that we can sign an image without any valid firmware @@ -32,6 +31,17 @@ INFILES="${INFILES} ${ONEMORE}" set -o pipefail +# We've removed dev_firmware keyblock and private keys from ToT test key dir. +# It's currently only available on few legacy (alex, zgb) devices' key folders +# on signer bot. Add them to ${KEYDIR} if you need to test that. +DEV_FIRMWARE_PARAMS="" +if [ -f "${KEYDIR}/dev_firmware.keyblock" ]; then + DEV_FIRMWARE_PARAMS=" + -S ${KEYDIR}/dev_firmware_data_key.vbprivk + -B ${KEYDIR}/dev_firmware.keyblock" + INFILES="${INFILES} ${SCRIPTDIR}/data/bios_zgb_mp.bin" +fi + count=0 for infile in $INFILES; do @@ -76,8 +86,7 @@ for infile in $INFILES; do ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - -S ${KEYDIR}/dev_firmware_data_key.vbprivk \ - -B ${KEYDIR}/dev_firmware.keyblock \ + ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ -v 14 \ -f 8 \ @@ -147,8 +156,7 @@ echo -n "$count " 1>&3 ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - -S ${KEYDIR}/dev_firmware_data_key.vbprivk \ - -B ${KEYDIR}/dev_firmware.keyblock \ + ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.2 @@ -165,8 +173,7 @@ ${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - -S ${KEYDIR}/dev_firmware_data_key.vbprivk \ - -B ${KEYDIR}/dev_firmware.keyblock \ + ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.3 |