diff options
| author | Paul Taysom <taysom@chromium.org> | 2012-11-16 09:06:06 -0800 |
|---|---|---|
| committer | Gerrit <chrome-bot@google.com> | 2012-11-19 16:14:31 -0800 |
| commit | 0bbc17c69aea80d3c25b7170f296ff9adb980b30 (patch) | |
| tree | 654e608ffbc89d03804db0a145c41c56ce02fe18 | |
| parent | 7682e5e87a19c22191e47abf58e4857a8bc86f07 (diff) | |
| download | vboot-0bbc17c69aea80d3c25b7170f296ff9adb980b30.tar.gz | |
Added handling of regex for dm params
To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.
BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none
Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
| -rwxr-xr-x | scripts/image_signing/ensure_secure_kernelparams.sh | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh index 0f15490f..5f06e2e7 100755 --- a/scripts/image_signing/ensure_secure_kernelparams.sh +++ b/scripts/image_signing/ensure_secure_kernelparams.sh @@ -73,6 +73,10 @@ main() { local image="$1" + # A byte that should not appear in the command line to use as a sed + # marker when doing regular expression replacements. + local M=$'\001' + # Default config location: same name/directory as this script, # with a .config file extension, ie ensure_secure_kernelparams.config. local configfile="$(dirname "$0")/${0/%.sh/.config}" @@ -101,6 +105,7 @@ main() { eval "optional_kparams=(\"\${optional_kparams_$board[@]}\")" eval "optional_kparams_regex=(\"\${optional_kparams_regex_$board[@]}\")" eval "required_dmparams=(\"\${required_dmparams_$board[@]}\")" + eval "required_dmparams_regex=(\"\${required_dmparams_regex_$board[@]}\")" output+="required_kparams=(\n" output+="$(printf "\t'%s'\n" "${required_kparams[@]}")\n)\n" output+="required_kparams_regex=(\n" @@ -111,6 +116,8 @@ main() { output+="$(printf "\t'%s'\n" "${optional_kparams_regex[@]}")\n)\n" output+="required_dmparams=(\n" output+="$(printf "\t'%s'\n" "${required_dmparams[@]}")\n)\n" + output+="required_dmparams_regex=(\n" + output+="$(printf "\t'%s'\n" "${required_dmparams_regex[@]}")\n)\n" # Divide the dm params from the rest and process seperately. local kparams=$(dump_kernel_config "$kernelblob") @@ -124,25 +131,29 @@ main() { mangled_dmparams=$(dmparams_mangle "${dmparams}") output+="\nmangled_dmparams='${mangled_dmparams}'\n" # Special-case handling of the dm= param: + testfail=1 for expected_dmparams in "${required_dmparams[@]}"; do # Filter out all dynamic parameters. - testfail=1 if [ "$mangled_dmparams" = "$expected_dmparams" ]; then testfail=0 break fi done + for expected_dmparams in "${required_dmparams_regex[@]}"; do + if [[ -z $(echo "${mangled_dmparams}" | \ + sed "s${M}^${expected_dmparams}\$${M}${M}") ]]; then + testfail=0 + break + fi + done + if [ $testfail -eq 1 ]; then echo "Kernel dm= parameter does not match any expected values!" echo "Actual: $dmparams" echo "Expected: ${required_dmparams[@]}" fi - # A byte that should not appear in the command line to use as a sed - # marker when doing regular expression replacements. - M=$'\001' - # Ensure all other required params are present. for param in "${required_kparams[@]}"; do if [[ "$kparams_nodm" != *$param* ]]; then |