diff options
author | Bill Richardson <wfrichar@chromium.org> | 2014-09-23 22:31:08 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-09-27 00:28:55 +0000 |
commit | 52a15f96ac009222ebf7d1299c7d17825e5a4ab5 (patch) | |
tree | bc91d1532fc7d1987b58e987911eae3c181951cf /tests/futility | |
parent | c540f59be047d69251b7f9ce0637a8a0c6fe150f (diff) | |
download | vboot-52a15f96ac009222ebf7d1299c7d17825e5a4ab5.tar.gz |
futility: show vs verify
This adds a --strict mode to the show command, which requires
that all signatures be valid in order to exit cleanly. It also
creates a "verify" command, which is really just an alias for
"show --strict".
BUG=none
BRANCH=ToT
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I1fed7db7fe7128191bcab0c615706ef4fe2709f5
Reviewed-on: https://chromium-review.googlesource.com/219732
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests/futility')
-rw-r--r-- | tests/futility/data/rec_kernel_part.bin | bin | 0 -> 4083712 bytes | |||
-rwxr-xr-x | tests/futility/run_test_scripts.sh | 1 | ||||
-rwxr-xr-x | tests/futility/test_show_vs_verify.sh | 75 | ||||
-rwxr-xr-x | tests/futility/test_sign_firmware.sh | 47 | ||||
-rwxr-xr-x | tests/futility/test_sign_kernel.sh | 15 |
5 files changed, 119 insertions, 19 deletions
diff --git a/tests/futility/data/rec_kernel_part.bin b/tests/futility/data/rec_kernel_part.bin Binary files differnew file mode 100644 index 00000000..54694bb6 --- /dev/null +++ b/tests/futility/data/rec_kernel_part.bin diff --git a/tests/futility/run_test_scripts.sh b/tests/futility/run_test_scripts.sh index f4508461..f6bbe885 100755 --- a/tests/futility/run_test_scripts.sh +++ b/tests/futility/run_test_scripts.sh @@ -45,6 +45,7 @@ ${SCRIPTDIR}/test_dump_fmap.sh ${SCRIPTDIR}/test_load_fmap.sh ${SCRIPTDIR}/test_gbb_utility.sh ${SCRIPTDIR}/test_show_kernel.sh +${SCRIPTDIR}/test_show_vs_verify.sh ${SCRIPTDIR}/test_sign_keyblocks.sh ${SCRIPTDIR}/test_sign_fw_main.sh ${SCRIPTDIR}/test_sign_firmware.sh diff --git a/tests/futility/test_show_vs_verify.sh b/tests/futility/test_show_vs_verify.sh new file mode 100755 index 00000000..6cccd0be --- /dev/null +++ b/tests/futility/test_show_vs_verify.sh @@ -0,0 +1,75 @@ +#!/bin/bash -eux +# Copyright 2014 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +me=${0##*/} +TMP="$me.tmp" + +# Work in scratch directory +cd "$OUTDIR" + +# some stuff we'll need +DEVKEYS=${SRCDIR}/tests/devkeys + +# The show command exits with 0 if the data is consistent. +# The verify command exits with 0 only if all the data is verified. + +#### keyblock + +${FUTILITY} show ${DEVKEYS}/firmware.keyblock + +if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi + +${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \ + --publickey ${DEVKEYS}/root_key.vbpubk + + +#### firmware vblock + +# Get some bits to look at +${FUTILITY} dump_fmap -x ${SCRIPTDIR}/data/bios_peppy_mp.bin \ + GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a +${FUTILITY} gbb_utility -g -k ${TMP}.rootkey ${TMP}.gbb + + +${FUTILITY} show ${TMP}.vblock_a + +${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey + +${FUTILITY} show ${TMP}.vblock_a \ + --publickey ${TMP}.rootkey \ + --fv ${TMP}.fw_main_a + +if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi + +if ${FUTILITY} verify ${TMP}.vblock_a \ + --publickey ${TMP}.rootkey ; then false ; fi + +${FUTILITY} verify ${TMP}.vblock_a \ + --publickey ${TMP}.rootkey \ + --fv ${TMP}.fw_main_a + + +#### kernel partition + +${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin + +${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \ + --publickey ${DEVKEYS}/kernel_subkey.vbpubk + +${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \ + --publickey ${DEVKEYS}/recovery_key.vbpubk + +if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin ; then false ; fi + +if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \ + --publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi + +${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \ + --publickey ${DEVKEYS}/recovery_key.vbpubk + + +# cleanup +rm -rf ${TMP}* +exit 0 diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh index 649382d9..7ebedcca 100755 --- a/tests/futility/test_sign_firmware.sh +++ b/tests/futility/test_sign_firmware.sh @@ -30,6 +30,8 @@ cp ${GOOD_VBLOCKS} ${ONEMORE} ${FUTILITY} load_fmap ${ONEMORE} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero INFILES="${INFILES} ${ONEMORE}" +set -o pipefail + count=0 for infile in $INFILES; do @@ -84,21 +86,32 @@ for infile in $INFILES; do ${infile} ${outfile} # check the firmware version and preamble flags - # TODO: verify - m=$(${FUTILITY} show ${outfile} | \ - egrep 'Firmware version: +14$|Preamble flags: +8$' | wc -l) + m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \ + | egrep 'Firmware version: +14$|Preamble flags: +8$' | wc -l) [ "$m" = "4" ] # check the sha1sums - # TODO: verify - ${FUTILITY} show ${outfile} | grep sha1sum \ + ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \ + | grep sha1sum \ | sed -e 's/.*: \+//' > ${TMP}.${base}.sha.new cmp ${SCRIPTDIR}/data_${base}_expect.txt ${TMP}.${base}.sha.new - # and the LOEM stuff - # TODO: verify - ${FUTILITY} show ${loemdir}/*.${loemid} | grep sha1sum \ - | sed -e 's/.*: \+//' > ${loemdir}/loem.sha.new + # and the LOEM stuff + ${FUTILITY} dump_fmap -x ${outfile} \ + FW_MAIN_A:${loemdir}/fw_main_A FW_MAIN_B:${loemdir}/fw_main_B \ + "Firmware A Data":${loemdir}/fw_main_A \ + "Firmware B Data":${loemdir}/fw_main_B + + + ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \ + --fv ${loemdir}/fw_main_A \ + ${loemdir}/vblock_A.${loemid} | grep sha1sum \ + | sed -e 's/.*: \+//' > ${loemdir}/loem.sha.new + ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \ + --fv ${loemdir}/fw_main_B \ + ${loemdir}/vblock_B.${loemid} | grep sha1sum \ + | sed -e 's/.*: \+//' >> ${loemdir}/loem.sha.new + # the vblocks don't have root or recovery keys tail -4 ${SCRIPTDIR}/data_${base}_expect.txt > ${loemdir}/sha.expect cmp ${loemdir}/sha.expect ${loemdir}/loem.sha.new @@ -109,8 +122,7 @@ done GOOD_OUT=${TMP}.${GOOD_VBLOCKS##*/}.new MORE_OUT=${TMP}.${ONEMORE##*/}.new -# TODO: verify -${FUTILITY} show ${GOOD_OUT} \ +${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${GOOD_OUT} \ | awk '/Firmware body size:/ {print $4}' > ${TMP}.good.body ${FUTILITY} dump_fmap -p ${GOOD_OUT} \ | awk '/FW_MAIN_/ {print $3}' > ${TMP}.good.fw_main @@ -118,8 +130,7 @@ ${FUTILITY} dump_fmap -p ${GOOD_OUT} \ if cmp ${TMP}.good.body ${TMP}.good.fw_main; then false; fi # Make sure that the BIOS with the bad vblocks signed the whole fw body -# TODO: verify -${FUTILITY} show ${MORE_OUT} \ +${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT} \ | awk '/Firmware body size:/ {print $4}' > ${TMP}.onemore.body ${FUTILITY} dump_fmap -p ${MORE_OUT} \ | awk '/FW_MAIN_/ {print $3}' > ${TMP}.onemore.fw_main @@ -141,9 +152,8 @@ ${FUTILITY} sign \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.2 -# TODO: verify -m=$(${FUTILITY} show ${MORE_OUT}.2 | \ - egrep 'Firmware version: +1$|Preamble flags: +8$' | wc -l) +m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.2 \ + | egrep 'Firmware version: +1$|Preamble flags: +8$' | wc -l) [ "$m" = "4" ] @@ -160,9 +170,8 @@ ${FUTILITY} sign \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.3 -# TODO: verify -m=$(${FUTILITY} show ${MORE_OUT}.3 | \ - egrep 'Firmware version: +1$|Preamble flags: +0$' | wc -l) +m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.3 \ + | egrep 'Firmware version: +1$|Preamble flags: +0$' | wc -l) [ "$m" = "4" ] diff --git a/tests/futility/test_sign_kernel.sh b/tests/futility/test_sign_kernel.sh index 0fdb6259..2a8e8c13 100755 --- a/tests/futility/test_sign_kernel.sh +++ b/tests/futility/test_sign_kernel.sh @@ -147,6 +147,14 @@ try_arch () { cmp ${TMP}.blob2.${arch}.vb0 ${TMP}.blob2.${arch}.vb1 + # and verify it the new way + dd bs=${padding} skip=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.kb1 + ${FUTILITY} verify --debug \ + --pad ${padding} \ + --publickey ${DEVKEYS}/recovery_key.vbpubk \ + --fv ${TMP}.blob2.${arch}.kb1 \ + ${TMP}.blob2.${arch}.vb1 + echo -n "5 " 1>&3 dd bs=${padding} count=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.vb0 @@ -176,6 +184,13 @@ try_arch () { cmp ${TMP}.blob4.${arch}.vb0 ${TMP}.blob4.${arch}.vb1 + dd bs=${padding} skip=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.kb1 + ${FUTILITY} verify --debug \ + --pad ${padding} \ + --publickey ${DEVKEYS}/kernel_subkey.vbpubk \ + --fv ${TMP}.blob4.${arch}.kb1 \ + ${TMP}.blob4.${arch}.vb1 + # Note: We specifically do not test repacking with a different --kloadaddr, # because the old way has a bug and does not update params->cmd_line_ptr to # point at the new on-disk location. Apparently (and not surprisingly), no |