diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-06-18 14:15:04 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-06-20 21:40:29 +0000 |
commit | 539cbc27305b6aef9643adffc3297c7079fe7457 (patch) | |
tree | f24530559cf55819b0fe198e6831cdc4ef4312e2 /tests/vb2_firmware_tests.sh | |
parent | a7ab8b50b8923afcfd7a9e6181892c4c8a2de250 (diff) | |
download | vboot-539cbc27305b6aef9643adffc3297c7079fe7457.tar.gz |
vboot2: Add end-to-end test of firmware verificationstabilize.59781.98.Bstabilize.5978.98.Bstabilize.5978.51.Brelease-R37-5978.B
This constructs a test firmware using the old vboot signing utilities,
and then verifies it using vboot2 libraries. This ensures vboot2 can
read files signed by the current signing process.
BUG=chromium:370082
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Icc113c982e5ed99382a4592f9ab688784e853c8e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/204561
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'tests/vb2_firmware_tests.sh')
-rwxr-xr-x | tests/vb2_firmware_tests.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/vb2_firmware_tests.sh b/tests/vb2_firmware_tests.sh new file mode 100755 index 00000000..39c4dd97 --- /dev/null +++ b/tests/vb2_firmware_tests.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# Copyright (c) 2014 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# End-to-end test for vboot2 firmware verification + +# Load common constants and variables. +. "$(dirname "$0")/common.sh" + +set -e + +echo 'Creating test firmware' + +# Run tests in a dedicated directory for easy cleanup or debugging. +DIR="${TEST_DIR}/vb2fw_test_dir" +[ -d "$DIR" ] || mkdir -p "$DIR" +echo "Testing vb2_verify_fw in $DIR" +cd "$DIR" + +# Dummy firmware body +echo 'This is a test firmware body. This is only a test. Lalalalala' \ + > body.test + +# Pack keys using original vboot utilities +${UTIL_DIR}/vbutil_key --pack rootkey.test \ + --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11 +${UTIL_DIR}/vbutil_key --pack fwsubkey.test \ + --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7 +${UTIL_DIR}/vbutil_key --pack kernkey.test \ + --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 + +# Create a GBB with the root key +${UTIL_DIR}/gbb_utility -c 128,2400,0,0 gbb.test +${UTIL_DIR}/gbb_utility gbb.test -s --hwid='Test GBB' --rootkey=rootkey.test + +# Keyblock with firmware subkey is signed by root key +${UTIL_DIR}/vbutil_keyblock --pack keyblock.test \ + --datapubkey fwsubkey.test \ + --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk + +# Firmware preamble is signed with the firmware subkey +${UTIL_DIR}/vbutil_firmware \ + --vblock vblock.test \ + --keyblock keyblock.test \ + --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ + --fv body.test \ + --version 1 \ + --kernelkey kernkey.test + +echo 'Verifying test firmware using vb2_verify_fw' + +# Verify the firmware using vboot2 utility +${UTIL_DIR}/vb2_verify_fw gbb.test vblock.test body.test + +happy 'vb2_verify_fw succeeded' |