summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tests/common.sh12
-rwxr-xr-xtests/external_rsa_signer.sh6
-rwxr-xr-xtests/futility/run_test_scripts.sh4
-rwxr-xr-xtests/futility/test_create.sh16
-rwxr-xr-xtests/futility/test_dump_fmap.sh2
-rwxr-xr-xtests/futility/test_file_types.sh13
-rwxr-xr-xtests/futility/test_gbb_utility.sh175
-rwxr-xr-xtests/futility/test_load_fmap.sh34
-rwxr-xr-xtests/futility/test_main.sh52
-rwxr-xr-xtests/futility/test_rwsig.sh39
-rwxr-xr-xtests/futility/test_show_contents.sh12
-rwxr-xr-xtests/futility/test_show_kernel.sh50
-rwxr-xr-xtests/futility/test_show_usbpd1.sh13
-rwxr-xr-xtests/futility/test_show_vs_verify.sh60
-rwxr-xr-xtests/futility/test_sign_firmware.sh141
-rwxr-xr-xtests/futility/test_sign_fw_main.sh36
-rwxr-xr-xtests/futility/test_sign_kernel.sh348
-rwxr-xr-xtests/futility/test_sign_keyblocks.sh80
-rwxr-xr-xtests/futility/test_sign_usbpd1.sh30
-rwxr-xr-xtests/futility/test_update.sh85
-rwxr-xr-xtests/gen_fuzz_test_cases.sh62
-rwxr-xr-xtests/gen_test_cases.sh22
-rwxr-xr-xtests/gen_test_keys.sh25
-rwxr-xr-xtests/gen_test_vbpubks.sh14
-rwxr-xr-xtests/load_kernel_tests.sh20
-rwxr-xr-xtests/run_cgpt_tests.sh257
-rwxr-xr-xtests/run_preamble_tests.sh16
-rwxr-xr-xtests/run_vbutil_kernel_arg_tests.sh36
-rwxr-xr-xtests/run_vbutil_tests.sh98
-rwxr-xr-xtests/test_using_qemu.sh8
-rwxr-xr-xtests/vb2_firmware_tests.sh43
-rwxr-xr-xtests/vb2_rsa_tests.sh19
32 files changed, 929 insertions, 899 deletions
diff --git a/tests/common.sh b/tests/common.sh
index e69692b6..a2079228 100644
--- a/tests/common.sh
+++ b/tests/common.sh
@@ -5,7 +5,7 @@
# found in the LICENSE file.
# Determine script directory.
-SCRIPT_DIR="$(dirname $(realpath "${BASH_SOURCE[0]}"))"
+SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
ROOT_DIR="$(dirname "${SCRIPT_DIR}")"
SRCDIR="${SRCDIR:-${ROOT_DIR}}"
BUILD="${BUILD:-${ROOT_DIR}/build}"
@@ -19,8 +19,8 @@ TESTKEY_DIR="${SCRIPT_DIR}/testkeys"
TESTCASE_DIR="${SCRIPT_DIR}/testcases"
TESTKEY_SCRATCH_DIR="${TEST_DIR}/testkeys"
-if [ ! -d ${TESTKEY_SCRATCH_DIR} ]; then
- mkdir -p ${TESTKEY_SCRATCH_DIR}
+if [ ! -d "${TESTKEY_SCRATCH_DIR}" ]; then
+ mkdir -p "${TESTKEY_SCRATCH_DIR}"
fi
# Color output encodings.
@@ -53,7 +53,8 @@ function error {
*) lev=0
;;
esac
- local x=$(caller $lev)
+ local x
+ x=$(caller $lev)
local cline=${x%% *}
local cfunc=${x#* }
cfunc=${cfunc##*/}
@@ -65,7 +66,6 @@ function error {
}
function check_test_keys {
- [ -d ${TESTKEY_DIR} ] || \
+ [ -d "${TESTKEY_DIR}" ] || \
error 1 "You must run gen_test_keys.sh to generate test keys first."
}
-
diff --git a/tests/external_rsa_signer.sh b/tests/external_rsa_signer.sh
index 0724b878..405df420 100755
--- a/tests/external_rsa_signer.sh
+++ b/tests/external_rsa_signer.sh
@@ -1,9 +1,13 @@
#!/bin/bash
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
if [ $# -ne 1 ]; then
echo "Usage: $0 <private_key_pem_file>"
echo "Reads data to sign from stdin, encrypted data is output to stdout"
exit 1
fi
-openssl rsautl -sign -inkey $1
+openssl rsautl -sign -inkey "$1"
diff --git a/tests/futility/run_test_scripts.sh b/tests/futility/run_test_scripts.sh
index f224bdf1..aeb3477b 100755
--- a/tests/futility/run_test_scripts.sh
+++ b/tests/futility/run_test_scripts.sh
@@ -62,11 +62,11 @@ for i in $TESTS; do
if [ ! "$rc" ]; then
echo -e "${COL_GREEN}PASSED${COL_STOP}"
: $(( pass++ ))
- rm -f ${OUTDIR}/$j.{stdout,stderr,return}
+ rm -f "${OUTDIR}/$j".{stdout,stderr,return}
else
echo -e "${COL_RED}FAILED (${rc:-0}). Stdout is recorded in" \
"${OUTDIR}/$j.stdout${COL_STOP}"
- cat ${OUTDIR}/$j.stderr
+ cat "${OUTDIR}/$j.stderr"
fi
done
diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh
index 55c648c4..77c7eb45 100755
--- a/tests/futility/test_create.sh
+++ b/tests/futility/test_create.sh
@@ -15,7 +15,7 @@ TESTKEYS=${SRCDIR}/tests/testkeys
# Demonstrate that we can recreate the same vb1 keys without the .keyb files
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
for hash in sha1 sha256 sha512; do
- ${FUTILITY} --vb1 create --hash_alg "${hash}" \
+ "${FUTILITY}" --vb1 create --hash_alg "${hash}" \
"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
"${TMP}_key_${sig}.${hash}.vbprivk"
@@ -29,7 +29,7 @@ done
# prove anything until we've used them to sign some stuff, though.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
for hash in sha1 sha256 sha512; do
- ${FUTILITY} --vb21 create --hash_alg "${hash}" \
+ "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
done
done
@@ -37,12 +37,12 @@ done
# Demonstrate that the sha1sums are the same for all the keys created from the
# same .pem files, both public and private, vb1 and vb21.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
- pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
+ pem_sum=$("${FUTILITY}" show "${TESTKEYS}/key_${sig}.pem" |
awk '/sha1sum/ {print $3}')
# expect only one
- [ $(echo "$pem_sum" | wc -w) = 1 ]
- num_keys=$(echo ${TMP}_key_${sig}.* | wc -w)
- key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
+ [ "$(echo "$pem_sum" | wc -w)" = 1 ]
+ num_keys=$(echo "${TMP}_key_${sig}".* | wc -w)
+ key_sums=$("${FUTILITY}" show "${TMP}_key_${sig}".* |
awk '/sha1sum:|ID:/ {print $NF}')
num_sums=$(echo "$key_sums" | wc -w)
# expect one sha1sum (or ID) line per file
@@ -57,7 +57,7 @@ done
# the private key.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
for hash in sha1 sha256 sha512; do
- ${FUTILITY} --vb21 create --hash_alg "${hash}" \
+ "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
"${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
"${TMP}_key_${sig}.${hash}.vbpubk2"
@@ -65,5 +65,5 @@ for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
done
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_dump_fmap.sh b/tests/futility/test_dump_fmap.sh
index 5ae2e974..b8e418af 100755
--- a/tests/futility/test_dump_fmap.sh
+++ b/tests/futility/test_dump_fmap.sh
@@ -51,5 +51,5 @@ cmp "${SCRIPT_DIR}/futility/data_fmap2_expect_hhH.txt" "$TMP"
# cleanup
-rm -f ${TMP}* FMAP SI_DESC FOO
+rm -f "${TMP}"* FMAP SI_DESC FOO
exit 0
diff --git a/tests/futility/test_file_types.sh b/tests/futility/test_file_types.sh
index c51e38f2..313e4087 100755
--- a/tests/futility/test_file_types.sh
+++ b/tests/futility/test_file_types.sh
@@ -16,13 +16,13 @@ cd "$OUTDIR"
# Args are <expected_type>, <file_to_probe>
test_case() {
local result
- result=$(${FUTILITY} show -t "${SRCDIR}/$2" | awk '{print $NF}')
+ result=$("${FUTILITY}" show -t "${SRCDIR}/$2" | awk '{print $NF}')
[ "$1" = "$result" ]
}
# Arg is <file_to_probe>
fail_case() {
- if ${FUTILITY} show -t "$1" ; then false; else true; fi
+ if "${FUTILITY}" show -t "$1" ; then false; else true; fi
}
# Known types
@@ -54,22 +54,23 @@ fail_case "/dev/zero"
# often won't work, but it certainly shouldn't core dump.
# We'll ask futility to tell us what types it supports
-TYPES=$(${FUTILITY} show --type help | awk '/^ +/ {print $1}')
+TYPES=$("${FUTILITY}" show --type help | awk '/^ +/ {print $1}')
# And we'll just reuse the same files above.
-FILES=$(awk '/^test_case / {print $NF}' $0 | tr -d '"')
+FILES=$(awk '/^test_case / {print $NF}' "$0" | tr -d '"')
# futility should normally exit with either 0 or 1. Make sure that happens.
# NOTE: /bin/bash returns values > 125 for special problems like signals.
# I welcome patches to do this more portably.
for type in $TYPES; do
for file in $FILES; do
- ${FUTILITY} show --type ${type} "${SRCDIR}/${file}" && rc=$? || rc=$?
+ "${FUTILITY}" show --type "${type}" "${SRCDIR}/${file}" && \
+ rc=$? || rc=$?
[ "$rc" -le 2 ]
done
done
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_gbb_utility.sh b/tests/futility/test_gbb_utility.sh
index bdfa2628..5b783c42 100755
--- a/tests/futility/test_gbb_utility.sh
+++ b/tests/futility/test_gbb_utility.sh
@@ -15,56 +15,58 @@ REPLACE="${BUILD_RUN}/tests/futility/binary_editor"
# First, let's test the basic functionality
# For simplicity, we'll use the same size for all properties.
-${FUTILITY} gbb -c 16,0x10,16,0x10 ${TMP}.blob
+"${FUTILITY}" gbb -c 16,0x10,16,0x10 "${TMP}.blob"
# Flags
-${FUTILITY} gbb -s --flags=0xdeadbeef ${TMP}.blob
-${FUTILITY} gbb -g --flags ${TMP}.blob | grep -i 0xdeadbeef
+"${FUTILITY}" gbb -s --flags=0xdeadbeef "${TMP}.blob"
+"${FUTILITY}" gbb -g --flags "${TMP}.blob" | grep -i 0xdeadbeef
# HWID length should include the terminating null - this is too long
-if ${FUTILITY} gbb -s --hwid="0123456789ABCDEF" ${TMP}.blob; then
+if "${FUTILITY}" gbb -s --hwid="0123456789ABCDEF" "${TMP}.blob"; then
false;
fi
# This works
-${FUTILITY} gbb -s --hwid="0123456789ABCDE" ${TMP}.blob
+"${FUTILITY}" gbb -s --hwid="0123456789ABCDE" "${TMP}.blob"
# Read it back?
-${FUTILITY} gbb -g ${TMP}.blob | grep "0123456789ABCDE"
+"${FUTILITY}" gbb -g "${TMP}.blob" | grep "0123456789ABCDE"
# Same kind of tests for the other fields, but they need binary files.
# too long
-dd if=/dev/urandom bs=17 count=1 of=${TMP}.data1.toolong
-dd if=/dev/urandom bs=17 count=1 of=${TMP}.data2.toolong
-if ${FUTILITY} gbb -s --rootkey ${TMP}.data1.toolong ${TMP}.blob; then false; fi
-if ${FUTILITY} gbb -s --recoverykey ${TMP}.data2.toolong ${TMP}.blob; then false; fi
+dd if=/dev/urandom bs=17 count=1 of="${TMP}.data1.toolong"
+dd if=/dev/urandom bs=17 count=1 of="${TMP}.data2.toolong"
+if "${FUTILITY}" gbb -s --rootkey "${TMP}.data1.toolong" "${TMP}.blob";
+ then false; fi
+if "${FUTILITY}" gbb -s --recoverykey "${TMP}.data2.toolong" "${TMP}.blob";
+ then false; fi
# shorter than max should be okay, though
-dd if=/dev/urandom bs=10 count=1 of=${TMP}.data1.short
-dd if=/dev/urandom bs=10 count=1 of=${TMP}.data2.short
-${FUTILITY} gbb -s \
- --rootkey ${TMP}.data1.short \
- --recoverykey ${TMP}.data2.short ${TMP}.blob
+dd if=/dev/urandom bs=10 count=1 of="${TMP}.data1.short"
+dd if=/dev/urandom bs=10 count=1 of="${TMP}.data2.short"
+"${FUTILITY}" gbb -s \
+ --rootkey "${TMP}.data1.short" \
+ --recoverykey "${TMP}.data2.short" "${TMP}.blob"
# read 'em back
-${FUTILITY} gbb -g \
- --rootkey ${TMP}.read1 \
- --recoverykey ${TMP}.read2 ${TMP}.blob
+"${FUTILITY}" gbb -g \
+ --rootkey "${TMP}.read1" \
+ --recoverykey "${TMP}.read2" "${TMP}.blob"
# Verify (but remember, it's short)
-cmp -n 10 ${TMP}.data1.short ${TMP}.read1
-cmp -n 10 ${TMP}.data2.short ${TMP}.read2
+cmp -n 10 "${TMP}.data1.short" "${TMP}.read1"
+cmp -n 10 "${TMP}.data2.short" "${TMP}.read2"
# Okay
-dd if=/dev/urandom bs=16 count=1 of=${TMP}.data1
-dd if=/dev/urandom bs=16 count=1 of=${TMP}.data2
-dd if=/dev/urandom bs=16 count=1 of=${TMP}.data3
-${FUTILITY} gbb -s --rootkey ${TMP}.data1 ${TMP}.blob
-${FUTILITY} gbb -s --recoverykey ${TMP}.data2 ${TMP}.blob
+dd if=/dev/urandom bs=16 count=1 of="${TMP}.data1"
+dd if=/dev/urandom bs=16 count=1 of="${TMP}.data2"
+dd if=/dev/urandom bs=16 count=1 of="${TMP}.data3"
+"${FUTILITY}" gbb -s --rootkey "${TMP}.data1" "${TMP}.blob"
+"${FUTILITY}" gbb -s --recoverykey "${TMP}.data2" "${TMP}.blob"
# Read 'em back.
-${FUTILITY} gbb -g --rootkey ${TMP}.read1 ${TMP}.blob
-${FUTILITY} gbb -g --recoverykey ${TMP}.read2 ${TMP}.blob
+"${FUTILITY}" gbb -g --rootkey "${TMP}.read1" "${TMP}.blob"
+"${FUTILITY}" gbb -g --recoverykey "${TMP}.read2" "${TMP}.blob"
# Verify
-cmp ${TMP}.data1 ${TMP}.read1
-cmp ${TMP}.data2 ${TMP}.read2
+cmp "${TMP}.data1" "${TMP}.read1"
+cmp "${TMP}.data2" "${TMP}.read2"
# Okay, creating GBB blobs seems to work. Now let's make sure that corrupted
@@ -100,82 +102,85 @@ cmp ${TMP}.data2 ${TMP}.read2
#
# bad major_version
-cat ${TMP}.blob | ${REPLACE} 0x4 2 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x4 2 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# header size too large
-cat ${TMP}.blob | ${REPLACE} 0x8 0x81 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x8 0x81 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# header size too small
-cat ${TMP}.blob | ${REPLACE} 0x8 0x7f > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x8 0x7f < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# HWID not null-terminated is invalid
-cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x8f 0x41 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# HWID of length zero is okay
-cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.ok
-${FUTILITY} gbb ${TMP}.blob.ok
+"${REPLACE}" 0x14 0x00 < "${TMP}.blob" > "${TMP}.blob.ok"
+"${FUTILITY}" gbb "${TMP}.blob.ok"
# And HWID of length 1 consisting only of '\0' is okay, too.
-cat ${TMP}.blob | ${REPLACE} 0x14 0x01 | ${REPLACE} 0x80 0x00 > ${TMP}.blob.ok
-${FUTILITY} gbb ${TMP}.blob.ok
+"${REPLACE}" 0x14 0x01 < "${TMP}.blob" | "${REPLACE}" 0x80 0x00 \
+ > "${TMP}.blob.ok"
+"${FUTILITY}" gbb "${TMP}.blob.ok"
# zero-length HWID not null-terminated is invalid
-cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x8f 0x41 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# hwid_offset < GBB_HEADER_SIZE is invalid
-cat ${TMP}.blob | ${REPLACE} 0x10 0x7f > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
-cat ${TMP}.blob | ${REPLACE} 0x10 0x00 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x10 0x7f < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
+"${REPLACE}" 0x10 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# rootkey_offset < GBB_HEADER_SIZE is invalid
-cat ${TMP}.blob | ${REPLACE} 0x18 0x7f > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
-cat ${TMP}.blob | ${REPLACE} 0x18 0x00 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x18 0x7f < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
+"${REPLACE}" 0x18 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# recovery_key_offset < GBB_HEADER_SIZE is invalid
-cat ${TMP}.blob | ${REPLACE} 0x28 0x7f > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
-cat ${TMP}.blob | ${REPLACE} 0x28 0x00 > ${TMP}.blob.bad
-if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x28 0x7f < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
+"${REPLACE}" 0x28 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb "${TMP}.blob.bad"; then false; fi
# hwid: offset + size == end of file is okay; beyond is invalid
-cat ${TMP}.blob | ${REPLACE} 0x14 0x40 > ${TMP}.blob.bad
-${FUTILITY} gbb -g ${TMP}.blob.bad
-cat ${TMP}.blob | ${REPLACE} 0x14 0x41 > ${TMP}.blob.bad
-if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x14 0x40 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g "${TMP}.blob.bad"
+"${REPLACE}" 0x14 0x41 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -g "${TMP}.blob.bad"; then false; fi
# rootkey: offset + size == end of file is okay; beyond is invalid
-cat ${TMP}.blob | ${REPLACE} 0x1c 0x30 > ${TMP}.blob.bad
-${FUTILITY} gbb -g ${TMP}.blob.bad
-cat ${TMP}.blob | ${REPLACE} 0x1c 0x31 > ${TMP}.blob.bad
-if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x1c 0x30 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g "${TMP}.blob.bad"
+"${REPLACE}" 0x1c 0x31 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -g "${TMP}.blob.bad"; then false; fi
# recovery_key: offset + size == end of file is okay; beyond is invalid
-cat ${TMP}.blob | ${REPLACE} 0x2c 0x10 > ${TMP}.blob.bad
-${FUTILITY} gbb -g ${TMP}.blob.bad
-cat ${TMP}.blob | ${REPLACE} 0x2c 0x11 > ${TMP}.blob.bad
-if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x2c 0x10 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g "${TMP}.blob.bad"
+"${REPLACE}" 0x2c 0x11 < "${TMP}.blob" > "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -g "${TMP}.blob.bad"; then false; fi
# hwid_size == 0 doesn't complain, but can't be set
-cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.bad
-${FUTILITY} gbb -g ${TMP}.blob.bad
-if ${FUTILITY} gbb -s --hwid="A" ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x14 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -s --hwid="A" "${TMP}.blob.bad"; then false; fi
# rootkey_size == 0 gives warning, gets nothing, can't be set
-cat ${TMP}.blob | ${REPLACE} 0x1c 0x00 > ${TMP}.blob.bad
-${FUTILITY} gbb -g --rootkey ${TMP}.read1 ${TMP}.blob.bad
-if ${FUTILITY} gbb -s --rootkey ${TMP}.data1 ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x1c 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g --rootkey "${TMP}.read1" "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -s --rootkey "${TMP}.data1" "${TMP}.blob.bad";
+ then false; fi
# recovery_key_size == 0 gives warning, gets nothing, can't be set
-cat ${TMP}.blob | ${REPLACE} 0x2c 0x00 > ${TMP}.blob.bad
-${FUTILITY} gbb -g --recoverykey ${TMP}.read2 ${TMP}.blob.bad
-if ${FUTILITY} gbb -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi
+"${REPLACE}" 0x2c 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g --recoverykey "${TMP}.read2" "${TMP}.blob.bad"
+if "${FUTILITY}" gbb -s --recoverykey "${TMP}.data2" "${TMP}.blob.bad";
+ then false; fi
# GBB v1.2 adds a sha256 digest field in what was previously padding:
@@ -189,21 +194,21 @@ if ${FUTILITY} gbb -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi
# See that the digest is updated properly.
hwid="123456789ABCDEF"
-${FUTILITY} gbb -s --hwid=${hwid} ${TMP}.blob
+"${FUTILITY}" gbb -s --hwid="${hwid}" "${TMP}.blob"
expect=$(echo -n "$hwid" | sha256sum | cut -d ' ' -f 1)
-[ $(echo -n ${expect} | wc -c) == "64" ]
-${FUTILITY} gbb -g --digest ${TMP}.blob | grep ${expect}
+[ "$(echo -n "${expect}" | wc -c)" == "64" ]
+"${FUTILITY}" gbb -g --digest "${TMP}.blob" | grep "${expect}"
# Garble the digest, see that it's noticed.
# (assuming these zeros aren't present)
-cat ${TMP}.blob | ${REPLACE} 0x33 0x00 0x00 0x00 0x00 0x00 > ${TMP}.blob.bad
-${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep '0000000000'
-${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep 'invalid'
+"${REPLACE}" 0x33 0x00 0x00 0x00 0x00 0x00 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g --digest "${TMP}.blob.bad" | grep '0000000000'
+"${FUTILITY}" gbb -g --digest "${TMP}.blob.bad" | grep 'invalid'
# Garble the HWID. The digest is unchanged, but now invalid.
-cat ${TMP}.blob | ${REPLACE} 0x84 0x70 0x71 0x72 > ${TMP}.blob.bad
-${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep 'invalid'
+"${REPLACE}" 0x84 0x70 0x71 0x72 < "${TMP}.blob" > "${TMP}.blob.bad"
+"${FUTILITY}" gbb -g --digest "${TMP}.blob.bad" | grep 'invalid'
# cleanup
-rm -f ${TMP}*
+rm -f "${TMP}"*
exit 0
diff --git a/tests/futility/test_load_fmap.sh b/tests/futility/test_load_fmap.sh
index a93b71f5..78212431 100755
--- a/tests/futility/test_load_fmap.sh
+++ b/tests/futility/test_load_fmap.sh
@@ -10,34 +10,34 @@ TMP="$me.tmp"
cd "$OUTDIR"
-IN=${SCRIPT_DIR}/futility/data/bios_link_mp.bin
-BIOS=${TMP}.bios.bin
+IN="${SCRIPT_DIR}/futility/data/bios_link_mp.bin"
+BIOS="${TMP}.bios.bin"
-cp ${IN} ${BIOS}
-
-AREAS="RW_SECTION_A VBLOCK_B BOOT_STUB"
+cp "${IN}" "${BIOS}"
+AREAS=(RW_SECTION_A VBLOCK_B BOOT_STUB)
+set -x
# Extract good blobs first
-${FUTILITY} dump_fmap -x ${BIOS} ${AREAS}
+"${FUTILITY}" dump_fmap -x "${BIOS}" "${AREAS[@]}"
# Save the good blobs, make same-size random blobs, create command
-CMDS=""
-for a in ${AREAS}; do
- size=$(stat -c '%s' $a)
- mv $a $a.good
- dd if=/dev/urandom of=$a.rand bs=$size count=1
- CMDS="$CMDS $a:$a.rand"
+CMDS=( )
+for a in "${AREAS[@]}"; do
+ size=$(stat -c '%s' "$a")
+ mv "$a" "$a.good"
+ dd if=/dev/urandom of="$a.rand" bs="$size" count=1
+ CMDS+=("$a:$a.rand")
done
# Poke the new blobs in
-${FUTILITY} load_fmap ${BIOS} ${CMDS}
+"${FUTILITY}" load_fmap "${BIOS}" "${CMDS[@]}"
# Pull them back out and see if they match
-${FUTILITY} dump_fmap -x ${BIOS} ${AREAS}
-for a in ${AREAS}; do
- cmp $a $a.rand
+"${FUTILITY}" dump_fmap -x "${BIOS}" "${AREAS[@]}"
+for a in "${AREAS[@]}"; do
+ cmp "$a" "$a.rand"
done
# cleanup
-rm -f ${TMP}* ${AREAS} *.rand *.good
+rm -f "${TMP}"* "${AREAS[@]}" ./*.rand ./*.good
exit 0
diff --git a/tests/futility/test_main.sh b/tests/futility/test_main.sh
index 2e5f4dc4..725abe3a 100755
--- a/tests/futility/test_main.sh
+++ b/tests/futility/test_main.sh
@@ -10,55 +10,57 @@ TMP="$me.tmp"
cd "$OUTDIR"
# No args returns nonzero exit code
-${FUTILITY} && false
+"${FUTILITY}" && false
# It's weird but okay if the command is a full path.
-${FUTILITY} /fake/path/to/help > "$TMP"
+"${FUTILITY}" /fake/path/to/help > "$TMP"
grep Usage "$TMP"
# Make sure logging does something.
LOG="/tmp/futility.log"
-[ -f ${LOG} ] && mv ${LOG} ${LOG}.backup
-touch ${LOG}
-${FUTILITY} help
-grep ${FUTILITY} ${LOG}
-rm -f ${LOG}
-[ -f ${LOG}.backup ] && mv ${LOG}.backup ${LOG}
+[ -f "${LOG}" ] && mv "${LOG}" "${LOG}.backup"
+touch "${LOG}"
+"${FUTILITY}" help
+grep "${FUTILITY}" "${LOG}"
+rm -f "${LOG}"
+[ -f "${LOG}.backup" ] && mv "${LOG}.backup" "${LOG}"
# Use some known digests to verify that things work...
-DEVKEYS=${SRCDIR}/tests/devkeys
+DEVKEYS="${SRCDIR}/tests/devkeys"
SHA=e78ce746a037837155388a1096212ded04fb86eb
# all progs in the pipelines should work
set -o pipefail
# If it's invoked as the name of a command we know, it should do that command
-ln -sf ${FUTILITY} vbutil_key
-./vbutil_key --unpack ${DEVKEYS}/installer_kernel_data_key.vbpubk | grep ${SHA}
-ln -sf ${FUTILITY} vbutil_keyblock
-./vbutil_keyblock --unpack ${DEVKEYS}/installer_kernel.keyblock | grep ${SHA}
-cp ${FUTILITY} show
-./show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin | grep ${SHA}
+ln -sf "${FUTILITY}" vbutil_key
+./vbutil_key --unpack "${DEVKEYS}/installer_kernel_data_key.vbpubk" | \
+ grep "${SHA}"
+ln -sf "${FUTILITY}" vbutil_keyblock
+./vbutil_keyblock --unpack "${DEVKEYS}/installer_kernel.keyblock" | \
+ grep "${SHA}"
+cp "${FUTILITY}" show
+./show "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" | grep "${SHA}"
# If it's invoked by any other name, expect the command to be the first arg.
-ln -sf ${FUTILITY} muggle
-./muggle vbutil_key --unpack ${DEVKEYS}/installer_kernel_data_key.vbpubk \
- | grep ${SHA}
-ln -sf ${FUTILITY} buggle
-./buggle vbutil_keyblock --unpack ${DEVKEYS}/installer_kernel.keyblock \
- | grep ${SHA}
-cp ${FUTILITY} boo
-./boo show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin | grep ${SHA}
+ln -sf "${FUTILITY}" muggle
+./muggle vbutil_key --unpack "${DEVKEYS}/installer_kernel_data_key.vbpubk" \
+ | grep "${SHA}"
+ln -sf "${FUTILITY}" buggle
+./buggle vbutil_keyblock --unpack "${DEVKEYS}/installer_kernel.keyblock" \
+ | grep "${SHA}"
+cp "${FUTILITY}" boo
+./boo show "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" | grep "${SHA}"
# we expect the first command fail, but the output to match anyway
set +o pipefail
# If it can't figure out the command at all, it should complain.
-${FUTILITY} muggle | grep Usage:
+"${FUTILITY}" muggle | grep Usage:
./buggle futility | grep Usage:
./boo | grep Usage:
# cleanup
-rm -f ${TMP}* vbutil_key vbutil_keyblock show muggle buggle boo
+rm -f "${TMP}"* vbutil_key vbutil_keyblock show muggle buggle boo
exit 0
diff --git a/tests/futility/test_rwsig.sh b/tests/futility/test_rwsig.sh
index 2bd70ce5..3a0a6e39 100755
--- a/tests/futility/test_rwsig.sh
+++ b/tests/futility/test_rwsig.sh
@@ -10,7 +10,7 @@ TMP="$me.tmp"
cd "$OUTDIR"
DATADIR="${SCRIPT_DIR}/futility/data"
-TESTKEYS=${SRCDIR}/tests/testkeys
+TESTKEYS="${SRCDIR}/tests/testkeys"
SIGS="1024 2048 2048_exp3 3072_exp3 4096 8192"
HASHES="SHA1 SHA256 SHA512"
@@ -18,13 +18,13 @@ EC_RW="EC_RW.bin"
set -o pipefail
-infile=${DATADIR}/hammer_dev.bin
-outfile=${TMP}.hammer_dev.bin
-cp ${infile} ${outfile}
+infile="${DATADIR}/hammer_dev.bin"
+outfile="${TMP}.hammer_dev.bin"
+cp "${infile}" "${outfile}"
# Signing without private key should extract EC_RW.bin
-${FUTILITY} sign --type rwsig --version 2 ${outfile}
-cmp ${infile} ${outfile}
-cmp ${EC_RW} ${DATADIR}/${EC_RW}
+"${FUTILITY}" sign --type rwsig --version 2 "${outfile}"
+cmp "${infile}" "${outfile}"
+cmp "${EC_RW}" "${DATADIR}/${EC_RW}"
for s in $SIGS; do
echo -n "$s " 1>&3
@@ -34,31 +34,32 @@ for s in $SIGS; do
outkeys=${TMP}.${s}_${h}
outfile=${TMP}.${s}_${h}.bin
- ${FUTILITY} create --desc "Test key" --hash_alg ${h} \
- ${pemfile} ${outkeys}
+ "${FUTILITY}" create --desc "Test key" --hash_alg "${h}" \
+ "${pemfile}" "${outkeys}"
# The input file should be correctly signed to start with
- ${FUTILITY} show --type rwsig ${infile}
+ "${FUTILITY}" show --type rwsig "${infile}"
# Using the wrong key to verify it should fail
- if ${FUTILITY} show --type rwsig --pubkey ${outkeys}.vbpubk2 \
- ${infile}; then
+ if "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \
+ "${infile}"; then
exit 1
fi
- cp ${infile} ${outfile}
+ cp "${infile}" "${outfile}"
# Sign ec.bin with a new private key
- ${FUTILITY} sign --type rwsig --prikey ${outkeys}.vbprik2 \
- --version 2 ${outfile}
+ "${FUTILITY}" sign --type rwsig --prikey "${outkeys}.vbprik2" \
+ --version 2 "${outfile}"
# Check EC_RW.bin is produced
- [[ -e ${EC_RW} ]]
+ [[ -e "${EC_RW}" ]]
- ${FUTILITY} show --type rwsig --pubkey ${outkeys}.vbpubk2 ${outfile}
- ${FUTILITY} show --type rwsig ${outfile}
+ "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \
+ "${outfile}"
+ "${FUTILITY}" show --type rwsig "${outfile}"
done
done
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_show_contents.sh b/tests/futility/test_show_contents.sh
index fddebe81..9b3431d2 100755
--- a/tests/futility/test_show_contents.sh
+++ b/tests/futility/test_show_contents.sh
@@ -28,7 +28,7 @@ for file in $SHOW_FILES; do
outfile="show.${file//\//_}"
gotfile="${OUTDIR}/${outfile}"
wantfile="${SRCDIR}/tests/futility/expect_output/${outfile}"
- ( cd "${SRCDIR}" && ${FUTILITY} show "${file}" ) | tee "${gotfile}"
+ ( cd "${SRCDIR}" && "${FUTILITY}" show "${file}" ) | tee "${gotfile}"
# Uncomment this to update the expected output
#cp "${gotfile}" "${wantfile}"
@@ -47,7 +47,7 @@ for file in $VBUTIL_KEY_FILES; do
outfile="vbutil_key.${file//\//_}"
gotfile="${OUTDIR}/${outfile}"
wantfile="${SRCDIR}/tests/futility/expect_output/${outfile}"
- ( cd "${SRCDIR}" && ${FUTILITY} vbutil_key --unpack "${file}" ) \
+ ( cd "${SRCDIR}" && "${FUTILITY}" vbutil_key --unpack "${file}" ) \
| tee "${gotfile}"
# Uncomment this to update the expected output
@@ -62,7 +62,7 @@ file="tests/devkeys/kernel.keyblock"
outfile="vbutil_keyblock.${file//\//_}"
gotfile="${OUTDIR}/${outfile}"
wantfile="${SRCDIR}/tests/futility/expect_output/${outfile}"
-( cd "${SRCDIR}" && ${FUTILITY} vbutil_keyblock --unpack "${file}" \
+( cd "${SRCDIR}" && "${FUTILITY}" vbutil_keyblock --unpack "${file}" \
--signpubkey "tests/devkeys/kernel_subkey.vbpubk" ) \
| tee "${gotfile}"
@@ -82,7 +82,7 @@ wantfile="${SRCDIR}/tests/futility/expect_output/${outfile}"
# arbitrary non-zero numbers so we can verify they're printed
# properly.
dd bs=1024 count=16 if=/dev/urandom of="${TMP}.fw_main"
-${FUTILITY} vbutil_firmware --vblock "${TMP}.vblock.old" \
+"${FUTILITY}" vbutil_firmware --vblock "${TMP}.vblock.old" \
--keyblock "${KEYDIR}/firmware.keyblock" \
--signprivate "${KEYDIR}/firmware_data_key.vbprivk" \
--version 12 \
@@ -91,7 +91,7 @@ ${FUTILITY} vbutil_firmware --vblock "${TMP}.vblock.old" \
--flags 42
# Verify
-${FUTILITY} vbutil_firmware --verify "${TMP}.vblock.old" \
+"${FUTILITY}" vbutil_firmware --verify "${TMP}.vblock.old" \
--signpubkey "${KEYDIR}/root_key.vbpubk" \
--fv "${TMP}.fw_main" | tee "${gotfile}"
@@ -102,5 +102,5 @@ diff "${wantfile}" "${gotfile}"
# cleanup
-rm -rf "${TMP}*"
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_show_kernel.sh b/tests/futility/test_show_kernel.sh
index 151cf463..f2610a39 100755
--- a/tests/futility/test_show_kernel.sh
+++ b/tests/futility/test_show_kernel.sh
@@ -9,52 +9,52 @@ TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
-DEVKEYS=${SRCDIR}/tests/devkeys
-TESTKEYS=${SRCDIR}/tests/testkeys
+DEVKEYS="${SRCDIR}/tests/devkeys"
+TESTKEYS="${SRCDIR}/tests/testkeys"
echo 'Creating test kernel'
# Dummy kernel data
-echo "hi there" > ${TMP}.config.txt
-dd if=/dev/urandom bs=16384 count=1 of=${TMP}.bootloader.bin
-dd if=/dev/urandom bs=32768 count=1 of=${TMP}.kernel.bin
+echo "hi there" > "${TMP}.config.txt"
+dd if=/dev/urandom bs=16384 count=1 of="${TMP}.bootloader.bin"
+dd if=/dev/urandom bs=32768 count=1 of="${TMP}.kernel.bin"
# Pack kernel data key using original vboot utilities.
-${FUTILITY} vbutil_key --pack ${TMP}.datakey.test \
- --key ${TESTKEYS}/key_rsa2048.keyb --algorithm 4
+"${FUTILITY}" vbutil_key --pack "${TMP}.datakey.test" \
+ --key "${TESTKEYS}/key_rsa2048.keyb" --algorithm 4
# Keyblock with kernel data key is signed by kernel subkey
# Flags=5 means dev=0 rec=0
-${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock.test \
- --datapubkey ${TMP}.datakey.test \
+"${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock.test" \
+ --datapubkey "${TMP}.datakey.test" \
--flags 5 \
- --signprivate ${DEVKEYS}/kernel_subkey.vbprivk
+ --signprivate "${DEVKEYS}/kernel_subkey.vbprivk"
# Kernel preamble is signed with the kernel data key
-${FUTILITY} vbutil_kernel \
- --pack ${TMP}.kernel.test \
- --keyblock ${TMP}.keyblock.test \
- --signprivate ${TESTKEYS}/key_rsa2048.sha256.vbprivk \
+"${FUTILITY}" vbutil_kernel \
+ --pack "${TMP}.kernel.test" \
+ --keyblock "${TMP}.keyblock.test" \
+ --signprivate "${TESTKEYS}/key_rsa2048.sha256.vbprivk" \
--version 1 \
--arch arm \
- --vmlinuz ${TMP}.kernel.bin \
- --bootloader ${TMP}.bootloader.bin \
- --config ${TMP}.config.txt
+ --vmlinuz "${TMP}.kernel.bin" \
+ --bootloader "${TMP}.bootloader.bin" \
+ --config "${TMP}.config.txt"
echo 'Verifying test kernel'
# Verify the kernel
-${FUTILITY} show ${TMP}.kernel.test \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
- | egrep 'Signature.*valid'
+"${FUTILITY}" show "${TMP}.kernel.test" \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
+ | grep -E 'Signature.*valid'
echo 'Test kernel blob looks good'
# Mess up the padding, make sure it fails.
rc=0
-${FUTILITY} show ${TMP}.kernel.test \
+"${FUTILITY}" show "${TMP}.kernel.test" \
--pad 0x100 \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
|| rc=$?
[ $rc -ne 0 ]
[ $rc -lt 128 ]
@@ -63,9 +63,9 @@ echo 'Invalid args are invalid'
# Look waaaaaay off the end of the file, make sure it fails.
rc=0
-${FUTILITY} show ${TMP}.kernel.test \
+"${FUTILITY}" show "${TMP}.kernel.test" \
--pad 0x100000 \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
|| rc=$?
[ $rc -ne 0 ]
[ $rc -lt 128 ]
@@ -73,5 +73,5 @@ ${FUTILITY} show ${TMP}.kernel.test \
echo 'Really invalid args are still invalid'
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_show_usbpd1.sh b/tests/futility/test_show_usbpd1.sh
index b5553aae..3998fa77 100755
--- a/tests/futility/test_show_usbpd1.sh
+++ b/tests/futility/test_show_usbpd1.sh
@@ -24,23 +24,24 @@ for s in $SIGS; do
for test in $TESTS; do
- infile=${DATADIR}/${test}.unsigned
+ infile="${DATADIR}/${test}.unsigned"
for h in $HASHES; do
- pemfile=${TESTKEYS}/key_rsa${s}.pem
- outfile=${TMP}.${test}_${s}_${h}.new
+ pemfile="${TESTKEYS}/key_rsa${s}.pem"
+ outfile="${TMP}.${test}_${s}_${h}.new"
# sign it
- ${FUTILITY} sign --type usbpd1 --pem ${pemfile} ${infile} ${outfile}
+ "${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" "${infile}" \
+ "${outfile}"
# make sure it identifies correctly
- ${FUTILITY} verify ${outfile}
+ "${FUTILITY}" verify "${outfile}"
done
done
done
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_show_vs_verify.sh b/tests/futility/test_show_vs_verify.sh
index 4981a38d..c0c0872c 100755
--- a/tests/futility/test_show_vs_verify.sh
+++ b/tests/futility/test_show_vs_verify.sh
@@ -10,67 +10,67 @@ TMP="$me.tmp"
cd "$OUTDIR"
# some stuff we'll need
-DEVKEYS=${SRCDIR}/tests/devkeys
+DEVKEYS="${SRCDIR}/tests/devkeys"
# The show command exits with 0 if the data is consistent.
# The verify command exits with 0 only if all the data is verified.
#### keyblock
-${FUTILITY} show ${DEVKEYS}/firmware.keyblock
+"${FUTILITY}" show "${DEVKEYS}/firmware.keyblock"
-if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi
+if "${FUTILITY}" verify "${DEVKEYS}/firmware.keyblock" ; then false; fi
-${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \
- --publickey ${DEVKEYS}/root_key.vbpubk
+"${FUTILITY}" verify "${DEVKEYS}/firmware.keyblock" \
+ --publickey "${DEVKEYS}/root_key.vbpubk"
#### firmware vblock
# Get some bits to look at
-${FUTILITY} dump_fmap -x ${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin \
- GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a
-${FUTILITY} gbb -g -k ${TMP}.rootkey ${TMP}.gbb
+"${FUTILITY}" dump_fmap -x "${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin" \
+ "GBB:${TMP}.gbb" "VBLOCK_A:${TMP}.vblock_a" "FW_MAIN_A:${TMP}.fw_main_a"
+"${FUTILITY}" gbb -g -k "${TMP}.rootkey" "${TMP}.gbb"
-${FUTILITY} show ${TMP}.vblock_a
+"${FUTILITY}" show "${TMP}.vblock_a"
-${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey
+"${FUTILITY}" show "${TMP}.vblock_a" --publickey "${TMP}.rootkey"
-${FUTILITY} show ${TMP}.vblock_a \
- --publickey ${TMP}.rootkey \
- --fv ${TMP}.fw_main_a
+"${FUTILITY}" show "${TMP}.vblock_a" \
+ --publickey "${TMP}.rootkey" \
+ --fv "${TMP}.fw_main_a"
-if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi
+if "${FUTILITY}" verify "${TMP}.vblock_a" ; then false ; fi
-if ${FUTILITY} verify ${TMP}.vblock_a \
- --publickey ${TMP}.rootkey ; then false ; fi
+if "${FUTILITY}" verify "${TMP}.vblock_a" \
+ --publickey "${TMP}.rootkey" ; then false ; fi
-${FUTILITY} verify ${TMP}.vblock_a \
- --publickey ${TMP}.rootkey \
- --fv ${TMP}.fw_main_a
+"${FUTILITY}" verify "${TMP}.vblock_a" \
+ --publickey "${TMP}.rootkey" \
+ --fv "${TMP}.fw_main_a"
#### kernel partition
-${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin
+"${FUTILITY}" show "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin"
-${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk
+"${FUTILITY}" show "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk"
-${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
- --publickey ${DEVKEYS}/recovery_key.vbpubk
+"${FUTILITY}" show "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" \
+ --publickey "${DEVKEYS}/recovery_key.vbpubk"
-if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin ; \
+if "${FUTILITY}" verify "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" ; \
then false ; fi
-if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi
+if "${FUTILITY}" verify "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" ; then false ; fi
-${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
- --publickey ${DEVKEYS}/recovery_key.vbpubk
+"${FUTILITY}" verify "${SCRIPT_DIR}/futility/data/rec_kernel_part.bin" \
+ --publickey "${DEVKEYS}/recovery_key.vbpubk"
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh
index 04eb385f..587eed9f 100755
--- a/tests/futility/test_sign_firmware.sh
+++ b/tests/futility/test_sign_firmware.sh
@@ -3,13 +3,13 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
-me=${0##*/}
-TMP="$me.tmp"
+me="${0##*/}"
+TMP="${me}.tmp"
# Work in scratch directory
cd "$OUTDIR"
-KEYDIR=${SRCDIR}/tests/devkeys
+KEYDIR="${SRCDIR}/tests/devkeys"
# The input BIOS images are all signed with MP keys. We resign them with dev
# keys, which means we can precalculate the expected results. Note that the
@@ -22,10 +22,10 @@ ${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin
# We also want to test that we can sign an image without any valid firmware
# preambles. That one won't be able to tell how much of the FW_MAIN region is
# the valid firmware, so it'll have to sign the entire region.
-GOOD_VBLOCKS=${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin
+GOOD_VBLOCKS="${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin"
ONEMORE=bios_peppy_mp_no_vblock.bin
-cp ${GOOD_VBLOCKS} ${ONEMORE}
-${FUTILITY} load_fmap ${ONEMORE} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
+cp "${GOOD_VBLOCKS}" "${ONEMORE}"
+"${FUTILITY}" load_fmap "${ONEMORE}" VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
INFILES="${INFILES} ${ONEMORE}"
set -o pipefail
@@ -36,13 +36,13 @@ for infile in $INFILES; do
base=${infile##*/}
: $(( count++ ))
- echo -n "$count " 1>&3
+ echo -n "${count} " 1>&3
- outfile=${TMP}.${base}.new
+ outfile="${TMP}.${base}.new"
loemid="loem"
- loemdir=${TMP}.${base}_dir
+ loemdir="${TMP}.${base}_dir"
- mkdir -p ${loemdir}
+ mkdir -p "${loemdir}"
# resign_firmwarefd.sh works on BIOS image files. The args are:
#
@@ -71,102 +71,103 @@ for infile in $INFILES; do
#OLD ${loemdir} \
#OLD ${loemid}
- ${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
+ "${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
-v 14 \
-f 8 \
- -d ${loemdir} \
- -l ${loemid} \
- ${infile} ${outfile}
+ -d "${loemdir}" \
+ -l "${loemid}" \
+ "${infile}" "${outfile}"
# check the firmware version and preamble flags
- m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \
- | egrep 'Firmware version: +14$|Preamble flags: +8$' | wc -l)
- [ "$m" = "4" ]
+ m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${outfile}" | grep -c -E 'Firmware version: +14$|Preamble flags: +8$')
+ [ "${m}" = "4" ]
# check the sha1sums
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${outfile}" \
| grep sha1sum \
- | sed -e 's/.*: \+//' > ${TMP}.${base}.sha.new
- cmp ${SCRIPT_DIR}/futility/data_${base}_expect.txt ${TMP}.${base}.sha.new
+ | sed -e 's/.*: \+//' > "${TMP}.${base}.sha.new"
+ cmp "${SCRIPT_DIR}/futility/data_${base}_expect.txt" "${TMP}.${base}.sha.new"
# and the LOEM stuff
- ${FUTILITY} dump_fmap -x ${outfile} \
- FW_MAIN_A:${loemdir}/fw_main_A FW_MAIN_B:${loemdir}/fw_main_B \
- "Firmware A Data":${loemdir}/fw_main_A \
- "Firmware B Data":${loemdir}/fw_main_B
+ "${FUTILITY}" dump_fmap -x "${outfile}" \
+ "FW_MAIN_A:${loemdir}/fw_main_A" "FW_MAIN_B:${loemdir}/fw_main_B" \
+ "Firmware A Data:${loemdir}/fw_main_A" \
+ "Firmware B Data:${loemdir}/fw_main_B"
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \
- --fv ${loemdir}/fw_main_A \
- ${loemdir}/vblock_A.${loemid} | grep sha1sum \
- | sed -e 's/.*: \+//' > ${loemdir}/loem.sha.new
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \
- --fv ${loemdir}/fw_main_B \
- ${loemdir}/vblock_B.${loemid} | grep sha1sum \
- | sed -e 's/.*: \+//' >> ${loemdir}/loem.sha.new
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ --fv "${loemdir}/fw_main_A" \
+ "${loemdir}/vblock_A.${loemid}" | grep sha1sum \
+ | sed -e 's/.*: \+//' > "${loemdir}/loem.sha.new"
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ --fv "${loemdir}/fw_main_B" \
+ "${loemdir}/vblock_B.${loemid}" | grep sha1sum \
+ | sed -e 's/.*: \+//' >> "${loemdir}/loem.sha.new"
# the vblocks don't have root or recovery keys
- tail -4 ${SCRIPT_DIR}/futility/data_${base}_expect.txt > ${loemdir}/sha.expect
- cmp ${loemdir}/sha.expect ${loemdir}/loem.sha.new
+ tail -4 "${SCRIPT_DIR}/futility/data_${base}_expect.txt" \
+ > "${loemdir}/sha.expect"
+ cmp "${loemdir}/sha.expect" "${loemdir}/loem.sha.new"
done
# Make sure that the BIOS with the good vblocks signed the right size.
-GOOD_OUT=${TMP}.${GOOD_VBLOCKS##*/}.new
-MORE_OUT=${TMP}.${ONEMORE##*/}.new
+GOOD_OUT="${TMP}.${GOOD_VBLOCKS##*/}.new"
+MORE_OUT="${TMP}.${ONEMORE##*/}.new"
-${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${GOOD_OUT} \
- | awk '/Firmware body size:/ {print $4}' > ${TMP}.good.body
-${FUTILITY} dump_fmap -p ${GOOD_OUT} \
- | awk '/FW_MAIN_/ {print $3}' > ${TMP}.good.fw_main
+"${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${GOOD_OUT}" \
+ | awk '/Firmware body size:/ {print $4}' > "${TMP}.good.body"
+"${FUTILITY}" dump_fmap -p "${GOOD_OUT}" \
+ | awk '/FW_MAIN_/ {print $3}' > "${TMP}.good.fw_main"
# This should fail because they're different
-if cmp ${TMP}.good.body ${TMP}.good.fw_main; then false; fi
+if cmp "${TMP}.good.body" "${TMP}.good.fw_main"; then false; fi
# Make sure that the BIOS with the bad vblocks signed the whole fw body
-${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT} \
- | awk '/Firmware body size:/ {print $4}' > ${TMP}.onemore.body
-${FUTILITY} dump_fmap -p ${MORE_OUT} \
- | awk '/FW_MAIN_/ {print $3}' > ${TMP}.onemore.fw_main
+"${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${MORE_OUT}" \
+ | awk '/Firmware body size:/ {print $4}' > "${TMP}.onemore.body"
+"${FUTILITY}" dump_fmap -p "${MORE_OUT}" \
+ | awk '/FW_MAIN_/ {print $3}' > "${TMP}.onemore.fw_main"
# These should match
-cmp ${TMP}.onemore.body ${TMP}.onemore.fw_main
-cmp ${TMP}.onemore.body ${TMP}.good.fw_main
+cmp "${TMP}.onemore.body" "${TMP}.onemore.fw_main"
+cmp "${TMP}.onemore.body" "${TMP}.good.fw_main"
# Sign the last one again but don't specify the version or the preamble flags.
# The version should default to 1, but the preamble flags should be preserved.
: $(( count++ ))
-echo -n "$count " 1>&3
+echo -n "${count} " 1>&3
-${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
- ${MORE_OUT} ${MORE_OUT}.2
+"${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
+ "${MORE_OUT}" "${MORE_OUT}.2"
-m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.2 \
- | egrep 'Firmware version: +1$|Preamble flags: +8$' | wc -l)
-[ "$m" = "4" ]
+m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${MORE_OUT}.2" | grep -c -E 'Firmware version: +1$|Preamble flags: +8$')
+[ "${m}" = "4" ]
# If the original preamble is not present, the preamble flags should be zero.
: $(( count++ ))
-echo -n "$count " 1>&3
+echo -n "${count} " 1>&3
-${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
-${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
- ${MORE_OUT} ${MORE_OUT}.3
+"${FUTILITY}" load_fmap "${MORE_OUT}" VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
+"${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
+ "${MORE_OUT}" "${MORE_OUT}.3"
-m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.3 \
- | egrep 'Firmware version: +1$|Preamble flags: +0$' | wc -l)
-[ "$m" = "4" ]
+m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${MORE_OUT}.3" | grep -c -E 'Firmware version: +1$|Preamble flags: +0$')
+[ "${m}" = "4" ]
# cleanup
-rm -rf ${TMP}* ${ONEMORE}
+rm -rf "${TMP}"* "${ONEMORE}"
exit 0
diff --git a/tests/futility/test_sign_fw_main.sh b/tests/futility/test_sign_fw_main.sh
index face8016..6ab2083b 100755
--- a/tests/futility/test_sign_fw_main.sh
+++ b/tests/futility/test_sign_fw_main.sh
@@ -9,38 +9,38 @@ TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
-KEYDIR=${SRCDIR}/tests/devkeys
+KEYDIR="${SRCDIR}/tests/devkeys"
# create a firmware blob
-dd bs=1024 count=16 if=/dev/urandom of=${TMP}.fw_main
+dd bs=1024 count=16 if=/dev/urandom of="${TMP}.fw_main"
# try the old way
-${FUTILITY} vbutil_firmware --vblock ${TMP}.vblock.old \
- --keyblock ${KEYDIR}/firmware.keyblock \
- --signprivate ${KEYDIR}/firmware_data_key.vbprivk \
+"${FUTILITY}" vbutil_firmware --vblock "${TMP}.vblock.old" \
+ --keyblock "${KEYDIR}/firmware.keyblock" \
+ --signprivate "${KEYDIR}/firmware_data_key.vbprivk" \
--version 12 \
- --fv ${TMP}.fw_main \
- --kernelkey ${KEYDIR}/kernel_subkey.vbpubk \
+ --fv "${TMP}.fw_main" \
+ --kernelkey "${KEYDIR}/kernel_subkey.vbpubk" \
--flags 42
# verify
-${FUTILITY} vbutil_firmware --verify ${TMP}.vblock.old \
- --signpubkey ${KEYDIR}/root_key.vbpubk \
- --fv ${TMP}.fw_main
+"${FUTILITY}" vbutil_firmware --verify "${TMP}.vblock.old" \
+ --signpubkey "${KEYDIR}/root_key.vbpubk" \
+ --fv "${TMP}.fw_main"
# and the new way
-${FUTILITY} --debug sign \
- --signprivate ${KEYDIR}/firmware_data_key.vbprivk \
- --keyblock ${KEYDIR}/firmware.keyblock \
- --kernelkey ${KEYDIR}/kernel_subkey.vbpubk \
+"${FUTILITY}" --debug sign \
+ --signprivate "${KEYDIR}/firmware_data_key.vbprivk" \
+ --keyblock "${KEYDIR}/firmware.keyblock" \
+ --kernelkey "${KEYDIR}/kernel_subkey.vbpubk" \
--version 12 \
- --fv ${TMP}.fw_main \
+ --fv "${TMP}.fw_main" \
--flags 42 \
- ${TMP}.vblock.new
+ "${TMP}.vblock.new"
# They should match
-cmp ${TMP}.vblock.old ${TMP}.vblock.new
+cmp "${TMP}.vblock.old" "${TMP}.vblock.new"
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_sign_kernel.sh b/tests/futility/test_sign_kernel.sh
index d2527453..61b1c5aa 100755
--- a/tests/futility/test_sign_kernel.sh
+++ b/tests/futility/test_sign_kernel.sh
@@ -11,11 +11,11 @@ cd "$OUTDIR"
DEVKEYS=${SRCDIR}/tests/devkeys
-echo "hi there" > ${TMP}.config.txt
-echo "hello boys" > ${TMP}.config2.txt
-dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader.bin
-dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader2.bin
-dd if=/dev/urandom bs=1M count=16 of=${TMP}.kern_partition
+echo "hi there" > "${TMP}.config.txt"
+echo "hello boys" > "${TMP}.config2.txt"
+dd if=/dev/urandom bs=512 count=1 of="${TMP}.bootloader.bin"
+dd if=/dev/urandom bs=512 count=1 of="${TMP}.bootloader2.bin"
+dd if=/dev/urandom bs=1M count=16 of="${TMP}.kern_partition"
# default padding
padding=49152
@@ -26,273 +26,279 @@ try_arch () {
echo -n "${arch}: 1 " 1>&3
# pack it up the old way
- ${FUTILITY} --debug vbutil_kernel \
- --pack ${TMP}.blob1.${arch} \
- --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
- --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
+ "${FUTILITY}" --debug vbutil_kernel \
+ --pack "${TMP}.blob1.${arch}" \
+ --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
+ --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
--version 1 \
- --config ${TMP}.config.txt \
- --bootloader ${TMP}.bootloader.bin \
- --vmlinuz ${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin \
- --arch ${arch} \
- --pad ${padding} \
+ --config "${TMP}.config.txt" \
+ --bootloader "${TMP}.bootloader.bin" \
+ --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
+ --arch "${arch}" \
+ --pad "${padding}" \
--kloadaddr 0x11000
# verify the old way
- ${FUTILITY} vbutil_kernel --verify ${TMP}.blob1.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify1
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob1.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify1"
# pack it up the new way
- ${FUTILITY} --debug sign \
- --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
- --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
+ "${FUTILITY}" --debug sign \
+ --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
+ --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
--version 1 \
- --config ${TMP}.config.txt \
- --bootloader ${TMP}.bootloader.bin \
- --vmlinuz ${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin \
- --arch ${arch} \
- --pad ${padding} \
+ --config "${TMP}.config.txt" \
+ --bootloader "${TMP}.bootloader.bin" \
+ --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
+ --arch "${arch}" \
+ --pad "${padding}" \
--kloadaddr 0x11000 \
- --outfile ${TMP}.blob2.${arch}
+ --outfile "${TMP}.blob2.${arch}"
- ${FUTILITY} vbutil_kernel --verify ${TMP}.blob2.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify2
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob2.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify2"
# they should be identical
- cmp ${TMP}.blob1.${arch} ${TMP}.blob2.${arch}
- diff ${TMP}.verify1 ${TMP}.verify2
+ cmp "${TMP}.blob1.${arch}" "${TMP}.blob2.${arch}"
+ diff "${TMP}.verify1" "${TMP}.verify2"
echo -n "2 " 1>&3
# repack it the old way
- ${FUTILITY} --debug vbutil_kernel \
- --repack ${TMP}.blob3.${arch} \
- --oldblob ${TMP}.blob1.${arch} \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ "${FUTILITY}" --debug vbutil_kernel \
+ --repack "${TMP}.blob3.${arch}" \
+ --oldblob "${TMP}.blob1.${arch}" \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin"
# verify the old way
- ${FUTILITY} vbutil_kernel --verify ${TMP}.blob3.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify3
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob3.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify3"
# repack it the new way
- ${FUTILITY} --debug sign \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ "${FUTILITY}" --debug sign \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin \
- ${TMP}.blob2.${arch} \
- ${TMP}.blob4.${arch}
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin" \
+ "${TMP}.blob2.${arch}" \
+ "${TMP}.blob4.${arch}"
- ${FUTILITY} vbutil_kernel --verify ${TMP}.blob4.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify4
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob4.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify4"
# they should be identical
- cmp ${TMP}.blob3.${arch} ${TMP}.blob4.${arch}
- diff ${TMP}.verify3 ${TMP}.verify4
+ cmp "${TMP}.blob3.${arch}" "${TMP}.blob4.${arch}"
+ diff "${TMP}.verify3" "${TMP}.verify4"
echo -n "3 " 1>&3
# repack it the new way, in-place
- cp ${TMP}.blob2.${arch} ${TMP}.blob5.${arch}
- ${FUTILITY} --debug sign \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ cp "${TMP}.blob2.${arch}" "${TMP}.blob5.${arch}"
+ "${FUTILITY}" --debug sign \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin \
- ${TMP}.blob5.${arch}
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin" \
+ "${TMP}.blob5.${arch}"
- ${FUTILITY} vbutil_kernel --verify ${TMP}.blob5.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify5
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob5.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify5"
# they should be identical
- cmp ${TMP}.blob3.${arch} ${TMP}.blob5.${arch}
- diff ${TMP}.verify3 ${TMP}.verify5
+ cmp "${TMP}.blob3.${arch}" "${TMP}.blob5.${arch}"
+ diff "${TMP}.verify3" "${TMP}.verify5"
# and now just the vblocks...
echo -n "4 " 1>&3
# pack the old way
- ${FUTILITY} vbutil_kernel \
- --pack ${TMP}.blob1.${arch}.vb1 \
+ "${FUTILITY}" vbutil_kernel \
+ --pack "${TMP}.blob1.${arch}.vb1" \
--vblockonly \
- --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
- --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
+ --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
+ --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
--version 1 \
- --config ${TMP}.config.txt \
- --bootloader ${TMP}.bootloader.bin \
- --vmlinuz ${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin \
- --arch ${arch} \
- --pad ${padding} \
+ --config "${TMP}.config.txt" \
+ --bootloader "${TMP}.bootloader.bin" \
+ --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
+ --arch "${arch}" \
+ --pad "${padding}" \
--kloadaddr 0x11000
# compare this new vblock with the one from the full pack
- dd bs=${padding} count=1 if=${TMP}.blob1.${arch} of=${TMP}.blob1.${arch}.vb0
- cmp ${TMP}.blob1.${arch}.vb0 ${TMP}.blob1.${arch}.vb1
+ dd bs="${padding}" count=1 if="${TMP}.blob1.${arch}" \
+ of="${TMP}.blob1.${arch}.vb0"
+ cmp "${TMP}.blob1.${arch}.vb0" "${TMP}.blob1.${arch}.vb1"
# pack the new way
- ${FUTILITY} --debug sign \
- --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
- --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
+ "${FUTILITY}" --debug sign \
+ --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
+ --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
--version 1 \
- --config ${TMP}.config.txt \
- --bootloader ${TMP}.bootloader.bin \
- --vmlinuz ${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin \
- --arch ${arch} \
- --pad ${padding} \
+ --config "${TMP}.config.txt" \
+ --bootloader "${TMP}.bootloader.bin" \
+ --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
+ --arch "${arch}" \
+ --pad "${padding}" \
--kloadaddr 0x11000 \
--vblockonly \
- ${TMP}.blob2.${arch}.vb1
+ "${TMP}.blob2.${arch}.vb1"
# compare this new vblock with the one from the full pack
- dd bs=${padding} count=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.vb0
- cmp ${TMP}.blob2.${arch}.vb0 ${TMP}.blob2.${arch}.vb1
+ dd bs="${padding}" count=1 if="${TMP}.blob2.${arch}" \
+ of="${TMP}.blob2.${arch}.vb0"
+ cmp "${TMP}.blob2.${arch}.vb0" "${TMP}.blob2.${arch}.vb1"
echo -n "5 " 1>&3
# now repack the old way, again emitting just the vblock
- ${FUTILITY} vbutil_kernel \
- --repack ${TMP}.blob3.${arch}.vb1 \
+ "${FUTILITY}" vbutil_kernel \
+ --repack "${TMP}.blob3.${arch}.vb1" \
--vblockonly \
- --oldblob ${TMP}.blob1.${arch} \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ --oldblob "${TMP}.blob1.${arch}" \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin"
# compare the full repacked vblock with the new repacked vblock
- dd bs=${padding} count=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.vb0
- cmp ${TMP}.blob3.${arch}.vb0 ${TMP}.blob3.${arch}.vb1
+ dd bs="${padding}" count=1 if="${TMP}.blob3.${arch}" \
+ of="${TMP}.blob3.${arch}.vb0"
+ cmp "${TMP}.blob3.${arch}.vb0" "${TMP}.blob3.${arch}.vb1"
# extract just the kernel blob
- dd bs=${padding} skip=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.kb0
+ dd bs="${padding}" skip=1 if="${TMP}.blob3.${arch}" \
+ of="${TMP}.blob3.${arch}.kb0"
# and verify it using the new vblock (no way to do that with vbutil_kernel)
- ${FUTILITY} --debug verify \
- --pad ${padding} \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
- --fv ${TMP}.blob3.${arch}.kb0 \
- ${TMP}.blob3.${arch}.vb1 > ${TMP}.verify3v
+ "${FUTILITY}" --debug verify \
+ --pad "${padding}" \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
+ --fv "${TMP}.blob3.${arch}.kb0" \
+ "${TMP}.blob3.${arch}.vb1" > "${TMP}.verify3v"
# repack the new way
- ${FUTILITY} --debug sign \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ "${FUTILITY}" --debug sign \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin \
- --pad ${padding} \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin" \
+ --pad "${padding}" \
--vblockonly \
- ${TMP}.blob2.${arch} \
- ${TMP}.blob4.${arch}.vb1 \
+ "${TMP}.blob2.${arch}" \
+ "${TMP}.blob4.${arch}.vb1" \
# compare the full repacked vblock with the new repacked vblock
- dd bs=${padding} count=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.vb0
- cmp ${TMP}.blob4.${arch}.vb0 ${TMP}.blob4.${arch}.vb1
+ dd bs="${padding}" count=1 if="${TMP}.blob4.${arch}" \
+ of="${TMP}.blob4.${arch}.vb0"
+ cmp "${TMP}.blob4.${arch}.vb0" "${TMP}.blob4.${arch}.vb1"
# extract just the kernel blob
- dd bs=${padding} skip=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.kb0
+ dd bs="${padding}" skip=1 if="${TMP}.blob4.${arch}" \
+ of="${TMP}.blob4.${arch}.kb0"
# and verify it using the new vblock (no way to do that with vbutil_kernel)
- ${FUTILITY} --debug verify \
- --pad ${padding} \
- --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
- --fv ${TMP}.blob4.${arch}.kb0 \
- ${TMP}.blob4.${arch}.vb1 > ${TMP}.verify4v
+ "${FUTILITY}" --debug verify \
+ --pad "${padding}" \
+ --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
+ --fv "${TMP}.blob4.${arch}.kb0" \
+ "${TMP}.blob4.${arch}.vb1" > "${TMP}.verify4v"
echo -n "6 " 1>&3
# Now lets repack some kernel partitions, not just blobs.
- cp ${TMP}.kern_partition ${TMP}.part1.${arch}
- dd if=${TMP}.blob1.${arch} of=${TMP}.part1.${arch} conv=notrunc
+ cp "${TMP}.kern_partition" "${TMP}.part1.${arch}"
+ dd if="${TMP}.blob1.${arch}" of="${TMP}.part1.${arch}" conv=notrunc
# Make sure the partitions verify
- ${FUTILITY} vbutil_kernel --verify ${TMP}.part1.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify6
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.part1.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify6"
# The partition should verify the same way as the blob
- diff ${TMP}.verify1 ${TMP}.verify6
+ diff "${TMP}.verify1" "${TMP}.verify6"
# repack it the old way
- ${FUTILITY} --debug vbutil_kernel \
- --repack ${TMP}.part6.${arch} \
- --oldblob ${TMP}.part1.${arch} \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ "${FUTILITY}" --debug vbutil_kernel \
+ --repack "${TMP}.part6.${arch}" \
+ --oldblob "${TMP}.part1.${arch}" \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin"
# verify the old way
- ${FUTILITY} vbutil_kernel --verify ${TMP}.part6.${arch} \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify6.old
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.old"
# this "partition" should actually be the same as the old-way blob
- cmp ${TMP}.blob3.${arch} ${TMP}.part6.${arch}
+ cmp "${TMP}.blob3.${arch}" "${TMP}.part6.${arch}"
# repack it the new way, in-place
- cp ${TMP}.part1.${arch} ${TMP}.part6.${arch}.new1
- ${FUTILITY} --debug sign \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ cp "${TMP}.part1.${arch}" "${TMP}.part6.${arch}.new1"
+ "${FUTILITY}" --debug sign \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin \
- ${TMP}.part6.${arch}.new1
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin" \
+ "${TMP}.part6.${arch}.new1"
- ${FUTILITY} vbutil_kernel --verify ${TMP}.part6.${arch}.new1 \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify6.new1
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}.new1" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.new1"
# The verification should be indentical
- diff ${TMP}.verify6.old ${TMP}.verify6.new1
+ diff "${TMP}.verify6.old" "${TMP}.verify6.new1"
# But the content should only match up to the size of the kernel blob, since
# we're modifying an entire partition in-place.
- blobsize=$(stat -c '%s' ${TMP}.part6.${arch})
- cmp -n ${blobsize} ${TMP}.part6.${arch} ${TMP}.part6.${arch}.new1
+ blobsize=$(stat -c '%s' "${TMP}.part6.${arch}")
+ cmp -n "${blobsize}" "${TMP}.part6.${arch}" "${TMP}.part6.${arch}.new1"
# The rest of the partition should be unchanged.
- cmp -i ${blobsize} ${TMP}.part1.${arch} ${TMP}.part6.${arch}.new1
+ cmp -i "${blobsize}" "${TMP}.part1.${arch}" "${TMP}.part6.${arch}.new1"
# repack it the new way, from input to output
- cp ${TMP}.part1.${arch} ${TMP}.part1.${arch}.in
- ${FUTILITY} --debug sign \
- --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
- --keyblock ${DEVKEYS}/kernel.keyblock \
+ cp "${TMP}.part1.${arch}" "${TMP}.part1.${arch}.in"
+ "${FUTILITY}" --debug sign \
+ --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
+ --keyblock "${DEVKEYS}/kernel.keyblock" \
--version 2 \
- --pad ${padding} \
- --config ${TMP}.config2.txt \
- --bootloader ${TMP}.bootloader2.bin \
- ${TMP}.part1.${arch}.in \
- ${TMP}.part6.${arch}.new2
+ --pad "${padding}" \
+ --config "${TMP}.config2.txt" \
+ --bootloader "${TMP}.bootloader2.bin" \
+ "${TMP}.part1.${arch}.in" \
+ "${TMP}.part6.${arch}.new2"
- ${FUTILITY} vbutil_kernel --verify ${TMP}.part6.${arch}.new2 \
- --pad ${padding} \
- --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify6.new2
+ "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}.new2" \
+ --pad "${padding}" \
+ --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.new2"
# The input file should not have changed (just being sure).
- cmp ${TMP}.part1.${arch} ${TMP}.part1.${arch}.in
+ cmp "${TMP}.part1.${arch}" "${TMP}.part1.${arch}.in"
# The verification should be indentical
- diff ${TMP}.verify6.old ${TMP}.verify6.new2
+ diff "${TMP}.verify6.old" "${TMP}.verify6.new2"
# And creating a new output file should only emit a blob's worth
- cmp ${TMP}.part6.${arch} ${TMP}.part6.${arch}.new2
+ cmp "${TMP}.part6.${arch}" "${TMP}.part6.${arch}.new2"
# Note: We specifically do not test repacking with a different --kloadaddr,
# because the old way has a bug and does not update params->cmd_line_ptr to
@@ -304,5 +310,5 @@ try_arch amd64
try_arch arm
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_sign_keyblocks.sh b/tests/futility/test_sign_keyblocks.sh
index f689c89c..75d367d0 100755
--- a/tests/futility/test_sign_keyblocks.sh
+++ b/tests/futility/test_sign_keyblocks.sh
@@ -16,95 +16,95 @@ SIGNER=${SRCDIR}/tests/external_rsa_signer.sh
# Create a copy of an existing keyblock, using the old way
-${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock0 \
- --datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
+"${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock0" \
+ --datapubkey "${DEVKEYS}/firmware_data_key.vbpubk" \
--flags 23 \
- --signprivate ${DEVKEYS}/root_key.vbprivk
+ --signprivate "${DEVKEYS}/root_key.vbprivk"
# Check it.
-${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock0 \
- --signpubkey ${DEVKEYS}/root_key.vbpubk
+"${FUTILITY}" vbutil_keyblock --unpack "${TMP}.keyblock0" \
+ --signpubkey "${DEVKEYS}/root_key.vbpubk"
# It should be the same as the dev-key firmware keyblock
-cmp ${DEVKEYS}/firmware.keyblock ${TMP}.keyblock0
+cmp "${DEVKEYS}/firmware.keyblock" "${TMP}.keyblock0"
# Now create it the new way
-${FUTILITY} --debug sign \
- --datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
+"${FUTILITY}" --debug sign \
+ --datapubkey "${DEVKEYS}/firmware_data_key.vbpubk" \
--flags 23 \
- --signprivate ${DEVKEYS}/root_key.vbprivk \
- --outfile ${TMP}.keyblock1
+ --signprivate "${DEVKEYS}/root_key.vbprivk" \
+ --outfile "${TMP}.keyblock1"
# It should be the same too.
-cmp ${DEVKEYS}/firmware.keyblock ${TMP}.keyblock1
+cmp "${DEVKEYS}/firmware.keyblock" "${TMP}.keyblock1"
# Create a keyblock without signing it.
# old way
-${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock0 \
- --datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
+"${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock0" \
+ --datapubkey "${DEVKEYS}/firmware_data_key.vbpubk" \
--flags 14
# new way
-${FUTILITY} --debug sign \
+"${FUTILITY}" --debug sign \
--flags 14 \
- ${DEVKEYS}/firmware_data_key.vbpubk \
- ${TMP}.keyblock1
+ "${DEVKEYS}/firmware_data_key.vbpubk" \
+ "${TMP}.keyblock1"
-cmp ${TMP}.keyblock0 ${TMP}.keyblock1
+cmp "${TMP}.keyblock0" "${TMP}.keyblock1"
# Create one using PEM args
# old way
-${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock2 \
- --datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
- --signprivate_pem ${TESTKEYS}/key_rsa4096.pem \
+"${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock2" \
+ --datapubkey "${DEVKEYS}/firmware_data_key.vbpubk" \
+ --signprivate_pem "${TESTKEYS}/key_rsa4096.pem" \
--pem_algorithm 8 \
--flags 9
# verify it
-${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock2 \
- --signpubkey ${TESTKEYS}/key_rsa4096.sha512.vbpubk
+"${FUTILITY}" vbutil_keyblock --unpack "${TMP}.keyblock2" \
+ --signpubkey "${TESTKEYS}/key_rsa4096.sha512.vbpubk"
# new way
-${FUTILITY} --debug sign \
- --pem_signpriv ${TESTKEYS}/key_rsa4096.pem \
+"${FUTILITY}" --debug sign \
+ --pem_signpriv "${TESTKEYS}/key_rsa4096.pem" \
--pem_algo 8 \
--flags 9 \
- ${DEVKEYS}/firmware_data_key.vbpubk \
- ${TMP}.keyblock3
+ "${DEVKEYS}/firmware_data_key.vbpubk" \
+ "${TMP}.keyblock3"
-cmp ${TMP}.keyblock2 ${TMP}.keyblock3
+cmp "${TMP}.keyblock2" "${TMP}.keyblock3"
# Try it with an external signer
# old way
-${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock4 \
- --datapubkey ${DEVKEYS}/firmware_data_key.vbpubk \
- --signprivate_pem ${TESTKEYS}/key_rsa4096.pem \
+"${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock4" \
+ --datapubkey "${DEVKEYS}/firmware_data_key.vbpubk" \
+ --signprivate_pem "${TESTKEYS}/key_rsa4096.pem" \
--pem_algorithm 8 \
--flags 19 \
- --externalsigner ${SIGNER}
+ --externalsigner "${SIGNER}"
# verify it
-${FUTILITY} vbutil_keyblock --unpack ${TMP}.keyblock4 \
- --signpubkey ${TESTKEYS}/key_rsa4096.sha512.vbpubk
+"${FUTILITY}" vbutil_keyblock --unpack "${TMP}.keyblock4" \
+ --signpubkey "${TESTKEYS}/key_rsa4096.sha512.vbpubk"
# new way
-${FUTILITY} --debug sign \
- --pem_signpriv ${TESTKEYS}/key_rsa4096.pem \
+"${FUTILITY}" --debug sign \
+ --pem_signpriv "${TESTKEYS}/key_rsa4096.pem" \
--pem_algo 8 \
- --pem_external ${SIGNER} \
+ --pem_external "${SIGNER}" \
--flags 19 \
- ${DEVKEYS}/firmware_data_key.vbpubk \
- ${TMP}.keyblock5
+ "${DEVKEYS}/firmware_data_key.vbpubk" \
+ "${TMP}.keyblock5"
-cmp ${TMP}.keyblock4 ${TMP}.keyblock5
+cmp "${TMP}.keyblock4" "${TMP}.keyblock5"
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_sign_usbpd1.sh b/tests/futility/test_sign_usbpd1.sh
index 48e64eb1..2324fae1 100755
--- a/tests/futility/test_sign_usbpd1.sh
+++ b/tests/futility/test_sign_usbpd1.sh
@@ -24,33 +24,33 @@ for test in $TESTS; do
: $(( count++ ))
echo -n "$count " 1>&3
- pemfile=${DATADIR}/${test}.pem
- infile=${DATADIR}/${test}.unsigned
- goodfile=${DATADIR}/${test}.signed
- outfile=${TMP}.${test}.new
+ pemfile="${DATADIR}/${test}.pem"
+ infile="${DATADIR}/${test}.unsigned"
+ goodfile="${DATADIR}/${test}.signed"
+ outfile="${TMP}.${test}.new"
# Signing the whole thing with futility should produce identical results
- ${FUTILITY} sign --type usbpd1 --pem ${pemfile} ${infile} ${outfile}
- cmp ${goodfile} ${outfile}
+ "${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" "${infile}" "${outfile}"
+ cmp "${goodfile}" "${outfile}"
# Now try signing just the RW part
- size=$(stat -c '%s' ${infile})
+ size=$(stat -c '%s' "${infile}")
half=$(( size / 2 ))
- newin=${TMP}.${test}.rw_in
- dd if=${infile} bs=${half} count=1 skip=1 of=${newin}
+ newin="${TMP}.${test}.rw_in"
+ dd if="${infile}" bs="${half}" count=1 skip=1 of="${newin}"
newgood=${TMP}.${test}.rw_ok
- dd if=${goodfile} bs=${half} count=1 skip=1 of=${newgood}
- newout=${TMP}.${test}.rw_out
+ dd if="${goodfile}" bs="${half}" count=1 skip=1 of="${newgood}"
+ newout="${TMP}.${test}.rw_out"
# Sign the RW part alone
- ${FUTILITY} sign --type usbpd1 --pem ${pemfile} \
+ "${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" \
--ro_size 0 \
- ${newin} ${newout}
- cmp ${newgood} ${newout}
+ "${newin}" "${newout}"
+ cmp "${newgood}" "${newout}"
done
# cleanup
-rm -rf ${TMP}*
+rm -rf "${TMP}"*
exit 0
diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh
index e6360c35..8d8a559e 100755
--- a/tests/futility/test_update.sh
+++ b/tests/futility/test_update.sh
@@ -40,12 +40,12 @@ cd "$OUTDIR"
set -o pipefail
# In all the test scenario, we want to test "updating from PEPPY to LINK".
-TO_IMAGE=${TMP}.src.link
-FROM_IMAGE=${TMP}.src.peppy
+TO_IMAGE="${TMP}.src.link"
+FROM_IMAGE="${TMP}.src.peppy"
TO_HWID="X86 LINK TEST 6638"
FROM_HWID="X86 PEPPY TEST 4211"
-cp -f ${LINK_BIOS} ${TO_IMAGE}
-cp -f ${PEPPY_BIOS} ${FROM_IMAGE}
+cp -f "${LINK_BIOS}" "${TO_IMAGE}"
+cp -f "${PEPPY_BIOS}" "${FROM_IMAGE}"
"${FUTILITY}" load_fmap "${FROM_IMAGE}" \
RO_VPD:"${RO_VPD_BLOB}" RW_VPD:"${RO_VPD_BLOB}"
cp -f "${FROM_IMAGE}" "${FROM_IMAGE}".unpatched
@@ -57,29 +57,34 @@ patch_file() {
local data="$4"
# NAME OFFSET SIZE
- local fmap_info="$(${FUTILITY} dump_fmap -p ${file} ${section})"
- local base="$(echo "${fmap_info}" | sed 's/^[^ ]* //; s/ [^ ]*$//')"
- local offset=$((base + section_offset))
+ local fmap_info
+ local base
+ local offset
+
+ fmap_info="$("${FUTILITY}" dump_fmap -p "${file}" "${section}")"
+ base="$(echo "${fmap_info}" | sed 's/^[^ ]* //; s/ [^ ]*$//')"
+ offset=$((base + section_offset))
echo "offset: ${offset}"
- printf "${data}" | dd of="${file}" bs=1 seek="${offset}" conv=notrunc
+ printf "%b" "${data}" | dd of="${file}" bs=1 seek="${offset}" \
+ conv=notrunc
}
# PEPPY and LINK have different platform element ("Google_Link" and
# "Google_Peppy") in firmware ID so we want to hack them by changing
# "Google_" to "Google.".
-patch_file ${TO_IMAGE} RW_FWID_A 0 Google.
-patch_file ${TO_IMAGE} RW_FWID_B 0 Google.
-patch_file ${TO_IMAGE} RO_FRID 0 Google.
-patch_file ${FROM_IMAGE} RW_FWID_A 0 Google.
-patch_file ${FROM_IMAGE} RW_FWID_B 0 Google.
-patch_file ${FROM_IMAGE} RO_FRID 0 Google.
+patch_file "${TO_IMAGE}" RW_FWID_A 0 Google.
+patch_file "${TO_IMAGE}" RW_FWID_B 0 Google.
+patch_file "${TO_IMAGE}" RO_FRID 0 Google.
+patch_file "${FROM_IMAGE}" RW_FWID_A 0 Google.
+patch_file "${FROM_IMAGE}" RW_FWID_B 0 Google.
+patch_file "${FROM_IMAGE}" RO_FRID 0 Google.
unpack_image() {
local folder="${TMP}.$1"
local image="$2"
mkdir -p "${folder}"
- (cd "${folder}" && ${FUTILITY} dump_fmap -x "../${image}")
- ${FUTILITY} gbb -g --rootkey="${folder}/rootkey" "${image}"
+ (cd "${folder}" && "${FUTILITY}" dump_fmap -x "../${image}")
+ "${FUTILITY}" gbb -g --rootkey="${folder}/rootkey" "${image}"
}
# Unpack images so we can prepare expected results by individual sections.
@@ -114,19 +119,19 @@ cp -f "${FROM_IMAGE}" "${TMP}.expected.b"
cp -f "${FROM_IMAGE}" "${TMP}.expected.legacy"
"${FUTILITY}" gbb -s --hwid="${FROM_HWID}" "${TMP}.expected.full"
"${FUTILITY}" load_fmap "${TMP}.expected.full" \
- RW_VPD:${TMP}.from/RW_VPD \
- RO_VPD:${TMP}.from/RO_VPD
+ "RW_VPD:${TMP}.from/RW_VPD" \
+ "RO_VPD:${TMP}.from/RO_VPD"
"${FUTILITY}" load_fmap "${TMP}.expected.rw" \
- RW_SECTION_A:${TMP}.to/RW_SECTION_A \
- RW_SECTION_B:${TMP}.to/RW_SECTION_B \
- RW_SHARED:${TMP}.to/RW_SHARED \
- RW_LEGACY:${TMP}.to/RW_LEGACY
+ "RW_SECTION_A:${TMP}.to/RW_SECTION_A" \
+ "RW_SECTION_B:${TMP}.to/RW_SECTION_B" \
+ "RW_SHARED:${TMP}.to/RW_SHARED" \
+ "RW_LEGACY:${TMP}.to/RW_LEGACY"
"${FUTILITY}" load_fmap "${TMP}.expected.a" \
- RW_SECTION_A:${TMP}.to/RW_SECTION_A
+ "RW_SECTION_A:${TMP}.to/RW_SECTION_A"
"${FUTILITY}" load_fmap "${TMP}.expected.b" \
- RW_SECTION_B:${TMP}.to/RW_SECTION_B
+ "RW_SECTION_B:${TMP}.to/RW_SECTION_B"
"${FUTILITY}" load_fmap "${TMP}.expected.legacy" \
- RW_LEGACY:${TMP}.to/RW_LEGACY
+ "RW_LEGACY:${TMP}.to/RW_LEGACY"
cp -f "${TMP}.expected.full" "${TMP}.expected.full.gbb12"
patch_file "${TMP}.expected.full.gbb12" GBB 6 "\x02"
"${FUTILITY}" gbb -s --hwid="${FROM_HWID}" "${TMP}.expected.full.gbb12"
@@ -149,7 +154,7 @@ cp -f "${TMP}.expected.full" "${TMP}.expected.me_preserved"
# FMAP_AREA_PRESERVE (\010=0x08).
TO_IMAGE_WIPE_RW_VPD="${TO_IMAGE}.wipe_rw_vpd"
cp -f "${TO_IMAGE}" "${TO_IMAGE_WIPE_RW_VPD}"
-patch_file ${TO_IMAGE_WIPE_RW_VPD} FMAP 0x3fc "$(printf '\010')"
+patch_file "${TO_IMAGE_WIPE_RW_VPD}" FMAP 0x3fc "$(printf '\010')"
cp -f "${TMP}.expected.full" "${TMP}.expected.full.empty_rw_vpd"
"${FUTILITY}" load_fmap "${TMP}.expected.full.empty_rw_vpd" \
RW_VPD:"${TMP}.to/RW_VPD"
@@ -374,17 +379,17 @@ test_update "Full update (--quirks preserve_me)" \
# Test archive and manifest. CL_TAG is for custom_label_tag.
A="${TMP}.archive"
mkdir -p "${A}/bin"
-echo 'echo "${CL_TAG}"' >"${A}/bin/vpd"
+echo "echo \"\${CL_TAG}\"" >"${A}/bin/vpd"
chmod +x "${A}/bin/vpd"
cp -f "${LINK_BIOS}" "${A}/bios.bin"
echo "TEST: Manifest (--manifest, bios.bin)"
-${FUTILITY} update -a "${A}" --manifest >"${TMP}.json.out"
+"${FUTILITY}" update -a "${A}" --manifest >"${TMP}.json.out"
cmp "${TMP}.json.out" "${SCRIPT_DIR}/futility/link_bios.manifest.json"
mv -f "${A}/bios.bin" "${A}/image.bin"
echo "TEST: Manifest (--manifest, image.bin)"
-${FUTILITY} update -a "${A}" --manifest >"${TMP}.json.out"
+"${FUTILITY}" update -a "${A}" --manifest >"${TMP}.json.out"
cmp "${TMP}.json.out" "${SCRIPT_DIR}/futility/link_image.manifest.json"
@@ -395,7 +400,8 @@ test_update "Full update (--archive, single package)" \
echo "TEST: Output (--mode=output)"
mkdir -p "${TMP}.output"
-${FUTILITY} update -i "${LINK_BIOS}" --mode=output --output_dir="${TMP}.output"
+"${FUTILITY}" update -i "${LINK_BIOS}" --mode=output \
+ --output_dir="${TMP}.output"
cmp "${LINK_BIOS}" "${TMP}.output/image.bin"
mkdir -p "${A}/keyset"
@@ -403,9 +409,9 @@ cp -f "${LINK_BIOS}" "${A}/image.bin"
cp -f "${TMP}.to/rootkey" "${A}/keyset/rootkey.CL"
cp -f "${TMP}.to/VBLOCK_A" "${A}/keyset/vblock_A.CL"
cp -f "${TMP}.to/VBLOCK_B" "${A}/keyset/vblock_B.CL"
-${FUTILITY} gbb -s --rootkey="${TMP}.from/rootkey" "${A}/image.bin"
-${FUTILITY} load_fmap "${A}/image.bin" VBLOCK_A:"${TMP}.from/VBLOCK_A"
-${FUTILITY} load_fmap "${A}/image.bin" VBLOCK_B:"${TMP}.from/VBLOCK_B"
+"${FUTILITY}" gbb -s --rootkey="${TMP}.from/rootkey" "${A}/image.bin"
+"${FUTILITY}" load_fmap "${A}/image.bin" VBLOCK_A:"${TMP}.from/VBLOCK_A"
+"${FUTILITY}" load_fmap "${A}/image.bin" VBLOCK_B:"${TMP}.from/VBLOCK_B"
test_update "Full update (--archive, custom label, no VPD)" \
"${A}/image.bin" "!Need VPD set for custom" \
@@ -433,7 +439,7 @@ echo "TEST: Output (-a, --mode=output)"
mkdir -p "${TMP}.outa"
cp -f "${A}/image.bin" "${TMP}.emu"
CL_TAG="CL" PATH="${A}/bin:${PATH}" \
- ${FUTILITY} update -a "${A}" --mode=output --emu="${TMP}.emu" \
+ "${FUTILITY}" update -a "${A}" --mode=output --emu="${TMP}.emu" \
--output_dir="${TMP}.outa"
cmp "${LINK_BIOS}" "${TMP}.outa/image.bin"
@@ -448,8 +454,8 @@ cp -f "${TMP}.to/VBLOCK_A" "${A}/keyset/vblock_A.customtip-cl"
cp -f "${TMP}.to/VBLOCK_B" "${A}/keyset/vblock_B.customtip-cl"
cp -f "${PEPPY_BIOS}" "${FROM_IMAGE}.ap"
cp -f "${LINK_BIOS}" "${FROM_IMAGE}.al"
-patch_file ${FROM_IMAGE}.ap FW_MAIN_A 0 "corrupted"
-patch_file ${FROM_IMAGE}.al FW_MAIN_A 0 "corrupted"
+patch_file "${FROM_IMAGE}.ap" FW_MAIN_A 0 "corrupted"
+patch_file "${FROM_IMAGE}.al" FW_MAIN_A 0 "corrupted"
test_update "Full update (--archive, model=link)" \
"${FROM_IMAGE}.al" "${LINK_BIOS}" \
-a "${A}" --wp=0 --sys_props 0,0x10001,1,3 --model=link
@@ -508,13 +514,16 @@ if type cbfstool >/dev/null 2>&1; then
echo "min_platform_version=3" >"${TMP}.quirk"
cp -f "${TO_IMAGE}" "${TO_IMAGE}.quirk"
- ${FUTILITY} dump_fmap -x "${TO_IMAGE}" "BOOT_STUB:${TMP}.cbfs"
+ "${FUTILITY}" dump_fmap -x "${TO_IMAGE}" "BOOT_STUB:${TMP}.cbfs"
# Create a fake CBFS using FW_MAIN_A size.
truncate -s $((0x000dffc0)) "${TMP}.cbfs"
- ${FUTILITY} load_fmap "${TO_IMAGE}.quirk" "FW_MAIN_A:${TMP}.cbfs"
+ "${FUTILITY}" load_fmap "${TO_IMAGE}.quirk" "FW_MAIN_A:${TMP}.cbfs"
cbfstool "${TO_IMAGE}.quirk" add -r FW_MAIN_A -n updater_quirks \
-f "${TMP}.quirk" -t raw
test_update "Full update (failure by CBFS quirks)" \
"${FROM_IMAGE}" "!Need platform version >= 3 (current is 2)" \
-i "${TO_IMAGE}.quirk" --wp=0 --sys_props 0,0x10001,1,2
fi
+
+rm -rf "${TMP}"*
+exit 0
diff --git a/tests/gen_fuzz_test_cases.sh b/tests/gen_fuzz_test_cases.sh
index 2b4255de..3e4ca992 100755
--- a/tests/gen_fuzz_test_cases.sh
+++ b/tests/gen_fuzz_test_cases.sh
@@ -12,7 +12,7 @@ set -e
. "$(dirname "$0")/common.sh"
# Use a different directory for fuzzing test cases.
-TESTKEY_DIR=${TESTKEY_DIR:-$(realpath ${SCRIPT_DIR}/../tests/testkeys)}
+TESTKEY_DIR=${TESTKEY_DIR:-$(realpath "${SCRIPT_DIR}"/../tests/testkeys)}
TESTCASE_DIR=${BUILD_DIR}/fuzz_testcases
TEST_IMAGE_FILE=${TESTCASE_DIR}/testimage
TEST_IMAGE_SIZE=500000
@@ -26,42 +26,43 @@ function generate_fuzzing_images {
echo "Generating keyblocks..."
# Firmware keyblock - RSA8192/SHA512 root key, RSA4096/SHA512 firmware
# signing key.
- ${FUTILITY} vbutil_keyblock \
- --pack ${TESTCASE_DIR}/firmware.keyblock \
- --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \
- --signprivate ${TESTKEY_DIR}/key_rsa8192.sha1.vbprivk
+ "${FUTILITY}" vbutil_keyblock \
+ --pack "${TESTCASE_DIR}/firmware.keyblock" \
+ --datapubkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \
+ --signprivate "${TESTKEY_DIR}/key_rsa8192.sha1.vbprivk"
# Kernel keyblock - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512
# kernel signing key.
- ${FUTILITY} vbutil_keyblock \
- --pack ${TESTCASE_DIR}/kernel.keyblock \
- --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \
- --signprivate ${TESTKEY_DIR}/key_rsa4096.sha1.vbprivk \
+ "${FUTILITY}" vbutil_keyblock \
+ --pack "${TESTCASE_DIR}/kernel.keyblock" \
+ --datapubkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \
+ --signprivate "${TESTKEY_DIR}/key_rsa4096.sha1.vbprivk" \
--flags 15
echo "Generating signed firmware test image..."
- ${FUTILITY} vbutil_firmware \
- --vblock ${TESTCASE_DIR}/firmware.vblock \
- --keyblock ${TESTCASE_DIR}/firmware.keyblock\
- --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \
+ "${FUTILITY}" vbutil_firmware \
+ --vblock "${TESTCASE_DIR}/firmware.vblock" \
+ --keyblock "${TESTCASE_DIR}/firmware.keyblock" \
+ --signprivate "${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk" \
--version 1 \
- --fv $1 \
- --kernelkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk
+ --fv "$1" \
+ --kernelkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk"
# TODO(gauravsh): ALso test with (optional) flags.
- cp ${TESTKEY_DIR}/key_rsa8192.sha512.vbpubk ${TESTCASE_DIR}/root_key.vbpubk
+ cp "${TESTKEY_DIR}/key_rsa8192.sha512.vbpubk" \
+ "${TESTCASE_DIR}/root_key.vbpubk"
echo "Generating signed kernel test image..."
- ${FUTILITY} vbutil_kernel \
- --pack ${TESTCASE_DIR}/kernel.vblock.image \
- --keyblock ${TESTCASE_DIR}/kernel.keyblock \
- --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \
+ "${FUTILITY}" vbutil_kernel \
+ --pack "${TESTCASE_DIR}/kernel.vblock.image" \
+ --keyblock "${TESTCASE_DIR}/kernel.keyblock" \
+ --signprivate "${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk" \
--version 1 \
- --vmlinuz ${TEST_IMAGE_FILE} \
- --bootloader ${TEST_BOOTLOADER_FILE} \
- --config ${TEST_CONFIG_FILE}
+ --vmlinuz "${TEST_IMAGE_FILE}" \
+ --bootloader "${TEST_BOOTLOADER_FILE}" \
+ --config "${TEST_CONFIG_FILE}"
# TODO(gauravsh): Also test with (optional) padding.
- cp ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \
- ${TESTCASE_DIR}/firmware_key.vbpubk
+ cp "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \
+ "${TESTCASE_DIR}/firmware_key.vbpubk"
}
function pre_work {
@@ -69,18 +70,17 @@ function pre_work {
# NOTE: The kernel and config file can't really be random, but the bootloader
# can. That's probably close enough.
echo "Generating test image file..."
- dd if=/dev/urandom of=${TEST_IMAGE_FILE} bs=${TEST_IMAGE_SIZE} count=1
+ dd if=/dev/urandom of="${TEST_IMAGE_FILE}" bs="${TEST_IMAGE_SIZE}" count=1
echo "Generating test bootloader file..."
# TODO(gauravsh): Use a valid bootloader here?
- dd if=/dev/urandom of=${TEST_BOOTLOADER_FILE} bs=${TEST_BOOTLOADER_SIZE} \
+ dd if=/dev/urandom of="${TEST_BOOTLOADER_FILE}" bs="${TEST_BOOTLOADER_SIZE}" \
count=1
echo "Generating test config file..."
# TODO(gauravsh): Use a valid config file here?
- dd if=/dev/urandom of=${TEST_CONFIG_FILE} bs=${TEST_CONFIG_SIZE} count=1
+ dd if=/dev/urandom of="${TEST_CONFIG_FILE}" bs="${TEST_CONFIG_SIZE}" count=1
}
-mkdir -p ${TESTCASE_DIR}
+mkdir -p "${TESTCASE_DIR}"
pre_work
check_test_keys
-generate_fuzzing_images ${TEST_IMAGE_FILE}
-
+generate_fuzzing_images "${TEST_IMAGE_FILE}"
diff --git a/tests/gen_test_cases.sh b/tests/gen_test_cases.sh
index 540fc2a2..80ed90c0 100755
--- a/tests/gen_test_cases.sh
+++ b/tests/gen_test_cases.sh
@@ -17,17 +17,17 @@ TEST_FILE_SIZE=1000000
function generate_test_signatures {
echo "Generating test signatures..."
algorithmcounter=0
- for keylen in ${key_lengths[@]}
+ for keylen in "${key_lengths[@]}"
do
- for hashalgo in ${hash_algos[@]}
+ for hashalgo in "${hash_algos[@]}"
do
- openssl dgst -${hashalgo} -binary ${TEST_FILE} > \
- ${TEST_FILE}.${hashalgo}.digest
- ${BIN_DIR}/signature_digest_utility $algorithmcounter \
- ${TEST_FILE} | openssl rsautl \
- -sign -pkcs -inkey ${TESTKEY_DIR}/key_rsa${keylen}.pem \
- > ${TEST_FILE}.rsa${keylen}_${hashalgo}.sig
- let algorithmcounter=algorithmcounter+1
+ openssl dgst "-${hashalgo}" -binary "${TEST_FILE}" > \
+ "${TEST_FILE}.${hashalgo}.digest"
+ "${BIN_DIR}/signature_digest_utility" "$algorithmcounter" \
+ "${TEST_FILE}" | openssl rsautl \
+ -sign -pkcs -inkey "${TESTKEY_DIR}/key_rsa${keylen}.pem" \
+ > "${TEST_FILE}.rsa${keylen}_${hashalgo}.sig"
+ algorithmcounter=$((algorithmcounter + 1))
done
done
}
@@ -39,10 +39,10 @@ function generate_test_file {
echo "(skipping, file already exists)"
return
fi
- dd if=/dev/urandom of=${TEST_FILE} bs=${TEST_FILE_SIZE} count=1
+ dd if=/dev/urandom of="${TEST_FILE}" bs="${TEST_FILE_SIZE}" count=1
}
-mkdir -p ${TESTCASE_DIR}
+mkdir -p "${TESTCASE_DIR}"
check_test_keys
generate_test_file
generate_test_signatures
diff --git a/tests/gen_test_keys.sh b/tests/gen_test_keys.sh
index 04315ac3..37722fb9 100755
--- a/tests/gen_test_keys.sh
+++ b/tests/gen_test_keys.sh
@@ -17,11 +17,11 @@ sha_types=( 1 256 512 )
function generate_keys {
key_index=0
key_name_base="${TESTKEY_DIR}/key_rsa"
- for i in ${key_lengths[@]}
+ for i in "${key_lengths[@]}"
do
key_base="${key_name_base}${i}"
if [ -f "${key_base}.keyb" ]; then
- key_index=$((${key_index} + 1))
+ key_index=$((key_index + 1))
continue
fi
@@ -33,34 +33,33 @@ function generate_keys {
bits="${i%%_exp${exp}}"
fi
- openssl genrsa -${exp} -out ${key_base}.pem ${bits}
+ openssl genrsa "-${exp}" -out "${key_base}.pem" "${bits}"
# Generate self-signed certificate from key.
- openssl req -batch -new -x509 -key ${key_base}.pem \
- -out ${key_base}.crt
+ openssl req -batch -new -x509 -key "${key_base}.pem" \
+ -out "${key_base}.crt"
# Generate pre-processed key for use by RSA signature verification code.
- ${BIN_DIR}/dumpRSAPublicKey -cert ${key_base}.crt \
- > ${key_base}.keyb
+ "${BIN_DIR}/dumpRSAPublicKey" -cert "${key_base}.crt" > "${key_base}.keyb"
alg_index=0
- for sha_type in ${sha_types[@]}
+ for sha_type in "${sha_types[@]}"
do
- alg=$((${key_index} * 3 + ${alg_index}))
+ alg=$((key_index * 3 + alg_index))
# wrap the public key
- ${FUTILITY} vbutil_key \
+ "${FUTILITY}" vbutil_key \
--pack "${key_base}.sha${sha_type}.vbpubk" \
--key "${key_base}.keyb" \
--version 1 \
--algorithm ${alg}
# wrap the private key
- ${FUTILITY} vbutil_key \
+ "${FUTILITY}" vbutil_key \
--pack "${key_base}.sha${sha_type}.vbprivk" \
--key "${key_base}.pem" \
--algorithm ${alg}
- alg_index=$((${alg_index} + 1))
+ alg_index=$((alg_index} + 1))
done
- key_index=$((${key_index} + 1))
+ key_index=$((key_index + 1))
done
}
diff --git a/tests/gen_test_vbpubks.sh b/tests/gen_test_vbpubks.sh
index 8ea2759d..a318d3dc 100755
--- a/tests/gen_test_vbpubks.sh
+++ b/tests/gen_test_vbpubks.sh
@@ -11,16 +11,16 @@
function generate_vpubks {
algorithmcounter=0
- for keylen in ${key_lengths[@]}
+ for keylen in "${key_lengths[@]}"
do
- for hashalgo in ${hash_algos[@]}
+ for hashalgo in "${hash_algos[@]}"
do
- ${FUTILITY} vbutil_key --pack \
- --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \
- --out ${TESTKEY_DIR}/key_rsa${keylen}.${hashalgo}.vbpubk \
+ "${FUTILITY}" vbutil_key --pack \
+ --in "${TESTKEY_DIR}/key_rsa${keylen}.keyb" \
+ --out "${TESTKEY_DIR}/key_rsa${keylen}.${hashalgo}.vbpubk" \
--version 1 \
- --algorithm ${algorithmcounter}
- let algorithmcounter=algorithmcounter+1
+ --algorithm "${algorithmcounter}"
+ algorithmcounter=$((algorithmcounter + 1))
done
done
}
diff --git a/tests/load_kernel_tests.sh b/tests/load_kernel_tests.sh
index 45eedf4c..cd1bd635 100755
--- a/tests/load_kernel_tests.sh
+++ b/tests/load_kernel_tests.sh
@@ -27,21 +27,21 @@ dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin"
dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin"
# Pack kernel data key using original vboot utilities.
-${FUTILITY} vbutil_key --pack datakey.test \
- --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4
+"${FUTILITY}" vbutil_key --pack datakey.test \
+ --key "${TESTKEY_DIR}/key_rsa2048.keyb" --algorithm 4
# Keyblock with kernel data key is signed by kernel subkey
# Flags=21 means dev=0 rec=0 minios=0
-${FUTILITY} vbutil_keyblock --pack keyblock.test \
+"${FUTILITY}" vbutil_keyblock --pack keyblock.test \
--datapubkey datakey.test \
--flags 21 \
- --signprivate ${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk
+ --signprivate "${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk"
# Kernel preamble is signed with the kernel data key
-${FUTILITY} vbutil_kernel \
+"${FUTILITY}" vbutil_kernel \
--pack "kernel.test" \
--keyblock "keyblock.test" \
- --signprivate ${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk \
+ --signprivate "${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk" \
--version 1 \
--arch arm \
--vmlinuz "dummy_kernel.bin" \
@@ -51,9 +51,9 @@ ${FUTILITY} vbutil_kernel \
echo 'Verifying test kernel'
# Verify the kernel
-${FUTILITY} vbutil_kernel \
+"${FUTILITY}" vbutil_kernel \
--verify "kernel.test" \
- --signpubkey ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk
+ --signpubkey "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
happy 'Kernel verification succeeded'
@@ -69,7 +69,7 @@ dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc
# And verify it using futility
echo 'Verifying test disk image'
-${BUILD_RUN}/tests/verify_kernel disk.test \
- ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk
+"${BUILD_RUN}/tests/verify_kernel" disk.test \
+ "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
happy 'Image verification succeeded'
diff --git a/tests/run_cgpt_tests.sh b/tests/run_cgpt_tests.sh
index 3f186242..7f59205a 100755
--- a/tests/run_cgpt_tests.sh
+++ b/tests/run_cgpt_tests.sh
@@ -10,27 +10,26 @@
. "$(dirname "$0")/common.sh"
CGPT=$(readlink -f "$1")
-[ -x "$CGPT" ] || error "Can't execute $CGPT"
+[ -x ""${CGPT}"" ] || error "Can't execute $CGPT"
-MTD="${@:2}"
+MTD=("${@:2}")
# Run tests in a dedicated directory for easy cleanup or debugging.
DIR="${TEST_DIR}/cgpt_test_dir"
[ -d "$DIR" ] || mkdir -p "$DIR"
-warning "testing $CGPT in $DIR"
+warning "testing "${CGPT}" in $DIR"
cd "$DIR"
assert_fail() {
set +e
- "$@" 2>/dev/null
- if [ $? == 0 ]; then
+ if "$@" 2>/dev/null; then
error "$*" " should have failed but did not"
fi
set -e
}
# Test failure on non existing file.
-assert_fail ${CGPT} show $MTD blah_404_haha
+assert_fail "${CGPT}" show "${MTD[@]}" blah_404_haha
echo "Create an empty file to use as the device..."
NUM_SECTORS=1000
@@ -76,264 +75,271 @@ RANDOM_NUM=6
RANDOM_DRIVE_GUID='12345678-0000-1111-2222-123456789ABC'
-$CGPT create $MTD ${DEV}
+"${CGPT}" create "${MTD[@]}" ${DEV}
run_basic_tests() {
echo "Create a bunch of partitions, using the real GUID types..."
- $CGPT add $MTD -b ${DATA_START} -s ${DATA_SIZE} -t ${DATA_GUID} \
+ "${CGPT}" add "${MTD[@]}" -b ${DATA_START} -s ${DATA_SIZE} -t ${DATA_GUID} \
-l "${DATA_LABEL}" ${DEV}
- $CGPT add $MTD -b ${KERN_START} -s ${KERN_SIZE} -t ${KERN_GUID} \
+ "${CGPT}" add "${MTD[@]}" -b ${KERN_START} -s ${KERN_SIZE} -t ${KERN_GUID} \
-l "${KERN_LABEL}" ${DEV}
- $CGPT add $MTD -b ${ROOTFS_START} -s ${ROOTFS_SIZE} -t ${ROOTFS_GUID} \
- -l "${ROOTFS_LABEL}" ${DEV}
- $CGPT add $MTD -b ${ESP_START} -s ${ESP_SIZE} -t ${ESP_GUID} \
+ "${CGPT}" add "${MTD[@]}" -b ${ROOTFS_START} -s ${ROOTFS_SIZE} \
+ -t ${ROOTFS_GUID} -l "${ROOTFS_LABEL}" ${DEV}
+ "${CGPT}" add "${MTD[@]}" -b ${ESP_START} -s ${ESP_SIZE} -t ${ESP_GUID} \
-l "${ESP_LABEL}" ${DEV}
- $CGPT add $MTD -b ${FUTURE_START} -s ${FUTURE_SIZE} -t ${FUTURE_GUID} \
- -l "${FUTURE_LABEL}" ${DEV}
- $CGPT add $MTD -b ${RANDOM_START} -s ${RANDOM_SIZE} -t ${RANDOM_GUID} \
- -l "${RANDOM_LABEL}" ${DEV}
+ "${CGPT}" add "${MTD[@]}" -b ${FUTURE_START} -s ${FUTURE_SIZE} \
+ -t ${FUTURE_GUID} -l "${FUTURE_LABEL}" ${DEV}
+ "${CGPT}" add "${MTD[@]}" -b ${RANDOM_START} -s ${RANDOM_SIZE} \
+ -t ${RANDOM_GUID} -l "${RANDOM_LABEL}" ${DEV}
echo "Extract the start and size of given partitions..."
- X=$($CGPT show $MTD -b -i $DATA_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $DATA_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $DATA_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $DATA_NUM ${DEV})
[ "$X $Y" = "$DATA_START $DATA_SIZE" ] || error
- X=$($CGPT show $MTD -b -i $KERN_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $KERN_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $KERN_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $KERN_NUM ${DEV})
[ "$X $Y" = "$KERN_START $KERN_SIZE" ] || error
- X=$($CGPT show $MTD -b -i $ROOTFS_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $ROOTFS_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $ROOTFS_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $ROOTFS_NUM ${DEV})
[ "$X $Y" = "$ROOTFS_START $ROOTFS_SIZE" ] || error
- X=$($CGPT show $MTD -b -i $ESP_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $ESP_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $ESP_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $ESP_NUM ${DEV})
[ "$X $Y" = "$ESP_START $ESP_SIZE" ] || error
- X=$($CGPT show $MTD -b -i $FUTURE_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $FUTURE_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $FUTURE_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $FUTURE_NUM ${DEV})
[ "$X $Y" = "$FUTURE_START $FUTURE_SIZE" ] || error
- X=$($CGPT show $MTD -b -i $RANDOM_NUM ${DEV})
- Y=$($CGPT show $MTD -s -i $RANDOM_NUM ${DEV})
+ X=$("${CGPT}" show "${MTD[@]}" -b -i $RANDOM_NUM ${DEV})
+ Y=$("${CGPT}" show "${MTD[@]}" -s -i $RANDOM_NUM ${DEV})
[ "$X $Y" = "$RANDOM_START $RANDOM_SIZE" ] || error
echo "Change the beginning..."
DATA_START=$((DATA_START + 10))
- $CGPT add $MTD -i 1 -b ${DATA_START} ${DEV} || error
- X=$($CGPT show $MTD -b -i 1 ${DEV})
+ "${CGPT}" add "${MTD[@]}" -i 1 -b ${DATA_START} ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -b -i 1 ${DEV})
[ "$X" = "$DATA_START" ] || error
echo "Change the size..."
DATA_SIZE=$((DATA_SIZE + 10))
- $CGPT add $MTD -i 1 -s ${DATA_SIZE} ${DEV} || error
- X=$($CGPT show $MTD -s -i 1 ${DEV})
+ "${CGPT}" add "${MTD[@]}" -i 1 -s ${DATA_SIZE} ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -s -i 1 ${DEV})
[ "$X" = "$DATA_SIZE" ] || error
echo "Change the type..."
- $CGPT add $MTD -i 1 -t reserved ${DEV} || error
- X=$($CGPT show $MTD -t -i 1 ${DEV} | tr 'A-Z' 'a-z')
+ "${CGPT}" add "${MTD[@]}" -i 1 -t reserved ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -t -i 1 ${DEV} | tr '[:upper:]' '[:lower:]')
[ "$X" = "$FUTURE_GUID" ] || error
# arbitrary value
- $CGPT add $MTD -i 1 -t 610a563a-a55c-4ae0-ab07-86e5bb9db67f ${DEV} || error
- X=$($CGPT show $MTD -t -i 1 ${DEV})
+ "${CGPT}" add "${MTD[@]}" -i 1 -t 610a563a-a55c-4ae0-ab07-86e5bb9db67f \
+ ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -t -i 1 ${DEV})
[ "$X" = "610A563A-A55C-4AE0-AB07-86E5BB9DB67F" ] || error
- $CGPT add $MTD -i 1 -t data ${DEV} || error
- X=$($CGPT show $MTD -t -i 1 ${DEV} | tr 'A-Z' 'a-z')
+ "${CGPT}" add "${MTD[@]}" -i 1 -t data ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -t -i 1 ${DEV} | tr '[:upper:]' '[:lower:]')
[ "$X" = "$DATA_GUID" ] || error
- ORIG_ID=$($CGPT show $MTD -v ${DEV} | \
+ ORIG_ID=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | \
grep -i "disk uuid" | head -1 | awk ' { print $3 } ' )
[ ! "$ORIG_ID" = "$RANDOM_DRIVE_GUID" ] || error
- $CGPT edit $MTD -u ${RANDOM_DRIVE_GUID} ${DEV} || error
- X=$($CGPT show $MTD -v ${DEV} | grep -i "disk uuid" | \
+ "${CGPT}" edit "${MTD[@]}" -u ${RANDOM_DRIVE_GUID} ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | grep -i "disk uuid" | \
head -1 | awk ' { print $3 } ' )
[ "$X" = "${RANDOM_DRIVE_GUID}" ] || error
- $CGPT edit $MTD -u ${ORIG_ID} ${DEV} || error
- X=$($CGPT show $MTD -v ${DEV} | grep -i "disk uuid" | \
+ "${CGPT}" edit "${MTD[@]}" -u "${ORIG_ID}" ${DEV} || error
+ X=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | grep -i "disk uuid" | \
head -1 | awk ' { print $3 } ' )
[ "$X" = "${ORIG_ID}" ] || error
}
run_basic_tests
-ORIG_ID=$($CGPT show $MTD -v ${DEV} | \
+ORIG_ID=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | \
grep -i "disk uuid" | awk ' { print $3 } ' )
[ ! "$ORIG_ID" = "$RANDOM_DRIVE_GUID" ] || error
-$CGPT edit $MTD -u ${RANDOM_DRIVE_GUID} ${DEV} || error
-X=$($CGPT show $MTD -v ${DEV} | grep -i "disk uuid" | \
+"${CGPT}" edit "${MTD[@]}" -u ${RANDOM_DRIVE_GUID} ${DEV} || error
+X=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | grep -i "disk uuid" | \
head -1 | awk ' { print $3 } ' )
[ "$X" = "${RANDOM_DRIVE_GUID}" ] || error
-$CGPT edit $MTD -u ${ORIG_ID} ${DEV} || error
-X=$($CGPT show $MTD -v ${DEV} | grep -i "disk uuid" | \
+"${CGPT}" edit "${MTD[@]}" -u "${ORIG_ID}" ${DEV} || error
+X=$("${CGPT}" show "${MTD[@]}" -v ${DEV} | grep -i "disk uuid" | \
awk ' { print $3 } ' )
[ "$X" = "${ORIG_ID}" ] || error
echo "Set the boot partition.."
-$CGPT boot $MTD -i ${KERN_NUM} ${DEV} >/dev/null
+"${CGPT}" boot "${MTD[@]}" -i ${KERN_NUM} ${DEV} >/dev/null
echo "Check the PMBR's idea of the boot partition..."
-X=$($CGPT boot $MTD ${DEV})
-Y=$($CGPT show $MTD -u -i $KERN_NUM $DEV)
+X=$("${CGPT}" boot "${MTD[@]}" ${DEV})
+Y=$("${CGPT}" show "${MTD[@]}" -u -i $KERN_NUM $DEV)
[ "$X" = "$Y" ] || error
# Input: sequence of priorities
# Output: ${DEV} has kernel partitions with the given priorities
make_pri() {
local idx=0
- $CGPT create $MTD ${DEV}
+ "${CGPT}" create "${MTD[@]}" ${DEV}
for pri in "$@"; do
idx=$((idx+1))
- $CGPT add $MTD -t kernel -l "kern$idx" -b $((100 + 2 * $idx)) -s 1 -P $pri ${DEV}
+ "${CGPT}" add "${MTD[@]}" -t kernel -l "kern$idx" -b $((100 + 2 * idx)) \
+ -s 1 -P $pri ${DEV}
done
}
# Output: returns string containing priorities of all kernels
get_pri() {
- echo $(
- for idx in $($CGPT find $MTD -t kernel ${DEV} | sed -e s@${DEV}@@); do
- $CGPT show $MTD -i $idx -P ${DEV}
+ local output=()
+ for idx in $("${CGPT}" find "${MTD[@]}" -t kernel ${DEV} | sed -e s@${DEV}@@);
+ do
+ output+=("$("${CGPT}" show "${MTD[@]}" -i "$idx" -P ${DEV})")
done
- )
+ echo "${output[@]}"
}
# Input: list of priorities
# Operation: expects ${DEV} to contain those kernel priorities
assert_pri() {
local expected="$*"
- local actual=$(get_pri)
+ local actual
+ actual=$(get_pri)
[ "$actual" = "$expected" ] || \
error 1 "expected priority \"$expected\", actual priority \"$actual\""
}
# no kernels at all. This should do nothing.
-$CGPT create $MTD ${DEV}
+"${CGPT}" create "${MTD[@]}" ${DEV}
run_prioritize_tests() {
echo "Test the cgpt prioritize command..."
- $CGPT add $MTD -t rootfs -b 100 -s 1 ${DEV}
- $CGPT prioritize $MTD ${DEV}
+ "${CGPT}" add "${MTD[@]}" -t rootfs -b 100 -s 1 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" ${DEV}
assert_pri ""
# common install/upgrade sequence
make_pri 2 0 0
- $CGPT prioritize $MTD -i 1 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 1 ${DEV}
assert_pri 1 0 0
- $CGPT prioritize $MTD -i 2 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 2 ${DEV}
assert_pri 1 2 0
- $CGPT prioritize $MTD -i 1 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 1 ${DEV}
assert_pri 2 1 0
- $CGPT prioritize $MTD -i 2 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 2 ${DEV}
assert_pri 1 2 0
# lots of kernels, all same starting priority, should go to priority 1
make_pri 8 8 8 8 8 8 8 8 8 8 8 0 0 8
- $CGPT prioritize $MTD ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" ${DEV}
assert_pri 1 1 1 1 1 1 1 1 1 1 1 0 0 1
# now raise them all up again
- $CGPT prioritize $MTD -P 4 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 4 ${DEV}
assert_pri 4 4 4 4 4 4 4 4 4 4 4 0 0 4
# set one of them higher, should leave the rest alone
- $CGPT prioritize $MTD -P 5 -i 3 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 5 -i 3 ${DEV}
assert_pri 4 4 5 4 4 4 4 4 4 4 4 0 0 4
# set one of them lower, should bring the rest down
- $CGPT prioritize $MTD -P 3 -i 4 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 3 -i 4 ${DEV}
assert_pri 1 1 2 3 1 1 1 1 1 1 1 0 0 1
# raise a group by including the friends of one partition
- $CGPT prioritize $MTD -P 6 -i 1 -f ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 6 -i 1 -f ${DEV}
assert_pri 6 6 4 5 6 6 6 6 6 6 6 0 0 6
# resurrect one, should not affect the others
make_pri 0 0 0 0 0 0 0 0 0 0 0 0 0 0
- $CGPT prioritize $MTD -i 2 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 2 ${DEV}
assert_pri 0 1 0 0 0 0 0 0 0 0 0 0 0 0
# resurrect one and all its friends
make_pri 0 0 0 0 0 0 0 0 1 2 0 0 0 0
- $CGPT prioritize $MTD -P 5 -i 2 -f ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 5 -i 2 -f ${DEV}
assert_pri 5 5 5 5 5 5 5 5 3 4 5 5 5 5
# no options should maintain the same order
- $CGPT prioritize $MTD ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" ${DEV}
assert_pri 3 3 3 3 3 3 3 3 1 2 3 3 3 3
# squish all the ranks
make_pri 1 1 2 2 3 3 4 4 5 5 0 6 7 7
- $CGPT prioritize $MTD -P 6 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 6 ${DEV}
assert_pri 1 1 1 1 2 2 3 3 4 4 0 5 6 6
# squish the ranks by not leaving room
make_pri 1 1 2 2 3 3 4 4 5 5 0 6 7 7
- $CGPT prioritize $MTD -P 7 -i 3 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 7 -i 3 ${DEV}
assert_pri 1 1 7 1 2 2 3 3 4 4 0 5 6 6
# squish the ranks while bringing the friends along
make_pri 1 1 2 2 3 3 4 4 5 5 0 6 7 7
- $CGPT prioritize $MTD -P 6 -i 3 -f ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 6 -i 3 -f ${DEV}
assert_pri 1 1 6 6 1 1 2 2 3 3 0 4 5 5
# squish them pretty hard
make_pri 1 1 2 2 3 3 4 4 5 5 0 6 7 7
- $CGPT prioritize $MTD -P 2 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 2 ${DEV}
assert_pri 1 1 1 1 1 1 1 1 1 1 0 1 2 2
# squish them really really hard (nobody gets reduced to zero, though)
make_pri 1 1 2 2 3 3 4 4 5 5 0 6 7 7
- $CGPT prioritize $MTD -P 1 -i 3 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -P 1 -i 3 ${DEV}
assert_pri 1 1 1 1 1 1 1 1 1 1 0 1 1 1
make_pri 15 15 14 14 13 13 12 12 11 11 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0
- $CGPT prioritize $MTD -i 3 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 3 ${DEV}
assert_pri 14 14 15 13 12 12 11 11 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 1 1 0
- $CGPT prioritize $MTD -i 5 ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 5 ${DEV}
assert_pri 13 13 14 12 15 11 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 1 1 1 1 0
# but if I bring friends I don't have to squish
- $CGPT prioritize $MTD -i 1 -f ${DEV}
+ "${CGPT}" prioritize "${MTD[@]}" -i 1 -f ${DEV}
assert_pri 15 15 13 12 14 11 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 1 1 1 1 0
}
run_prioritize_tests
echo "Test cgpt repair command"
-$CGPT repair $MTD ${DEV}
-($CGPT show $MTD ${DEV} | grep -q INVALID) && error
+"${CGPT}" repair "${MTD[@]}" ${DEV}
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q INVALID) && error
# Zero primary header and partition table and try to repair it.
dd if=/dev/zero of=${DEV} conv=notrunc bs=512 count=33 2>/dev/null
-$CGPT show $MTD ${DEV} | grep -q INVALID
-$CGPT repair $MTD ${DEV}
-($CGPT show $MTD ${DEV} | grep -q INVALID) && error
+"${CGPT}" show "${MTD[@]}" ${DEV} | grep -q INVALID
+"${CGPT}" repair "${MTD[@]}" ${DEV}
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q INVALID) && error
# Zero secondary header and partition table and try to repair it.
-dd if=/dev/zero of=${DEV} seek=$(($NUM_SECTORS - 33)) conv=notrunc bs=512 count=33 2>/dev/null
-$CGPT show $MTD ${DEV} | grep -q INVALID
-$CGPT repair $MTD ${DEV}
-($CGPT show $MTD ${DEV} | grep -q INVALID) && error
+dd if=/dev/zero of=${DEV} seek=$((NUM_SECTORS - 33)) conv=notrunc bs=512 \
+ count=33 2>/dev/null
+"${CGPT}" show "${MTD[@]}" ${DEV} | grep -q INVALID
+"${CGPT}" repair "${MTD[@]}" ${DEV}
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q INVALID) && error
echo "Test with IGNOREME primary GPT..."
-$CGPT create $MTD ${DEV}
-$CGPT legacy $MTD -p ${DEV}
-$CGPT show $MTD ${DEV} | egrep -q "IGNORED.*Pri GPT" 2>/dev/null
-($CGPT show $MTD ${DEV} | grep -q "Pri GPT table" 2>/dev/null) && error
-$CGPT repair $MTD ${DEV} 2>/dev/null
-$CGPT show $MTD ${DEV} | egrep -q "IGNORED.*Pri GPT" 2>/dev/null
-($CGPT show $MTD ${DEV} | grep -q "Pri GPT table" 2>/dev/null) && error
-$CGPT legacy $MTD -e ${DEV} 2>/dev/null
-($CGPT show $MTD ${DEV} | egrep -q "IGNORED.*Pri GPT") && error
-$CGPT show $MTD ${DEV} | grep -q "Pri GPT table"
-
-$CGPT create $MTD ${DEV}
-$CGPT legacy $MTD -p ${DEV}
+"${CGPT}" create "${MTD[@]}" ${DEV}
+"${CGPT}" legacy "${MTD[@]}" -p ${DEV}
+"${CGPT}" show "${MTD[@]}" ${DEV} | grep -q -E "IGNORED.*Pri GPT" 2>/dev/null
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q "Pri GPT table" 2>/dev/null) && \
+ error
+"${CGPT}" repair "${MTD[@]}" ${DEV} 2>/dev/null
+"${CGPT}" show "${MTD[@]}" ${DEV} | grep -q -E "IGNORED.*Pri GPT" 2>/dev/null
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q "Pri GPT table" 2>/dev/null) && \
+ error
+"${CGPT}" legacy "${MTD[@]}" -e ${DEV} 2>/dev/null
+("${CGPT}" show "${MTD[@]}" ${DEV} | grep -q -E "IGNORED.*Pri GPT") && error
+"${CGPT}" show "${MTD[@]}" ${DEV} | grep -q "Pri GPT table"
+
+"${CGPT}" create "${MTD[@]}" ${DEV}
+"${CGPT}" legacy "${MTD[@]}" -p ${DEV}
run_basic_tests 2>/dev/null
-$CGPT create $MTD ${DEV}
-$CGPT legacy $MTD -p ${DEV}
+"${CGPT}" create "${MTD[@]}" ${DEV}
+"${CGPT}" legacy "${MTD[@]}" -p ${DEV}
run_prioritize_tests 2>/dev/null
# Now make sure that we don't need write access if we're just looking.
@@ -341,48 +347,47 @@ echo "Test read vs read-write access..."
chmod 0444 ${DEV}
# These should fail
-$CGPT create $MTD -z ${DEV} 2>/dev/null && error
-$CGPT add $MTD -i 2 -P 3 ${DEV} 2>/dev/null && error
-$CGPT repair $MTD ${DEV} 2>/dev/null && error
-$CGPT prioritize $MTD -i 3 ${DEV} 2>/dev/null && error
+"${CGPT}" create "${MTD[@]}" -z ${DEV} 2>/dev/null && error
+"${CGPT}" add "${MTD[@]}" -i 2 -P 3 ${DEV} 2>/dev/null && error
+"${CGPT}" repair "${MTD[@]}" ${DEV} 2>/dev/null && error
+"${CGPT}" prioritize "${MTD[@]}" -i 3 ${DEV} 2>/dev/null && error
# Most 'boot' usage should fail too.
-$CGPT boot $MTD -p ${DEV} 2>/dev/null && error
+"${CGPT}" boot "${MTD[@]}" -p ${DEV} 2>/dev/null && error
dd if=/dev/zero of=fake_mbr.bin bs=100 count=1 2>/dev/null
-$CGPT boot $MTD -b fake_mbr.bin ${DEV} 2>/dev/null && error
-$CGPT boot $MTD -i 2 ${DEV} 2>/dev/null && error
+"${CGPT}" boot "${MTD[@]}" -b fake_mbr.bin ${DEV} 2>/dev/null && error
+"${CGPT}" boot "${MTD[@]}" -i 2 ${DEV} 2>/dev/null && error
-$CGPT boot $MTD ${DEV} >/dev/null
-$CGPT show $MTD ${DEV} >/dev/null
-$CGPT find $MTD -t kernel ${DEV} >/dev/null
+"${CGPT}" boot "${MTD[@]}" ${DEV} >/dev/null
+"${CGPT}" show "${MTD[@]}" ${DEV} >/dev/null
+"${CGPT}" find "${MTD[@]}" -t kernel ${DEV} >/dev/null
# Enable write access again to test boundary in off device storage
chmod 600 ${DEV}
# GPT too small
dd if=/dev/zero of=${DEV} bs=5632 count=1
-assert_fail $CGPT create -D 1024 ${DEV}
+assert_fail ""${CGPT}"" create -D 1024 ${DEV}
# GPT is just right for 16 entries (512 + 512 + 16 * 128) * 2 = 6144
dd if=/dev/zero of=${DEV} bs=6144 count=1
-$CGPT create -D 1024 ${DEV}
+"${CGPT}" create -D 1024 ${DEV}
# Create a small 8K file to simulate Flash NOR section
dd if=/dev/zero of=${DEV} bs=8K count=1
# Drive size is not multiple of 512
-assert_fail $CGPT create -D 511 ${DEV}
-assert_fail $CGPT create -D 513 ${DEV}
-MTD="-D 1024"
+assert_fail ""${CGPT}"" create -D 511 ${DEV}
+assert_fail ""${CGPT}"" create -D 513 ${DEV}
# Create a GPT table for a device of 1024 bytes (2 sectors)
-$CGPT create $MTD ${DEV}
+"${CGPT}" create -D 1024 ${DEV}
# Make sure number of entries is reasonable for 8KiB GPT
-X=$($CGPT show -D 1024 -d ${DEV} | grep -c "Number of entries: 24")
+X=$("${CGPT}" show -D 1024 -d ${DEV} | grep -c "Number of entries: 24")
[ "$X" = "2" ] || error
# This fails because header verification is off due to different drive size
-assert_fail $CGPT show ${DEV}
+assert_fail ""${CGPT}"" show ${DEV}
# But this passes because we pass in correct drive size
-$CGPT show $MTD ${DEV}
+"${CGPT}" show -D 1024 ${DEV}
# This fails because beginning sector is over the size of the device
-assert_fail $CGPT add $MTD -b 2 -s 1 -t data ${DEV}
+assert_fail ""${CGPT}"" add -D 1024 -b 2 -s 1 -t data ${DEV}
# This fails because partition size is over the size of the device
-assert_fail $CGPT add $MTD -b 0 -s 3 -t data ${DEV}
+assert_fail ""${CGPT}"" add -D 1024 -b 0 -s 3 -t data ${DEV}
echo "Done."
diff --git a/tests/run_preamble_tests.sh b/tests/run_preamble_tests.sh
index 429213c8..23902158 100755
--- a/tests/run_preamble_tests.sh
+++ b/tests/run_preamble_tests.sh
@@ -34,10 +34,8 @@ for d in $algs; do
for rr in $algs; do
if [ "$r" = "$rr" ]; then
what="verify"
- cmp="-ne"
else
what="reject"
- cmp="-eq"
fi
: $(( tests++ ))
echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... "
@@ -45,7 +43,9 @@ for d in $algs; do
--verify "${V2DIR}/fw_${d}_${r}.vblock" \
--signpubkey "${DATADIR}/root_${rr}.vbpubk" \
--fv "${DATADIR}/FWDATA" >/dev/null 2>&1
- if [ "$?" "$cmp" 0 ]; then
+ if [[ ( $? != 0 && $what == "verify" ) || \
+ ( $? == 0 && $what == "reject" ) ]]
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -62,17 +62,17 @@ for d in $algs; do
for rr in $algs; do
if [ "$r" = "$rr" ]; then
what="verify"
- cmp="-ne"
else
what="reject"
- cmp="-eq"
fi
: $(( tests++ ))
echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... "
"${FUTILITY}" vbutil_kernel \
--verify "${V2DIR}/kern_${d}_${r}.vblock" \
--signpubkey "${DATADIR}/root_${rr}.vbpubk" >/dev/null 2>&1
- if [ "$?" "$cmp" 0 ]; then
+ if [[ ( $? != 0 && $what == "verify" ) || \
+ ( $? == 0 && $what == "reject" ) ]]
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -88,9 +88,9 @@ for d in $algs; do
for r in $algs; do
: $(( tests++ ))
echo -n "verify kern_${d}_${r}.vblock with hash only ... "
- "${FUTILITY}" vbutil_kernel \
+ if ! "${FUTILITY}" vbutil_kernel \
--verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
- if [ "$?" -ne 0 ]; then
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
diff --git a/tests/run_vbutil_kernel_arg_tests.sh b/tests/run_vbutil_kernel_arg_tests.sh
index 95317ec4..6367662b 100755
--- a/tests/run_vbutil_kernel_arg_tests.sh
+++ b/tests/run_vbutil_kernel_arg_tests.sh
@@ -44,7 +44,7 @@ while [ "$k" -lt "${#KERN_VALS[*]}" ]; do
while [ "$b" -lt "${#BOOT_VALS[*]}" ]; do
echo -n "pack kern_${k}_${b}.vblock ... "
: $(( tests++ ))
- "${FUTILITY}" vbutil_kernel \
+ if ! "${FUTILITY}" vbutil_kernel \
--pack "${TMPDIR}/kern_${k}_${b}.vblock" \
--keyblock "${KEYBLOCK}" \
--signprivate "${SIGNPRIVATE}" \
@@ -53,7 +53,7 @@ while [ "$k" -lt "${#KERN_VALS[*]}" ]; do
--config "${CONFIG}" \
"${KERN_VALS[$k]}" \
"${BOOT_VALS[$k]}" >/dev/null
- if [ "$?" -ne 0 ]; then
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -65,12 +65,12 @@ while [ "$k" -lt "${#KERN_VALS[*]}" ]; do
done
# Now unpack it
-for v in ${TMPDIR}/kern_*.vblock; do
+for v in "${TMPDIR}"/kern_*.vblock; do
: $(( tests++ ))
vv=$(basename "$v")
echo -n "verify $vv ... "
- "${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null
- if [ "$?" -ne 0 ]; then
+ if ! "${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -78,9 +78,9 @@ for v in ${TMPDIR}/kern_*.vblock; do
fi
: $(( tests++ ))
echo -n "verify $vv signed ... "
- "${FUTILITY}" vbutil_kernel --verify "$v" \
+ if ! "${FUTILITY}" vbutil_kernel --verify "$v" \
--signpubkey "${SIGNPUBLIC}" >/dev/null
- if [ "$?" -ne 0 ]; then
+ then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -100,7 +100,7 @@ USB_SIGNPRIVATE="${DEVKEYS}/recovery_kernel_data_key.vbprivk"
USB_SIGNPUBKEY="${DEVKEYS}/recovery_key.vbpubk"
echo -n "pack USB kernel ... "
: $(( tests++ ))
-"${FUTILITY}" vbutil_kernel \
+if ! "${FUTILITY}" vbutil_kernel \
--pack "${USB_KERN}" \
--keyblock "${USB_KEYBLOCK}" \
--signprivate "${USB_SIGNPRIVATE}" \
@@ -109,7 +109,7 @@ echo -n "pack USB kernel ... "
--bootloader "${BIG}" \
--vmlinuz "${BIG}" \
--arch arm
-if [ "$?" -ne 0 ]; then
+then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -119,10 +119,10 @@ fi
# And verify it.
echo -n "verify USB kernel ... "
: $(( tests++ ))
-"${FUTILITY}" vbutil_kernel \
+if ! "${FUTILITY}" vbutil_kernel \
--verify "${USB_KERN}" \
--signpubkey "${USB_SIGNPUBKEY}" >/dev/null
-if [ "$?" -ne 0 ]; then
+then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -139,13 +139,13 @@ SSD_SIGNPRIVATE="${DEVKEYS}/kernel_data_key.vbprivk"
SSD_SIGNPUBKEY="${DEVKEYS}/kernel_subkey.vbpubk"
echo -n "repack to SSD kernel ... "
: $(( tests++ ))
-"${FUTILITY}" vbutil_kernel \
+if ! "${FUTILITY}" vbutil_kernel \
--repack "${SSD_KERN}" \
--vblockonly \
--keyblock "${SSD_KEYBLOCK}" \
--signprivate "${SSD_SIGNPRIVATE}" \
--oldblob "${TMPDIR}/usb_kern.bin" >/dev/null
-if [ "$?" -ne 0 ]; then
+then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -155,14 +155,14 @@ fi
# To verify it, we have to replace the vblock from the original image.
tempfile="${TMPDIR}/foo.bin"
cat "${SSD_KERN}" > "$tempfile"
-dd if="${USB_KERN}" bs=65536 skip=1 >> $tempfile 2>/dev/null
+dd if="${USB_KERN}" bs=65536 skip=1 >> "$tempfile" 2>/dev/null
echo -n "verify SSD kernel ... "
: $(( tests++ ))
-"${FUTILITY}" vbutil_kernel \
+if ! "${FUTILITY}" vbutil_kernel \
--verify "$tempfile" \
--signpubkey "${SSD_SIGNPUBKEY}" >/dev/null
-if [ "$?" -ne 0 ]; then
+then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
@@ -170,7 +170,7 @@ else
fi
# Finally make sure that the kernel command line stays good.
-orig=$(cat "${CONFIG}" | tr '\012' ' ')
+orig=$(tr '\012' ' ' < "${CONFIG}")
packed=$("${FUTILITY}" dump_kernel_config "${USB_KERN}")
echo -n "check USB kernel config ..."
: $(( tests++ ))
@@ -184,7 +184,7 @@ fi
repacked=$("${FUTILITY}" dump_kernel_config "${tempfile}")
echo -n "check SSD kernel config ..."
: $(( tests++ ))
-if [ "$orig" != "$packed" ]; then
+if [ "$orig" != "$repacked" ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh
index 84f66d1a..b9db2a7c 100755
--- a/tests/run_vbutil_tests.sh
+++ b/tests/run_vbutil_tests.sh
@@ -18,21 +18,19 @@ function test_vbutil_key_single {
echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:"
# Pack the key
- ${FUTILITY} vbutil_key \
- --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \
- --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \
+ if ! "${FUTILITY}" vbutil_key \
+ --pack "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk" \
+ --key "${TESTKEY_DIR}/key_rsa${keylen}.keyb" \
--version 1 \
- --algorithm $algonum
- if [ $? -ne 0 ]
+ --algorithm "${algonum}"
then
return_code=255
fi
# Unpack the key
# TODO: should verify we get the same key back out?
- ${FUTILITY} vbutil_key \
- --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk
- if [ $? -ne 0 ]
+ if ! "${FUTILITY}" vbutil_key \
+ --unpack "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk"
then
return_code=255
fi
@@ -40,12 +38,12 @@ function test_vbutil_key_single {
function test_vbutil_key_all {
algorithmcounter=0
- for keylen in ${key_lengths[@]}
+ for keylen in "${key_lengths[@]}"
do
- for hashalgo in ${hash_algos[@]}
+ for hashalgo in "${hash_algos[@]}"
do
- test_vbutil_key_single $algorithmcounter $keylen $hashalgo
- let algorithmcounter=algorithmcounter+1
+ test_vbutil_key_single "$algorithmcounter" "$keylen" "$hashalgo"
+ algorithmcounter=$((algorithmcounter + 1))
done
done
}
@@ -72,49 +70,45 @@ ${datahashalgo}${COL_STOP}"
keyblockfile="${TESTKEY_SCRATCH_DIR}/"
keyblockfile+="sign${signing_algonum}_data"
keyblockfile+="${data_algonum}.keyblock"
- rm -f ${keyblockfile}
+ rm -f "${keyblockfile}"
# Wrap private key
- ${FUTILITY} vbutil_key \
- --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk \
- --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \
- --algorithm $signing_algonum
- if [ $? -ne 0 ]
+ if ! "${FUTILITY}" vbutil_key \
+ --pack "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk" \
+ --key "${TESTKEY_DIR}/key_rsa${signing_keylen}.pem" \
+ --algorithm "${signing_algonum}"
then
echo -e "${COL_RED}Wrap vbprivk${COL_STOP}"
return_code=255
fi
# Wrap public key
- ${FUTILITY} vbutil_key \
- --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \
- --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \
- --algorithm $signing_algonum
- if [ $? -ne 0 ]
+ if ! "${FUTILITY}" vbutil_key \
+ --pack "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk" \
+ --key "${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb" \
+ --algorithm "${signing_algonum}"
then
echo -e "${COL_RED}Wrap vbpubk${COL_STOP}"
return_code=255
fi
# Pack
- ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \
+ if ! "${FUTILITY}" vbutil_keyblock --pack "${keyblockfile}" \
--datapubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk" \
--signprivate \
- ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk
- if [ $? -ne 0 ]
+ "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk"
then
echo -e "${COL_RED}Pack${COL_STOP}"
return_code=255
fi
# Unpack
- ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \
+ if ! "${FUTILITY}" vbutil_keyblock --unpack "${keyblockfile}" \
--datapubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2" \
--signpubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk
- if [ $? -ne 0 ]
+ "${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk"
then
echo -e "${COL_RED}Unpack${COL_STOP}"
return_code=255
@@ -122,8 +116,8 @@ ${datahashalgo}${COL_STOP}"
# Check
if ! cmp -s \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk" \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2"
then
echo -e "${COL_RED}Check${COL_STOP}"
return_code=255
@@ -134,27 +128,24 @@ ${datahashalgo}${COL_STOP}"
external signer.${COL_STOP}"
# Pack using external signer
# Pack
- ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \
+ if ! "${FUTILITY}" vbutil_keyblock --pack "${keyblockfile}" \
--datapubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk" \
--signprivate_pem \
- ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \
+ "${TESTKEY_DIR}/key_rsa${signing_keylen}.pem" \
--pem_algorithm "${signing_algonum}" \
--externalsigner "${SCRIPT_DIR}/external_rsa_signer.sh"
-
- if [ $? -ne 0 ]
then
echo -e "${COL_RED}Pack${COL_STOP}"
return_code=255
fi
# Unpack
- ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \
+ if ! "${FUTILITY}" vbutil_keyblock --unpack "${keyblockfile}" \
--datapubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2" \
--signpubkey \
- ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algonum}.vbpubk
- if [ $? -ne 0 ]
+ "${TESTKEY_SCRATCH_DIR}/key_alg${signing_algonum}.vbpubk"
then
echo -e "${COL_RED}Unpack${COL_STOP}"
return_code=255
@@ -162,8 +153,8 @@ external signer.${COL_STOP}"
# Check
if ! cmp -s \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
- ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk" \
+ "${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2"
then
echo -e "${COL_RED}Check${COL_STOP}"
return_code=255
@@ -177,22 +168,22 @@ function test_vbutil_keyblock_all {
# kernel signing algorithm
signing_algorithmcounter=0
data_algorithmcounter=0
- for signing_keylen in ${key_lengths[@]}
+ for signing_keylen in "${key_lengths[@]}"
do
- for signing_hashalgo in ${hash_algos[@]}
+ for signing_hashalgo in "${hash_algos[@]}"
do
- let data_algorithmcounter=0
- for datakeylen in ${key_lengths[@]}
+ data_algorithmcounter=0
+ for datakeylen in "${key_lengths[@]}"
do
- for datahashalgo in ${hash_algos[@]}
+ for datahashalgo in "${hash_algos[@]}"
do
test_vbutil_keyblock_single \
- $signing_algorithmcounter $signing_keylen $signing_hashalgo \
- $data_algorithmcounter $data_keylen $data_hashalgo
- let data_algorithmcounter=data_algorithmcounter+1
+ "$signing_algorithmcounter" "$signing_keylen" "$signing_hashalgo" \
+ "$data_algorithmcounter" "$data_keylen" "$data_hashalgo"
+ data_algorithmcounter=$((data_algorithmcounter + 1))
done
done
- let signing_algorithmcounter=signing_algorithmcounter+1
+ signing_algorithmcounter=$((signing_algorithmcounter + 1))
done
done
}
@@ -223,4 +214,3 @@ else
fi
exit $return_code
-
diff --git a/tests/test_using_qemu.sh b/tests/test_using_qemu.sh
index 081d963e..5ed29740 100755
--- a/tests/test_using_qemu.sh
+++ b/tests/test_using_qemu.sh
@@ -24,11 +24,11 @@ sudo mount --bind /dev "${SYSROOT}/dev"
# Don't exit on error, so we can capture the error code
set +e
-sudo chroot ${SYSROOT} ${QEMU_RUN} \
+sudo chroot "${SYSROOT}" "${QEMU_RUN}" \
-E LD_LIBRARY_PATH=/lib64:/lib:/usr/lib64:/usr/lib \
- -E HOME=${HOME} \
- -E BUILD=${BUILD_RUN} \
- -- $*
+ -E HOME="${HOME}" \
+ -E BUILD="${BUILD_RUN}" \
+ -- "$@"
exit_code=$?
set -e
diff --git a/tests/vb2_firmware_tests.sh b/tests/vb2_firmware_tests.sh
index 88b6e6a8..51803e22 100755
--- a/tests/vb2_firmware_tests.sh
+++ b/tests/vb2_firmware_tests.sh
@@ -50,34 +50,41 @@ run_test()
local fw_algo=$2
local kern_algo=$3
- local root_rsa="$(algo_to_rsa ${root_algo})"
- local fw_rsa="$(algo_to_rsa ${fw_algo})"
- local kern_rsa="$(algo_to_rsa ${kern_algo})"
-
- local root_sha="$(algo_to_sha ${root_algo})"
- local fw_sha="$(algo_to_sha ${fw_algo})"
- local kern_sha="$(algo_to_sha ${kern_algo})"
+ local root_rsa
+ local fw_rsa
+ local kern_rsa
+ root_rsa="$(algo_to_rsa "${root_algo}")"
+ fw_rsa="$(algo_to_rsa "${fw_algo}")"
+ kern_rsa="$(algo_to_rsa "${kern_algo}")"
+
+ local root_sha
+ local fw_sha
+ root_sha="$(algo_to_sha "${root_algo}")"
+ fw_sha="$(algo_to_sha "${fw_algo}")"
# Pack keys using original vboot utilities
- ${FUTILITY} vbutil_key --pack rootkey.test \
- --key "${TESTKEY_DIR}/key_${root_rsa}.keyb" --algorithm ${root_algo}
- ${FUTILITY} vbutil_key --pack fwsubkey.test \
- --key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" --algorithm ${fw_algo}
- ${FUTILITY} vbutil_key --pack kernkey.test \
- --key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" --algorithm ${kern_algo}
+ "${FUTILITY}" vbutil_key --pack rootkey.test \
+ --key "${TESTKEY_DIR}/key_${root_rsa}.keyb" \
+ --algorithm "${root_algo}"
+ "${FUTILITY}" vbutil_key --pack fwsubkey.test \
+ --key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" \
+ --algorithm "${fw_algo}"
+ "${FUTILITY}" vbutil_key --pack kernkey.test \
+ --key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" \
+ --algorithm "${kern_algo}"
# Create a GBB with the root key
- ${FUTILITY} gbb -c 128,2400,0,0 gbb.test
- ${FUTILITY} gbb gbb.test -s --hwid='Test GBB' \
+ "${FUTILITY}" gbb -c 128,2400,0,0 gbb.test
+ "${FUTILITY}" gbb gbb.test -s --hwid='Test GBB' \
--rootkey=rootkey.test
# Keyblock with firmware subkey is signed by root key
- ${FUTILITY} vbutil_keyblock --pack keyblock.test \
+ "${FUTILITY}" vbutil_keyblock --pack keyblock.test \
--datapubkey fwsubkey.test \
--signprivate "${TESTKEY_DIR}/key_${root_rsa}.${root_sha}.vbprivk"
# Firmware preamble is signed with the firmware subkey
- ${FUTILITY} vbutil_firmware \
+ "${FUTILITY}" vbutil_firmware \
--vblock vblock.test \
--keyblock keyblock.test \
--signprivate "${TESTKEY_DIR}/key_${fw_rsa}.${fw_sha}.vbprivk" \
@@ -89,7 +96,7 @@ run_test()
"(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
# Verify the firmware using vboot2 checks
- ${BUILD_RUN}/tests/vb20_verify_fw gbb.test vblock.test body.test
+ "${BUILD_RUN}/tests/vb20_verify_fw" gbb.test vblock.test body.test
happy 'vb2_verify_fw succeeded'
}
diff --git a/tests/vb2_rsa_tests.sh b/tests/vb2_rsa_tests.sh
index 903d38da..58d99b2c 100755
--- a/tests/vb2_rsa_tests.sh
+++ b/tests/vb2_rsa_tests.sh
@@ -16,24 +16,24 @@ TEST_FILE=${TESTCASE_DIR}/test_file
function test_signatures {
algorithmcounter=0
- for keylen in ${key_lengths[@]}
+ for keylen in "${key_lengths[@]}"
do
- for hashalgo in ${hash_algos[@]}
+ for hashalgo in "${hash_algos[@]}"
do
echo -e "For ${COL_YELLOW}RSA-$keylen and $hashalgo${COL_STOP}:"
- ${BIN_DIR}/verify_data $algorithmcounter \
- ${TESTKEY_DIR}/key_rsa${keylen}.keyb \
- ${TEST_FILE}.rsa${keylen}_${hashalgo}.sig \
- ${TEST_FILE}
- if [ $? -ne 0 ]
+ if ! "${BIN_DIR}/verify_data" "$algorithmcounter" \
+ "${TESTKEY_DIR}/key_rsa${keylen}.keyb" \
+ "${TEST_FILE}.rsa${keylen}_${hashalgo}.sig" \
+ "${TEST_FILE}"
then
return_code=255
fi
- let algorithmcounter=algorithmcounter+1
+ algorithmcounter=$((algorithmcounter + 1))
done
done
echo -e "Peforming ${COL_YELLOW}PKCS #1 v1.5 Padding Tests${COL_STOP}..."
- ${TEST_DIR}/vb20_rsa_padding_tests ${TESTKEY_DIR}/rsa_padding_test_pubkey.keyb
+ "${TEST_DIR}/vb20_rsa_padding_tests" \
+ "${TESTKEY_DIR}/rsa_padding_test_pubkey.keyb"
}
check_test_keys
@@ -41,4 +41,3 @@ echo "Testing signature verification..."
test_signatures
exit $return_code
-