summaryrefslogtreecommitdiff
path: root/tests/futility/test_sign_firmware.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/futility/test_sign_firmware.sh')
-rwxr-xr-xtests/futility/test_sign_firmware.sh141
1 files changed, 71 insertions, 70 deletions
diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh
index 04eb385f..587eed9f 100755
--- a/tests/futility/test_sign_firmware.sh
+++ b/tests/futility/test_sign_firmware.sh
@@ -3,13 +3,13 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
-me=${0##*/}
-TMP="$me.tmp"
+me="${0##*/}"
+TMP="${me}.tmp"
# Work in scratch directory
cd "$OUTDIR"
-KEYDIR=${SRCDIR}/tests/devkeys
+KEYDIR="${SRCDIR}/tests/devkeys"
# The input BIOS images are all signed with MP keys. We resign them with dev
# keys, which means we can precalculate the expected results. Note that the
@@ -22,10 +22,10 @@ ${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin
# We also want to test that we can sign an image without any valid firmware
# preambles. That one won't be able to tell how much of the FW_MAIN region is
# the valid firmware, so it'll have to sign the entire region.
-GOOD_VBLOCKS=${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin
+GOOD_VBLOCKS="${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin"
ONEMORE=bios_peppy_mp_no_vblock.bin
-cp ${GOOD_VBLOCKS} ${ONEMORE}
-${FUTILITY} load_fmap ${ONEMORE} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
+cp "${GOOD_VBLOCKS}" "${ONEMORE}"
+"${FUTILITY}" load_fmap "${ONEMORE}" VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
INFILES="${INFILES} ${ONEMORE}"
set -o pipefail
@@ -36,13 +36,13 @@ for infile in $INFILES; do
base=${infile##*/}
: $(( count++ ))
- echo -n "$count " 1>&3
+ echo -n "${count} " 1>&3
- outfile=${TMP}.${base}.new
+ outfile="${TMP}.${base}.new"
loemid="loem"
- loemdir=${TMP}.${base}_dir
+ loemdir="${TMP}.${base}_dir"
- mkdir -p ${loemdir}
+ mkdir -p "${loemdir}"
# resign_firmwarefd.sh works on BIOS image files. The args are:
#
@@ -71,102 +71,103 @@ for infile in $INFILES; do
#OLD ${loemdir} \
#OLD ${loemid}
- ${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
+ "${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
-v 14 \
-f 8 \
- -d ${loemdir} \
- -l ${loemid} \
- ${infile} ${outfile}
+ -d "${loemdir}" \
+ -l "${loemid}" \
+ "${infile}" "${outfile}"
# check the firmware version and preamble flags
- m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \
- | egrep 'Firmware version: +14$|Preamble flags: +8$' | wc -l)
- [ "$m" = "4" ]
+ m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${outfile}" | grep -c -E 'Firmware version: +14$|Preamble flags: +8$')
+ [ "${m}" = "4" ]
# check the sha1sums
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${outfile} \
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${outfile}" \
| grep sha1sum \
- | sed -e 's/.*: \+//' > ${TMP}.${base}.sha.new
- cmp ${SCRIPT_DIR}/futility/data_${base}_expect.txt ${TMP}.${base}.sha.new
+ | sed -e 's/.*: \+//' > "${TMP}.${base}.sha.new"
+ cmp "${SCRIPT_DIR}/futility/data_${base}_expect.txt" "${TMP}.${base}.sha.new"
# and the LOEM stuff
- ${FUTILITY} dump_fmap -x ${outfile} \
- FW_MAIN_A:${loemdir}/fw_main_A FW_MAIN_B:${loemdir}/fw_main_B \
- "Firmware A Data":${loemdir}/fw_main_A \
- "Firmware B Data":${loemdir}/fw_main_B
+ "${FUTILITY}" dump_fmap -x "${outfile}" \
+ "FW_MAIN_A:${loemdir}/fw_main_A" "FW_MAIN_B:${loemdir}/fw_main_B" \
+ "Firmware A Data:${loemdir}/fw_main_A" \
+ "Firmware B Data:${loemdir}/fw_main_B"
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \
- --fv ${loemdir}/fw_main_A \
- ${loemdir}/vblock_A.${loemid} | grep sha1sum \
- | sed -e 's/.*: \+//' > ${loemdir}/loem.sha.new
- ${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk \
- --fv ${loemdir}/fw_main_B \
- ${loemdir}/vblock_B.${loemid} | grep sha1sum \
- | sed -e 's/.*: \+//' >> ${loemdir}/loem.sha.new
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ --fv "${loemdir}/fw_main_A" \
+ "${loemdir}/vblock_A.${loemid}" | grep sha1sum \
+ | sed -e 's/.*: \+//' > "${loemdir}/loem.sha.new"
+ "${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ --fv "${loemdir}/fw_main_B" \
+ "${loemdir}/vblock_B.${loemid}" | grep sha1sum \
+ | sed -e 's/.*: \+//' >> "${loemdir}/loem.sha.new"
# the vblocks don't have root or recovery keys
- tail -4 ${SCRIPT_DIR}/futility/data_${base}_expect.txt > ${loemdir}/sha.expect
- cmp ${loemdir}/sha.expect ${loemdir}/loem.sha.new
+ tail -4 "${SCRIPT_DIR}/futility/data_${base}_expect.txt" \
+ > "${loemdir}/sha.expect"
+ cmp "${loemdir}/sha.expect" "${loemdir}/loem.sha.new"
done
# Make sure that the BIOS with the good vblocks signed the right size.
-GOOD_OUT=${TMP}.${GOOD_VBLOCKS##*/}.new
-MORE_OUT=${TMP}.${ONEMORE##*/}.new
+GOOD_OUT="${TMP}.${GOOD_VBLOCKS##*/}.new"
+MORE_OUT="${TMP}.${ONEMORE##*/}.new"
-${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${GOOD_OUT} \
- | awk '/Firmware body size:/ {print $4}' > ${TMP}.good.body
-${FUTILITY} dump_fmap -p ${GOOD_OUT} \
- | awk '/FW_MAIN_/ {print $3}' > ${TMP}.good.fw_main
+"${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${GOOD_OUT}" \
+ | awk '/Firmware body size:/ {print $4}' > "${TMP}.good.body"
+"${FUTILITY}" dump_fmap -p "${GOOD_OUT}" \
+ | awk '/FW_MAIN_/ {print $3}' > "${TMP}.good.fw_main"
# This should fail because they're different
-if cmp ${TMP}.good.body ${TMP}.good.fw_main; then false; fi
+if cmp "${TMP}.good.body" "${TMP}.good.fw_main"; then false; fi
# Make sure that the BIOS with the bad vblocks signed the whole fw body
-${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT} \
- | awk '/Firmware body size:/ {print $4}' > ${TMP}.onemore.body
-${FUTILITY} dump_fmap -p ${MORE_OUT} \
- | awk '/FW_MAIN_/ {print $3}' > ${TMP}.onemore.fw_main
+"${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" "${MORE_OUT}" \
+ | awk '/Firmware body size:/ {print $4}' > "${TMP}.onemore.body"
+"${FUTILITY}" dump_fmap -p "${MORE_OUT}" \
+ | awk '/FW_MAIN_/ {print $3}' > "${TMP}.onemore.fw_main"
# These should match
-cmp ${TMP}.onemore.body ${TMP}.onemore.fw_main
-cmp ${TMP}.onemore.body ${TMP}.good.fw_main
+cmp "${TMP}.onemore.body" "${TMP}.onemore.fw_main"
+cmp "${TMP}.onemore.body" "${TMP}.good.fw_main"
# Sign the last one again but don't specify the version or the preamble flags.
# The version should default to 1, but the preamble flags should be preserved.
: $(( count++ ))
-echo -n "$count " 1>&3
+echo -n "${count} " 1>&3
-${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
- ${MORE_OUT} ${MORE_OUT}.2
+"${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
+ "${MORE_OUT}" "${MORE_OUT}.2"
-m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.2 \
- | egrep 'Firmware version: +1$|Preamble flags: +8$' | wc -l)
-[ "$m" = "4" ]
+m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${MORE_OUT}.2" | grep -c -E 'Firmware version: +1$|Preamble flags: +8$')
+[ "${m}" = "4" ]
# If the original preamble is not present, the preamble flags should be zero.
: $(( count++ ))
-echo -n "$count " 1>&3
+echo -n "${count} " 1>&3
-${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
-${FUTILITY} sign \
- -s ${KEYDIR}/firmware_data_key.vbprivk \
- -b ${KEYDIR}/firmware.keyblock \
- -k ${KEYDIR}/kernel_subkey.vbpubk \
- ${MORE_OUT} ${MORE_OUT}.3
+"${FUTILITY}" load_fmap "${MORE_OUT}" VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
+"${FUTILITY}" sign \
+ -s "${KEYDIR}/firmware_data_key.vbprivk" \
+ -b "${KEYDIR}/firmware.keyblock" \
+ -k "${KEYDIR}/kernel_subkey.vbpubk" \
+ "${MORE_OUT}" "${MORE_OUT}.3"
-m=$(${FUTILITY} verify --publickey ${KEYDIR}/root_key.vbpubk ${MORE_OUT}.3 \
- | egrep 'Firmware version: +1$|Preamble flags: +0$' | wc -l)
-[ "$m" = "4" ]
+m=$("${FUTILITY}" verify --publickey "${KEYDIR}/root_key.vbpubk" \
+ "${MORE_OUT}.3" | grep -c -E 'Firmware version: +1$|Preamble flags: +0$')
+[ "${m}" = "4" ]
# cleanup
-rm -rf ${TMP}* ${ONEMORE}
+rm -rf "${TMP}"* "${ONEMORE}"
exit 0
View Lorry Controller Status