From 0bbc17c69aea80d3c25b7170f296ff9adb980b30 Mon Sep 17 00:00:00 2001
From: Paul Taysom <taysom@chromium.org>
Date: Fri, 16 Nov 2012 09:06:06 -0800
Subject: Added handling of regex for dm params

To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.

BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none

Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
---
 scripts/image_signing/ensure_secure_kernelparams.sh | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'scripts/image_signing')

diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh
index 0f15490f..5f06e2e7 100755
--- a/scripts/image_signing/ensure_secure_kernelparams.sh
+++ b/scripts/image_signing/ensure_secure_kernelparams.sh
@@ -73,6 +73,10 @@ main() {
 
     local image="$1"
 
+    # A byte that should not appear in the command line to use as a sed
+    # marker when doing regular expression replacements.
+    local M=$'\001'
+
     # Default config location: same name/directory as this script,
     # with a .config file extension, ie ensure_secure_kernelparams.config.
     local configfile="$(dirname "$0")/${0/%.sh/.config}"
@@ -101,6 +105,7 @@ main() {
     eval "optional_kparams=(\"\${optional_kparams_$board[@]}\")"
     eval "optional_kparams_regex=(\"\${optional_kparams_regex_$board[@]}\")"
     eval "required_dmparams=(\"\${required_dmparams_$board[@]}\")"
+    eval "required_dmparams_regex=(\"\${required_dmparams_regex_$board[@]}\")"
     output+="required_kparams=(\n"
     output+="$(printf "\t'%s'\n" "${required_kparams[@]}")\n)\n"
     output+="required_kparams_regex=(\n"
@@ -111,6 +116,8 @@ main() {
     output+="$(printf "\t'%s'\n" "${optional_kparams_regex[@]}")\n)\n"
     output+="required_dmparams=(\n"
     output+="$(printf "\t'%s'\n" "${required_dmparams[@]}")\n)\n"
+    output+="required_dmparams_regex=(\n"
+    output+="$(printf "\t'%s'\n" "${required_dmparams_regex[@]}")\n)\n"
 
     # Divide the dm params from the rest and process seperately.
     local kparams=$(dump_kernel_config "$kernelblob")
@@ -124,25 +131,29 @@ main() {
     mangled_dmparams=$(dmparams_mangle "${dmparams}")
     output+="\nmangled_dmparams='${mangled_dmparams}'\n"
     # Special-case handling of the dm= param:
+    testfail=1
     for expected_dmparams in "${required_dmparams[@]}"; do
       # Filter out all dynamic parameters.
-      testfail=1
       if [ "$mangled_dmparams" = "$expected_dmparams" ]; then
         testfail=0
         break
       fi
     done
 
+    for expected_dmparams in "${required_dmparams_regex[@]}"; do
+      if [[ -z $(echo "${mangled_dmparams}" | \
+           sed "s${M}^${expected_dmparams}\$${M}${M}") ]]; then
+        testfail=0
+        break
+      fi
+    done
+
     if [ $testfail -eq 1 ]; then
         echo "Kernel dm= parameter does not match any expected values!"
         echo "Actual:   $dmparams"
         echo "Expected: ${required_dmparams[@]}"
     fi
 
-    # A byte that should not appear in the command line to use as a sed
-    # marker when doing regular expression replacements.
-    M=$'\001'
-
     # Ensure all other required params are present.
     for param in "${required_kparams[@]}"; do
         if [[ "$kparams_nodm" != *$param* ]]; then
-- 
cgit v1.2.1