From 64ef69c48da1cdd227b169accb5f576247cd8a89 Mon Sep 17 00:00:00 2001
From: Bill Richardson <wfrichar@chromium.org>
Date: Mon, 6 Oct 2014 10:33:12 -0700
Subject: futility: return the correct size of kernel blob within partition

When modifying a kernel partition in-place, make sure we only
sign enough bytes to cover the kernel blob, not the entire
partition.

Also added a test for that case.

BUG=chromium:418647
BRANCH=none
TEST=make runtests

Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id89ff3845fe5178ee13f431d99868821fcad3248
Reviewed-on: https://chromium-review.googlesource.com/233038
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 tests/futility/test_sign_kernel.sh | 199 +++++++++++++++++++++++++++++--------
 1 file changed, 158 insertions(+), 41 deletions(-)

(limited to 'tests/futility')

diff --git a/tests/futility/test_sign_kernel.sh b/tests/futility/test_sign_kernel.sh
index fdc4daf5..ebc50fc9 100755
--- a/tests/futility/test_sign_kernel.sh
+++ b/tests/futility/test_sign_kernel.sh
@@ -15,14 +15,15 @@ echo "hi there" > ${TMP}.config.txt
 echo "hello boys" > ${TMP}.config2.txt
 dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader.bin
 dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader2.bin
+dd if=/dev/urandom bs=1M count=16 of=${TMP}.kern_partition
 
 # default padding
-padding=65536
+padding=49152
 
 try_arch () {
   local arch=$1
 
-  echo -n "${arch}.a " 1>&3
+  echo -n "${arch}: 1 " 1>&3
 
   # pack it up the old way
   ${FUTILITY} vbutil_kernel --debug \
@@ -34,17 +35,16 @@ try_arch () {
     --bootloader ${TMP}.bootloader.bin \
     --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \
     --arch ${arch} \
+    --pad ${padding} \
     --kloadaddr 0x11000
 
   # verify the old way
   ${FUTILITY} vbutil_kernel --verify ${TMP}.blob1.${arch} \
-    --signpubkey ${DEVKEYS}/recovery_key.vbpubk
-  ${FUTILITY} vbutil_kernel2 --verify ${TMP}.blob1.${arch} \
-    --signpubkey ${DEVKEYS}/recovery_key.vbpubk --debug
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify1
 
   # pack it up the new way
-  ${FUTILITY} vbutil_kernel2 --debug \
-    --pack ${TMP}.blob2.${arch} \
+  ${FUTILITY} sign --debug \
     --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
     --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
     --version 1 \
@@ -52,44 +52,80 @@ try_arch () {
     --bootloader ${TMP}.bootloader.bin \
     --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \
     --arch ${arch} \
-    --kloadaddr 0x11000
+    --pad ${padding} \
+    --kloadaddr 0x11000 \
+    --outfile ${TMP}.blob2.${arch}
+
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.blob2.${arch} \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify2
 
   # they should be identical
   cmp ${TMP}.blob1.${arch} ${TMP}.blob2.${arch}
+  diff ${TMP}.verify1 ${TMP}.verify2
+
+  echo -n "2 " 1>&3
 
   # repack it the old way
-  ${FUTILITY} vbutil_kernel \
+  ${FUTILITY} vbutil_kernel --debug \
     --repack ${TMP}.blob3.${arch} \
     --oldblob ${TMP}.blob1.${arch} \
     --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
     --keyblock ${DEVKEYS}/kernel.keyblock \
     --version 2 \
+    --pad ${padding} \
     --config ${TMP}.config2.txt \
     --bootloader ${TMP}.bootloader2.bin
 
   # verify the old way
   ${FUTILITY} vbutil_kernel --verify ${TMP}.blob3.${arch} \
-    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk
-  ${FUTILITY} vbutil_kernel2 --verify ${TMP}.blob3.${arch} \
-    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify3
 
   # repack it the new way
-  ${FUTILITY} vbutil_kernel2 \
-    --repack ${TMP}.blob4.${arch} \
-    --oldblob ${TMP}.blob2.${arch} \
+  ${FUTILITY} sign --debug \
     --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
     --keyblock ${DEVKEYS}/kernel.keyblock \
     --version 2 \
+    --pad ${padding} \
     --config ${TMP}.config2.txt \
-    --bootloader ${TMP}.bootloader2.bin
+    --bootloader ${TMP}.bootloader2.bin \
+    ${TMP}.blob2.${arch} \
+    ${TMP}.blob4.${arch}
+
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.blob4.${arch} \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify4
 
   # they should be identical
   cmp ${TMP}.blob3.${arch} ${TMP}.blob4.${arch}
+  diff ${TMP}.verify3 ${TMP}.verify4
+
+  echo -n "3 " 1>&3
+
+  # repack it the new way, in-place
+  cp ${TMP}.blob2.${arch} ${TMP}.blob5.${arch}
+  ${FUTILITY} sign --debug \
+    --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
+    --keyblock ${DEVKEYS}/kernel.keyblock \
+    --version 2 \
+    --pad ${padding} \
+    --config ${TMP}.config2.txt \
+    --bootloader ${TMP}.bootloader2.bin \
+    ${TMP}.blob5.${arch}
+
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.blob5.${arch} \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify5
+
+  # they should be identical
+  cmp ${TMP}.blob3.${arch} ${TMP}.blob5.${arch}
+  diff ${TMP}.verify3 ${TMP}.verify5
 
   # and now just the vblocks...
-  echo -n "${arch}.v " 1>&3
+  echo -n "4 " 1>&3
 
-  dd bs=${padding} count=1 if=${TMP}.blob1.${arch} of=${TMP}.blob1.${arch}.vb0
+  # pack the old way
   ${FUTILITY} vbutil_kernel \
     --pack ${TMP}.blob1.${arch}.vb1 \
     --vblockonly \
@@ -100,13 +136,15 @@ try_arch () {
     --bootloader ${TMP}.bootloader.bin \
     --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \
     --arch ${arch} \
+    --pad ${padding} \
     --kloadaddr 0x11000
+
+  # compare this new vblock with the one from the full pack
+  dd bs=${padding} count=1 if=${TMP}.blob1.${arch} of=${TMP}.blob1.${arch}.vb0
   cmp ${TMP}.blob1.${arch}.vb0 ${TMP}.blob1.${arch}.vb1
 
-  dd bs=${padding} count=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.vb0
-  ${FUTILITY} vbutil_kernel2 \
-    --pack ${TMP}.blob2.${arch}.vb1 \
-    --vblockonly \
+  # pack the new way
+  ${FUTILITY} sign --debug \
     --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
     --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
     --version 1 \
@@ -114,10 +152,18 @@ try_arch () {
     --bootloader ${TMP}.bootloader.bin \
     --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \
     --arch ${arch} \
-    --kloadaddr 0x11000
+    --pad ${padding} \
+    --kloadaddr 0x11000 \
+    --vblockonly \
+    ${TMP}.blob2.${arch}.vb1
+
+  # compare this new vblock with the one from the full pack
+  dd bs=${padding} count=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.vb0
   cmp ${TMP}.blob2.${arch}.vb0 ${TMP}.blob2.${arch}.vb1
 
-  dd bs=${padding} count=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.vb0
+  echo -n "5 " 1>&3
+
+  # now repack the old way, again emitting just the vblock
   ${FUTILITY} vbutil_kernel \
     --repack ${TMP}.blob3.${arch}.vb1 \
     --vblockonly \
@@ -125,39 +171,110 @@ try_arch () {
     --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
     --keyblock ${DEVKEYS}/kernel.keyblock \
     --version 2 \
+    --pad ${padding} \
     --config ${TMP}.config2.txt \
     --bootloader ${TMP}.bootloader2.bin
+
+  # compare the full repacked vblock with the new repacked vblock
+  dd bs=${padding} count=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.vb0
   cmp ${TMP}.blob3.${arch}.vb0 ${TMP}.blob3.${arch}.vb1
 
-  dd bs=${padding} count=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.vb0
-  ${FUTILITY} vbutil_kernel2 \
-    --repack ${TMP}.blob4.${arch}.vb1 \
+  # extract just the kernel blob
+  dd bs=${padding} skip=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.kb0
+  # and verify it using the new vblock (no way to do that with vbutil_kernel)
+  ${FUTILITY} verify --debug \
+    --pad ${padding} \
+    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+    --fv ${TMP}.blob3.${arch}.kb0 \
+    ${TMP}.blob3.${arch}.vb1 > ${TMP}.verify3v
+
+  # repack the new way
+  ${FUTILITY} sign --debug \
+    --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
+    --keyblock ${DEVKEYS}/kernel.keyblock \
+    --version 2 \
+    --config ${TMP}.config2.txt \
+    --bootloader ${TMP}.bootloader2.bin \
+    --pad ${padding} \
     --vblockonly \
-    --oldblob ${TMP}.blob2.${arch} \
+    ${TMP}.blob2.${arch} \
+    ${TMP}.blob4.${arch}.vb1 \
+
+  # compare the full repacked vblock with the new repacked vblock
+  dd bs=${padding} count=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.vb0
+  cmp ${TMP}.blob4.${arch}.vb0 ${TMP}.blob4.${arch}.vb1
+
+  # extract just the kernel blob
+  dd bs=${padding} skip=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.kb0
+  # and verify it using the new vblock (no way to do that with vbutil_kernel)
+  ${FUTILITY} verify --debug \
+    --pad ${padding} \
+    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+    --fv ${TMP}.blob4.${arch}.kb0 \
+    ${TMP}.blob4.${arch}.vb1 > ${TMP}.verify4v
+
+
+  echo -n "6 " 1>&3
+
+  # Now lets repack some kernel partitions, not just blobs.
+  cp ${TMP}.kern_partition ${TMP}.part1.${arch}
+  dd if=${TMP}.blob1.${arch} of=${TMP}.part1.${arch} conv=notrunc
+
+  # Make sure the partitions verify
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.part1.${arch} \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/recovery_key.vbpubk > ${TMP}.verify6
+
+  # The partition should verify the same way as the blob
+  diff ${TMP}.verify1 ${TMP}.verify6
+
+  # repack it the old way
+  ${FUTILITY} vbutil_kernel --debug \
+    --repack ${TMP}.part6.${arch} \
+    --oldblob ${TMP}.part1.${arch} \
     --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
     --keyblock ${DEVKEYS}/kernel.keyblock \
     --version 2 \
+    --pad ${padding} \
     --config ${TMP}.config2.txt \
     --bootloader ${TMP}.bootloader2.bin
-  cmp ${TMP}.blob4.${arch}.vb0 ${TMP}.blob4.${arch}.vb1
 
+  # verify the old way
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.part6.${arch} \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify6.old
+
+  # this "partition" should actually be the same as the old-way blob
+  cmp ${TMP}.blob3.${arch} ${TMP}.part6.${arch}
+
+  # repack it the new way, in-place
+  cp ${TMP}.part1.${arch} ${TMP}.part6.${arch}.new1
+  ${FUTILITY} sign --debug \
+    --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \
+    --keyblock ${DEVKEYS}/kernel.keyblock \
+    --version 2 \
+    --pad ${padding} \
+    --config ${TMP}.config2.txt \
+    --bootloader ${TMP}.bootloader2.bin \
+    ${TMP}.part6.${arch}.new1
+
+  ${FUTILITY} vbutil_kernel --verify ${TMP}.part6.${arch}.new1 \
+    --pad ${padding} \
+    --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk > ${TMP}.verify6.new1
+
+  # The verification should be indentical
+  diff ${TMP}.verify6.old ${TMP}.verify6.new1
+  # But the content should only match up to the size of the kernel blob, since
+  # we're modifying an entire partition in-place.
+  blobsize=$(stat -c '%s' ${TMP}.part6.${arch})
+  cmp -n ${blobsize} ${TMP}.part6.${arch} ${TMP}.part6.${arch}.new1
+  # The rest of the partition should be unchanged.
+  cmp -i ${blobsize} ${TMP}.part1.${arch} ${TMP}.part6.${arch}.new1
 
   # Note: We specifically do not test repacking with a different --kloadaddr,
   # because the old way has a bug and does not update params->cmd_line_ptr to
   # point at the new on-disk location. Apparently (and not surprisingly), no
   # one has ever done that.
-
-#HEY  # pack it up the new way
-#HEY  ${FUTILITY} sign --debug \
-#HEY    --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \
-#HEY    --config ${TMP}.config.txt \
-#HEY    --bootloader ${TMP}.bootloader.bin \
-#HEY    --arch ${arch} \
-#HEY    --keyblock ${DEVKEYS}/recovery_kernel.keyblock \
-#HEY    --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \
-#HEY    --version 1 \
-#HEY    --outfile ${TMP}.blob2.${arch}
-
 }
 
 try_arch amd64
-- 
cgit v1.2.1