From 3000736e2da72115f1350b6d9c0c66d208ddd1be Mon Sep 17 00:00:00 2001 From: Jakub Czapiga Date: Tue, 12 Apr 2022 14:49:22 +0200 Subject: futility: Remove --devsign and --devkeyblock This feature has not been needed since pre-2012 devices which have long since reached their end of life. We can safely remove it to simplify the code. Also remove ZGB image, as it is no longer needed. BUG=b:197114807 TEST=sudo FEATURES=test emerge vboot_reference BRANCH=none Signed-off-by: Jakub Czapiga Cq-Depend: chromium:3650757 Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862 Disallow-Recycled-Builds: test-failures Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968 Commit-Queue: Jakub Czapiga Auto-Submit: Jakub Czapiga Tested-by: Jakub Czapiga Reviewed-by: Julius Werner --- tests/futility/data/README | 1 - tests/futility/data/bios_zgb_mp.bin | Bin 4194304 -> 0 bytes tests/futility/data_bios_zgb_mp.bin_expect.txt | 6 -- .../show.tests_futility_data_bios_peppy_mp.bin | 63 +++++++++++++++++++++ .../show.tests_futility_data_bios_zgb_mp.bin | 63 --------------------- tests/futility/test_file_types.c | 2 +- tests/futility/test_file_types.sh | 2 +- tests/futility/test_show_contents.sh | 2 +- tests/futility/test_sign_firmware.sh | 14 ----- 9 files changed, 66 insertions(+), 87 deletions(-) delete mode 100644 tests/futility/data/bios_zgb_mp.bin delete mode 100644 tests/futility/data_bios_zgb_mp.bin_expect.txt create mode 100644 tests/futility/expect_output/show.tests_futility_data_bios_peppy_mp.bin delete mode 100644 tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin (limited to 'tests') diff --git a/tests/futility/data/README b/tests/futility/data/README index 57038c37..933de029 100644 --- a/tests/futility/data/README +++ b/tests/futility/data/README @@ -1,5 +1,4 @@ These are officially signed BIOS images from existing Chromebooks. - bios_zgb_mp.bin RW firmware A and B are different bios_link_mp.bin uses the RO_NORMAL flag to skip RW firmware validation bios_peppy_mp.bin doesn't do any of those things diff --git a/tests/futility/data/bios_zgb_mp.bin b/tests/futility/data/bios_zgb_mp.bin deleted file mode 100644 index c85d8202..00000000 Binary files a/tests/futility/data/bios_zgb_mp.bin and /dev/null differ diff --git a/tests/futility/data_bios_zgb_mp.bin_expect.txt b/tests/futility/data_bios_zgb_mp.bin_expect.txt deleted file mode 100644 index 2a021ce1..00000000 --- a/tests/futility/data_bios_zgb_mp.bin_expect.txt +++ /dev/null @@ -1,6 +0,0 @@ -9f59876c7f7dc881f02d934786c6b7c2c17dcaac -9bd99a594c45b6739899a17ec29ac2289ee75463 -a0e4415cd4e271802504cce3a211b54562178fc8 -5d2b220899c4403d564092ada3f12d3cc4483223 -e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450 -5d2b220899c4403d564092ada3f12d3cc4483223 diff --git a/tests/futility/expect_output/show.tests_futility_data_bios_peppy_mp.bin b/tests/futility/expect_output/show.tests_futility_data_bios_peppy_mp.bin new file mode 100644 index 00000000..88733c9e --- /dev/null +++ b/tests/futility/expect_output/show.tests_futility_data_bios_peppy_mp.bin @@ -0,0 +1,63 @@ +BIOS: tests/futility/data/bios_peppy_mp.bin +GBB header: GBB + Version: 1.1 + Flags: 0x00000039 + Regions: offset size + hwid 0x00000080 0x00000100 + bmpvf 0x00001180 0x000ece80 + rootkey 0x00000180 0x00001000 + recovery_key 0x000ee000 0x00001000 + Size: 0x000ef000 / 0x000ef000 +GBB content: + HWID: X86 PEPPY TEST 4211 + digest: + Root Key: + Vboot API: 1.0 + Algorithm: 11 RSA8192 SHA512 + Key Version: 1 + Key sha1sum: fc68bcb88bf9af1907289a9f377d658b3b9fe5b0 + Recovery Key: + Vboot API: 1.0 + Algorithm: 11 RSA8192 SHA512 + Key Version: 1 + Key sha1sum: bf39d0d3e30cbf6a121416d04df4603ad5310779 +Firmware body: FW_MAIN_A + Offset: 0x00210000 + Size: 0x000c0000 +Firmware body: FW_MAIN_B + Offset: 0x00300000 + Size: 0x000c0000 +Keyblock: VBLOCK_A + Signature: valid + Size: 0x8b8 + Flags: 7 !DEV DEV !REC + Data key algorithm: 8 RSA4096 SHA512 + Data key version: 1 + Data key sha1sum: f917ad29e36aa8a286f978c1aa0550ea31c6a561 +Firmware Preamble: + Size: 2164 + Header version: 2.1 + Firmware version: 2 + Kernel key algorithm: 7 RSA4096 SHA256 + Kernel key version: 2 + Kernel key sha1sum: cc05423373b76acbec23ec45dfa3696a2ea6dc0f + Firmware body size: 146456 + Preamble flags: 0 +Body verification succeeded. +Keyblock: VBLOCK_B + Signature: valid + Size: 0x8b8 + Flags: 7 !DEV DEV !REC + Data key algorithm: 8 RSA4096 SHA512 + Data key version: 1 + Data key sha1sum: f917ad29e36aa8a286f978c1aa0550ea31c6a561 +Firmware Preamble: + Size: 2164 + Header version: 2.1 + Firmware version: 2 + Kernel key algorithm: 7 RSA4096 SHA256 + Kernel key version: 2 + Kernel key sha1sum: cc05423373b76acbec23ec45dfa3696a2ea6dc0f + Firmware body size: 146456 + Preamble flags: 0 +Body verification succeeded. diff --git a/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin b/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin deleted file mode 100644 index 2f9f8073..00000000 --- a/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin +++ /dev/null @@ -1,63 +0,0 @@ -BIOS: tests/futility/data/bios_zgb_mp.bin -GBB header: GBB - Version: 1.0 - Flags: 0x00000000 - Regions: offset size - hwid 0x00000080 0x00000100 - bmpvf 0x00001180 0x0003de80 - rootkey 0x00000180 0x00001000 - recovery_key 0x0003f000 0x00001000 - Size: 0x00040000 / 0x00040000 -GBB content: - HWID: {FA42644C-CF3A-4692-A9D3-1A667CB232E9} - digest: - Root Key: - Vboot API: 1.0 - Algorithm: 11 RSA8192 SHA512 - Key Version: 1 - Key sha1sum: 9f59876c7f7dc881f02d934786c6b7c2c17dcaac - Recovery Key: - Vboot API: 1.0 - Algorithm: 11 RSA8192 SHA512 - Key Version: 1 - Key sha1sum: 9bd99a594c45b6739899a17ec29ac2289ee75463 -Firmware body: FW_MAIN_A - Offset: 0x00030000 - Size: 0x000dffc0 -Firmware body: FW_MAIN_B - Offset: 0x00120000 - Size: 0x000dffc0 -Keyblock: VBLOCK_A - Signature: valid - Size: 0x8b8 - Flags: 6 DEV !REC - Data key algorithm: 8 RSA4096 SHA512 - Data key version: 1 - Data key sha1sum: a78aaa1691c2125ef8ccefa1a8a6bea92d38fae6 -Firmware Preamble: - Size: 2164 - Header version: 2.1 - Firmware version: 2 - Kernel key algorithm: 7 RSA4096 SHA256 - Kernel key version: 2 - Kernel key sha1sum: 0c9fd5b03ab47d37924ba8a7beb64039d84ed0e1 - Firmware body size: 917440 - Preamble flags: 0 -Body verification succeeded. -Keyblock: VBLOCK_B - Signature: valid - Size: 0x8b8 - Flags: 7 !DEV DEV !REC - Data key algorithm: 8 RSA4096 SHA512 - Data key version: 1 - Data key sha1sum: 4fe08ed739069d6834b68612eb707998a0825f34 -Firmware Preamble: - Size: 2164 - Header version: 2.1 - Firmware version: 2 - Kernel key algorithm: 7 RSA4096 SHA256 - Kernel key version: 2 - Kernel key sha1sum: 0c9fd5b03ab47d37924ba8a7beb64039d84ed0e1 - Firmware body size: 917440 - Preamble flags: 0 -Body verification succeeded. diff --git a/tests/futility/test_file_types.c b/tests/futility/test_file_types.c index d53760c3..17388cfd 100644 --- a/tests/futility/test_file_types.c +++ b/tests/futility/test_file_types.c @@ -26,7 +26,7 @@ static struct { {FILE_TYPE_KEYBLOCK, "tests/devkeys/kernel.keyblock"}, {FILE_TYPE_FW_PREAMBLE, "tests/futility/data/fw_vblock.bin"}, {FILE_TYPE_GBB, "tests/futility/data/fw_gbb.bin"}, - {FILE_TYPE_BIOS_IMAGE, "tests/futility/data/bios_zgb_mp.bin"}, + {FILE_TYPE_BIOS_IMAGE, "tests/futility/data/bios_peppy_mp.bin"}, {FILE_TYPE_KERN_PREAMBLE, "tests/futility/data/kern_preamble.bin"}, {FILE_TYPE_RAW_FIRMWARE, }, /* need a test for this */ {FILE_TYPE_RAW_KERNEL, }, /* need a test for this */ diff --git a/tests/futility/test_file_types.sh b/tests/futility/test_file_types.sh index 93c63913..c51e38f2 100755 --- a/tests/futility/test_file_types.sh +++ b/tests/futility/test_file_types.sh @@ -32,7 +32,7 @@ test_case "pubkey" "tests/devkeys/root_key.vbpubk" test_case "keyblock" "tests/devkeys/kernel.keyblock" test_case "fw_pre" "tests/futility/data/fw_vblock.bin" test_case "gbb" "tests/futility/data/fw_gbb.bin" -test_case "bios" "tests/futility/data/bios_zgb_mp.bin" +test_case "bios" "tests/futility/data/bios_peppy_mp.bin" test_case "kernel" "tests/futility/data/kern_preamble.bin" # We don't have a way to identify these (yet?) # test_case "RAW_FIRMWARE" diff --git a/tests/futility/test_show_contents.sh b/tests/futility/test_show_contents.sh index 1533ba4c..fddebe81 100755 --- a/tests/futility/test_show_contents.sh +++ b/tests/futility/test_show_contents.sh @@ -16,7 +16,7 @@ SHOW_FILES=" tests/devkeys/kernel.keyblock tests/futility/data/fw_vblock.bin tests/futility/data/fw_gbb.bin - tests/futility/data/bios_zgb_mp.bin + tests/futility/data/bios_peppy_mp.bin tests/futility/data/kern_preamble.bin tests/futility/data/sample.vbpubk2 tests/futility/data/sample.vbprik2 diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh index 8e303e32..04eb385f 100755 --- a/tests/futility/test_sign_firmware.sh +++ b/tests/futility/test_sign_firmware.sh @@ -30,17 +30,6 @@ INFILES="${INFILES} ${ONEMORE}" set -o pipefail -# We've removed dev_firmware keyblock and private keys from ToT test key dir. -# It's currently only available on few legacy (alex, zgb) devices' key folders -# on signer bot. Add them to ${KEYDIR} if you need to test that. -DEV_FIRMWARE_PARAMS="" -if [ -f "${KEYDIR}/dev_firmware.keyblock" ]; then - DEV_FIRMWARE_PARAMS=" - -S ${KEYDIR}/dev_firmware_data_key.vbprivk - -B ${KEYDIR}/dev_firmware.keyblock" - INFILES="${INFILES} ${SCRIPT_DIR}/futility/data/bios_zgb_mp.bin" -fi - count=0 for infile in $INFILES; do @@ -85,7 +74,6 @@ for infile in $INFILES; do ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ -v 14 \ -f 8 \ @@ -155,7 +143,6 @@ echo -n "$count " 1>&3 ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.2 @@ -172,7 +159,6 @@ ${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero ${FUTILITY} sign \ -s ${KEYDIR}/firmware_data_key.vbprivk \ -b ${KEYDIR}/firmware.keyblock \ - ${DEV_FIRMWARE_PARAMS} \ -k ${KEYDIR}/kernel_subkey.vbpubk \ ${MORE_OUT} ${MORE_OUT}.3 -- cgit v1.2.1