#!/bin/bash -u # # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. # # Quick test of vbutil_kernel args, to make sure we can pack and unpack # less-than-full-sized components. # # Load common constants and variables for tests. . "$(dirname "$0")/common.sh" # directories DEVKEYS="${ROOT_DIR}/tests/devkeys" DATA_DIR="${SCRIPT_DIR}/preamble_tests/data" TMPDIR="${TEST_DIR}/vbutil_kernel_arg_tests_dir" [ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}" # Arbitrarily chosen keys and config file. KEYBLOCK="${DATA_DIR}/kb_0_0.keyblock" SIGNPRIVATE="${DATA_DIR}/data_0.vbprivk" SIGNPUBLIC="${DATA_DIR}/root_0.vbpubk" CONFIG="${DATA_DIR}/dummy_config.txt" # Create some big and little files for the kernel and bootloader BIG="${TMPDIR}/big.bin" dd if=/dev/urandom bs=32768 count=1 of="${BIG}" 2>/dev/null SMALL="${TMPDIR}/small.bin" dd if=/dev/urandom bs=16 count=1 of="${SMALL}" 2>/dev/null declare -a KERN_VALS declare -a BOOT_VALS KERN_VALS=("--vmlinuz=${BIG}" "--vmlinuz=${SMALL}") BOOT_VALS=("--bootloader=${BIG}" "--bootloader=${SMALL}") tests=0 errs=0 # Pack a bunch of stuff k=0 while [ "$k" -lt "${#KERN_VALS[*]}" ]; do b=0 while [ "$b" -lt "${#BOOT_VALS[*]}" ]; do echo -n "pack kern_${k}_${b}.vblock ... " : $(( tests++ )) "${FUTILITY}" vbutil_kernel \ --pack "${TMPDIR}/kern_${k}_${b}.vblock" \ --keyblock "${KEYBLOCK}" \ --signprivate "${SIGNPRIVATE}" \ --version 1 \ --arch arm \ --config "${CONFIG}" \ "${KERN_VALS[$k]}" \ "${BOOT_VALS[$k]}" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi : $(( b++ )) done : $(( k++ )) done # Now unpack it for v in ${TMPDIR}/kern_*.vblock; do : $(( tests++ )) vv=$(basename "$v") echo -n "verify $vv ... " "${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi : $(( tests++ )) echo -n "verify $vv signed ... " "${FUTILITY}" vbutil_kernel --verify "$v" \ --signpubkey "${SIGNPUBLIC}" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi done # Test repacking a USB image for the SSD, the way the installer does. set -e # Pack for USB USB_KERN="${TMPDIR}/usb_kern.bin" USB_KEYBLOCK="${DEVKEYS}/recovery_kernel.keyblock" USB_SIGNPRIVATE="${DEVKEYS}/recovery_kernel_data_key.vbprivk" USB_SIGNPUBKEY="${DEVKEYS}/recovery_key.vbpubk" echo -n "pack USB kernel ... " : $(( tests++ )) "${FUTILITY}" vbutil_kernel \ --pack "${USB_KERN}" \ --keyblock "${USB_KEYBLOCK}" \ --signprivate "${USB_SIGNPRIVATE}" \ --version 1 \ --config "${CONFIG}" \ --bootloader "${BIG}" \ --vmlinuz "${BIG}" \ --arch arm if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi # And verify it. echo -n "verify USB kernel ... " : $(( tests++ )) "${FUTILITY}" vbutil_kernel \ --verify "${USB_KERN}" \ --signpubkey "${USB_SIGNPUBKEY}" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi # Now we re-sign the same image using the normal keys. This is the kernel # image that is put on the hard disk by the installer. Note: To save space on # the USB image, we're only emitting the new verfication block, and the # installer just replaces that part of the hard disk's kernel partition. SSD_KERN="${TMPDIR}/ssd_kern.bin" SSD_KEYBLOCK="${DEVKEYS}/kernel.keyblock" SSD_SIGNPRIVATE="${DEVKEYS}/kernel_data_key.vbprivk" SSD_SIGNPUBKEY="${DEVKEYS}/kernel_subkey.vbpubk" echo -n "repack to SSD kernel ... " : $(( tests++ )) "${FUTILITY}" vbutil_kernel \ --repack "${SSD_KERN}" \ --vblockonly \ --keyblock "${SSD_KEYBLOCK}" \ --signprivate "${SSD_SIGNPRIVATE}" \ --oldblob "${TMPDIR}/usb_kern.bin" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi # To verify it, we have to replace the vblock from the original image. tempfile="${TMPDIR}/foo.bin" cat "${SSD_KERN}" > "$tempfile" dd if="${USB_KERN}" bs=65536 skip=1 >> $tempfile 2>/dev/null echo -n "verify SSD kernel ... " : $(( tests++ )) "${FUTILITY}" vbutil_kernel \ --verify "$tempfile" \ --signpubkey "${SSD_SIGNPUBKEY}" >/dev/null if [ "$?" -ne 0 ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi # Finally make sure that the kernel command line stays good. orig=$(cat "${CONFIG}" | tr '\012' ' ') packed=$("${FUTILITY}" dump_kernel_config "${USB_KERN}") echo -n "check USB kernel config ..." : $(( tests++ )) if [ "$orig" != "$packed" ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi repacked=$("${FUTILITY}" dump_kernel_config "${tempfile}") echo -n "check SSD kernel config ..." : $(( tests++ )) if [ "$orig" != "$packed" ]; then echo -e "${COL_RED}FAILED${COL_STOP}" : $(( errs++ )) else echo -e "${COL_GREEN}PASSED${COL_STOP}" fi # Summary ME=$(basename "$0") if [ "$errs" -ne 0 ]; then echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}" exit 1 fi happy "${ME}: All ${tests} tests passed" exit 0