#!/bin/bash # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. # # End-to-end test for vboot2 firmware verification # Load common constants and variables. . "$(dirname "$0")/common.sh" set -e echo 'Creating test firmware' # Run tests in a dedicated directory for easy cleanup or debugging. DIR="${TEST_DIR}/vb2fw_test_dir" [ -d "$DIR" ] || mkdir -p "$DIR" echo "Testing vb2_verify_fw in $DIR" cd "$DIR" # Dummy firmware body echo 'This is a test firmware body. This is only a test. Lalalalala' \ > body.test # Pack keys using original vboot utilities ${FUTILITY} vbutil_key --pack rootkey.test \ --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11 ${FUTILITY} vbutil_key --pack fwsubkey.test \ --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7 ${FUTILITY} vbutil_key --pack kernkey.test \ --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 # Create a GBB with the root key ${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test ${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \ --rootkey=rootkey.test # Keyblock with firmware subkey is signed by root key ${FUTILITY} vbutil_keyblock --pack keyblock.test \ --datapubkey fwsubkey.test \ --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk # Firmware preamble is signed with the firmware subkey ${FUTILITY} vbutil_firmware \ --vblock vblock.test \ --keyblock keyblock.test \ --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ --fv body.test \ --version 1 \ --kernelkey kernkey.test echo 'Verifying test firmware using vb2_verify_fw' # Verify the firmware using vboot2 utility ${FUTILITY} vb2_verify_fw gbb.test vblock.test body.test happy 'vb2_verify_fw succeeded'