blob: face80161cdb2ae67bfd96a22c760be42f40ce81 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/bin/bash -eux
# Copyright 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
me=${0##*/}
TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
KEYDIR=${SRCDIR}/tests/devkeys
# create a firmware blob
dd bs=1024 count=16 if=/dev/urandom of=${TMP}.fw_main
# try the old way
${FUTILITY} vbutil_firmware --vblock ${TMP}.vblock.old \
--keyblock ${KEYDIR}/firmware.keyblock \
--signprivate ${KEYDIR}/firmware_data_key.vbprivk \
--version 12 \
--fv ${TMP}.fw_main \
--kernelkey ${KEYDIR}/kernel_subkey.vbpubk \
--flags 42
# verify
${FUTILITY} vbutil_firmware --verify ${TMP}.vblock.old \
--signpubkey ${KEYDIR}/root_key.vbpubk \
--fv ${TMP}.fw_main
# and the new way
${FUTILITY} --debug sign \
--signprivate ${KEYDIR}/firmware_data_key.vbprivk \
--keyblock ${KEYDIR}/firmware.keyblock \
--kernelkey ${KEYDIR}/kernel_subkey.vbpubk \
--version 12 \
--fv ${TMP}.fw_main \
--flags 42 \
${TMP}.vblock.new
# They should match
cmp ${TMP}.vblock.old ${TMP}.vblock.new
# cleanup
rm -rf ${TMP}*
exit 0
|