blob: 2324fae1eed3fb338371e87a7c57deb30ea949ad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/bin/bash -eux
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
me=${0##*/}
TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
# The signed input images are signed with dev keys. We resign the unsigned
# images with the same keypair, to make sure that we're producing identical
# binaries.
DATADIR="${SCRIPT_DIR}/futility/data"
TESTS="dingdong hoho minimuffin zinger"
set -o pipefail
count=0
for test in $TESTS; do
: $(( count++ ))
echo -n "$count " 1>&3
pemfile="${DATADIR}/${test}.pem"
infile="${DATADIR}/${test}.unsigned"
goodfile="${DATADIR}/${test}.signed"
outfile="${TMP}.${test}.new"
# Signing the whole thing with futility should produce identical results
"${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" "${infile}" "${outfile}"
cmp "${goodfile}" "${outfile}"
# Now try signing just the RW part
size=$(stat -c '%s' "${infile}")
half=$(( size / 2 ))
newin="${TMP}.${test}.rw_in"
dd if="${infile}" bs="${half}" count=1 skip=1 of="${newin}"
newgood=${TMP}.${test}.rw_ok
dd if="${goodfile}" bs="${half}" count=1 skip=1 of="${newgood}"
newout="${TMP}.${test}.rw_out"
# Sign the RW part alone
"${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" \
--ro_size 0 \
"${newin}" "${newout}"
cmp "${newgood}" "${newout}"
done
# cleanup
rm -rf "${TMP}"*
exit 0
|