tests/run_image_verification_tests.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

#!/bin/bash

# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Run verified boot firmware and kernel verification tests. 

# Load common constants and variables.
. "$(dirname "$0")/common.sh"

return_code=0

function test_firmware_verification {
  algorithmcounter=0
  for keylen in ${key_lengths[@]}
  do
    for hashalgo in ${hash_algos[@]}
    do
      echo -e "For Root key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:"
      ${TEST_DIR}/firmware_image_tests $algorithmcounter \
        ${TESTKEY_DIR}/key_rsa8192.pem \
        ${TESTKEY_DIR}/key_rsa8192.keyb \
        ${TESTKEY_DIR}/key_rsa${keylen}.pem \
        ${TESTKEY_DIR}/key_rsa${keylen}.keyb
      if [ $? -ne 0 ]
      then
        return_code=255
      fi
      let algorithmcounter=algorithmcounter+1
    done
  done
}

function test_kernel_verification {
# Test for various combinations of firmware signing algorithm and
# kernel signing algorithm
  firmware_algorithmcounter=0
  kernel_algorithmcounter=0
  for firmware_keylen in ${key_lengths[@]}
  do
    for firmware_hashalgo in ${hash_algos[@]}
    do
      let kernel_algorithmcounter=0
      for kernel_keylen in ${key_lengths[@]}
      do
        for kernel_hashalgo in ${hash_algos[@]}
        do
          echo -e "For ${COL_YELLOW}Firmware signing algorithm \
RSA-${firmware_keylen}/${firmware_hashalgo}${COL_STOP} \
and ${COL_YELLOW}Kernel signing algorithm RSA-${kernel_keylen}/\
${kernel_hashalgo}${COL_STOP}"
          ${TEST_DIR}/kernel_image_tests \
            $firmware_algorithmcounter $kernel_algorithmcounter \
            ${TESTKEY_DIR}/key_rsa${firmware_keylen}.pem \
            ${TESTKEY_DIR}/key_rsa${firmware_keylen}.keyb \
            ${TESTKEY_DIR}/key_rsa${kernel_keylen}.pem \
            ${TESTKEY_DIR}/key_rsa${kernel_keylen}.keyb
          if [ $? -ne 0 ]
          then
            return_code=255
          fi
          let kernel_algorithmcounter=kernel_algorithmcounter+1
        done
      done
      let firmware_algorithmcounter=firmware_algorithmcounter+1
    done
  done
}

check_test_keys

echo
echo "Testing high-level firmware image verification..."
test_firmware_verification

echo
echo "Testing high-level kernel image verification..."
test_kernel_verification

exit $return_code