tests/run_preamble_tests.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

#!/bin/bash -u
#
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# This tests that vblocks using pre-3.0 versions of vb2_fw_preamble
# and vb2_kernel_preamble will still verify (or not) correctly. We
# need to keep the old versions around to make sure that we can still
# sign images in the ways that existing devices can validate.

# Load common constants and variables for tests.
. "$(dirname "$0")/common.sh"

if [ "${1:---some}" == "--all" ] ; then
    # all algs
    algs="0 1 2 3 4 5 6 7 8 9 10 11"
else
    # just the algs we use
    algs="4 7 11"
fi

# output directories
PREAMBLE_DIR="${SCRIPT_DIR}/preamble_tests"
DATADIR="${PREAMBLE_DIR}/data"
V2DIR="${PREAMBLE_DIR}/preamble_v2x"

tests=0
errs=0

# Check the firmware results
for d in $algs; do
  for r in $algs; do
    for rr in $algs; do
      if [ "$r" = "$rr" ]; then
        what="verify"
        cmp="-ne"
      else
        what="reject"
        cmp="-eq"
      fi
      : $(( tests++ ))
      echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... "
      "${FUTILITY}" vbutil_firmware \
        --verify "${V2DIR}/fw_${d}_${r}.vblock" \
        --signpubkey "${DATADIR}/root_${rr}.vbpubk" \
        --fv "${DATADIR}/FWDATA" >/dev/null 2>&1
      if [ "$?" "$cmp" 0 ]; then
        echo -e "${COL_RED}FAILED${COL_STOP}"
        : $(( errs++ ))
      else
        echo -e "${COL_GREEN}PASSED${COL_STOP}"
      fi
    done
  done
done


# Check the kernel results
for d in $algs; do
  for r in $algs; do
    for rr in $algs; do
      if [ "$r" = "$rr" ]; then
        what="verify"
        cmp="-ne"
      else
        what="reject"
        cmp="-eq"
      fi
      : $(( tests++ ))
      echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... "
      "${FUTILITY}" vbutil_kernel \
        --verify "${V2DIR}/kern_${d}_${r}.vblock" \
        --signpubkey "${DATADIR}/root_${rr}.vbpubk" >/dev/null 2>&1
      if [ "$?" "$cmp" 0 ]; then
        echo -e "${COL_RED}FAILED${COL_STOP}"
        : $(( errs++ ))
      else
        echo -e "${COL_GREEN}PASSED${COL_STOP}"
      fi
    done
  done
done


# Check the kernel results
for d in $algs; do
  for r in $algs; do
      : $(( tests++ ))
      echo -n "verify kern_${d}_${r}.vblock with hash only ... "
      "${FUTILITY}" vbutil_kernel \
          --verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
      if [ "$?" -ne 0 ]; then
        echo -e "${COL_RED}FAILED${COL_STOP}"
        : $(( errs++ ))
      else
        echo -e "${COL_GREEN}PASSED${COL_STOP}"
      fi
  done
done


# Summary
ME=$(basename "$0")
if [ "$errs" -ne 0 ]; then
  echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
  exit 1
fi
happy "${ME}: All ${tests} tests passed"
exit 0