blob: 00f3afdb8415a1f7f4bfcbc8fd93ff63a5fb14d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/bin/bash
# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# End-to-end test for vboot2 firmware verification
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
set -e
echo 'Creating test firmware'
# Run tests in a dedicated directory for easy cleanup or debugging.
DIR="${TEST_DIR}/vb2fw_test_dir"
[ -d "$DIR" ] || mkdir -p "$DIR"
echo "Testing vb2_verify_fw in $DIR"
cd "$DIR"
# Dummy firmware body
echo 'This is a test firmware body. This is only a test. Lalalalala' \
> body.test
# Pack keys using original vboot utilities
${FUTILITY} vbutil_key --pack rootkey.test \
--key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11
${FUTILITY} vbutil_key --pack fwsubkey.test \
--key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7
${FUTILITY} vbutil_key --pack kernkey.test \
--key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4
# Create a GBB with the root key
${FUTILITY} gbb -c 128,2400,0,0 gbb.test
${FUTILITY} gbb gbb.test -s --hwid='Test GBB' \
--rootkey=rootkey.test
# Keyblock with firmware subkey is signed by root key
${FUTILITY} vbutil_keyblock --pack keyblock.test \
--datapubkey fwsubkey.test \
--signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk
# Firmware preamble is signed with the firmware subkey
${FUTILITY} vbutil_firmware \
--vblock vblock.test \
--keyblock keyblock.test \
--signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \
--fv body.test \
--version 1 \
--kernelkey kernkey.test
echo 'Verifying test firmware using vb2_verify_fw'
# Verify the firmware using vboot2 checks
${BUILD_RUN}/tests/vb20_verify_fw gbb.test vblock.test body.test
happy 'vb2_verify_fw succeeded'
|
