| #!/bin/bash |
| |
| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| CROS_LOG_PREFIX=${0##*/} |
| |
| SCRIPT_ROOT=$(dirname "$(readlink -f "$0")") |
| . "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1 |
| |
| # Developer-visible flags. |
| DEFINE_string board "${DEFAULT_BOARD}" \ |
| "The board to build an image for." |
| DEFINE_string image "" \ |
| "Source release image to use (${CHROMEOS_RECOVERY_IMAGE_NAME} by default)." |
| DEFINE_string baselines "" \ |
| "Directory to load security baselines from (default from cros-signing)" |
| |
| FLAGS_HELP="USAGE: security_test_image [flags] |
| This script is used to run security tests on a Chrome OS images. |
| |
| Note: You probably will need an internal checkout by default for these |
| tests to be useful. You can provide your own baselines, but you |
| can certainly provide your own set of configs. |
| |
| Note: These tests will fail on dev images. They are designed to |
| check recovery images only. |
| " |
| show_help_if_requested "$@" |
| |
| # Parse command line. |
| FLAGS "$@" || exit 1 |
| eval set -- "${FLAGS_ARGV}" |
| |
| # Only now can we die on error. shflags functions leak non-zero error codes, |
| # so will die prematurely if 'switch_to_strict_mode' is specified before now. |
| switch_to_strict_mode |
| |
| SIGNER_DIR="${CHROOT_TRUNK_DIR}/cros-signing" |
| SIGNING_TOOLS_DIR="${SIGNER_DIR}/signer/signingtools-bin" |
| SECURITY_BASELINE_DIR="${SIGNER_DIR}/security_test_baselines" |
| VBOOT_DIR="${CHROOT_TRUNK_DIR}/src/platform/vboot_reference/scripts/"\ |
| "image_signing" |
| |
| # No security baselines provided. Use the standard one. |
| if [[ -z ${FLAGS_baselines} ]]; then |
| FLAGS_baselines=${SECURITY_BASELINE_DIR} |
| if [[ ! -d ${FLAGS_baselines} ]]; then |
| if [[ ! -d ${SIGNER_DIR} ]]; then |
| warn "Skipping security tests with public manifest" |
| exit 0 |
| else |
| die "Could not locate security baselines from" \ |
| "${FLAGS_baselines} with private manifest" |
| fi |
| fi |
| fi |
| info "Loading baselines from ${FLAGS_baselines}" |
| |
| # No image was provided. Use the standard latest image. |
| if [[ -z ${FLAGS_image} ]]; then |
| DEFAULT_IMAGE_DIR=$("${SCRIPT_ROOT}"/get_latest_image.sh \ |
| --board="${FLAGS_board}") |
| FLAGS_image="${DEFAULT_IMAGE_DIR}/${CHROMEOS_RECOVERY_IMAGE_NAME}" |
| fi |
| info "Using ${FLAGS_image}" |
| |
| # The signer uses these binaries, so we should too. |
| PATH="${SIGNING_TOOLS_DIR}:${PATH}" |
| |
| # Run all the security tests. |
| failed_count=0 |
| run_check() { |
| local cmd=( |
| "${VBOOT_DIR}/ensure_$1.sh" |
| "${FLAGS_image}" |
| ) |
| if [[ $# -ge 2 ]]; then |
| cmd+=( "${FLAGS_baselines}/ensure_$1.config" ) |
| fi |
| info "Running ensure_$1.sh" |
| if ! "${cmd[@]}"; then |
| error "$1: test failed" |
| : $(( ++failed_count )) |
| fi |
| } |
| |
| sec_checks=( |
| no_nonrelease_files |
| sane_lsb-release |
| secure_kernelparams |
| ) |
| for check in "${sec_checks[@]}"; do |
| run_check "${check}" "${check}" |
| done |
| |
| sec_checks=( |
| not_ASAN |
| # This test requires an update key to be inserted |
| # first which the signer itself currently does. |
| #update_verification |
| ) |
| for check in "${sec_checks[@]}"; do |
| run_check "${check}" |
| done |
| |
| if [[ ${failed_count} -gt 0 ]]; then |
| die_notrace "${failed_count} tests failed" |
| else |
| info "All tests passed!" |
| fi |