blob: f35b9f8638201f99b39ff8002e8e9bc3f4686cc1 [file] [log] [blame]
#!/bin/bash
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
CROS_LOG_PREFIX=${0##*/}
SCRIPT_ROOT=$(dirname "$(readlink -f "$0")")
. "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1
# Developer-visible flags.
DEFINE_string board "${DEFAULT_BOARD}" \
"The board to build an image for."
DEFINE_string image "" \
"Source release image to use (${CHROMEOS_RECOVERY_IMAGE_NAME} by default)."
DEFINE_string baselines "" \
"Directory to load security baselines from (default from cros-signing)"
FLAGS_HELP="USAGE: security_test_image [flags]
This script is used to run security tests on a Chrome OS images.
Note: You probably will need an internal checkout by default for these
tests to be useful. You can provide your own baselines, but you
can certainly provide your own set of configs.
Note: These tests will fail on dev images. They are designed to
check recovery images only.
"
show_help_if_requested "$@"
# Parse command line.
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
# Only now can we die on error. shflags functions leak non-zero error codes,
# so will die prematurely if 'switch_to_strict_mode' is specified before now.
switch_to_strict_mode
SIGNER_DIR="${CHROOT_TRUNK_DIR}/cros-signing"
SIGNING_TOOLS_DIR="${SIGNER_DIR}/signer/signingtools-bin"
SECURITY_BASELINE_DIR="${SIGNER_DIR}/security_test_baselines"
VBOOT_DIR="${CHROOT_TRUNK_DIR}/src/platform/vboot_reference/scripts/"\
"image_signing"
# No security baselines provided. Use the standard one.
if [[ -z ${FLAGS_baselines} ]]; then
FLAGS_baselines=${SECURITY_BASELINE_DIR}
if [[ ! -d ${FLAGS_baselines} ]]; then
if [[ ! -d ${SIGNER_DIR} ]]; then
warn "Skipping security tests with public manifest"
exit 0
else
die "Could not locate security baselines from" \
"${FLAGS_baselines} with private manifest"
fi
fi
fi
info "Loading baselines from ${FLAGS_baselines}"
# No image was provided. Use the standard latest image.
if [[ -z ${FLAGS_image} ]]; then
DEFAULT_IMAGE_DIR=$("${SCRIPT_ROOT}"/get_latest_image.sh \
--board="${FLAGS_board}")
FLAGS_image="${DEFAULT_IMAGE_DIR}/${CHROMEOS_RECOVERY_IMAGE_NAME}"
fi
info "Using ${FLAGS_image}"
# The signer uses these binaries, so we should too.
PATH="${SIGNING_TOOLS_DIR}:${PATH}"
# Run all the security tests.
failed_count=0
run_check() {
local cmd=(
"${VBOOT_DIR}/ensure_$1.sh"
"${FLAGS_image}"
)
if [[ $# -ge 2 ]]; then
cmd+=( "${FLAGS_baselines}/ensure_$1.config" )
fi
info "Running ensure_$1.sh"
if ! "${cmd[@]}"; then
error "$1: test failed"
: $(( ++failed_count ))
fi
}
sec_checks=(
no_nonrelease_files
sane_lsb-release
secure_kernelparams
)
for check in "${sec_checks[@]}"; do
run_check "${check}" "${check}"
done
sec_checks=(
not_ASAN
# This test requires an update key to be inserted
# first which the signer itself currently does.
#update_verification
)
for check in "${sec_checks[@]}"; do
run_check "${check}"
done
if [[ ${failed_count} -gt 0 ]]; then
die_notrace "${failed_count} tests failed"
else
info "All tests passed!"
fi