| #!/bin/bash -eux |
| # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| me=${0##*/} |
| TMP="$me.tmp" |
| |
| # Work in scratch directory |
| cd "$OUTDIR" |
| |
| DEVKEYS=${SRCDIR}/tests/devkeys |
| |
| echo "hi there" > ${TMP}.config.txt |
| echo "hello boys" > ${TMP}.config2.txt |
| dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader.bin |
| dd if=/dev/urandom bs=512 count=1 of=${TMP}.bootloader2.bin |
| |
| # default padding |
| padding=49152 |
| |
| try_arch () { |
| local arch=$1 |
| |
| echo -n "${arch}: 1 " 1>&3 |
| |
| # pack it up the old way |
| ${FUTILITY} vbutil_kernel --debug \ |
| --pack ${TMP}.blob1.${arch} \ |
| --keyblock ${DEVKEYS}/recovery_kernel.keyblock \ |
| --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \ |
| --version 1 \ |
| --config ${TMP}.config.txt \ |
| --bootloader ${TMP}.bootloader.bin \ |
| --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \ |
| --arch ${arch} \ |
| --pad ${padding} \ |
| --kloadaddr 0x11000 |
| |
| # verify the old way |
| ${FUTILITY} vbutil_kernel --verify ${TMP}.blob1.${arch} \ |
| --pad ${padding} \ |
| --signpubkey ${DEVKEYS}/recovery_key.vbpubk |
| ${FUTILITY} vbutil_kernel --verify ${TMP}.blob1.${arch} \ |
| --pad ${padding} \ |
| --signpubkey ${DEVKEYS}/recovery_key.vbpubk --debug |
| |
| # pack it up the new way |
| ${FUTILITY} sign --debug \ |
| --keyblock ${DEVKEYS}/recovery_kernel.keyblock \ |
| --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \ |
| --version 1 \ |
| --config ${TMP}.config.txt \ |
| --bootloader ${TMP}.bootloader.bin \ |
| --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \ |
| --arch ${arch} \ |
| --pad ${padding} \ |
| --kloadaddr 0x11000 \ |
| --outfile ${TMP}.blob2.${arch} |
| |
| # they should be identical |
| cmp ${TMP}.blob1.${arch} ${TMP}.blob2.${arch} |
| |
| echo -n "2 " 1>&3 |
| |
| # repack it the old way |
| ${FUTILITY} vbutil_kernel \ |
| --repack ${TMP}.blob3.${arch} \ |
| --oldblob ${TMP}.blob1.${arch} \ |
| --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \ |
| --keyblock ${DEVKEYS}/kernel.keyblock \ |
| --version 2 \ |
| --pad ${padding} \ |
| --config ${TMP}.config2.txt \ |
| --bootloader ${TMP}.bootloader2.bin |
| |
| # verify the old way |
| ${FUTILITY} vbutil_kernel --verify ${TMP}.blob3.${arch} \ |
| --pad ${padding} \ |
| --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk |
| ${FUTILITY} vbutil_kernel --verify ${TMP}.blob3.${arch} \ |
| --pad ${padding} \ |
| --signpubkey ${DEVKEYS}/kernel_subkey.vbpubk |
| |
| # repack it the new way |
| ${FUTILITY} sign --debug \ |
| --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \ |
| --keyblock ${DEVKEYS}/kernel.keyblock \ |
| --version 2 \ |
| --pad ${padding} \ |
| --config ${TMP}.config2.txt \ |
| --bootloader ${TMP}.bootloader2.bin \ |
| ${TMP}.blob2.${arch} \ |
| ${TMP}.blob4.${arch} |
| |
| # they should be identical |
| cmp ${TMP}.blob3.${arch} ${TMP}.blob4.${arch} |
| |
| echo -n "3 " 1>&3 |
| |
| # repack it the new way, in-place |
| cp ${TMP}.blob2.${arch} ${TMP}.blob5.${arch} |
| ${FUTILITY} sign --debug \ |
| --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \ |
| --keyblock ${DEVKEYS}/kernel.keyblock \ |
| --version 2 \ |
| --pad ${padding} \ |
| --config ${TMP}.config2.txt \ |
| --bootloader ${TMP}.bootloader2.bin \ |
| ${TMP}.blob5.${arch} |
| |
| # they should be identical |
| cmp ${TMP}.blob3.${arch} ${TMP}.blob5.${arch} |
| |
| |
| # and now just the vblocks... |
| echo -n "4 " 1>&3 |
| |
| dd bs=${padding} count=1 if=${TMP}.blob1.${arch} of=${TMP}.blob1.${arch}.vb0 |
| ${FUTILITY} vbutil_kernel \ |
| --pack ${TMP}.blob1.${arch}.vb1 \ |
| --vblockonly \ |
| --keyblock ${DEVKEYS}/recovery_kernel.keyblock \ |
| --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \ |
| --version 1 \ |
| --config ${TMP}.config.txt \ |
| --bootloader ${TMP}.bootloader.bin \ |
| --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \ |
| --arch ${arch} \ |
| --pad ${padding} \ |
| --kloadaddr 0x11000 |
| cmp ${TMP}.blob1.${arch}.vb0 ${TMP}.blob1.${arch}.vb1 |
| |
| dd bs=${padding} count=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.vb0 |
| ${FUTILITY} sign --debug \ |
| --keyblock ${DEVKEYS}/recovery_kernel.keyblock \ |
| --signprivate ${DEVKEYS}/recovery_kernel_data_key.vbprivk \ |
| --version 1 \ |
| --config ${TMP}.config.txt \ |
| --bootloader ${TMP}.bootloader.bin \ |
| --vmlinuz ${SCRIPTDIR}/data/vmlinuz-${arch}.bin \ |
| --arch ${arch} \ |
| --pad ${padding} \ |
| --kloadaddr 0x11000 \ |
| --vblockonly \ |
| ${TMP}.blob2.${arch}.vb1 |
| |
| cmp ${TMP}.blob2.${arch}.vb0 ${TMP}.blob2.${arch}.vb1 |
| |
| # and verify it the new way |
| dd bs=${padding} skip=1 if=${TMP}.blob2.${arch} of=${TMP}.blob2.${arch}.kb1 |
| ${FUTILITY} verify --debug \ |
| --pad ${padding} \ |
| --publickey ${DEVKEYS}/recovery_key.vbpubk \ |
| --fv ${TMP}.blob2.${arch}.kb1 \ |
| ${TMP}.blob2.${arch}.vb1 |
| |
| echo -n "5 " 1>&3 |
| |
| dd bs=${padding} count=1 if=${TMP}.blob3.${arch} of=${TMP}.blob3.${arch}.vb0 |
| ${FUTILITY} vbutil_kernel \ |
| --repack ${TMP}.blob3.${arch}.vb1 \ |
| --vblockonly \ |
| --oldblob ${TMP}.blob1.${arch} \ |
| --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \ |
| --keyblock ${DEVKEYS}/kernel.keyblock \ |
| --version 2 \ |
| --pad ${padding} \ |
| --config ${TMP}.config2.txt \ |
| --bootloader ${TMP}.bootloader2.bin |
| cmp ${TMP}.blob3.${arch}.vb0 ${TMP}.blob3.${arch}.vb1 |
| |
| dd bs=${padding} count=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.vb0 |
| ${FUTILITY} sign --debug \ |
| --signprivate ${DEVKEYS}/kernel_data_key.vbprivk \ |
| --keyblock ${DEVKEYS}/kernel.keyblock \ |
| --version 2 \ |
| --config ${TMP}.config2.txt \ |
| --bootloader ${TMP}.bootloader2.bin \ |
| --pad ${padding} \ |
| --vblockonly \ |
| ${TMP}.blob2.${arch} \ |
| ${TMP}.blob4.${arch}.vb1 \ |
| |
| cmp ${TMP}.blob4.${arch}.vb0 ${TMP}.blob4.${arch}.vb1 |
| |
| dd bs=${padding} skip=1 if=${TMP}.blob4.${arch} of=${TMP}.blob4.${arch}.kb1 |
| ${FUTILITY} verify --debug \ |
| --pad ${padding} \ |
| --publickey ${DEVKEYS}/kernel_subkey.vbpubk \ |
| --fv ${TMP}.blob4.${arch}.kb1 \ |
| ${TMP}.blob4.${arch}.vb1 |
| |
| # Note: We specifically do not test repacking with a different --kloadaddr, |
| # because the old way has a bug and does not update params->cmd_line_ptr to |
| # point at the new on-disk location. Apparently (and not surprisingly), no |
| # one has ever done that. |
| } |
| |
| try_arch amd64 |
| try_arch arm |
| |
| # cleanup |
| rm -rf ${TMP}* |
| exit 0 |