| #!/bin/bash |
| |
| # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| # End-to-end test for vboot2 kernel verification |
| |
| # Load common constants and variables. |
| . "$(dirname "$0")/common.sh" |
| |
| set -e |
| |
| CGPT=${BIN_DIR}/cgpt |
| |
| echo 'Creating test kernel' |
| |
| # Run tests in a dedicated directory for easy cleanup or debugging. |
| DIR="${TEST_DIR}/load_kernel_test_dir" |
| [ -d "$DIR" ] || mkdir -p "$DIR" |
| echo "Testing kernel verification in $DIR" |
| cd "$DIR" |
| |
| # Dummy kernel data |
| echo "hi there" > "dummy_config.txt" |
| dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin" |
| dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin" |
| |
| # Pack kernel data key using original vboot utilities. |
| ${FUTILITY} vbutil_key --pack datakey.test \ |
| --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 |
| |
| # Keyblock with kernel data key is signed by kernel subkey |
| # Flags=5 means dev=0 rec=0 |
| ${FUTILITY} vbutil_keyblock --pack keyblock.test \ |
| --datapubkey datakey.test \ |
| --flags 5 \ |
| --signprivate ${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk |
| |
| # Kernel preamble is signed with the kernel data key |
| ${FUTILITY} vbutil_kernel \ |
| --pack "kernel.test" \ |
| --keyblock "keyblock.test" \ |
| --signprivate ${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk \ |
| --version 1 \ |
| --arch arm \ |
| --vmlinuz "dummy_kernel.bin" \ |
| --bootloader "dummy_bootloader.bin" \ |
| --config "dummy_config.txt" |
| |
| echo 'Verifying test kernel' |
| |
| # Verify the kernel |
| ${FUTILITY} vbutil_kernel \ |
| --verify "kernel.test" \ |
| --signpubkey ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk |
| |
| happy 'Kernel verification succeeded' |
| |
| # Now create a dummy disk image |
| echo 'Creating test disk image' |
| dd if=/dev/zero of=disk.test bs=1024 count=1024 |
| ${CGPT} create disk.test |
| ${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test |
| ${CGPT} show disk.test |
| |
| # And insert the kernel into it |
| dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc |
| |
| # And verify it using futility |
| echo 'Verifying test disk image' |
| ${BUILD_RUN}/tests/verify_kernel disk.test \ |
| ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk |
| |
| happy 'Image verification succeeded' |