blob: 95317ec45f5498f9f931ea819df87f935182b642 [file] [log] [blame]
#!/bin/bash -u
#
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Quick test of vbutil_kernel args, to make sure we can pack and unpack
# less-than-full-sized components.
#
# Load common constants and variables for tests.
. "$(dirname "$0")/common.sh"
# directories
DEVKEYS="${ROOT_DIR}/tests/devkeys"
DATA_DIR="${SCRIPT_DIR}/preamble_tests/data"
TMPDIR="${TEST_DIR}/vbutil_kernel_arg_tests_dir"
[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"
# Arbitrarily chosen keys and config file.
KEYBLOCK="${DATA_DIR}/kb_0_0.keyblock"
SIGNPRIVATE="${DATA_DIR}/data_0.vbprivk"
SIGNPUBLIC="${DATA_DIR}/root_0.vbpubk"
CONFIG="${DATA_DIR}/dummy_config.txt"
# Create some big and little files for the kernel and bootloader
BIG="${TMPDIR}/big.bin"
dd if=/dev/urandom bs=32768 count=1 of="${BIG}" 2>/dev/null
SMALL="${TMPDIR}/small.bin"
dd if=/dev/urandom bs=16 count=1 of="${SMALL}" 2>/dev/null
declare -a KERN_VALS
declare -a BOOT_VALS
KERN_VALS=("--vmlinuz=${BIG}" "--vmlinuz=${SMALL}")
BOOT_VALS=("--bootloader=${BIG}" "--bootloader=${SMALL}")
tests=0
errs=0
# Pack a bunch of stuff
k=0
while [ "$k" -lt "${#KERN_VALS[*]}" ]; do
b=0
while [ "$b" -lt "${#BOOT_VALS[*]}" ]; do
echo -n "pack kern_${k}_${b}.vblock ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
--pack "${TMPDIR}/kern_${k}_${b}.vblock" \
--keyblock "${KEYBLOCK}" \
--signprivate "${SIGNPRIVATE}" \
--version 1 \
--arch arm \
--config "${CONFIG}" \
"${KERN_VALS[$k]}" \
"${BOOT_VALS[$k]}" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
: $(( b++ ))
done
: $(( k++ ))
done
# Now unpack it
for v in ${TMPDIR}/kern_*.vblock; do
: $(( tests++ ))
vv=$(basename "$v")
echo -n "verify $vv ... "
"${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
: $(( tests++ ))
echo -n "verify $vv signed ... "
"${FUTILITY}" vbutil_kernel --verify "$v" \
--signpubkey "${SIGNPUBLIC}" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
done
# Test repacking a USB image for the SSD, the way the installer does.
set -e
# Pack for USB
USB_KERN="${TMPDIR}/usb_kern.bin"
USB_KEYBLOCK="${DEVKEYS}/recovery_kernel.keyblock"
USB_SIGNPRIVATE="${DEVKEYS}/recovery_kernel_data_key.vbprivk"
USB_SIGNPUBKEY="${DEVKEYS}/recovery_key.vbpubk"
echo -n "pack USB kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
--pack "${USB_KERN}" \
--keyblock "${USB_KEYBLOCK}" \
--signprivate "${USB_SIGNPRIVATE}" \
--version 1 \
--config "${CONFIG}" \
--bootloader "${BIG}" \
--vmlinuz "${BIG}" \
--arch arm
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
# And verify it.
echo -n "verify USB kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
--verify "${USB_KERN}" \
--signpubkey "${USB_SIGNPUBKEY}" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
# Now we re-sign the same image using the normal keys. This is the kernel
# image that is put on the hard disk by the installer. Note: To save space on
# the USB image, we're only emitting the new verfication block, and the
# installer just replaces that part of the hard disk's kernel partition.
SSD_KERN="${TMPDIR}/ssd_kern.bin"
SSD_KEYBLOCK="${DEVKEYS}/kernel.keyblock"
SSD_SIGNPRIVATE="${DEVKEYS}/kernel_data_key.vbprivk"
SSD_SIGNPUBKEY="${DEVKEYS}/kernel_subkey.vbpubk"
echo -n "repack to SSD kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
--repack "${SSD_KERN}" \
--vblockonly \
--keyblock "${SSD_KEYBLOCK}" \
--signprivate "${SSD_SIGNPRIVATE}" \
--oldblob "${TMPDIR}/usb_kern.bin" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
# To verify it, we have to replace the vblock from the original image.
tempfile="${TMPDIR}/foo.bin"
cat "${SSD_KERN}" > "$tempfile"
dd if="${USB_KERN}" bs=65536 skip=1 >> $tempfile 2>/dev/null
echo -n "verify SSD kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
--verify "$tempfile" \
--signpubkey "${SSD_SIGNPUBKEY}" >/dev/null
if [ "$?" -ne 0 ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
# Finally make sure that the kernel command line stays good.
orig=$(cat "${CONFIG}" | tr '\012' ' ')
packed=$("${FUTILITY}" dump_kernel_config "${USB_KERN}")
echo -n "check USB kernel config ..."
: $(( tests++ ))
if [ "$orig" != "$packed" ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
repacked=$("${FUTILITY}" dump_kernel_config "${tempfile}")
echo -n "check SSD kernel config ..."
: $(( tests++ ))
if [ "$orig" != "$packed" ]; then
echo -e "${COL_RED}FAILED${COL_STOP}"
: $(( errs++ ))
else
echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi
# Summary
ME=$(basename "$0")
if [ "$errs" -ne 0 ]; then
echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
exit 1
fi
happy "${ME}: All ${tests} tests passed"
exit 0