commit c83afeeb73c1136f77771be4a52044d1e4a189e5
author Stephen Boyd <swboyd@chromium.org> Fri Feb 04 17:42:04 2022 -0800
committer Commit Bot <commit-bot@chromium.org> Tue Feb 08 20:54:16 2022 +0000
tree 58ad9bb7691c61a8e6c5d3c3062be89081c51201
parent 805222f958ee4b422a986a755e15beb740684338

update_kernel: Check buildid to confirm update went through

Let's add a check to the end of the update process that checks to make
sure the new kernel matches the kernel in /build/${BOARD} that we were
copying over. Rely on the buildid to match between the two by comparing
the .notes section (which contains the buildid) and printing an error
if they don't match.

BUG=None
TEST=./update_kernel.sh --remote=$DUT

Change-Id: I0a6836883cb768b7a94a1ca2d8dfe4741cb323ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosutils/+/3439131
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Stephen Boyd <swboyd@chromium.org>
Commit-Queue: Stephen Boyd <swboyd@chromium.org>

update_kernel.sh

diff --git a/update_kernel.sh b/update_kernel.sh
index dd69f1b..382a1b0 100755
--- a/update_kernel.sh
+++ b/update_kernel.sh
@@ -203,6 +203,36 @@
   rm "${config_path}"
 }
 
+check_buildid() {
+  local vmlinux
+  local boot_path="/build/${FLAGS_board}"
+  if [[ ${FLAGS_hv} -eq ${FLAGS_TRUE} && \
+        -d "${boot_path}/build/manatee/boot" ]]; then
+    boot_path+="/build/manatee"
+  fi
+  boot_path+="/usr/lib/debug/boot"
+  vmlinux="${boot_path}/vmlinux"
+  if [[ ! -f "${vmlinux}" ]]; then
+    warn "Can't find vmlinux. Skipping buildid check."
+    return
+  fi
+
+  llvm-objcopy -j.notes "${vmlinux}" -O binary "${TMP}/new_kern.notes"
+  if [[ ! -f "${TMP}/new_kern.notes" ]]; then
+    warn "Can't parse notes from vmlinux. Skipping buildid check."
+    return
+  fi
+  echo "/sys/kernel/notes" >> "${TMP}/copy_notes"
+  remote_rsync_from "${TMP}/copy_notes" "${TMP}/remote_kern.notes"
+  if [[ ! -f "${TMP}/remote_kern.notes" ]]; then
+    warn "Can't read notes from remote. Skipping buildid check."
+    return
+  fi
+
+  cmp "${TMP}/new_kern.notes" "${TMP}/remote_kern.notes" >/dev/null ||
+  error "BuildID differs. Update kernel failed."
+}
+
 copy_kernelmodules() {
   local basedir="$1" # rootfs directory (could be in /tmp) or empty string
   local modules_dir=/build/"${FLAGS_board}"/lib/modules/
@@ -380,6 +410,10 @@
     info "Not rebooting (per request)"
   fi
 
+  if [ ${FLAGS_vboot} -eq ${FLAGS_TRUE} ]; then
+    check_buildid
+  fi
+
   if [ -n "${FLAGS_boot_command}" ]; then
     info "Running boot command on remote"
     remote_sh "${FLAGS_boot_command}"