tests/futility/test_show_vs_verify.sh - third_party/platform/vboot_reference - Git at Google

 #!/bin/bash -eux
 # Copyright 2014 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 me=${0##*/}
 TMP="$me.tmp"

 # Work in scratch directory
 cd "$OUTDIR"

 # some stuff we'll need
 DEVKEYS=${SRCDIR}/tests/devkeys

 # The show command exits with 0 if the data is consistent.
 # The verify command exits with 0 only if all the data is verified.

 ####  keyblock

 ${FUTILITY} show ${DEVKEYS}/firmware.keyblock

 if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi

 ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \
   --publickey ${DEVKEYS}/root_key.vbpubk


 #### firmware vblock

 # Get some bits to look at
 ${FUTILITY} dump_fmap -x ${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin \
   GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a
 ${FUTILITY} gbb -g -k ${TMP}.rootkey ${TMP}.gbb


 ${FUTILITY} show ${TMP}.vblock_a

 ${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey

 ${FUTILITY} show ${TMP}.vblock_a \
   --publickey ${TMP}.rootkey \
   --fv ${TMP}.fw_main_a

 if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi

 if ${FUTILITY} verify ${TMP}.vblock_a \
   --publickey ${TMP}.rootkey ; then false ; fi

 ${FUTILITY} verify ${TMP}.vblock_a \
   --publickey ${TMP}.rootkey \
   --fv ${TMP}.fw_main_a


 #### kernel partition

 ${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin

 ${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
   --publickey ${DEVKEYS}/kernel_subkey.vbpubk

 ${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
   --publickey ${DEVKEYS}/recovery_key.vbpubk

 if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin ; \
   then false ; fi

 if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
   --publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi

 ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
   --publickey ${DEVKEYS}/recovery_key.vbpubk


 # cleanup
 rm -rf ${TMP}*
 exit 0
	#!/bin/bash -eux
	# Copyright 2014 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	me=${0##*/}
	TMP="$me.tmp"

	# Work in scratch directory
	cd "$OUTDIR"

	# some stuff we'll need
	DEVKEYS=${SRCDIR}/tests/devkeys

	# The show command exits with 0 if the data is consistent.
	# The verify command exits with 0 only if all the data is verified.

	#### keyblock

	${FUTILITY} show ${DEVKEYS}/firmware.keyblock

	if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi

	${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \
	--publickey ${DEVKEYS}/root_key.vbpubk


	#### firmware vblock

	# Get some bits to look at
	${FUTILITY} dump_fmap -x ${SCRIPT_DIR}/futility/data/bios_peppy_mp.bin \
	GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a
	${FUTILITY} gbb -g -k ${TMP}.rootkey ${TMP}.gbb


	${FUTILITY} show ${TMP}.vblock_a

	${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey

	${FUTILITY} show ${TMP}.vblock_a \
	--publickey ${TMP}.rootkey \
	--fv ${TMP}.fw_main_a

	if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi

	if ${FUTILITY} verify ${TMP}.vblock_a \
	--publickey ${TMP}.rootkey ; then false ; fi

	${FUTILITY} verify ${TMP}.vblock_a \
	--publickey ${TMP}.rootkey \
	--fv ${TMP}.fw_main_a


	#### kernel partition

	${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin

	${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
	--publickey ${DEVKEYS}/kernel_subkey.vbpubk

	${FUTILITY} show ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
	--publickey ${DEVKEYS}/recovery_key.vbpubk

	if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin ; \
	then false ; fi

	if ${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
	--publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi

	${FUTILITY} verify ${SCRIPT_DIR}/futility/data/rec_kernel_part.bin \
	--publickey ${DEVKEYS}/recovery_key.vbpubk


	# cleanup
	rm -rf ${TMP}*
	exit 0