tests/vb2_firmware_tests.sh - third_party/platform/vboot_reference - Git at Google

 #!/bin/bash

 # Copyright 2014 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # End-to-end test for vboot2 firmware verification

 # Load common constants and variables.
 . "$(dirname "$0")/common.sh"

 set -e

 echo 'Creating test firmware'

 # Run tests in a dedicated directory for easy cleanup or debugging.
 DIR="${TEST_DIR}/vb2fw_test_dir"
 [ -d "$DIR" ] || mkdir -p "$DIR"
 echo "Testing vb2_verify_fw in $DIR"
 cd "$DIR"

 # Dummy firmware body
 echo 'This is a test firmware body.  This is only a test.  Lalalalala' \
     > body.test

 algo_to_rsa()
 {
   case $1 in
   0|1|2) printf "rsa1024";;
   3|4|5) printf "rsa2048";;
   6|7|8) printf "rsa4096";;
   9|10|11) printf "rsa8192";;
   *) exit 1;;
   esac
 }

 algo_to_sha()
 {
   case $1 in
   0|3|6|9) printf "sha1";;
   1|4|7|10) printf "sha256";;
   2|5|8|11) printf "sha512";;
   *) exit 1;;
   esac
 }

 run_test()
 {
   local root_algo=$1
   local fw_algo=$2
   local kern_algo=$3

   local root_rsa
   local fw_rsa
   local kern_rsa
   root_rsa="$(algo_to_rsa "${root_algo}")"
   fw_rsa="$(algo_to_rsa "${fw_algo}")"
   kern_rsa="$(algo_to_rsa "${kern_algo}")"

   local root_sha
   local fw_sha
   root_sha="$(algo_to_sha "${root_algo}")"
   fw_sha="$(algo_to_sha "${fw_algo}")"

   # Pack keys using original vboot utilities
   "${FUTILITY}" vbutil_key --pack rootkey.test \
       --key "${TESTKEY_DIR}/key_${root_rsa}.keyb" \
       --algorithm "${root_algo}"
   "${FUTILITY}" vbutil_key --pack fwsubkey.test \
       --key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" \
       --algorithm "${fw_algo}"
   "${FUTILITY}" vbutil_key --pack kernkey.test \
       --key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" \
       --algorithm "${kern_algo}"

   # Create a GBB with the root key
   "${FUTILITY}" gbb -c 128,2400,0,0 gbb.test
   "${FUTILITY}" gbb gbb.test -s --hwid='Test GBB' \
     --rootkey=rootkey.test

   # Keyblock with firmware subkey is signed by root key
   "${FUTILITY}" vbutil_keyblock --pack keyblock.test \
       --datapubkey fwsubkey.test \
       --signprivate "${TESTKEY_DIR}/key_${root_rsa}.${root_sha}.vbprivk"

   # Firmware preamble is signed with the firmware subkey
   "${FUTILITY}" sign \
     --version 1 \
     --signprivate "${TESTKEY_DIR}/key_${fw_rsa}.${fw_sha}.vbprivk" \
     --keyblock keyblock.test \
     --kernelkey kernkey.test \
     --fv body.test \
     --outfile vblock.test

   echo "Verifying test firmware using vb2_verify_fw" \
     "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"

   # Verify the firmware using vboot2 checks
   "${TEST_DIR}/vb20_verify_fw" gbb.test vblock.test body.test
   if [ -e "${TEST_DIR}/vb20_hwcrypto_verify_fw" ]
   then
     echo "Verifying test firmware using vb20_hwcrypto_verify_fw" \
       "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
     "${TEST_DIR}/vb20_hwcrypto_verify_fw" gbb.test vblock.test body.test
   fi

   happy 'vb2_verify_fw succeeded'
 }

 run_test 11 7 4
 run_test 11 11 11
 run_test 1 1 1
	#!/bin/bash

	# Copyright 2014 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	#
	# End-to-end test for vboot2 firmware verification

	# Load common constants and variables.
	. "$(dirname "$0")/common.sh"

	set -e

	echo 'Creating test firmware'

	# Run tests in a dedicated directory for easy cleanup or debugging.
	DIR="${TEST_DIR}/vb2fw_test_dir"
	[ -d "$DIR" ] \|\| mkdir -p "$DIR"
	echo "Testing vb2_verify_fw in $DIR"
	cd "$DIR"

	# Dummy firmware body
	echo 'This is a test firmware body. This is only a test. Lalalalala' \
	> body.test

	algo_to_rsa()
	{
	case $1 in
	0\|1\|2) printf "rsa1024";;
	3\|4\|5) printf "rsa2048";;
	6\|7\|8) printf "rsa4096";;
	9\|10\|11) printf "rsa8192";;
	*) exit 1;;
	esac
	}

	algo_to_sha()
	{
	case $1 in
	0\|3\|6\|9) printf "sha1";;
	1\|4\|7\|10) printf "sha256";;
	2\|5\|8\|11) printf "sha512";;
	*) exit 1;;
	esac
	}

	run_test()
	{
	local root_algo=$1
	local fw_algo=$2
	local kern_algo=$3

	local root_rsa
	local fw_rsa
	local kern_rsa
	root_rsa="$(algo_to_rsa "${root_algo}")"
	fw_rsa="$(algo_to_rsa "${fw_algo}")"
	kern_rsa="$(algo_to_rsa "${kern_algo}")"

	local root_sha
	local fw_sha
	root_sha="$(algo_to_sha "${root_algo}")"
	fw_sha="$(algo_to_sha "${fw_algo}")"

	# Pack keys using original vboot utilities
	"${FUTILITY}" vbutil_key --pack rootkey.test \
	--key "${TESTKEY_DIR}/key_${root_rsa}.keyb" \
	--algorithm "${root_algo}"
	"${FUTILITY}" vbutil_key --pack fwsubkey.test \
	--key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" \
	--algorithm "${fw_algo}"
	"${FUTILITY}" vbutil_key --pack kernkey.test \
	--key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" \
	--algorithm "${kern_algo}"

	# Create a GBB with the root key
	"${FUTILITY}" gbb -c 128,2400,0,0 gbb.test
	"${FUTILITY}" gbb gbb.test -s --hwid='Test GBB' \
	--rootkey=rootkey.test

	# Keyblock with firmware subkey is signed by root key
	"${FUTILITY}" vbutil_keyblock --pack keyblock.test \
	--datapubkey fwsubkey.test \
	--signprivate "${TESTKEY_DIR}/key_${root_rsa}.${root_sha}.vbprivk"

	# Firmware preamble is signed with the firmware subkey
	"${FUTILITY}" sign \
	--version 1 \
	--signprivate "${TESTKEY_DIR}/key_${fw_rsa}.${fw_sha}.vbprivk" \
	--keyblock keyblock.test \
	--kernelkey kernkey.test \
	--fv body.test \
	--outfile vblock.test

	echo "Verifying test firmware using vb2_verify_fw" \
	"(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"

	# Verify the firmware using vboot2 checks
	"${TEST_DIR}/vb20_verify_fw" gbb.test vblock.test body.test
	if [ -e "${TEST_DIR}/vb20_hwcrypto_verify_fw" ]
	then
	echo "Verifying test firmware using vb20_hwcrypto_verify_fw" \
	"(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
	"${TEST_DIR}/vb20_hwcrypto_verify_fw" gbb.test vblock.test body.test
	fi

	happy 'vb2_verify_fw succeeded'
	}

	run_test 11 7 4
	run_test 11 11 11
	run_test 1 1 1