Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| 4 | # Use of this source code is governed by a BSD-style license that can be |
| 5 | # found in the LICENSE file. |
| 6 | # |
| 7 | # End-to-end test for vboot2 firmware verification |
| 8 | |
| 9 | # Load common constants and variables. |
| 10 | . "$(dirname "$0")/common.sh" |
| 11 | |
| 12 | set -e |
| 13 | |
| 14 | echo 'Creating test firmware' |
| 15 | |
| 16 | # Run tests in a dedicated directory for easy cleanup or debugging. |
| 17 | DIR="${TEST_DIR}/vb2fw_test_dir" |
| 18 | [ -d "$DIR" ] || mkdir -p "$DIR" |
| 19 | echo "Testing vb2_verify_fw in $DIR" |
| 20 | cd "$DIR" |
| 21 | |
| 22 | # Dummy firmware body |
| 23 | echo 'This is a test firmware body. This is only a test. Lalalalala' \ |
| 24 | > body.test |
| 25 | |
| 26 | # Pack keys using original vboot utilities |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 27 | ${FUTILITY} vbutil_key --pack rootkey.test \ |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 28 | --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11 |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 29 | ${FUTILITY} vbutil_key --pack fwsubkey.test \ |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 30 | --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7 |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 31 | ${FUTILITY} vbutil_key --pack kernkey.test \ |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 32 | --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 |
| 33 | |
| 34 | # Create a GBB with the root key |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 35 | ${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test |
| 36 | ${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \ |
| 37 | --rootkey=rootkey.test |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 38 | |
| 39 | # Keyblock with firmware subkey is signed by root key |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 40 | ${FUTILITY} vbutil_keyblock --pack keyblock.test \ |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 41 | --datapubkey fwsubkey.test \ |
| 42 | --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk |
| 43 | |
| 44 | # Firmware preamble is signed with the firmware subkey |
Bill Richardson | a1d9fe6 | 2014-09-05 12:52:27 -0700 | [diff] [blame] | 45 | ${FUTILITY} vbutil_firmware \ |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 46 | --vblock vblock.test \ |
| 47 | --keyblock keyblock.test \ |
| 48 | --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ |
| 49 | --fv body.test \ |
| 50 | --version 1 \ |
| 51 | --kernelkey kernkey.test |
| 52 | |
| 53 | echo 'Verifying test firmware using vb2_verify_fw' |
| 54 | |
Bill Richardson | 5fb1463 | 2015-01-27 13:59:35 -0800 | [diff] [blame] | 55 | # Verify the firmware using vboot2 checks |
| 56 | ${BUILD_RUN}/tests/vb20_verify_fw gbb.test vblock.test body.test |
Randall Spangler | 539cbc2 | 2014-06-18 14:15:04 -0700 | [diff] [blame] | 57 | |
| 58 | happy 'vb2_verify_fw succeeded' |