blob: 4cfdca759a7a1de8916d01d2b4812b5d74f199b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/bin/bash
# Copyright 2014 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# End-to-end test for vboot2 kernel verification
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
set -e
CGPT=${BIN_DIR}/cgpt
echo 'Creating test kernel'
# Run tests in a dedicated directory for easy cleanup or debugging.
DIR="${TEST_DIR}/load_kernel_test_dir"
[ -d "$DIR" ] || mkdir -p "$DIR"
echo "Testing kernel verification in $DIR"
cd "$DIR"
# Dummy kernel data
echo "hi there" > "dummy_config.txt"
dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin"
dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin"
# Pack kernel data key using original vboot utilities.
"${FUTILITY}" vbutil_key --pack datakey.test \
--key "${TESTKEY_DIR}/key_rsa2048.keyb" --algorithm 4
# Keyblock with kernel data key is signed by kernel subkey
# Flags=21 means dev=0 rec=0 minios=0
"${FUTILITY}" vbutil_keyblock --pack keyblock.test \
--datapubkey datakey.test \
--flags 21 \
--signprivate "${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk"
# Kernel preamble is signed with the kernel data key
"${FUTILITY}" vbutil_kernel \
--pack "kernel.test" \
--keyblock "keyblock.test" \
--signprivate "${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk" \
--version 1 \
--arch arm \
--vmlinuz "dummy_kernel.bin" \
--bootloader "dummy_bootloader.bin" \
--config "dummy_config.txt"
echo 'Verifying test kernel'
# Verify the kernel
"${FUTILITY}" vbutil_kernel \
--verify "kernel.test" \
--signpubkey "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
happy 'Kernel verification succeeded'
# Now create a dummy disk image
echo 'Creating test disk image'
dd if=/dev/zero of=disk.test bs=1024 count=1024
${CGPT} create disk.test
${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test
${CGPT} show disk.test
# And insert the kernel into it
dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc
# And verify it using futility
echo 'Verifying test disk image'
"${BUILD_RUN}/tests/verify_kernel" disk.test \
"${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
happy 'Image verification succeeded'
|
