1 #!/bin/bash 2 3 # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 # 7 # End-to-end test for vboot2 kernel verification 8 9 # Load common constants and variables. 10 . "$(dirname "$0")/common.sh" 11 12 set -e 13 14 CGPT=${BIN_DIR}/cgpt 15 16 echo 'Creating test kernel' 17 18 # Run tests in a dedicated directory for easy cleanup or debugging. 19 DIR="${TEST_DIR}/load_kernel_test_dir" 20 [ -d "$DIR" ] || mkdir -p "$DIR" 21 echo "Testing kernel verification in $DIR" 22 cd "$DIR" 23 24 # Dummy kernel data 25 echo "hi there" > "dummy_config.txt" 26 dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin" 27 dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin" 28 29 # Pack kernel data key using original vboot utilities. 30 ${FUTILITY} vbutil_key --pack datakey.test \ 31 --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 32 33 # Keyblock with kernel data key is signed by kernel subkey 34 # Flags=5 means dev=0 rec=0 35 ${FUTILITY} vbutil_keyblock --pack keyblock.test \ 36 --datapubkey datakey.test \ 37 --flags 5 \ 38 --signprivate ${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk 39 40 # Kernel preamble is signed with the kernel data key 41 ${FUTILITY} vbutil_kernel \ 42 --pack "kernel.test" \ 43 --keyblock "keyblock.test" \ 44 --signprivate ${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk \ 45 --version 1 \ 46 --arch arm \ 47 --vmlinuz "dummy_kernel.bin" \ 48 --bootloader "dummy_bootloader.bin" \ 49 --config "dummy_config.txt" 50 51 echo 'Verifying test kernel' 52 53 # Verify the kernel 54 ${FUTILITY} vbutil_kernel \ 55 --verify "kernel.test" \ 56 --signpubkey ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk 57 58 happy 'Kernel verification succeeded' 59 60 # Now create a dummy disk image 61 echo 'Creating test disk image' 62 dd if=/dev/zero of=disk.test bs=1024 count=1024 63 ${CGPT} create disk.test 64 ${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test 65 ${CGPT} show disk.test 66 67 # And insert the kernel into it 68 dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc 69 70 # And verify it using futility 71 echo 'Verifying test disk image' 72 ${BUILD_RUN}/tests/verify_kernel disk.test \ 73 ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk 74 75 happy 'Image verification succeeded' 76