1 #!/bin/bash 2 3 # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 # 7 # End-to-end test for vboot2 firmware verification 8 9 # Load common constants and variables. 10 . "$(dirname "$0")/common.sh" 11 12 set -e 13 14 echo 'Creating test firmware' 15 16 # Run tests in a dedicated directory for easy cleanup or debugging. 17 DIR="${TEST_DIR}/vb2fw_test_dir" 18 [ -d "$DIR" ] || mkdir -p "$DIR" 19 echo "Testing vb2_verify_fw in $DIR" 20 cd "$DIR" 21 22 # Dummy firmware body 23 echo 'This is a test firmware body. This is only a test. Lalalalala' \ 24 > body.test 25 26 # Pack keys using original vboot utilities 27 ${FUTILITY} vbutil_key --pack rootkey.test \ 28 --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11 29 ${FUTILITY} vbutil_key --pack fwsubkey.test \ 30 --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7 31 ${FUTILITY} vbutil_key --pack kernkey.test \ 32 --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4 33 34 # Create a GBB with the root key 35 ${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test 36 ${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \ 37 --rootkey=rootkey.test 38 39 # Keyblock with firmware subkey is signed by root key 40 ${FUTILITY} vbutil_keyblock --pack keyblock.test \ 41 --datapubkey fwsubkey.test \ 42 --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk 43 44 # Firmware preamble is signed with the firmware subkey 45 ${FUTILITY} vbutil_firmware \ 46 --vblock vblock.test \ 47 --keyblock keyblock.test \ 48 --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \ 49 --fv body.test \ 50 --version 1 \ 51 --kernelkey kernkey.test 52 53 echo 'Verifying test firmware using vb2_verify_fw' 54 55 # Verify the firmware using vboot2 checks 56 ${BUILD_RUN}/tests/vb20_verify_fw gbb.test vblock.test body.test 57 58 happy 'vb2_verify_fw succeeded' 59
