Home | History | Annotate | Download | only in tests 
      1 #!/bin/bash
      2 
      3 # Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
      4 # Use of this source code is governed by a BSD-style license that can be
      5 # found in the LICENSE file.
      6 #
      7 # End-to-end test for vboot2 kernel verification
      8 
      9 # Load common constants and variables.
     10 . "$(dirname "$0")/common.sh"
     11 
     12 set -e
     13 
     14 CGPT=${BIN_DIR}/cgpt
     15 
     16 echo 'Creating test kernel'
     17 
     18 # Run tests in a dedicated directory for easy cleanup or debugging.
     19 DIR="${TEST_DIR}/load_kernel_test_dir"
     20 [ -d "$DIR" ] || mkdir -p "$DIR"
     21 echo "Testing kernel verification in $DIR"
     22 cd "$DIR"
     23 
     24 # Dummy kernel data
     25 echo "hi there" > "dummy_config.txt"
     26 dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin"
     27 dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin"
     28 
     29 # Pack kernel data key using original vboot utilities.
     30 ${FUTILITY} vbutil_key --pack datakey.test \
     31     --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4
     32 
     33 # Keyblock with kernel data key is signed by kernel subkey
     34 # Flags=5 means dev=0 rec=0
     35 ${FUTILITY} vbutil_keyblock --pack keyblock.test \
     36     --datapubkey datakey.test \
     37     --flags 5 \
     38     --signprivate ${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk
     39 
     40 # Kernel preamble is signed with the kernel data key
     41 ${FUTILITY} vbutil_kernel \
     42     --pack "kernel.test" \
     43     --keyblock "keyblock.test" \
     44     --signprivate ${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk \
     45     --version 1 \
     46     --arch arm \
     47     --vmlinuz "dummy_kernel.bin" \
     48     --bootloader "dummy_bootloader.bin" \
     49     --config "dummy_config.txt"
     50 
     51 echo 'Verifying test kernel'
     52 
     53 # Verify the kernel
     54 ${FUTILITY} vbutil_kernel \
     55     --verify "kernel.test" \
     56     --signpubkey ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk
     57 
     58 happy 'Kernel verification succeeded'
     59 
     60 # Now create a dummy disk image
     61 echo 'Creating test disk image'
     62 dd if=/dev/zero of=disk.test bs=1024 count=1024
     63 ${CGPT} create disk.test
     64 ${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test
     65 ${CGPT} show disk.test
     66 
     67 # And insert the kernel into it
     68 dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc
     69 
     70 # And verify it using futility
     71 echo 'Verifying test disk image'
     72 ${BUILD_RUN}/tests/verify_kernel disk.test \
     73     ${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk
     74 
     75 happy 'Image verification succeeded'
     76