| # Copyright 2021 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/dev.gni") |
| |
| # Check the kernel cmdline extracted from ZBI against a golden file. |
| # |
| # The target that generates 'zbi' need to be added to deps. |
| # |
| # Parameters |
| # |
| # zbi |
| # Required: Path to the ZBI image to extract kernel cmdline from. |
| # golden |
| # Required: Path to the golden file that contains golden kernel cmdline in |
| # a format of one cmdline entry per line. |
| |
| template("kernel_cmdline_verify") { |
| assert(defined(invoker.zbi), "kernel_cmdline_verify() must specify zbi") |
| assert(defined(invoker.golden), "kernel_cmdline_verify() must specify golden") |
| |
| action("${target_name}") { |
| forward_variables_from(invoker, [ "testonly" ]) |
| |
| script = "//build/zbi/verify_zbi_kernel_cmdline.py" |
| stamp_file = "$target_gen_dir/$target_name.verified" |
| scrutiny_target = "//src/security/scrutiny/bin($host_toolchain)" |
| scrutiny_tool = |
| get_label_info(scrutiny_target, "root_out_dir") + "/scrutiny" |
| |
| inputs = [ |
| scrutiny_tool, |
| invoker.golden, |
| invoker.zbi, |
| ] |
| |
| outputs = [ stamp_file ] |
| |
| args = [ |
| "--zbi-file", |
| rebase_path(inputs[2], root_build_dir), |
| "--kernel-cmdline-golden-file", |
| rebase_path(invoker.golden, root_build_dir), |
| "--scrutiny", |
| rebase_path(scrutiny_tool, root_build_dir), |
| "--fuchsia-dir", |
| rebase_path("//", root_build_dir), |
| "--stamp", |
| rebase_path(stamp_file, root_build_dir), |
| ] |
| |
| deps = [ scrutiny_target ] |
| |
| if (defined(invoker.deps)) { |
| deps += invoker.deps |
| } |
| } |
| } |