| #!/bin/bash -eux |
| # Copyright 2014 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| me=${0##*/} |
| TMP="$me.tmp" |
| |
| # Work in scratch directory |
| cd "$OUTDIR" |
| |
| # some stuff we'll need |
| DEVKEYS=${SRCDIR}/tests/devkeys |
| |
| # The show command exits with 0 if the data is consistent. |
| # The verify command exits with 0 only if all the data is verified. |
| |
| #### keyblock |
| |
| ${FUTILITY} show ${DEVKEYS}/firmware.keyblock |
| |
| if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi |
| |
| ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \ |
| --publickey ${DEVKEYS}/root_key.vbpubk |
| |
| |
| #### firmware vblock |
| |
| # Get some bits to look at |
| ${FUTILITY} dump_fmap -x ${SCRIPTDIR}/data/bios_peppy_mp.bin \ |
| GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a |
| ${FUTILITY} gbb -g -k ${TMP}.rootkey ${TMP}.gbb |
| |
| |
| ${FUTILITY} show ${TMP}.vblock_a |
| |
| ${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey |
| |
| ${FUTILITY} show ${TMP}.vblock_a \ |
| --publickey ${TMP}.rootkey \ |
| --fv ${TMP}.fw_main_a |
| |
| if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi |
| |
| if ${FUTILITY} verify ${TMP}.vblock_a \ |
| --publickey ${TMP}.rootkey ; then false ; fi |
| |
| ${FUTILITY} verify ${TMP}.vblock_a \ |
| --publickey ${TMP}.rootkey \ |
| --fv ${TMP}.fw_main_a |
| |
| |
| #### kernel partition |
| |
| ${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin |
| |
| ${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \ |
| --publickey ${DEVKEYS}/kernel_subkey.vbpubk |
| |
| ${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \ |
| --publickey ${DEVKEYS}/recovery_key.vbpubk |
| |
| if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin ; then false ; fi |
| |
| if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \ |
| --publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi |
| |
| ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \ |
| --publickey ${DEVKEYS}/recovery_key.vbpubk |
| |
| |
| # cleanup |
| rm -rf ${TMP}* |
| exit 0 |