| #!/bin/bash -eux |
| # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| me=${0##*/} |
| TMP="$me.tmp" |
| |
| # Work in scratch directory |
| cd "$OUTDIR" |
| |
| DEVKEYS="${SRCDIR}/tests/devkeys" |
| TESTKEYS="${SRCDIR}/tests/testkeys" |
| |
| echo 'Creating test kernel' |
| |
| # Dummy kernel data |
| echo "hi there" > "${TMP}.config.txt" |
| dd if=/dev/urandom bs=16384 count=1 of="${TMP}.bootloader.bin" |
| dd if=/dev/urandom bs=32768 count=1 of="${TMP}.kernel.bin" |
| |
| # Pack kernel data key using original vboot utilities. |
| "${FUTILITY}" vbutil_key --pack "${TMP}.datakey.test" \ |
| --key "${TESTKEYS}/key_rsa2048.keyb" --algorithm 4 |
| |
| # Keyblock with kernel data key is signed by kernel subkey |
| # Flags=5 means dev=0 rec=0 |
| "${FUTILITY}" vbutil_keyblock --pack "${TMP}.keyblock.test" \ |
| --datapubkey "${TMP}.datakey.test" \ |
| --flags 5 \ |
| --signprivate "${DEVKEYS}/kernel_subkey.vbprivk" |
| |
| # Kernel preamble is signed with the kernel data key |
| "${FUTILITY}" vbutil_kernel \ |
| --pack "${TMP}.kernel.test" \ |
| --keyblock "${TMP}.keyblock.test" \ |
| --signprivate "${TESTKEYS}/key_rsa2048.sha256.vbprivk" \ |
| --version 1 \ |
| --arch arm \ |
| --vmlinuz "${TMP}.kernel.bin" \ |
| --bootloader "${TMP}.bootloader.bin" \ |
| --config "${TMP}.config.txt" |
| |
| echo 'Verifying test kernel' |
| |
| # Verify the kernel |
| "${FUTILITY}" show "${TMP}.kernel.test" \ |
| --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \ |
| | grep -E 'Signature.*valid' |
| |
| echo 'Test kernel blob looks good' |
| |
| # Mess up the padding, make sure it fails. |
| rc=0 |
| "${FUTILITY}" show "${TMP}.kernel.test" \ |
| --pad 0x100 \ |
| --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \ |
| || rc=$? |
| [ $rc -ne 0 ] |
| [ $rc -lt 128 ] |
| |
| echo 'Invalid args are invalid' |
| |
| # Look waaaaaay off the end of the file, make sure it fails. |
| rc=0 |
| "${FUTILITY}" show "${TMP}.kernel.test" \ |
| --pad 0x100000 \ |
| --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \ |
| || rc=$? |
| [ $rc -ne 0 ] |
| [ $rc -lt 128 ] |
| |
| echo 'Really invalid args are still invalid' |
| |
| # cleanup |
| rm -rf "${TMP}"* |
| exit 0 |