vboot/tests/futility/test_show_vs_verify.sh

#!/bin/bash -eux
# Copyright 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

me=${0##*/}
TMP="$me.tmp"

# Work in scratch directory
cd "$OUTDIR"

# some stuff we'll need
DEVKEYS=${SRCDIR}/tests/devkeys

# The show command exits with 0 if the data is consistent.
# The verify command exits with 0 only if all the data is verified.

####  keyblock

${FUTILITY} show ${DEVKEYS}/firmware.keyblock

if ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock ; then false; fi

${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \
  --publickey ${DEVKEYS}/root_key.vbpubk


#### firmware vblock

# Get some bits to look at
${FUTILITY} dump_fmap -x ${SCRIPTDIR}/data/bios_peppy_mp.bin \
  GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a
${FUTILITY} gbb_utility -g -k ${TMP}.rootkey ${TMP}.gbb


${FUTILITY} show ${TMP}.vblock_a

${FUTILITY} show ${TMP}.vblock_a --publickey ${TMP}.rootkey

${FUTILITY} show ${TMP}.vblock_a \
  --publickey ${TMP}.rootkey \
  --fv ${TMP}.fw_main_a

if ${FUTILITY} verify ${TMP}.vblock_a ; then false ; fi

if ${FUTILITY} verify ${TMP}.vblock_a \
  --publickey ${TMP}.rootkey ; then false ; fi

${FUTILITY} verify ${TMP}.vblock_a \
  --publickey ${TMP}.rootkey \
  --fv ${TMP}.fw_main_a


#### kernel partition

${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin

${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \
  --publickey ${DEVKEYS}/kernel_subkey.vbpubk

${FUTILITY} show ${SCRIPTDIR}/data/rec_kernel_part.bin \
  --publickey ${DEVKEYS}/recovery_key.vbpubk

if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin ; then false ; fi

if ${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \
  --publickey ${DEVKEYS}/kernel_subkey.vbpubk ; then false ; fi

${FUTILITY} verify ${SCRIPTDIR}/data/rec_kernel_part.bin \
  --publickey ${DEVKEYS}/recovery_key.vbpubk


# cleanup
rm -rf ${TMP}*
exit 0