vboot/tests/run_vbutil_kernel_arg_tests.sh

#!/bin/bash -u
#
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Quick test of vbutil_kernel args, to make sure we can pack and unpack
# less-than-full-sized components.
#

# Load common constants and variables for tests.
. "$(dirname "$0")/common.sh"

# directories
DEVKEYS="${ROOT_DIR}/tests/devkeys"
DATA_DIR="${SCRIPT_DIR}/preamble_tests/data"
TMPDIR="${TEST_DIR}/vbutil_kernel_arg_tests_dir"
[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"

# Arbitrarily chosen keys and config file.
KEYBLOCK="${DATA_DIR}/kb_0_0.keyblock"
SIGNPRIVATE="${DATA_DIR}/data_0.vbprivk"
SIGNPUBLIC="${DATA_DIR}/root_0.vbpubk"
CONFIG="${DATA_DIR}/dummy_config.txt"

# Create some big and little files for the kernel and bootloader
BIG="${TMPDIR}/big.bin"
dd if=/dev/urandom bs=32768 count=1 of="${BIG}" 2>/dev/null
SMALL="${TMPDIR}/small.bin"
dd if=/dev/urandom bs=16 count=1 of="${SMALL}" 2>/dev/null

declare -a KERN_VALS
declare -a BOOT_VALS
KERN_VALS=("--vmlinuz=${BIG}" "--vmlinuz=${SMALL}")
BOOT_VALS=("--bootloader=${BIG}" "--bootloader=${SMALL}")

tests=0
errs=0

# Pack a bunch of stuff
k=0
while [ "$k" -lt "${#KERN_VALS[*]}" ]; do
  b=0
  while [ "$b" -lt "${#BOOT_VALS[*]}" ]; do
    echo -n "pack kern_${k}_${b}.vblock ... "
    : $(( tests++ ))
      "${FUTILITY}" vbutil_kernel \
        --pack "${TMPDIR}/kern_${k}_${b}.vblock" \
        --keyblock "${KEYBLOCK}" \
        --signprivate "${SIGNPRIVATE}" \
        --version 1 \
        --arch arm \
        --config "${CONFIG}" \
        "${KERN_VALS[$k]}" \
        "${BOOT_VALS[$k]}" >/dev/null
      if [ "$?" -ne 0 ]; then
        echo -e "${COL_RED}FAILED${COL_STOP}"
        : $(( errs++ ))
      else
        echo -e "${COL_GREEN}PASSED${COL_STOP}"
      fi
    : $(( b++ ))
  done
  : $(( k++ ))
done

# Now unpack it
for v in ${TMPDIR}/kern_*.vblock; do
  : $(( tests++ ))
  vv=$(basename "$v")
  echo -n "verify $vv ... "
  "${FUTILITY}" vbutil_kernel --verify "$v" >/dev/null
  if [ "$?" -ne 0 ]; then
    echo -e "${COL_RED}FAILED${COL_STOP}"
    : $(( errs++ ))
  else
    echo -e "${COL_GREEN}PASSED${COL_STOP}"
  fi
  : $(( tests++ ))
  echo -n "verify $vv signed ... "
  "${FUTILITY}" vbutil_kernel --verify "$v" \
    --signpubkey "${SIGNPUBLIC}" >/dev/null
  if [ "$?" -ne 0 ]; then
    echo -e "${COL_RED}FAILED${COL_STOP}"
    : $(( errs++ ))
  else
    echo -e "${COL_GREEN}PASSED${COL_STOP}"
  fi
done



# Test repacking a USB image for the SSD, the way the installer does.

set -e
# Pack for USB
USB_KERN="${TMPDIR}/usb_kern.bin"
USB_KEYBLOCK="${DEVKEYS}/recovery_kernel.keyblock"
USB_SIGNPRIVATE="${DEVKEYS}/recovery_kernel_data_key.vbprivk"
USB_SIGNPUBKEY="${DEVKEYS}/recovery_key.vbpubk"
echo -n "pack USB kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
  --pack "${USB_KERN}" \
  --keyblock "${USB_KEYBLOCK}" \
  --signprivate "${USB_SIGNPRIVATE}" \
  --version 1 \
  --config "${CONFIG}" \
  --bootloader "${BIG}" \
  --vmlinuz "${BIG}" \
  --arch arm
if [ "$?" -ne 0 ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

# And verify it.
echo -n "verify USB kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
  --verify "${USB_KERN}" \
  --signpubkey "${USB_SIGNPUBKEY}" >/dev/null
if [ "$?" -ne 0 ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

# Now we re-sign the same image using the normal keys. This is the kernel
# image that is put on the hard disk by the installer. Note: To save space on
# the USB image, we're only emitting the new verfication block, and the
# installer just replaces that part of the hard disk's kernel partition.
SSD_KERN="${TMPDIR}/ssd_kern.bin"
SSD_KEYBLOCK="${DEVKEYS}/kernel.keyblock"
SSD_SIGNPRIVATE="${DEVKEYS}/kernel_data_key.vbprivk"
SSD_SIGNPUBKEY="${DEVKEYS}/kernel_subkey.vbpubk"
echo -n "repack to SSD kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
  --repack "${SSD_KERN}" \
  --vblockonly \
  --keyblock "${SSD_KEYBLOCK}" \
  --signprivate "${SSD_SIGNPRIVATE}" \
  --oldblob "${TMPDIR}/usb_kern.bin" >/dev/null
if [ "$?" -ne 0 ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

# To verify it, we have to replace the vblock from the original image.
tempfile="${TMPDIR}/foo.bin"
cat "${SSD_KERN}" > "$tempfile"
dd if="${USB_KERN}" bs=65536 skip=1 >> $tempfile 2>/dev/null

echo -n "verify SSD kernel ... "
: $(( tests++ ))
"${FUTILITY}" vbutil_kernel \
  --verify "$tempfile" \
  --signpubkey "${SSD_SIGNPUBKEY}" >/dev/null
if [ "$?" -ne 0 ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

# Finally make sure that the kernel command line stays good.
orig=$(cat "${CONFIG}" | tr '\012' ' ')
packed=$("${FUTILITY}" dump_kernel_config "${USB_KERN}")
echo -n "check USB kernel config ..."
: $(( tests++ ))
if [ "$orig" != "$packed" ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

repacked=$("${FUTILITY}" dump_kernel_config "${tempfile}")
echo -n "check SSD kernel config ..."
: $(( tests++ ))
if [ "$orig" != "$packed" ]; then
  echo -e "${COL_RED}FAILED${COL_STOP}"
  : $(( errs++ ))
else
  echo -e "${COL_GREEN}PASSED${COL_STOP}"
fi

# Summary
ME=$(basename "$0")
if [ "$errs" -ne 0 ]; then
  echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
  exit 1
fi
happy "${ME}: All ${tests} tests passed"
exit 0