vboot/tests/vb2_firmware_tests.sh

#!/bin/bash

# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# End-to-end test for vboot2 firmware verification

# Load common constants and variables.
. "$(dirname "$0")/common.sh"

set -e

echo 'Creating test firmware'

# Run tests in a dedicated directory for easy cleanup or debugging.
DIR="${TEST_DIR}/vb2fw_test_dir"
[ -d "$DIR" ] || mkdir -p "$DIR"
echo "Testing vb2_verify_fw in $DIR"
cd "$DIR"

# Dummy firmware body
echo 'This is a test firmware body.  This is only a test.  Lalalalala' \
    > body.test

# Pack keys using original vboot utilities
${FUTILITY} vbutil_key --pack rootkey.test \
    --key ${TESTKEY_DIR}/key_rsa8192.keyb --algorithm 11
${FUTILITY} vbutil_key --pack fwsubkey.test \
    --key ${TESTKEY_DIR}/key_rsa4096.keyb --algorithm 7
${FUTILITY} vbutil_key --pack kernkey.test \
    --key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4

# Create a GBB with the root key
${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test
${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \
  --rootkey=rootkey.test

# Keyblock with firmware subkey is signed by root key
${FUTILITY} vbutil_keyblock --pack keyblock.test \
    --datapubkey fwsubkey.test \
    --signprivate ${TESTKEY_DIR}/key_rsa8192.sha512.vbprivk

# Firmware preamble is signed with the firmware subkey
${FUTILITY} vbutil_firmware \
    --vblock vblock.test \
    --keyblock keyblock.test \
    --signprivate ${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk \
    --fv body.test \
    --version 1 \
    --kernelkey kernkey.test

echo 'Verifying test firmware using vb2_verify_fw'

# Verify the firmware using vboot2 checks
${BUILD_RUN}/tests/vb20_verify_fw gbb.test vblock.test body.test

happy 'vb2_verify_fw succeeded'