1#!/bin/bash -u
2#
3# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6#
7# This tests that vblocks using pre-3.0 versions of VbFirmwarePreambleHeader
8# and VbKernelPreambleHeader will still verify (or not) correctly. We need to
9# keep the old versions around to make sure that we can still sign images in
10# the ways that existing devices can validate.
11
12# Load common constants and variables for tests.
13. "$(dirname "$0")/common.sh"
14
15if [ "${1:---some}" == "--all" ] ; then
16    # all algs
17    algs="0 1 2 3 4 5 6 7 8 9 10 11"
18else
19    # just the algs we use
20    algs="4 7 11"
21fi
22
23# output directories
24PREAMBLE_DIR="${SCRIPT_DIR}/preamble_tests"
25DATADIR="${PREAMBLE_DIR}/data"
26V2DIR="${PREAMBLE_DIR}/preamble_v2x"
27
28tests=0
29errs=0
30
31# Check the firmware results
32for d in $algs; do
33  for r in $algs; do
34    for rr in $algs; do
35      if [ "$r" = "$rr" ]; then
36        what="verify"
37        cmp="-ne"
38      else
39        what="reject"
40        cmp="-eq"
41      fi
42      : $(( tests++ ))
43      echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... "
44      "${FUTILITY}" vbutil_firmware \
45        --verify "${V2DIR}/fw_${d}_${r}.vblock" \
46        --signpubkey "${DATADIR}/root_${rr}.vbpubk" \
47        --fv "${DATADIR}/FWDATA" >/dev/null 2>&1
48      if [ "$?" "$cmp" 0 ]; then
49        echo -e "${COL_RED}FAILED${COL_STOP}"
50        : $(( errs++ ))
51      else
52        echo -e "${COL_GREEN}PASSED${COL_STOP}"
53      fi
54    done
55  done
56done
57
58
59# Check the kernel results
60for d in $algs; do
61  for r in $algs; do
62    for rr in $algs; do
63      if [ "$r" = "$rr" ]; then
64        what="verify"
65        cmp="-ne"
66      else
67        what="reject"
68        cmp="-eq"
69      fi
70      : $(( tests++ ))
71      echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... "
72      "${FUTILITY}" vbutil_kernel \
73        --verify "${V2DIR}/kern_${d}_${r}.vblock" \
74        --signpubkey "${DATADIR}/root_${rr}.vbpubk" >/dev/null 2>&1
75      if [ "$?" "$cmp" 0 ]; then
76        echo -e "${COL_RED}FAILED${COL_STOP}"
77        : $(( errs++ ))
78      else
79        echo -e "${COL_GREEN}PASSED${COL_STOP}"
80      fi
81    done
82  done
83done
84
85
86# Check the kernel results
87for d in $algs; do
88  for r in $algs; do
89      : $(( tests++ ))
90      echo -n "verify kern_${d}_${r}.vblock with hash only ... "
91      "${FUTILITY}" vbutil_kernel \
92          --verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
93      if [ "$?" -ne 0 ]; then
94        echo -e "${COL_RED}FAILED${COL_STOP}"
95        : $(( errs++ ))
96      else
97        echo -e "${COL_GREEN}PASSED${COL_STOP}"
98      fi
99  done
100done
101
102
103# Summary
104ME=$(basename "$0")
105if [ "$errs" -ne 0 ]; then
106  echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
107  exit 1
108fi
109happy "${ME}: All ${tests} tests passed"
110exit 0
111