1#!/bin/sh 2# Copyright 2018 The Chromium OS Authors. All rights reserved. 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6# gen_test_images.sh BOARD IMAGE 7# Generate test images from any premp/mp signed image. 8 9set -e 10 11BOARD=$1 12IMAGE=$(readlink -f "$2") 13DIRNAME=$(dirname "$(readlink -f "$0")") 14KEY=${DIRNAME}/fingerprint_dev_keys/${BOARD}/dev_key.pem 15# Increment to different rollback versions 16ROLLBACK0=00000000 17ROLLBACK1=01000000 18ROLLBACK9=09000000 19 20rm -rf images 21mkdir images 22cd images 23 24# Use original image for some tests. 25cp "${IMAGE}" "${BOARD}.bin" 26 27# Use futility included in autotest source no matter if we are in chroot or lxc 28# container, so that it's easier to notice if things break. 29alias futility='${DIRNAME}'/futility 30 31# Generate dev key set 32futility create --desc="${BOARD} dev key" "${KEY}" key 33 34# Pick up RO and RW version (only take up to 27 bytes, to leave an extra 35# 4 bytes for .dev/.rbX tag, and terminating \0. 36ro_version_offset=$(futility dump_fmap "${IMAGE}" RO_FRID | \ 37 sed -n 's/area_offset: *//p') 38ro_version=$(dd if="${IMAGE}" bs=1 skip=$((ro_version_offset)) count=27) 39rw_version_offset=$(futility dump_fmap "${IMAGE}" RW_FWID | \ 40 sed -n 's/area_offset: *//p') 41rw_version=$(dd if="${IMAGE}" bs=1 skip=$((rw_version_offset)) count=27) 42 43# Hack the version string 44cp "${IMAGE}" "${BOARD}.dev" 45printf '%s' "${ro_version}.dev" | \ 46 dd of="${BOARD}.dev" bs=1 seek=$((ro_version_offset)) count=32 conv=notrunc 47printf '%s' "${rw_version}.dev" | \ 48 dd of="${BOARD}.dev" bs=1 seek=$((rw_version_offset)) count=32 conv=notrunc 49 50# Resign the image with dev key 51echo "Generating image signed with dev keys:" 52KEY_NAME=key.vbprik2 53futility sign --type rwsig --prikey "${KEY_NAME}" --version 1 "${BOARD}.dev" 54 55# Show signature 56futility show "${BOARD}.dev" 57 58echo "Generating image with rollback = 0:" 59 60printf "Current rollback version: " 61rb_offset=$(futility dump_fmap "${BOARD}.dev" RW_RBVER \ 62 | sed -n 's/area_offset: *//p') 63dd if="${BOARD}.dev" bs=1 skip=$((rb_offset)) count=4 2>/dev/null | xxd -l 4 -p 64 65cp "${BOARD}.dev" "${BOARD}.dev.rb0" 66# Decrement rollback to 0 67echo "${ROLLBACK0}" | \ 68 xxd -g 4 -p -r | \ 69 dd of="${BOARD}.dev.rb0" bs=1 seek=$((rb_offset)) count=4 conv=notrunc 70# Hack the version string 71printf '%s' "${rw_version}.rb0" | \ 72 dd of="${BOARD}.dev.rb0" bs=1 seek=$((rw_version_offset)) \ 73 count=32 conv=notrunc 74# Resign the image with dev key 75futility sign --type rwsig --prikey "${KEY_NAME}" --version 1 "${BOARD}.dev.rb0" 76 77 78echo "Generating image with rollback = 1:" 79 80printf "Current rollback version: " 81rb_offset=$(futility dump_fmap "${BOARD}.dev" RW_RBVER | \ 82 sed -n 's/area_offset: *//p') 83dd if="${BOARD}.dev" bs=1 skip=$((rb_offset)) count=4 2>/dev/null | xxd -l 4 -p 84 85cp "${BOARD}.dev" "${BOARD}.dev.rb1" 86# Increment rollback to 1 87echo "${ROLLBACK1}" | \ 88 xxd -g 4 -p -r | \ 89 dd of="${BOARD}.dev.rb1" bs=1 seek=$((rb_offset)) count=4 conv=notrunc 90# Hack the version string 91printf '%s' "${rw_version}.rb1" | \ 92 dd of="${BOARD}.dev.rb1" bs=1 seek=$((rw_version_offset)) \ 93 count=32 conv=notrunc 94# Resign the image with dev key 95futility sign --type rwsig --prikey "${KEY_NAME}" --version 1 "${BOARD}.dev.rb1" 96 97echo "Generating image with rollback = 9:" 98 99printf "Current rollback version: " 100rb_offset=$(futility dump_fmap "${BOARD}.dev" RW_RBVER | \ 101 sed -n 's/area_offset: *//p') 102dd if="${BOARD}.dev" bs=1 skip=$((rb_offset)) count=4 2>/dev/null | xxd -l 4 -p 103 104cp "${BOARD}.dev" "${BOARD}.dev.rb9" 105# Increment rollback to 9 106echo "${ROLLBACK9}" | \ 107 xxd -g 4 -p -r | \ 108 dd of="${BOARD}.dev.rb9" bs=1 seek=$((rb_offset)) count=4 conv=notrunc 109# Hack the version string 110printf '%s' "${rw_version}.rb9" | \ 111 dd of="${BOARD}.dev.rb9" bs=1 seek=$((rw_version_offset)) \ 112 count=32 conv=notrunc 113# Resign the image with dev key 114futility sign --type rwsig --prikey "${KEY_NAME}" --version 1 "${BOARD}.dev.rb9" 115 116 117echo "Generating image with bits corrupted at start of image:" 118cp "${IMAGE}" "${BOARD}_corrupt_first_byte.bin" 119offset=$(futility dump_fmap "${BOARD}_corrupt_first_byte.bin" EC_RW | \ 120 sed -n 's/area_offset: *//p') 121dd if=/dev/random of="${BOARD}_corrupt_first_byte.bin" bs=1 \ 122 seek=$((offset+100)) count=1 conv=notrunc 123 124echo "Generating image with bits corrupted at end of image:" 125cp "${IMAGE}" "${BOARD}_corrupt_last_byte.bin" 126offset=$(futility dump_fmap "${BOARD}_corrupt_last_byte.bin" SIG_RW | \ 127 sed -n 's/area_offset: *//p') 128dd if=/dev/zero of="${BOARD}_corrupt_last_byte.bin" bs=1 \ 129 seek=$((offset-100)) count=1 conv=notrunc 130 131# hexdumps are always nice to have to do diffs 132for image in "${BOARD}.bin" "${BOARD}_corrupt_first_byte.bin" \ 133 "${BOARD}_corrupt_last_byte.bin" "${BOARD}.dev" "${BOARD}.dev.rb0" \ 134 "${BOARD}.dev.rb1" "${BOARD}.dev.rb9"; do 135 xxd "${image}" > "${image}.hex" 136done 137 138