1#!/bin/bash -eux
2# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
3# Use of this source code is governed by a BSD-style license that can be
4# found in the LICENSE file.
5
6me=${0##*/}
7TMP="$me.tmp"
8
9# Work in scratch directory
10cd "$OUTDIR"
11
12DEVKEYS=${SRCDIR}/tests/devkeys
13TESTKEYS=${SRCDIR}/tests/testkeys
14
15echo 'Creating test kernel'
16
17# Dummy kernel data
18echo "hi there" > ${TMP}.config.txt
19dd if=/dev/urandom bs=16384 count=1 of=${TMP}.bootloader.bin
20dd if=/dev/urandom bs=32768 count=1 of=${TMP}.kernel.bin
21
22# Pack kernel data key using original vboot utilities.
23${FUTILITY} vbutil_key --pack ${TMP}.datakey.test \
24    --key ${TESTKEYS}/key_rsa2048.keyb --algorithm 4
25
26# Keyblock with kernel data key is signed by kernel subkey
27# Flags=5 means dev=0 rec=0
28${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock.test \
29    --datapubkey ${TMP}.datakey.test \
30    --flags 5 \
31    --signprivate ${DEVKEYS}/kernel_subkey.vbprivk
32
33# Kernel preamble is signed with the kernel data key
34${FUTILITY} vbutil_kernel \
35    --pack ${TMP}.kernel.test \
36    --keyblock ${TMP}.keyblock.test \
37    --signprivate ${TESTKEYS}/key_rsa2048.sha256.vbprivk \
38    --version 1 \
39    --arch arm \
40    --vmlinuz ${TMP}.kernel.bin \
41    --bootloader ${TMP}.bootloader.bin \
42    --config ${TMP}.config.txt
43
44echo 'Verifying test kernel'
45
46# Verify the kernel
47${FUTILITY} show ${TMP}.kernel.test \
48    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
49  | egrep 'Signature.*valid'
50
51echo 'Test kernel blob looks good'
52
53# Mess up the padding, make sure it fails.
54rc=0
55${FUTILITY} show ${TMP}.kernel.test \
56    --pad 0x100 \
57    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
58  || rc=$?
59[ $rc -ne 0 ]
60[ $rc -lt 128 ]
61
62echo 'Invalid args are invalid'
63
64# Look waaaaaay off the end of the file, make sure it fails.
65rc=0
66${FUTILITY} show ${TMP}.kernel.test \
67    --pad 0x100000 \
68    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
69  || rc=$?
70[ $rc -ne 0 ]
71[ $rc -lt 128 ]
72
73echo 'Really invalid args are still invalid'
74
75# cleanup
76rm -rf ${TMP}*
77exit 0
78