xref: /aosp_15_r20/external/vboot_reference/tests/futility/test_show_and_verify.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash -eux
2# Copyright 2023 The ChromiumOS Authors
3# Use of this source code is governed by a BSD-style license that can be
4# found in the LICENSE file.
5# Tests for 'futility show' and 'futility verify'.
6
7set -o pipefail
8
9ME="${0##*/}"
10TMP="${ME}.tmp"
11
12# Set to 1 to update the expected output
13UPDATE_MODE=0
14
15# Test case: <name> <file> <error_level> <extra_options>
16#   name: Test case name used to form the expected output file.
17#     For example, if name is "abc", then the expected output file will be
18#     "tests/futility/expect_output/show.abc".
19#   file: Input file.
20#   error_level:
21#     0: Both 'futility show' and 'futility verify' expected to succeed.
22#     1: 'show' expected to succeed, but 'verify' expected to fail.
23#     2: Both 'show' and 'verify' expected to fail.
24#   extra_options (optional): Extra options passed to 'show' or 'verify'.
25TEST_CASES=(
26  ## [type] pubkey/prikey
27  "root_key.vbpubk tests/devkeys/root_key.vbpubk 0"
28  "root_key.vbprivk tests/devkeys/root_key.vbprivk 0"
29  "parseable.root_key.vbpubk tests/devkeys/root_key.vbpubk 0 -P"
30  "parseable.root_key.vbprivk tests/devkeys/root_key.vbprivk 0 -P"
31  ## [type] pubkey21/prikey21 (-P not supported)
32  "sample.vbpubk2 tests/futility/data/sample.vbpubk2 0"
33  "sample.vbprik2 tests/futility/data/sample.vbprik2 0"
34  ## [type] pem (-P not supported)
35  "key_rsa2048.pem tests/testkeys/key_rsa2048.pem 0"
36  "key_rsa8192.pub.pem tests/testkeys/key_rsa8192.pub.pem 0"
37  ## [type] keyblock
38  "fw.keyblock tests/devkeys/firmware.keyblock 1"
39  "parseable.fw.keyblock tests/devkeys/firmware.keyblock 1 -P"
40  "fw.keyblock-pubkey tests/devkeys/firmware.keyblock 0 \
41    --publickey tests/devkeys/root_key.vbpubk"
42  "kernel.keyblock tests/devkeys/kernel.keyblock 1"
43  "parseable.kernel.keyblock tests/devkeys/kernel.keyblock 1 -P"
44  ## [type] fw_pre
45  "fw_vblock tests/futility/data/fw_vblock.bin 1"
46  "parseable.fw_vblock tests/futility/data/fw_vblock.bin 1 -P"
47  "fw_vblock-pubkey tests/futility/data/fw_vblock.bin 1 \
48    -k tests/futility/data/peppy_mp_root_key.vbpubk"
49  "fw_vblock-pubkey-with-fv tests/futility/data/fw_vblock.bin 0 \
50    -k tests/futility/data/peppy_mp_root_key.vbpubk \
51    --fv tests/futility/data/fw_main_peppy.bin"
52  "parseable.fw_vblock-pubkey-with-fv tests/futility/data/fw_vblock.bin 0 \
53    -k tests/futility/data/peppy_mp_root_key.vbpubk \
54    --fv tests/futility/data/fw_main_peppy.bin -P"
55  "fw_vblock-pubkey-wrong tests/futility/data/fw_vblock.bin 1 \
56    -k tests/devkeys/root_key.vbpubk \
57    --fv tests/futility/data/fw_main_peppy.bin"
58  "parseable.fw_vblock-pubkey-wrong tests/futility/data/fw_vblock.bin 1 \
59    -k tests/devkeys/root_key.vbpubk \
60    --fv tests/futility/data/fw_main_peppy.bin -P"
61  # invalid data key algorithm
62  # NOTE: '--type fw_pre' is necessary; otherwise the file will be recognized
63  # as a keyblock file and 'futility show' will succeed.
64  "fw_vblock_invalid_data_key \
65    tests/futility/data/fw_vblock_invalid_data_key.bin 2 --type fw_pre"
66  "parseable.fw_vblock_invalid_data_key \
67    tests/futility/data/fw_vblock_invalid_data_key.bin 2 --type fw_pre -P"
68  ## [type] gbb
69  "gbb tests/futility/data/fw_gbb.bin 0"
70  "parseable.gbb tests/futility/data/fw_gbb.bin 0 -P"
71  ## [type] bios
72  # valid bios with non-CBFS FW_MAIN_* sections
73  "bios_peppy tests/futility/data/bios_peppy_mp.bin 0"
74  "parseable.bios_peppy tests/futility/data/bios_peppy_mp.bin 0 -P"
75  # valid bios without VBOOT_CBFS_INTEGRATION
76  "bios_brya tests/futility/data/bios_brya_mp.bin 0"
77  "parseable.bios_brya tests/futility/data/bios_brya_mp.bin 0 -P"
78  # bios without VBOOT_CBFS_INTEGRATION; invalid keyblock in VBLOCK_B
79  "bios_brya_invalid_keyblock \
80    tests/futility/data/bios_brya_mp_invalid_vblock_b.bin 1"
81  "parseable.bios_brya_invalid_keyblock \
82    tests/futility/data/bios_brya_mp_invalid_vblock_b.bin 1 -P"
83  # bios with VBOOT_CBFS_INTEGRATION; invalid metadata hash in VBLOCK_B
84  "bios_coachz_cbfs tests/futility/data/bios_coachz_cbfs.bin 1"
85  "parseable.bios_coachz_cbfs tests/futility/data/bios_coachz_cbfs.bin 1 -P"
86  # valid bios with VBOOT_CBFS_INTEGRATION
87  "bios_geralt_cbfs tests/futility/data/bios_geralt_cbfs.bin 0"
88  "bios_geralt_cbfs tests/futility/data/bios_geralt_cbfs.bin 0 --type bios"
89  "parseable.bios_geralt_cbfs tests/futility/data/bios_geralt_cbfs.bin 0 \
90    --type bios -P"
91  ## [type] kernel
92  # kernel partition
93  "kernel tests/futility/data/kernel_part.bin 1"
94  "parseable.kernel tests/futility/data/kernel_part.bin 1 -P"
95  "kernel-pubkey tests/futility/data/kernel_part.bin 0 \
96    -k tests/futility/data/fw_dev_vblock.bin"
97  "kernel-pubkey tests/futility/data/kernel_part.bin 0 \
98    --type kernel -k tests/futility/data/fw_dev_vblock.bin"
99  "kernel-pubkey-wrong tests/futility/data/kernel_part.bin 1 \
100    --type kernel -k tests/futility/data/fw_vblock.bin"
101  "rec_kernel tests/futility/data/rec_kernel_part.bin 1"
102  "rec_kernel-pubkey tests/futility/data/rec_kernel_part.bin 0 \
103    -k tests/devkeys/recovery_key.vbpubk"
104  "parseable.rec_kernel-pubkey tests/futility/data/rec_kernel_part.bin 0 \
105    -k tests/devkeys/recovery_key.vbpubk -P"
106  "rec_kernel-pubkey-wrong tests/futility/data/rec_kernel_part.bin 1 \
107    -k tests/devkeys/kernel_subkey.vbpubk"
108  # kernel vblock
109  "kernel_vblock tests/futility/data/kernel_vblock.bin 1"
110  "parseable.kernel_vblock tests/futility/data/kernel_vblock.bin 1 -P"
111)
112
113check_diff()
114{
115  local gotfile="$1"
116  local wantfile="$2"
117  [[ "${UPDATE_MODE}" -gt 0 ]] && cp "${gotfile}" "${wantfile}"
118  diff "${gotfile}" "${wantfile}"
119}
120
121for test_case in "${TEST_CASES[@]}"; do
122  read -ra arr <<<"${test_case}"
123  name="${arr[0]}"
124  file="${arr[1]}"
125  level="${arr[2]}"
126  opts=()
127  if [ "${#arr[@]}" -gt 3 ]; then
128    opts=("${arr[@]:3}")
129  fi
130
131  outfile="show.${name}"
132  succ_gotfile="${OUTDIR}/${outfile}"
133  fail_gotfile="${OUTDIR}/${outfile}-fail"
134  wantfile="${SRCDIR}/tests/futility/expect_output/${outfile}"
135
136  succ_cmd=""
137  fail_cmd=""
138  if [ "${level}" -eq 0 ]; then
139    succ_cmd="verify"
140  elif [ "${level}" -eq 1 ]; then
141    succ_cmd="show"
142    fail_cmd="verify"
143  else
144    fail_cmd="show"
145  fi
146
147  if [ -n "${succ_cmd}" ]; then
148    ( cd "${SRCDIR}" && "${FUTILITY}" "${succ_cmd}" "${file}" "${opts[@]}" ) \
149      | tee "${succ_gotfile}"
150    check_diff "${succ_gotfile}" "${wantfile}"
151  fi
152
153  if [ -n "${fail_cmd}" ]; then
154    ( cd "${SRCDIR}" && ! "${FUTILITY}" "${fail_cmd}" "${file}" "${opts[@]}" ) \
155      | tee "${fail_gotfile}" \
156      || ( echo "Command expected to fail, but succeeded" && false )
157
158    # The output of 'show' and 'verify' should be the same.
159    check_diff "${fail_gotfile}" "${wantfile}"
160  fi
161done
162
163# cleanup
164rm -rf "${TMP}"*
165exit 0
166