xref: /aosp_15_r20/external/vboot_reference/tests/futility/test_sign_kernel.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash -eux
2# Copyright 2014 The ChromiumOS Authors
3# Use of this source code is governed by a BSD-style license that can be
4# found in the LICENSE file.
5
6me=${0##*/}
7TMP="$me.tmp"
8
9# Work in scratch directory
10cd "$OUTDIR"
11
12DEVKEYS=${SRCDIR}/tests/devkeys
13
14echo "hi there" > "${TMP}.config.txt"
15echo "hello boys" > "${TMP}.config2.txt"
16dd if=/dev/urandom bs=512 count=1 of="${TMP}.bootloader.bin"
17dd if=/dev/urandom bs=1M count=16 of="${TMP}.kern_partition"
18
19# default padding
20padding=49152
21
22try_arch () {
23  local arch=$1
24
25  echo -n "${arch}: 1 " 1>&3
26
27  # pack it up the old way
28  "${FUTILITY}" --debug vbutil_kernel \
29    --pack "${TMP}.blob1.${arch}" \
30    --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
31    --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
32    --version 1 \
33    --config "${TMP}.config.txt" \
34    --bootloader "${TMP}.bootloader.bin" \
35    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
36    --arch "${arch}" \
37    --pad "${padding}" \
38    --kloadaddr 0x11000
39
40  # verify the old way
41  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob1.${arch}" \
42    --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify1"
43
44  # pack it up the new way
45  "${FUTILITY}" --debug sign \
46    --keyset "${DEVKEYS}/recovery_" \
47    --version 1 \
48    --config "${TMP}.config.txt" \
49    --bootloader "${TMP}.bootloader.bin" \
50    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
51    --arch "${arch}" \
52    --pad "${padding}" \
53    --kloadaddr 0x11000 \
54    --outfile "${TMP}.blob2.${arch}"
55
56  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob2.${arch}" \
57    --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify2"
58
59  # they should be identical
60  cmp "${TMP}.blob1.${arch}" "${TMP}.blob2.${arch}"
61  diff "${TMP}.verify1" "${TMP}.verify2"
62
63  echo -n "2 " 1>&3
64
65  # repack it the old way
66  "${FUTILITY}" --debug vbutil_kernel \
67    --repack "${TMP}.blob3.${arch}" \
68    --oldblob "${TMP}.blob1.${arch}" \
69    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
70    --keyblock "${DEVKEYS}/kernel.keyblock" \
71    --version 2 \
72    --pad "${padding}" \
73    --config "${TMP}.config2.txt" \
74
75  # verify the old way
76  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob3.${arch}" \
77    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify3"
78
79  # repack it the new way
80  "${FUTILITY}" --debug sign \
81    --keyset "${DEVKEYS}" \
82    --keyblock "${DEVKEYS}/kernel.keyblock" \
83    --version 2 \
84    --pad "${padding}" \
85    --config "${TMP}.config2.txt" \
86    "${TMP}.blob2.${arch}" \
87    "${TMP}.blob4.${arch}"
88
89  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob4.${arch}" \
90    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify4"
91
92  # they should be identical
93  cmp "${TMP}.blob3.${arch}" "${TMP}.blob4.${arch}"
94  diff "${TMP}.verify3" "${TMP}.verify4"
95
96  echo -n "3 " 1>&3
97
98  # repack it the new way, in-place
99  cp "${TMP}.blob2.${arch}" "${TMP}.blob5.${arch}"
100  "${FUTILITY}" --debug sign \
101    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
102    --keyblock "${DEVKEYS}/kernel.keyblock" \
103    --version 2 \
104    --pad "${padding}" \
105    --config "${TMP}.config2.txt" \
106    "${TMP}.blob5.${arch}"
107
108  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob5.${arch}" \
109    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify5"
110
111  # they should be identical
112  cmp "${TMP}.blob3.${arch}" "${TMP}.blob5.${arch}"
113  diff "${TMP}.verify3" "${TMP}.verify5"
114
115  # and now just the vblocks...
116  echo -n "4 " 1>&3
117
118  # pack the old way
119  "${FUTILITY}" vbutil_kernel \
120    --pack "${TMP}.blob1.${arch}.vb1" \
121    --vblockonly \
122    --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
123    --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
124    --version 1 \
125    --config "${TMP}.config.txt" \
126    --bootloader "${TMP}.bootloader.bin" \
127    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
128    --arch "${arch}" \
129    --pad "${padding}" \
130    --kloadaddr 0x11000
131
132  # compare this new vblock with the one from the full pack
133  dd bs="${padding}" count=1 if="${TMP}.blob1.${arch}" \
134     of="${TMP}.blob1.${arch}.vb0"
135  cmp "${TMP}.blob1.${arch}.vb0" "${TMP}.blob1.${arch}.vb1"
136
137  # pack the new way
138  "${FUTILITY}" --debug sign \
139    --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
140    --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
141    --version 1 \
142    --config "${TMP}.config.txt" \
143    --bootloader "${TMP}.bootloader.bin" \
144    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
145    --arch "${arch}" \
146    --pad "${padding}" \
147    --kloadaddr 0x11000 \
148    --vblockonly \
149    "${TMP}.blob2.${arch}.vb1"
150
151  # compare this new vblock with the one from the full pack
152  dd bs="${padding}" count=1 if="${TMP}.blob2.${arch}" \
153     of="${TMP}.blob2.${arch}.vb0"
154  cmp "${TMP}.blob2.${arch}.vb0" "${TMP}.blob2.${arch}.vb1"
155
156  echo -n "5 " 1>&3
157
158  # now repack the old way, again emitting just the vblock
159  "${FUTILITY}" vbutil_kernel \
160    --repack "${TMP}.blob3.${arch}.vb1" \
161    --vblockonly \
162    --oldblob "${TMP}.blob1.${arch}" \
163    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
164    --keyblock "${DEVKEYS}/kernel.keyblock" \
165    --version 2 \
166    --pad "${padding}" \
167    --config "${TMP}.config2.txt"
168
169  # compare the full repacked vblock with the new repacked vblock
170  dd bs="${padding}" count=1 if="${TMP}.blob3.${arch}" \
171     of="${TMP}.blob3.${arch}.vb0"
172  cmp "${TMP}.blob3.${arch}.vb0" "${TMP}.blob3.${arch}.vb1"
173
174  # extract just the kernel blob
175  dd bs="${padding}" skip=1 if="${TMP}.blob3.${arch}" \
176     of="${TMP}.blob3.${arch}.kb0"
177  # and verify it using the new vblock (no way to do that with vbutil_kernel)
178  "${FUTILITY}" --debug verify \
179    --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
180    --fv "${TMP}.blob3.${arch}.kb0" \
181    "${TMP}.blob3.${arch}.vb1" > "${TMP}.verify3v"
182
183  # repack the new way
184  "${FUTILITY}" --debug sign \
185    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
186    --keyblock "${DEVKEYS}/kernel.keyblock" \
187    --version 2 \
188    --config "${TMP}.config2.txt" \
189    --pad "${padding}" \
190    --vblockonly \
191    "${TMP}.blob2.${arch}" \
192    "${TMP}.blob4.${arch}.vb1" \
193
194  # compare the full repacked vblock with the new repacked vblock
195  dd bs="${padding}" count=1 if="${TMP}.blob4.${arch}" \
196     of="${TMP}.blob4.${arch}.vb0"
197  cmp "${TMP}.blob4.${arch}.vb0" "${TMP}.blob4.${arch}.vb1"
198
199  # extract just the kernel blob
200  dd bs="${padding}" skip=1 if="${TMP}.blob4.${arch}" \
201     of="${TMP}.blob4.${arch}.kb0"
202  # and verify it using the new vblock (no way to do that with vbutil_kernel)
203  "${FUTILITY}" --debug verify \
204    --publickey "${DEVKEYS}/kernel_subkey.vbpubk" \
205    --fv "${TMP}.blob4.${arch}.kb0" \
206    "${TMP}.blob4.${arch}.vb1" > "${TMP}.verify4v"
207
208
209  echo -n "6 " 1>&3
210
211  # Now lets repack some kernel partitions, not just blobs.
212  cp "${TMP}.kern_partition" "${TMP}.part1.${arch}"
213  dd if="${TMP}.blob1.${arch}" of="${TMP}.part1.${arch}" conv=notrunc
214
215  # Make sure the partitions verify
216  "${FUTILITY}" vbutil_kernel --verify "${TMP}.part1.${arch}" \
217    --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify6"
218
219  # The partition should verify the same way as the blob
220  diff "${TMP}.verify1" "${TMP}.verify6"
221
222  # repack it the old way
223  "${FUTILITY}" --debug vbutil_kernel \
224    --repack "${TMP}.part6.${arch}" \
225    --oldblob "${TMP}.part1.${arch}" \
226    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
227    --keyblock "${DEVKEYS}/kernel.keyblock" \
228    --version 2 \
229    --pad "${padding}" \
230    --config "${TMP}.config2.txt"
231
232  # verify the old way
233  "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}" \
234    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.old"
235
236  # this "partition" should actually be the same as the old-way blob
237  cmp "${TMP}.blob3.${arch}" "${TMP}.part6.${arch}"
238
239  # repack it the new way, in-place
240  cp "${TMP}.part1.${arch}" "${TMP}.part6.${arch}.new1"
241  "${FUTILITY}" --debug sign \
242    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
243    --keyblock "${DEVKEYS}/kernel.keyblock" \
244    --version 2 \
245    --pad "${padding}" \
246    --config "${TMP}.config2.txt" \
247    "${TMP}.part6.${arch}.new1"
248
249  "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}.new1" \
250    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.new1"
251
252  # The verification should be indentical
253  diff "${TMP}.verify6.old" "${TMP}.verify6.new1"
254  # But the content should only match up to the size of the kernel blob, since
255  # we're modifying an entire partition in-place.
256  blobsize=$(stat -c '%s' "${TMP}.part6.${arch}")
257  cmp -n "${blobsize}" "${TMP}.part6.${arch}" "${TMP}.part6.${arch}.new1"
258  # The rest of the partition should be unchanged.
259  cmp -i "${blobsize}" "${TMP}.part1.${arch}" "${TMP}.part6.${arch}.new1"
260
261  # repack it the new way, from input to output
262  cp "${TMP}.part1.${arch}" "${TMP}.part1.${arch}.in"
263  "${FUTILITY}" --debug sign \
264    --signprivate "${DEVKEYS}/kernel_data_key.vbprivk" \
265    --keyblock "${DEVKEYS}/kernel.keyblock" \
266    --version 2 \
267    --pad "${padding}" \
268    --config "${TMP}.config2.txt" \
269    "${TMP}.part1.${arch}.in" \
270    "${TMP}.part6.${arch}.new2"
271
272  "${FUTILITY}" vbutil_kernel --verify "${TMP}.part6.${arch}.new2" \
273    --signpubkey "${DEVKEYS}/kernel_subkey.vbpubk" > "${TMP}.verify6.new2"
274
275  # The input file should not have changed (just being sure).
276  cmp "${TMP}.part1.${arch}" "${TMP}.part1.${arch}.in"
277  # The verification should be indentical
278  diff "${TMP}.verify6.old" "${TMP}.verify6.new2"
279  # And creating a new output file should only emit a blob's worth
280  cmp "${TMP}.part6.${arch}" "${TMP}.part6.${arch}.new2"
281
282  # Note: We specifically do not test repacking with a different --kloadaddr,
283  # because the old way has a bug and does not update params->cmd_line_ptr to
284  # point at the new on-disk location. Apparently (and not surprisingly), no
285  # one has ever done that.
286
287  echo -n "7 " 1>&3
288
289  # Pack without optional arguments, the old way...
290  "${FUTILITY}" --debug vbutil_kernel \
291    --pack "${TMP}.blob7.${arch}.old" \
292    --keyblock "${DEVKEYS}/recovery_kernel.keyblock" \
293    --signprivate "${DEVKEYS}/recovery_kernel_data_key.vbprivk" \
294    --version 1 \
295    --config "${TMP}.config.txt" \
296    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
297    --arch "${arch}"
298
299  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob7.${arch}.old" \
300    --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify7.old"
301
302  # ...and the new way
303  "${FUTILITY}" --debug sign \
304    --keyset "${DEVKEYS}/recovery_" \
305    --config "${TMP}.config.txt" \
306    --vmlinuz "${SCRIPT_DIR}/futility/data/vmlinuz-${arch}.bin" \
307    --arch "${arch}" \
308    --outfile "${TMP}.blob7.${arch}.new"
309
310  "${FUTILITY}" vbutil_kernel --verify "${TMP}.blob7.${arch}.new" \
311     --signpubkey "${DEVKEYS}/recovery_key.vbpubk" > "${TMP}.verify7.new"
312
313  # they should be identical
314  cmp "${TMP}.blob7.${arch}.old" "${TMP}.blob7.${arch}.new"
315  diff "${TMP}.verify7.old" "${TMP}.verify7.new"
316
317}
318
319try_arch amd64
320try_arch arm
321
322# cleanup
323rm -rf "${TMP}"*
324exit 0
325