1#!/bin/bash -eux 2# Copyright 2015 The ChromiumOS Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6me=${0##*/} 7TMP="$me.tmp" 8 9# Work in scratch directory 10cd "$OUTDIR" 11 12# The signed input images are signed with dev keys. We resign the unsigned 13# images with the same keypair, to make sure that we're producing identical 14# binaries. 15 16DATADIR="${SCRIPT_DIR}/futility/data" 17TESTS="dingdong hoho minimuffin zinger" 18 19set -o pipefail 20 21count=0 22for test in $TESTS; do 23 24 : $(( count++ )) 25 echo -n "$count " 1>&3 26 27 pemfile="${DATADIR}/${test}.pem" 28 infile="${DATADIR}/${test}.unsigned" 29 goodfile="${DATADIR}/${test}.signed" 30 outfile="${TMP}.${test}.new" 31 32 # Signing the whole thing with futility should produce identical results 33 "${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" "${infile}" "${outfile}" 34 cmp "${goodfile}" "${outfile}" 35 36 # Now try signing just the RW part 37 size=$(stat -c '%s' "${infile}") 38 half=$(( size / 2 )) 39 40 newin="${TMP}.${test}.rw_in" 41 dd if="${infile}" bs="${half}" count=1 skip=1 of="${newin}" 42 newgood=${TMP}.${test}.rw_ok 43 dd if="${goodfile}" bs="${half}" count=1 skip=1 of="${newgood}" 44 newout="${TMP}.${test}.rw_out" 45 46 # Sign the RW part alone 47 "${FUTILITY}" sign --type usbpd1 --pem "${pemfile}" \ 48 --ro_size 0 \ 49 "${newin}" "${newout}" 50 cmp "${newgood}" "${newout}" 51 52done 53 54# cleanup 55rm -rf "${TMP}"* 56exit 0 57