xref: /aosp_15_r20/external/vboot_reference/tests/load_kernel_tests.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1*8617a60dSAndroid Build Coastguard Worker#!/bin/bash
2*8617a60dSAndroid Build Coastguard Worker
3*8617a60dSAndroid Build Coastguard Worker# Copyright 2014 The ChromiumOS Authors
4*8617a60dSAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be
5*8617a60dSAndroid Build Coastguard Worker# found in the LICENSE file.
6*8617a60dSAndroid Build Coastguard Worker#
7*8617a60dSAndroid Build Coastguard Worker# End-to-end test for vboot2 kernel verification
8*8617a60dSAndroid Build Coastguard Worker
9*8617a60dSAndroid Build Coastguard Worker# Load common constants and variables.
10*8617a60dSAndroid Build Coastguard Worker. "$(dirname "$0")/common.sh"
11*8617a60dSAndroid Build Coastguard Worker
12*8617a60dSAndroid Build Coastguard Workerset -e
13*8617a60dSAndroid Build Coastguard Worker
14*8617a60dSAndroid Build Coastguard WorkerCGPT=${BIN_DIR}/cgpt
15*8617a60dSAndroid Build Coastguard Worker
16*8617a60dSAndroid Build Coastguard Workerecho 'Creating test kernel'
17*8617a60dSAndroid Build Coastguard Worker
18*8617a60dSAndroid Build Coastguard Worker# Run tests in a dedicated directory for easy cleanup or debugging.
19*8617a60dSAndroid Build Coastguard WorkerDIR="${TEST_DIR}/load_kernel_test_dir"
20*8617a60dSAndroid Build Coastguard Worker[ -d "$DIR" ] || mkdir -p "$DIR"
21*8617a60dSAndroid Build Coastguard Workerecho "Testing kernel verification in $DIR"
22*8617a60dSAndroid Build Coastguard Workercd "$DIR"
23*8617a60dSAndroid Build Coastguard Worker
24*8617a60dSAndroid Build Coastguard Worker# Dummy kernel data
25*8617a60dSAndroid Build Coastguard Workerecho "hi there" > "dummy_config.txt"
26*8617a60dSAndroid Build Coastguard Workerdd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin"
27*8617a60dSAndroid Build Coastguard Workerdd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin"
28*8617a60dSAndroid Build Coastguard Worker
29*8617a60dSAndroid Build Coastguard Worker# Pack kernel data key using original vboot utilities.
30*8617a60dSAndroid Build Coastguard Worker"${FUTILITY}" vbutil_key --pack datakey.test \
31*8617a60dSAndroid Build Coastguard Worker    --key "${TESTKEY_DIR}/key_rsa2048.keyb" --algorithm 4
32*8617a60dSAndroid Build Coastguard Worker
33*8617a60dSAndroid Build Coastguard Worker# Keyblock with kernel data key is signed by kernel subkey
34*8617a60dSAndroid Build Coastguard Worker# Flags=21 means dev=0 rec=0 minios=0
35*8617a60dSAndroid Build Coastguard Worker"${FUTILITY}" vbutil_keyblock --pack keyblock.test \
36*8617a60dSAndroid Build Coastguard Worker    --datapubkey datakey.test \
37*8617a60dSAndroid Build Coastguard Worker    --flags 21 \
38*8617a60dSAndroid Build Coastguard Worker    --signprivate "${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk"
39*8617a60dSAndroid Build Coastguard Worker
40*8617a60dSAndroid Build Coastguard Worker# Kernel preamble is signed with the kernel data key
41*8617a60dSAndroid Build Coastguard Worker"${FUTILITY}" vbutil_kernel \
42*8617a60dSAndroid Build Coastguard Worker    --pack "kernel.test" \
43*8617a60dSAndroid Build Coastguard Worker    --keyblock "keyblock.test" \
44*8617a60dSAndroid Build Coastguard Worker    --signprivate "${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk" \
45*8617a60dSAndroid Build Coastguard Worker    --version 1 \
46*8617a60dSAndroid Build Coastguard Worker    --arch arm \
47*8617a60dSAndroid Build Coastguard Worker    --vmlinuz "dummy_kernel.bin" \
48*8617a60dSAndroid Build Coastguard Worker    --config "dummy_config.txt"
49*8617a60dSAndroid Build Coastguard Worker
50*8617a60dSAndroid Build Coastguard Workerecho 'Verifying test kernel'
51*8617a60dSAndroid Build Coastguard Worker
52*8617a60dSAndroid Build Coastguard Worker# Verify the kernel
53*8617a60dSAndroid Build Coastguard Worker"${FUTILITY}" vbutil_kernel \
54*8617a60dSAndroid Build Coastguard Worker    --verify "kernel.test" \
55*8617a60dSAndroid Build Coastguard Worker    --signpubkey "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
56*8617a60dSAndroid Build Coastguard Worker
57*8617a60dSAndroid Build Coastguard Workerhappy 'Kernel verification succeeded'
58*8617a60dSAndroid Build Coastguard Worker
59*8617a60dSAndroid Build Coastguard Worker# Now create a dummy disk image
60*8617a60dSAndroid Build Coastguard Workerecho 'Creating test disk image'
61*8617a60dSAndroid Build Coastguard Workerdd if=/dev/zero of=disk.test bs=1024 count=1024
62*8617a60dSAndroid Build Coastguard Worker${CGPT} create disk.test
63*8617a60dSAndroid Build Coastguard Worker${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test
64*8617a60dSAndroid Build Coastguard Worker${CGPT} show disk.test
65*8617a60dSAndroid Build Coastguard Worker
66*8617a60dSAndroid Build Coastguard Worker# And insert the kernel into it
67*8617a60dSAndroid Build Coastguard Workerdd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc
68*8617a60dSAndroid Build Coastguard Worker
69*8617a60dSAndroid Build Coastguard Worker# And verify it using futility
70*8617a60dSAndroid Build Coastguard Workerecho 'Verifying test disk image'
71*8617a60dSAndroid Build Coastguard Worker"${BUILD_RUN}/tests/verify_kernel" disk.test \
72*8617a60dSAndroid Build Coastguard Worker    "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
73*8617a60dSAndroid Build Coastguard Worker
74*8617a60dSAndroid Build Coastguard Workerhappy 'Image verification succeeded'
75