xref: /aosp_15_r20/external/vboot_reference/tests/vb2_firmware_tests.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash
2
3# Copyright 2014 The ChromiumOS Authors
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6#
7# End-to-end test for vboot2 firmware verification
8
9# Load common constants and variables.
10. "$(dirname "$0")/common.sh"
11
12set -e
13
14echo 'Creating test firmware'
15
16# Run tests in a dedicated directory for easy cleanup or debugging.
17DIR="${TEST_DIR}/vb2fw_test_dir"
18[ -d "$DIR" ] || mkdir -p "$DIR"
19echo "Testing vb2_verify_fw in $DIR"
20cd "$DIR"
21
22# Dummy firmware body
23echo 'This is a test firmware body.  This is only a test.  Lalalalala' \
24    > body.test
25
26algo_to_rsa()
27{
28  case $1 in
29  0|1|2) printf "rsa1024";;
30  3|4|5) printf "rsa2048";;
31  6|7|8) printf "rsa4096";;
32  9|10|11) printf "rsa8192";;
33  *) exit 1;;
34  esac
35}
36
37algo_to_sha()
38{
39  case $1 in
40  0|3|6|9) printf "sha1";;
41  1|4|7|10) printf "sha256";;
42  2|5|8|11) printf "sha512";;
43  *) exit 1;;
44  esac
45}
46
47run_test()
48{
49  local root_algo=$1
50  local fw_algo=$2
51  local kern_algo=$3
52
53  local root_rsa
54  local fw_rsa
55  local kern_rsa
56  root_rsa="$(algo_to_rsa "${root_algo}")"
57  fw_rsa="$(algo_to_rsa "${fw_algo}")"
58  kern_rsa="$(algo_to_rsa "${kern_algo}")"
59
60  local root_sha
61  local fw_sha
62  root_sha="$(algo_to_sha "${root_algo}")"
63  fw_sha="$(algo_to_sha "${fw_algo}")"
64
65  # Pack keys using original vboot utilities
66  "${FUTILITY}" vbutil_key --pack rootkey.test \
67      --key "${TESTKEY_DIR}/key_${root_rsa}.keyb" \
68      --algorithm "${root_algo}"
69  "${FUTILITY}" vbutil_key --pack fwsubkey.test \
70      --key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" \
71      --algorithm "${fw_algo}"
72  "${FUTILITY}" vbutil_key --pack kernkey.test \
73      --key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" \
74      --algorithm "${kern_algo}"
75
76  # Create a GBB with the root key
77  "${FUTILITY}" gbb -c 128,2400,0,0 gbb.test
78  "${FUTILITY}" gbb gbb.test -s --hwid='Test GBB' \
79    --rootkey=rootkey.test
80
81  # Keyblock with firmware subkey is signed by root key
82  "${FUTILITY}" vbutil_keyblock --pack keyblock.test \
83      --datapubkey fwsubkey.test \
84      --signprivate "${TESTKEY_DIR}/key_${root_rsa}.${root_sha}.vbprivk"
85
86  # Firmware preamble is signed with the firmware subkey
87  "${FUTILITY}" sign \
88    --version 1 \
89    --signprivate "${TESTKEY_DIR}/key_${fw_rsa}.${fw_sha}.vbprivk" \
90    --keyblock keyblock.test \
91    --kernelkey kernkey.test \
92    --fv body.test \
93    --outfile vblock.test
94
95  echo "Verifying test firmware using vb2_verify_fw" \
96    "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
97
98  # Verify the firmware using vboot2 checks
99  "${TEST_DIR}/vb20_verify_fw" gbb.test vblock.test body.test
100  if [ -e "${TEST_DIR}/vb20_hwcrypto_verify_fw" ]
101  then
102    echo "Verifying test firmware using vb20_hwcrypto_verify_fw" \
103      "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
104    "${TEST_DIR}/vb20_hwcrypto_verify_fw" gbb.test vblock.test body.test
105  fi
106
107  happy 'vb2_verify_fw succeeded'
108}
109
110run_test 11 7 4
111run_test 11 11 11
112run_test 1 1 1
113