utility/dev_debug_vboot - vboot - Gitiles

 #!/bin/sh
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #

 TMPDIR=/tmp/debug_vboot
 BIOS=bios.rom
 # FIXME: support ARM
 HD_KERN_A=/dev/sda2
 HD_KERN_B=/dev/sda4
 tmp=$(rootdev -s -d)2
 if [ "$tmp" != "$HD_KERN_A" ]; then
   USB_KERN_A="$tmp"
 fi


 [ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
 cd ${TMPDIR}

 echo "INFO: extracting BIOS image from flash"
 flashrom -r ${BIOS}

 echo "INFO: extracting kernel images from drives"
 dd if=${HD_KERN_A} of=hd_kern_a.blob
 dd if=${HD_KERN_B} of=hd_kern_b.blob
 if [ -n "$USB_KERN_A" ]; then
   dd if=${USB_KERN_A} of=usb_kern_a.blob
 fi

 echo "INFO: extracting BIOS components"
 dump_fmap -x ${BIOS} || echo "FAILED"

 echo "INFO: pulling root and recovery keys from GBB"
 gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
   GBB_Area || echo "FAILED"
 echo "INFO: display root key"
 vbutil_key --unpack rootkey.vbpubk
 echo "INFO: display recovery key"
 vbutil_key --unpack recoverykey.vbpubk

 echo "TEST: verify firmware A with root key"
 vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
   --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk || echo "FAILED"
 echo "TEST: verify firmware B with root key"
 vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
   --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk || echo "FAILED"

 echo "TEST: verify HD kernel A with firmware A key"
 vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \
   || echo "FAILED"
 echo "TEST: verify HD kernel B with firmware A key"
 vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \
   || echo "FAILED"

 echo "TEST: verify HD kernel A with firmware B key"
 vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \
   || echo "FAILED"
 echo "TEST: verify HD kernel B with firmware B key"
 vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \
   || echo "FAILED"

 if [ -n "$USB_KERN_A" ]; then
   echo "TEST: verify USB kernel A with recovery key"
   vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \
     || echo "FAILED"
 fi
	#!/bin/sh
	# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	#

	TMPDIR=/tmp/debug_vboot
	BIOS=bios.rom
	# FIXME: support ARM
	HD_KERN_A=/dev/sda2
	HD_KERN_B=/dev/sda4
	tmp=$(rootdev -s -d)2
	if [ "$tmp" != "$HD_KERN_A" ]; then
	USB_KERN_A="$tmp"
	fi


	[ -d ${TMPDIR} ] \|\| mkdir -p ${TMPDIR}
	cd ${TMPDIR}

	echo "INFO: extracting BIOS image from flash"
	flashrom -r ${BIOS}

	echo "INFO: extracting kernel images from drives"
	dd if=${HD_KERN_A} of=hd_kern_a.blob
	dd if=${HD_KERN_B} of=hd_kern_b.blob
	if [ -n "$USB_KERN_A" ]; then
	dd if=${USB_KERN_A} of=usb_kern_a.blob
	fi

	echo "INFO: extracting BIOS components"
	dump_fmap -x ${BIOS} \|\| echo "FAILED"

	echo "INFO: pulling root and recovery keys from GBB"
	gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
	GBB_Area \|\| echo "FAILED"
	echo "INFO: display root key"
	vbutil_key --unpack rootkey.vbpubk
	echo "INFO: display recovery key"
	vbutil_key --unpack recoverykey.vbpubk

	echo "TEST: verify firmware A with root key"
	vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
	--fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk \|\| echo "FAILED"
	echo "TEST: verify firmware B with root key"
	vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
	--fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk \|\| echo "FAILED"

	echo "TEST: verify HD kernel A with firmware A key"
	vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \
	\|\| echo "FAILED"
	echo "TEST: verify HD kernel B with firmware A key"
	vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \
	\|\| echo "FAILED"

	echo "TEST: verify HD kernel A with firmware B key"
	vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \
	\|\| echo "FAILED"
	echo "TEST: verify HD kernel B with firmware B key"
	vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \
	\|\| echo "FAILED"

	if [ -n "$USB_KERN_A" ]; then
	echo "TEST: verify USB kernel A with recovery key"
	vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \
	\|\| echo "FAILED"
	fi