xref: /aosp_15_r20/external/vboot_reference/tests/load_kernel_tests.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash
2
3# Copyright 2014 The ChromiumOS Authors
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6#
7# End-to-end test for vboot2 kernel verification
8
9# Load common constants and variables.
10. "$(dirname "$0")/common.sh"
11
12set -e
13
14CGPT=${BIN_DIR}/cgpt
15
16echo 'Creating test kernel'
17
18# Run tests in a dedicated directory for easy cleanup or debugging.
19DIR="${TEST_DIR}/load_kernel_test_dir"
20[ -d "$DIR" ] || mkdir -p "$DIR"
21echo "Testing kernel verification in $DIR"
22cd "$DIR"
23
24# Dummy kernel data
25echo "hi there" > "dummy_config.txt"
26dd if=/dev/urandom bs=16384 count=1 of="dummy_bootloader.bin"
27dd if=/dev/urandom bs=32768 count=1 of="dummy_kernel.bin"
28
29# Pack kernel data key using original vboot utilities.
30"${FUTILITY}" vbutil_key --pack datakey.test \
31    --key "${TESTKEY_DIR}/key_rsa2048.keyb" --algorithm 4
32
33# Keyblock with kernel data key is signed by kernel subkey
34# Flags=21 means dev=0 rec=0 minios=0
35"${FUTILITY}" vbutil_keyblock --pack keyblock.test \
36    --datapubkey datakey.test \
37    --flags 21 \
38    --signprivate "${SCRIPT_DIR}/devkeys/kernel_subkey.vbprivk"
39
40# Kernel preamble is signed with the kernel data key
41"${FUTILITY}" vbutil_kernel \
42    --pack "kernel.test" \
43    --keyblock "keyblock.test" \
44    --signprivate "${TESTKEY_DIR}/key_rsa2048.sha256.vbprivk" \
45    --version 1 \
46    --arch arm \
47    --vmlinuz "dummy_kernel.bin" \
48    --config "dummy_config.txt"
49
50echo 'Verifying test kernel'
51
52# Verify the kernel
53"${FUTILITY}" vbutil_kernel \
54    --verify "kernel.test" \
55    --signpubkey "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
56
57happy 'Kernel verification succeeded'
58
59# Now create a dummy disk image
60echo 'Creating test disk image'
61dd if=/dev/zero of=disk.test bs=1024 count=1024
62${CGPT} create disk.test
63${CGPT} add -i 1 -S 1 -P 1 -b 64 -s 960 -t kernel -l kernelA disk.test
64${CGPT} show disk.test
65
66# And insert the kernel into it
67dd if=kernel.test of=disk.test bs=512 seek=64 conv=notrunc
68
69# And verify it using futility
70echo 'Verifying test disk image'
71"${BUILD_RUN}/tests/verify_kernel" disk.test \
72    "${SCRIPT_DIR}/devkeys/kernel_subkey.vbpubk"
73
74happy 'Image verification succeeded'
75