xref: /aosp_15_r20/external/vboot_reference/tests/run_preamble_tests.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash -u
2#
3# Copyright 2012 The ChromiumOS Authors
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6#
7# This tests that vblocks using pre-3.0 versions of vb2_fw_preamble
8# and vb2_kernel_preamble will still verify (or not) correctly. We
9# need to keep the old versions around to make sure that we can still
10# sign images in the ways that existing devices can validate.
11
12# Load common constants and variables for tests.
13. "$(dirname "$0")/common.sh"
14
15if [ "${1:---some}" == "--all" ] ; then
16    # all algs
17    algs="0 1 2 3 4 5 6 7 8 9 10 11"
18else
19    # just the algs we use
20    algs="4 7 11"
21fi
22
23# output directories
24PREAMBLE_DIR="${SCRIPT_DIR}/preamble_tests"
25DATADIR="${PREAMBLE_DIR}/data"
26V2DIR="${PREAMBLE_DIR}/preamble_v2x"
27
28tests=0
29errs=0
30
31# Check the firmware results
32for d in $algs; do
33  for r in $algs; do
34    for rr in $algs; do
35      if [ "$r" = "$rr" ]; then
36        what="verify"
37      else
38        what="reject"
39      fi
40      : $(( tests++ ))
41      echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... "
42      "${FUTILITY}" verify --type fw_pre \
43        --publickey "${DATADIR}/root_${rr}.vbpubk" \
44        --fv "${DATADIR}/FWDATA" \
45        "${V2DIR}/fw_${d}_${r}.vblock" >/dev/null 2>&1
46      if [[ ( $? != 0 && $what == "verify" ) || \
47            ( $? == 0 && $what == "reject" ) ]]
48      then
49        echo -e "${COL_RED}FAILED${COL_STOP}"
50        : $(( errs++ ))
51      else
52        echo -e "${COL_GREEN}PASSED${COL_STOP}"
53      fi
54    done
55  done
56done
57
58
59# Check the kernel results
60for d in $algs; do
61  for r in $algs; do
62    for rr in $algs; do
63      if [ "$r" = "$rr" ]; then
64        what="verify"
65      else
66        what="reject"
67      fi
68      : $(( tests++ ))
69      echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... "
70      "${FUTILITY}" verify --type kernel \
71        --publickey "${DATADIR}/root_${rr}.vbpubk" \
72        "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
73      if [[ ( $? != 0 && $what == "verify" ) || \
74            ( $? == 0 && $what == "reject" ) ]]
75      then
76        echo -e "${COL_RED}FAILED${COL_STOP}"
77        : $(( errs++ ))
78      else
79        echo -e "${COL_GREEN}PASSED${COL_STOP}"
80      fi
81    done
82  done
83done
84
85
86# Check the kernel results
87for d in $algs; do
88  for r in $algs; do
89      : $(( tests++ ))
90      echo -n "verify kern_${d}_${r}.vblock with hash only ... "
91      if ! "${FUTILITY}" vbutil_kernel \
92          --verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
93      then
94        echo -e "${COL_RED}FAILED${COL_STOP}"
95        : $(( errs++ ))
96      else
97        echo -e "${COL_GREEN}PASSED${COL_STOP}"
98      fi
99  done
100done
101
102
103# Summary
104ME=$(basename "$0")
105if [ "$errs" -ne 0 ]; then
106  echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
107  exit 1
108fi
109happy "${ME}: All ${tests} tests passed"
110exit 0
111