Add a "verify" option to sign_official_build.sh.

Add a "verify" option to sign_official_build.sh.

This option will perform verification operations on an image.
1) Check if the RootFS hash is correct.
2) Check if the image will verify using recovery keys (in recovery mode)
3) Check if the image will verify using SSD keys (in non-recovery mode)

2) and 3) are both tested with and without dev mode.

Also re-factor existing code for rootfs calculation and update.

BUG=5830, 3496
TEST=manual

Example usage and output follows:

# Verifying an image meant for factory install.
sudo ./sign_official_build.sh verify factory_install_image.sh ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): YES
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES

# Verifying an image meant for recovery mode.
sudo ./sign_official_build.sh verify recovery_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): YES
With Recovery Key (Recovery Mode ON, Dev Mode ON): YES
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES

# Verifying an image meant for the SSD drive.
sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES

# Image with an incorrect rootfs hash but otherwise validly signed
sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/
Verifying RootFS hash...
FAILED: RootFS hash is incorrect.
Expected: ebce345727ca05ea9368d3b8d5ce1c81471d7d3b
Got: 9b092985996bb2422b11487a66929a1a004df4fc
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES

# Image signed using a different set of keys (but validly signed).
sudo ./sign_official_build.sh verify invalid_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct (70e6f2de0220991fd503a6fcc7edac131b4a48ca)
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES



Change-Id: I4960cdbbbe93e685346417b882739f9cfd5f6b75

[Nick Sanders, 2010-09-02 06:02:20]

this looks really useful, thanks!

[gauravsh, 2010-09-02 21:16:38]

Since I listed multiple reviewers and to avoid confusion -

Randall: You are the primary reviewer for this CL.

Nick: I'd like you to review the command line interface, and the output of
'verify'. Let me know if there's anything additional debugging information that
you'd like the script to output while verifying an image.

[Randall Spangler, 2010-09-03 00:19:13]

http://codereview.chromium.org/3327005/diff/4001/5002
File scripts/image_signing/sign_official_build.sh (right):

http://codereview.chromium.org/3327005/diff/4001/5002#newcode63
scripts/image_signing/sign_official_build.sh:63: sudo dump_kernel_config
${temp_kimage}
why does dump_kernel_config need sudo?

http://codereview.chromium.org/3327005/diff/4001/5002#newcode132
scripts/image_signing/sign_official_build.sh:132: local rootfs_blocks=$(sudo
dumpe2fs "${rootfs_image}" 2> /dev/null |
(here too)

[gauravsh, 2010-09-03 01:18:51]

http://codereview.chromium.org/3327005/diff/4001/5002
File scripts/image_signing/sign_official_build.sh (right):

http://codereview.chromium.org/3327005/diff/4001/5002#newcode63
scripts/image_signing/sign_official_build.sh:63: sudo dump_kernel_config
${temp_kimage}
On 2010/09/03 00:19:13, Randall Spangler wrote:
> why does dump_kernel_config need sudo?

Not needed. Done.

http://codereview.chromium.org/3327005/diff/4001/5002#newcode132
scripts/image_signing/sign_official_build.sh:132: local rootfs_blocks=$(sudo
dumpe2fs "${rootfs_image}" 2> /dev/null |
On 2010/09/03 00:19:13, Randall Spangler wrote:
> (here too)
Done.

[Nick Sanders, 2010-09-03 08:28:48]

On Thu, Sep 2, 2010 at 2:16 PM, <gauravsh@chromium.org> wrote:

> Since I listed multiple reviewers and to avoid confusion -
>
> Randall: You are the primary reviewer for this CL.
>
> Nick: I'd like you to review the command line interface, and the output of
> 'verify'. Let me know if there's anything additional debugging information
> that
> you'd like the script to output while verifying an image.


Yep, the output is pretty much everything I'd want to know.
Would be nice if it also works on block devices, and if it dumped cgpt boot
pri/counters, but it's still very useful without that, too.


>
>
> http://codereview.chromium.org/3327005/show
>

[Randall Spangler, 2010-09-03 15:30:22]

LGTM, thanks