| Index: utility/dev_debug_vboot
|
| diff --git a/utility/dev_debug_vboot b/utility/dev_debug_vboot
|
| index 424e9e41e86d3808e07b77709bb3f91e88fab8d1..18e76fa12f67c15a3e3a954f06ed6d732af81eb9 100755
|
| --- a/utility/dev_debug_vboot
|
| +++ b/utility/dev_debug_vboot
|
| @@ -4,64 +4,117 @@
|
| # found in the LICENSE file.
|
| #
|
|
|
| -TMPDIR=/tmp/debug_vboot
|
| -BIOS=bios.rom
|
| -# FIXME: support ARM
|
| -HD_KERN_A=/dev/sda2
|
| -HD_KERN_B=/dev/sda4
|
| -tmp=$(rootdev -s -d)2
|
| -if [ "$tmp" != "$HD_KERN_A" ]; then
|
| - USB_KERN_A="$tmp"
|
| -fi
|
| +LOGFILE=noisy.log
|
|
|
| +die() {
|
| + echo "$*" 1>&2
|
| + exit 1
|
| +}
|
|
|
| -[ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
|
| -cd ${TMPDIR}
|
| +info() {
|
| + echo "$@"
|
| + echo "#" "$@" >> "$LOGFILE"
|
| +}
|
| +
|
| +infon() {
|
| + echo -n "$@"
|
| + echo "#" "$@" >> "$LOGFILE"
|
| +}
|
| +
|
| +log() {
|
| + echo "+" "$@" >> "$LOGFILE"
|
| + "$@" >> "$LOGFILE" 2>&1
|
| +}
|
|
|
| -echo "INFO: extracting BIOS image from flash"
|
| -flashrom -r ${BIOS}
|
| +logdie() {
|
| + echo "+" "$@" >> "$LOGFILE"
|
| + "$@" >> "$LOGFILE" 2>&1
|
| + die "$@"
|
| +}
|
|
|
| -echo "INFO: extracting kernel images from drives"
|
| -dd if=${HD_KERN_A} of=hd_kern_a.blob
|
| -dd if=${HD_KERN_B} of=hd_kern_b.blob
|
| -if [ -n "$USB_KERN_A" ]; then
|
| - dd if=${USB_KERN_A} of=usb_kern_a.blob
|
| +result() {
|
| + if [ "$?" = "0" ]; then
|
| + info "OK"
|
| + else
|
| + info "FAILED"
|
| + fi
|
| +}
|
| +
|
| +# Optional directory name containing "bios.rom" and "*kern*.blob" files. If not
|
| +# provided, we'll attempt to extract them ourselves.
|
| +if [ -d "$1" ]; then
|
| + TMPDIR="$1"
|
| + [ -d ${TMPDIR} ] || die "${TMPDIR} doesn't exist"
|
| + USE_EXISTING=yes
|
| +else
|
| + TMPDIR=/tmp/debug_vboot
|
| + [ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
|
| fi
|
|
|
| -echo "INFO: extracting BIOS components"
|
| -dump_fmap -x ${BIOS} || echo "FAILED"
|
| -
|
| -echo "INFO: pulling root and recovery keys from GBB"
|
| -gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
|
| - GBB_Area || echo "FAILED"
|
| -echo "INFO: display root key"
|
| -vbutil_key --unpack rootkey.vbpubk
|
| -echo "INFO: display recovery key"
|
| -vbutil_key --unpack recoverykey.vbpubk
|
| -
|
| -echo "TEST: verify firmware A with root key"
|
| -vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
|
| - --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk || echo "FAILED"
|
| -echo "TEST: verify firmware B with root key"
|
| -vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
|
| - --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk || echo "FAILED"
|
| -
|
| -echo "TEST: verify HD kernel A with firmware A key"
|
| -vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \
|
| - || echo "FAILED"
|
| -echo "TEST: verify HD kernel B with firmware A key"
|
| -vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \
|
| - || echo "FAILED"
|
| -
|
| -echo "TEST: verify HD kernel A with firmware B key"
|
| -vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \
|
| - || echo "FAILED"
|
| -echo "TEST: verify HD kernel B with firmware B key"
|
| -vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \
|
| - || echo "FAILED"
|
| -
|
| -if [ -n "$USB_KERN_A" ]; then
|
| - echo "TEST: verify USB kernel A with recovery key"
|
| - vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \
|
| - || echo "FAILED"
|
| +cd ${TMPDIR}
|
| +echo "$0 $*" > "$LOGFILE"
|
| +log date
|
| +echo "Saving verbose log as $(pwd)/$LOGFILE"
|
| +
|
| +BIOS=bios.rom
|
| +
|
| +# Find BIOS and kernel images
|
| +if [ -n "$USE_EXISTING" ]; then
|
| + info "Using images in $(pwd)/"
|
| +else
|
| + info "Extracting BIOS image from flash..."
|
| + log flashrom -r ${BIOS}
|
| +
|
| + # FIXME: support ARM
|
| + HD_KERN_A=/dev/sda2
|
| + HD_KERN_B=/dev/sda4
|
| + tmp=$(rootdev -s -d)2
|
| + if [ "$tmp" != "$HD_KERN_A" ]; then
|
| + USB_KERN_A="$tmp"
|
| + fi
|
| +
|
| + info "Extracting kernel images from drives..."
|
| + log dd if=${HD_KERN_A} of=hd_kern_a.blob
|
| + log dd if=${HD_KERN_B} of=hd_kern_b.blob
|
| + if [ -n "$USB_KERN_A" ]; then
|
| + log dd if=${USB_KERN_A} of=usb_kern_a.blob
|
| + fi
|
| fi
|
| +
|
| +# Make sure we have something to work on
|
| +[ -f "$BIOS" ] || logdie "no BIOS image found"
|
| +ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found"
|
| +
|
| +info "Extracting BIOS components..."
|
| +log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components"
|
| +
|
| +info "Pulling root and recovery keys from GBB..."
|
| +log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
|
| + GBB_Area || logdie "Unable to extract keys from GBB"
|
| +log vbutil_key --unpack rootkey.vbpubk
|
| +log vbutil_key --unpack recoverykey.vbpubk
|
| +
|
| +infon "Verify firmware A with root key... "
|
| +log vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
|
| + --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk ; result
|
| +infon "Verify firmware B with root key... "
|
| +log vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
|
| + --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk ; result
|
| +
|
| +for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do
|
| + infon "Test $key... "
|
| + log vbutil_key --unpack $key ; result
|
| +done
|
| +
|
| +for keyblock in *kern*.blob; do
|
| + infon "Test $keyblock... "
|
| + log vbutil_keyblock --unpack $keyblock ; result
|
| +done
|
| +
|
| +# Test each kernel with each key
|
| +for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do
|
| + for kern in *kern*.blob; do
|
| + infon "Verify $kern with $key... "
|
| + log vbutil_kernel --verify $kern --signpubkey $key ; result
|
| + done
|
| +done
|
|
|
Chromium Code Reviews
Issue 4106001:
Modify dev_debug_vboot for better usefulness (Closed)
Base URL: http://git.chromium.org/git/vboot_reference.git