OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 # | 5 # |
6 # Usage: dev_debug_vboot [ --cleanup | DIRECTORY ] | 6 # Usage: dev_debug_vboot [ --cleanup | DIRECTORY ] |
7 # | 7 # |
8 # This extracts some useful debugging information about verified boot. A short | 8 # This extracts some useful debugging information about verified boot. A short |
9 # summary is printed on stdout, more detailed information and working files are | 9 # summary is printed on stdout, more detailed information and working files are |
10 # left in a log directory. | 10 # left in a log directory. |
(...skipping 29 matching lines...) Expand all Loading... |
40 | 40 |
41 log() { | 41 log() { |
42 echo "+" "$@" >> "$LOGFILE" | 42 echo "+" "$@" >> "$LOGFILE" |
43 "$@" >> "$LOGFILE" 2>&1 | 43 "$@" >> "$LOGFILE" 2>&1 |
44 } | 44 } |
45 | 45 |
46 loghead() { | 46 loghead() { |
47 echo "+" "$@" "| head" >> "$LOGFILE" | 47 echo "+" "$@" "| head" >> "$LOGFILE" |
48 "$@" | head >> "$LOGFILE" 2>&1 | 48 "$@" | head >> "$LOGFILE" 2>&1 |
49 } | 49 } |
| 50 |
50 logdie() { | 51 logdie() { |
51 echo "+" "$@" >> "$LOGFILE" | 52 echo "+" "$@" >> "$LOGFILE" |
52 "$@" >> "$LOGFILE" 2>&1 | |
53 die "$@" | 53 die "$@" |
54 } | 54 } |
55 | 55 |
56 result() { | 56 result() { |
57 if [ "$?" = "0" ]; then | 57 if [ "$?" = "0" ]; then |
58 info "OK" | 58 info "OK" |
59 else | 59 else |
60 info "FAILED" | 60 info "FAILED" |
61 fi | 61 fi |
62 } | 62 } |
63 | 63 |
64 require_chromeos_bios() { | 64 require_chromeos_bios() { |
65 log cgpt show "${HD}" | 65 log cgpt show "${HD}" |
66 log rootdev -s | 66 log rootdev -s |
67 if [ ! -e "${ACPI}/HWID" ]; then | 67 if [ ! -e "${ACPI}/HWID" ]; then |
68 info "Not running Chrome OS BIOS, no further information available" | 68 info "Not running Chrome OS BIOS, no further information available" |
69 exit 0 | 69 exit 0 |
70 fi | 70 fi |
71 # including /dev/null just to get final "\n" | 71 # including /dev/null just to get final "\n" |
72 log head "${ACPI}"/*ID "${ACPI}"/BINF* "${ACPI}"/CHSW /dev/null | 72 log head "${ACPI}"/*ID "${ACPI}"/BINF* "${ACPI}"/CHSW /dev/null |
73 log reboot_mode | 73 log reboot_mode |
74 log ls -la /mnt/stateful_partition/.need_firmware_update | 74 log ls -la /mnt/stateful_partition/.need_firmware_update |
75 log ls -la /root/.force_update_firmware | 75 log ls -la /root/.force_update_firmware |
76 } | 76 } |
77 | 77 |
| 78 # Search for files from the FMAP, in the order listed. Return the first one |
| 79 # found or die if none are there. |
| 80 find_name() { |
| 81 for fn in "$@"; do |
| 82 if [ -e "$fn" ]; then |
| 83 echo "$fn" |
| 84 return |
| 85 fi |
| 86 done |
| 87 echo "+ no files named $@" >> "$LOGFILE" |
| 88 exit 1 |
| 89 } |
| 90 |
78 # Here we go... | 91 # Here we go... |
79 umask 022 | 92 umask 022 |
80 trap cleanup EXIT | 93 trap cleanup EXIT |
81 | 94 |
82 # Parse args | 95 # Parse args |
83 if [ -n "$1" ]; then | 96 if [ -n "$1" ]; then |
84 if [ "$1" = "--cleanup" ]; then | 97 if [ "$1" = "--cleanup" ]; then |
85 CLEANUP=1 | 98 CLEANUP=1 |
86 else | 99 else |
87 TMPDIR="$1" | 100 TMPDIR="$1" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 fi | 135 fi |
123 fi | 136 fi |
124 | 137 |
125 # Make sure we have something to work on | 138 # Make sure we have something to work on |
126 [ -f "$BIOS" ] || logdie "no BIOS image found" | 139 [ -f "$BIOS" ] || logdie "no BIOS image found" |
127 ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found" | 140 ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found" |
128 | 141 |
129 info "Extracting BIOS components..." | 142 info "Extracting BIOS components..." |
130 log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components" | 143 log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components" |
131 | 144 |
| 145 # Find the FMAP regions we're interested in. Look first for the new names, then |
| 146 # the old names. |
| 147 area_gbb=$(find_name GBB GBB_Area) || \ |
| 148 logdie "no area_gbb" |
| 149 area_vblock_a=$(find_name VBLOCK_A Firmware_A_Key) || \ |
| 150 logdie "no area_vblock_a" |
| 151 area_vblock_b=$(find_name VBLOCK_B Firmware_B_Key) || \ |
| 152 logdie "no area_vblock_b" |
| 153 area_fw_main_a=$(find_name FW_MAIN_A Firmware_A_Data) || \ |
| 154 logdie "no area_fw_main_a" |
| 155 area_fw_main_b=$(find_name FW_MAIN_B Firmware_B_Data) || \ |
| 156 logdie "no area_fw_main_a" |
| 157 |
132 info "Pulling root and recovery keys from GBB..." | 158 info "Pulling root and recovery keys from GBB..." |
133 log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ | 159 log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ |
134 GBB_Area || logdie "Unable to extract keys from GBB" | 160 "$area_gbb" || logdie "Unable to extract keys from GBB" |
135 log vbutil_key --unpack rootkey.vbpubk | 161 log vbutil_key --unpack rootkey.vbpubk |
136 log vbutil_key --unpack recoverykey.vbpubk | 162 log vbutil_key --unpack recoverykey.vbpubk |
137 | 163 |
138 infon "Verify firmware A with root key... " | 164 infon "Verify firmware A with root key... " |
139 log vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \ | 165 log vbutil_firmware --verify "$area_vblock_a" --signpubkey rootkey.vbpubk \ |
140 --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk ; result | 166 --fv "$area_fw_main_a" --kernelkey kernel_subkey_a.vbpubk ; result |
141 infon "Verify firmware B with root key... " | 167 infon "Verify firmware B with root key... " |
142 log vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \ | 168 log vbutil_firmware --verify "$area_vblock_b" --signpubkey rootkey.vbpubk \ |
143 --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk ; result | 169 --fv "$area_fw_main_b" --kernelkey kernel_subkey_b.vbpubk ; result |
144 | 170 |
145 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do | 171 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do |
146 infon "Test $key... " | 172 infon "Test $key... " |
147 log vbutil_key --unpack $key ; result | 173 log vbutil_key --unpack $key ; result |
148 done | 174 done |
149 | 175 |
150 for keyblock in *kern*.blob; do | 176 for keyblock in *kern*.blob; do |
151 infon "Test $keyblock... " | 177 infon "Test $keyblock... " |
152 log vbutil_keyblock --unpack $keyblock ; result | 178 log vbutil_keyblock --unpack $keyblock ; result |
153 loghead od -Ax -tx1 $keyblock | 179 loghead od -Ax -tx1 $keyblock |
154 done | 180 done |
155 | 181 |
156 # Test each kernel with each key | 182 # Test each kernel with each key |
157 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do | 183 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do |
158 for kern in *kern*.blob; do | 184 for kern in *kern*.blob; do |
159 infon "Verify $kern with $key... " | 185 infon "Verify $kern with $key... " |
160 log vbutil_kernel --verify $kern --signpubkey $key ; result | 186 log vbutil_kernel --verify $kern --signpubkey $key ; result |
161 done | 187 done |
162 done | 188 done |
OLD | NEW |