| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # Usage: dev_debug_vboot [ --cleanup | DIRECTORY ] | 6 # Usage: dev_debug_vboot [ --cleanup | DIRECTORY ] |
| 7 # | 7 # |
| 8 # This extracts some useful debugging information about verified boot. A short | 8 # This extracts some useful debugging information about verified boot. A short |
| 9 # summary is printed on stdout, more detailed information and working files are | 9 # summary is printed on stdout, more detailed information and working files are |
| 10 # left in a log directory. | 10 # left in a log directory. |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 | 40 |
| 41 log() { | 41 log() { |
| 42 echo "+" "$@" >> "$LOGFILE" | 42 echo "+" "$@" >> "$LOGFILE" |
| 43 "$@" >> "$LOGFILE" 2>&1 | 43 "$@" >> "$LOGFILE" 2>&1 |
| 44 } | 44 } |
| 45 | 45 |
| 46 loghead() { | 46 loghead() { |
| 47 echo "+" "$@" "| head" >> "$LOGFILE" | 47 echo "+" "$@" "| head" >> "$LOGFILE" |
| 48 "$@" | head >> "$LOGFILE" 2>&1 | 48 "$@" | head >> "$LOGFILE" 2>&1 |
| 49 } | 49 } |
| 50 |
| 50 logdie() { | 51 logdie() { |
| 51 echo "+" "$@" >> "$LOGFILE" | 52 echo "+" "$@" >> "$LOGFILE" |
| 52 "$@" >> "$LOGFILE" 2>&1 | |
| 53 die "$@" | 53 die "$@" |
| 54 } | 54 } |
| 55 | 55 |
| 56 result() { | 56 result() { |
| 57 if [ "$?" = "0" ]; then | 57 if [ "$?" = "0" ]; then |
| 58 info "OK" | 58 info "OK" |
| 59 else | 59 else |
| 60 info "FAILED" | 60 info "FAILED" |
| 61 fi | 61 fi |
| 62 } | 62 } |
| 63 | 63 |
| 64 require_chromeos_bios() { | 64 require_chromeos_bios() { |
| 65 log cgpt show "${HD}" | 65 log cgpt show "${HD}" |
| 66 log rootdev -s | 66 log rootdev -s |
| 67 if [ ! -e "${ACPI}/HWID" ]; then | 67 if [ ! -e "${ACPI}/HWID" ]; then |
| 68 info "Not running Chrome OS BIOS, no further information available" | 68 info "Not running Chrome OS BIOS, no further information available" |
| 69 exit 0 | 69 exit 0 |
| 70 fi | 70 fi |
| 71 # including /dev/null just to get final "\n" | 71 # including /dev/null just to get final "\n" |
| 72 log head "${ACPI}"/*ID "${ACPI}"/BINF* "${ACPI}"/CHSW /dev/null | 72 log head "${ACPI}"/*ID "${ACPI}"/BINF* "${ACPI}"/CHSW /dev/null |
| 73 log reboot_mode | 73 log reboot_mode |
| 74 log ls -la /mnt/stateful_partition/.need_firmware_update | 74 log ls -la /mnt/stateful_partition/.need_firmware_update |
| 75 log ls -la /root/.force_update_firmware | 75 log ls -la /root/.force_update_firmware |
| 76 } | 76 } |
| 77 | 77 |
| 78 # Search for files from the FMAP, in the order listed. Return the first one |
| 79 # found or die if none are there. |
| 80 find_name() { |
| 81 for fn in "$@"; do |
| 82 if [ -e "$fn" ]; then |
| 83 echo "$fn" |
| 84 return |
| 85 fi |
| 86 done |
| 87 echo "+ no files named $@" >> "$LOGFILE" |
| 88 exit 1 |
| 89 } |
| 90 |
| 78 # Here we go... | 91 # Here we go... |
| 79 umask 022 | 92 umask 022 |
| 80 trap cleanup EXIT | 93 trap cleanup EXIT |
| 81 | 94 |
| 82 # Parse args | 95 # Parse args |
| 83 if [ -n "$1" ]; then | 96 if [ -n "$1" ]; then |
| 84 if [ "$1" = "--cleanup" ]; then | 97 if [ "$1" = "--cleanup" ]; then |
| 85 CLEANUP=1 | 98 CLEANUP=1 |
| 86 else | 99 else |
| 87 TMPDIR="$1" | 100 TMPDIR="$1" |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 fi | 135 fi |
| 123 fi | 136 fi |
| 124 | 137 |
| 125 # Make sure we have something to work on | 138 # Make sure we have something to work on |
| 126 [ -f "$BIOS" ] || logdie "no BIOS image found" | 139 [ -f "$BIOS" ] || logdie "no BIOS image found" |
| 127 ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found" | 140 ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found" |
| 128 | 141 |
| 129 info "Extracting BIOS components..." | 142 info "Extracting BIOS components..." |
| 130 log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components" | 143 log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components" |
| 131 | 144 |
| 145 # Find the FMAP regions we're interested in. Look first for the new names, then |
| 146 # the old names. |
| 147 area_gbb=$(find_name GBB GBB_Area) || \ |
| 148 logdie "no area_gbb" |
| 149 area_vblock_a=$(find_name VBLOCK_A Firmware_A_Key) || \ |
| 150 logdie "no area_vblock_a" |
| 151 area_vblock_b=$(find_name VBLOCK_B Firmware_B_Key) || \ |
| 152 logdie "no area_vblock_b" |
| 153 area_fw_main_a=$(find_name FW_MAIN_A Firmware_A_Data) || \ |
| 154 logdie "no area_fw_main_a" |
| 155 area_fw_main_b=$(find_name FW_MAIN_B Firmware_B_Data) || \ |
| 156 logdie "no area_fw_main_a" |
| 157 |
| 132 info "Pulling root and recovery keys from GBB..." | 158 info "Pulling root and recovery keys from GBB..." |
| 133 log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ | 159 log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ |
| 134 GBB_Area || logdie "Unable to extract keys from GBB" | 160 "$area_gbb" || logdie "Unable to extract keys from GBB" |
| 135 log vbutil_key --unpack rootkey.vbpubk | 161 log vbutil_key --unpack rootkey.vbpubk |
| 136 log vbutil_key --unpack recoverykey.vbpubk | 162 log vbutil_key --unpack recoverykey.vbpubk |
| 137 | 163 |
| 138 infon "Verify firmware A with root key... " | 164 infon "Verify firmware A with root key... " |
| 139 log vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \ | 165 log vbutil_firmware --verify "$area_vblock_a" --signpubkey rootkey.vbpubk \ |
| 140 --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk ; result | 166 --fv "$area_fw_main_a" --kernelkey kernel_subkey_a.vbpubk ; result |
| 141 infon "Verify firmware B with root key... " | 167 infon "Verify firmware B with root key... " |
| 142 log vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \ | 168 log vbutil_firmware --verify "$area_vblock_b" --signpubkey rootkey.vbpubk \ |
| 143 --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk ; result | 169 --fv "$area_fw_main_b" --kernelkey kernel_subkey_b.vbpubk ; result |
| 144 | 170 |
| 145 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do | 171 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do |
| 146 infon "Test $key... " | 172 infon "Test $key... " |
| 147 log vbutil_key --unpack $key ; result | 173 log vbutil_key --unpack $key ; result |
| 148 done | 174 done |
| 149 | 175 |
| 150 for keyblock in *kern*.blob; do | 176 for keyblock in *kern*.blob; do |
| 151 infon "Test $keyblock... " | 177 infon "Test $keyblock... " |
| 152 log vbutil_keyblock --unpack $keyblock ; result | 178 log vbutil_keyblock --unpack $keyblock ; result |
| 153 loghead od -Ax -tx1 $keyblock | 179 loghead od -Ax -tx1 $keyblock |
| 154 done | 180 done |
| 155 | 181 |
| 156 # Test each kernel with each key | 182 # Test each kernel with each key |
| 157 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do | 183 for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do |
| 158 for kern in *kern*.blob; do | 184 for kern in *kern*.blob; do |
| 159 infon "Verify $kern with $key... " | 185 infon "Verify $kern with $key... " |
| 160 log vbutil_kernel --verify $kern --signpubkey $key ; result | 186 log vbutil_kernel --verify $kern --signpubkey $key ; result |
| 161 done | 187 done |
| 162 done | 188 done |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6621003:
Don't prepend 'fmap.' to section names. It will break the Cr-48 installer. (Closed)
Base URL: http://git.chromium.org/git/vboot_reference.git@master