tests: Prevent testing dev_firmware* if the keys do not exist.

In CL:378661 we removed dev_firmware* from tests/devkey but that also makes futility unit tests to fail. This changes signing test scripts to first check if dev_firmware* keys exist, and only use it (and test ZGB signing results) if available. BRANCH=none BUG=chrome-os-partner:52568,chrome-os-partner:56917 TEST=make runfutiltests; make runtests; add dev_firmware* back; run tests again and success. Change-Id: If42c8404baf183edf5c8dbeadf537efa8ad571ec Reviewed-on: https://chromium-review.googlesource.com/381151 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
2026-01-16 18:11:22 +00:00 · 2016-09-05 11:04:52 +08:00
parent 5c537e3ea8
commit 61c4ee12be
1 changed files with 14 additions and 7 deletions
--- a/tests/futility/test_sign_firmware.sh
+++ b/tests/futility/test_sign_firmware.sh
@@ -18,7 +18,6 @@ INFILES="
 ${SCRIPTDIR}/data/bios_link_mp.bin
 ${SCRIPTDIR}/data/bios_mario_mp.bin
 ${SCRIPTDIR}/data/bios_peppy_mp.bin
-${SCRIPTDIR}/data/bios_zgb_mp.bin
 "

 # We also want to test that we can sign an image without any valid firmware
@@ -32,6 +31,17 @@ INFILES="${INFILES} ${ONEMORE}"

 set -o pipefail

+# We've removed dev_firmware keyblock and private keys from ToT test key dir.
+# It's currently only available on few legacy (alex, zgb) devices' key folders
+# on signer bot. Add them to ${KEYDIR} if you need to test that.
+DEV_FIRMWARE_PARAMS=""
+if [ -f "${KEYDIR}/dev_firmware.keyblock" ]; then
+  DEV_FIRMWARE_PARAMS="
+    -S ${KEYDIR}/dev_firmware_data_key.vbprivk
+    -B ${KEYDIR}/dev_firmware.keyblock"
+  INFILES="${INFILES} ${SCRIPTDIR}/data/bios_zgb_mp.bin"
+fi
+
 count=0
 for infile in $INFILES; do

@@ -76,8 +86,7 @@ for infile in $INFILES; do
  ${FUTILITY} sign \
    -s ${KEYDIR}/firmware_data_key.vbprivk \
    -b ${KEYDIR}/firmware.keyblock \
-    -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-    -B ${KEYDIR}/dev_firmware.keyblock \
+    ${DEV_FIRMWARE_PARAMS} \
    -k ${KEYDIR}/kernel_subkey.vbpubk \
    -v 14 \
    -f 8 \
@@ -147,8 +156,7 @@ echo -n "$count " 1>&3
 ${FUTILITY} sign \
  -s ${KEYDIR}/firmware_data_key.vbprivk \
  -b ${KEYDIR}/firmware.keyblock \
-  -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-  -B ${KEYDIR}/dev_firmware.keyblock \
+  ${DEV_FIRMWARE_PARAMS} \
  -k ${KEYDIR}/kernel_subkey.vbpubk \
  ${MORE_OUT} ${MORE_OUT}.2

@@ -165,8 +173,7 @@ ${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
 ${FUTILITY} sign \
  -s ${KEYDIR}/firmware_data_key.vbprivk \
  -b ${KEYDIR}/firmware.keyblock \
-  -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-  -B ${KEYDIR}/dev_firmware.keyblock \
+  ${DEV_FIRMWARE_PARAMS} \
  -k ${KEYDIR}/kernel_subkey.vbpubk \
  ${MORE_OUT} ${MORE_OUT}.3