From 61c4ee12be495fe60b94b60f768be0f6a539fd05 Mon Sep 17 00:00:00 2001
From: Hung-Te Lin <hungte@chromium.org>
Date: Mon, 5 Sep 2016 11:04:52 +0800
Subject: [PATCH] tests: Prevent testing dev_firmware* if the keys do not
 exist.

In CL:378661 we removed dev_firmware* from tests/devkey but that also makes
futility unit tests to fail.

This changes signing test scripts to first check if dev_firmware* keys exist,
and only use it (and test ZGB signing results) if available.

BRANCH=none
BUG=chrome-os-partner:52568,chrome-os-partner:56917
TEST=make runfutiltests; make runtests;
     add dev_firmware* back; run tests again and success.

Change-Id: If42c8404baf183edf5c8dbeadf537efa8ad571ec
Reviewed-on: https://chromium-review.googlesource.com/381151
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 tests/futility/test_sign_firmware.sh | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/tests/futility/test_sign_firmware.sh b/tests/futility/test_sign_firmware.sh
index 7ebedcca0d..9a17cf0790 100755
--- a/tests/futility/test_sign_firmware.sh
+++ b/tests/futility/test_sign_firmware.sh
@@ -18,7 +18,6 @@ INFILES="
 ${SCRIPTDIR}/data/bios_link_mp.bin
 ${SCRIPTDIR}/data/bios_mario_mp.bin
 ${SCRIPTDIR}/data/bios_peppy_mp.bin
-${SCRIPTDIR}/data/bios_zgb_mp.bin
 "
 
 # We also want to test that we can sign an image without any valid firmware
@@ -32,6 +31,17 @@ INFILES="${INFILES} ${ONEMORE}"
 
 set -o pipefail
 
+# We've removed dev_firmware keyblock and private keys from ToT test key dir.
+# It's currently only available on few legacy (alex, zgb) devices' key folders
+# on signer bot. Add them to ${KEYDIR} if you need to test that.
+DEV_FIRMWARE_PARAMS=""
+if [ -f "${KEYDIR}/dev_firmware.keyblock" ]; then
+  DEV_FIRMWARE_PARAMS="
+    -S ${KEYDIR}/dev_firmware_data_key.vbprivk
+    -B ${KEYDIR}/dev_firmware.keyblock"
+  INFILES="${INFILES} ${SCRIPTDIR}/data/bios_zgb_mp.bin"
+fi
+
 count=0
 for infile in $INFILES; do
 
@@ -76,8 +86,7 @@ for infile in $INFILES; do
   ${FUTILITY} sign \
     -s ${KEYDIR}/firmware_data_key.vbprivk \
     -b ${KEYDIR}/firmware.keyblock \
-    -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-    -B ${KEYDIR}/dev_firmware.keyblock \
+    ${DEV_FIRMWARE_PARAMS} \
     -k ${KEYDIR}/kernel_subkey.vbpubk \
     -v 14 \
     -f 8 \
@@ -147,8 +156,7 @@ echo -n "$count " 1>&3
 ${FUTILITY} sign \
   -s ${KEYDIR}/firmware_data_key.vbprivk \
   -b ${KEYDIR}/firmware.keyblock \
-  -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-  -B ${KEYDIR}/dev_firmware.keyblock \
+  ${DEV_FIRMWARE_PARAMS} \
   -k ${KEYDIR}/kernel_subkey.vbpubk \
   ${MORE_OUT} ${MORE_OUT}.2
 
@@ -165,8 +173,7 @@ ${FUTILITY} load_fmap ${MORE_OUT} VBLOCK_A:/dev/urandom VBLOCK_B:/dev/zero
 ${FUTILITY} sign \
   -s ${KEYDIR}/firmware_data_key.vbprivk \
   -b ${KEYDIR}/firmware.keyblock \
-  -S ${KEYDIR}/dev_firmware_data_key.vbprivk \
-  -B ${KEYDIR}/dev_firmware.keyblock \
+  ${DEV_FIRMWARE_PARAMS} \
   -k ${KEYDIR}/kernel_subkey.vbpubk \
   ${MORE_OUT} ${MORE_OUT}.3