From 6f9a99b538b8a800f414c02e57cdd1dc9e30501c Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Mon, 25 Oct 2010 14:58:05 -0700 Subject: [PATCH] Modify dev_debug_vboot for better usefulness * Display only the synopsis on stdout * Keep a verbose log of all activity in the scratch directory. * Add more checks * Providing a directory argument will use the images found there instead of trying to extract them from the system (for use on host machines). Change-Id: I065a18c9467c625cc33484ee5556d955dc79b01d BUG=none TEST=manual Get a root shell and run "dev_debug_vboot". You should see nicer output. Review URL: http://codereview.chromium.org/4106001 --- firmware/version.c | 2 +- utility/dev_debug_vboot | 151 +++++++++++++++++++++++++++------------- 2 files changed, 103 insertions(+), 50 deletions(-) diff --git a/firmware/version.c b/firmware/version.c index d490278857..1955026772 100644 --- a/firmware/version.c +++ b/firmware/version.c @@ -1 +1 @@ -char* VbootVersion = "VBOOv=08ac6493"; +char* VbootVersion = "VBOOv=5db96410"; diff --git a/utility/dev_debug_vboot b/utility/dev_debug_vboot index 424e9e41e8..18e76fa12f 100755 --- a/utility/dev_debug_vboot +++ b/utility/dev_debug_vboot @@ -4,64 +4,117 @@ # found in the LICENSE file. # -TMPDIR=/tmp/debug_vboot -BIOS=bios.rom -# FIXME: support ARM -HD_KERN_A=/dev/sda2 -HD_KERN_B=/dev/sda4 -tmp=$(rootdev -s -d)2 -if [ "$tmp" != "$HD_KERN_A" ]; then - USB_KERN_A="$tmp" +LOGFILE=noisy.log + +die() { + echo "$*" 1>&2 + exit 1 +} + +info() { + echo "$@" + echo "#" "$@" >> "$LOGFILE" +} + +infon() { + echo -n "$@" + echo "#" "$@" >> "$LOGFILE" +} + +log() { + echo "+" "$@" >> "$LOGFILE" + "$@" >> "$LOGFILE" 2>&1 +} + +logdie() { + echo "+" "$@" >> "$LOGFILE" + "$@" >> "$LOGFILE" 2>&1 + die "$@" +} + +result() { + if [ "$?" = "0" ]; then + info "OK" + else + info "FAILED" + fi +} + +# Optional directory name containing "bios.rom" and "*kern*.blob" files. If not +# provided, we'll attempt to extract them ourselves. +if [ -d "$1" ]; then + TMPDIR="$1" + [ -d ${TMPDIR} ] || die "${TMPDIR} doesn't exist" + USE_EXISTING=yes +else + TMPDIR=/tmp/debug_vboot + [ -d ${TMPDIR} ] || mkdir -p ${TMPDIR} fi - -[ -d ${TMPDIR} ] || mkdir -p ${TMPDIR} cd ${TMPDIR} +echo "$0 $*" > "$LOGFILE" +log date +echo "Saving verbose log as $(pwd)/$LOGFILE" -echo "INFO: extracting BIOS image from flash" -flashrom -r ${BIOS} +BIOS=bios.rom -echo "INFO: extracting kernel images from drives" -dd if=${HD_KERN_A} of=hd_kern_a.blob -dd if=${HD_KERN_B} of=hd_kern_b.blob -if [ -n "$USB_KERN_A" ]; then - dd if=${USB_KERN_A} of=usb_kern_a.blob +# Find BIOS and kernel images +if [ -n "$USE_EXISTING" ]; then + info "Using images in $(pwd)/" +else + info "Extracting BIOS image from flash..." + log flashrom -r ${BIOS} + + # FIXME: support ARM + HD_KERN_A=/dev/sda2 + HD_KERN_B=/dev/sda4 + tmp=$(rootdev -s -d)2 + if [ "$tmp" != "$HD_KERN_A" ]; then + USB_KERN_A="$tmp" + fi + + info "Extracting kernel images from drives..." + log dd if=${HD_KERN_A} of=hd_kern_a.blob + log dd if=${HD_KERN_B} of=hd_kern_b.blob + if [ -n "$USB_KERN_A" ]; then + log dd if=${USB_KERN_A} of=usb_kern_a.blob + fi fi -echo "INFO: extracting BIOS components" -dump_fmap -x ${BIOS} || echo "FAILED" +# Make sure we have something to work on +[ -f "$BIOS" ] || logdie "no BIOS image found" +ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found" -echo "INFO: pulling root and recovery keys from GBB" -gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ - GBB_Area || echo "FAILED" -echo "INFO: display root key" -vbutil_key --unpack rootkey.vbpubk -echo "INFO: display recovery key" -vbutil_key --unpack recoverykey.vbpubk +info "Extracting BIOS components..." +log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components" -echo "TEST: verify firmware A with root key" -vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \ - --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk || echo "FAILED" -echo "TEST: verify firmware B with root key" -vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \ - --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk || echo "FAILED" +info "Pulling root and recovery keys from GBB..." +log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \ + GBB_Area || logdie "Unable to extract keys from GBB" +log vbutil_key --unpack rootkey.vbpubk +log vbutil_key --unpack recoverykey.vbpubk -echo "TEST: verify HD kernel A with firmware A key" -vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \ - || echo "FAILED" -echo "TEST: verify HD kernel B with firmware A key" -vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \ - || echo "FAILED" +infon "Verify firmware A with root key... " +log vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \ + --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk ; result +infon "Verify firmware B with root key... " +log vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \ + --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk ; result -echo "TEST: verify HD kernel A with firmware B key" -vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \ - || echo "FAILED" -echo "TEST: verify HD kernel B with firmware B key" -vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \ - || echo "FAILED" +for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do + infon "Test $key... " + log vbutil_key --unpack $key ; result +done -if [ -n "$USB_KERN_A" ]; then - echo "TEST: verify USB kernel A with recovery key" - vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \ - || echo "FAILED" -fi +for keyblock in *kern*.blob; do + infon "Test $keyblock... " + log vbutil_keyblock --unpack $keyblock ; result +done + +# Test each kernel with each key +for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do + for kern in *kern*.blob; do + infon "Verify $kern with $key... " + log vbutil_kernel --verify $kern --signpubkey $key ; result + done +done