Modify dev_debug_vboot for better usefulness

* Display only the synopsis on stdout
* Keep a verbose log of all activity in the scratch directory.
* Add more checks
* Providing a directory argument will use the images found there instead of
  trying to extract them from the system (for use on host machines).

Change-Id: I065a18c9467c625cc33484ee5556d955dc79b01d

BUG=none
TEST=manual

Get a root shell and run "dev_debug_vboot". You should see nicer output.

Review URL: http://codereview.chromium.org/4106001

firmware/version.c

@@ -1 +1 @@
-char* VbootVersion = "VBOOv=08ac6493";
+char* VbootVersion = "VBOOv=5db96410";

utility/dev_debug_vboot

@@ -4,64 +4,117 @@
 # found in the LICENSE file.
 #
 
-TMPDIR=/tmp/debug_vboot
+LOGFILE=noisy.log
-BIOS=bios.rom
+
-# FIXME: support ARM
+die() {
-HD_KERN_A=/dev/sda2
+  echo "$*" 1>&2
-HD_KERN_B=/dev/sda4
+  exit 1
-tmp=$(rootdev -s -d)2
+}
-if [ "$tmp" != "$HD_KERN_A" ]; then
+
-  USB_KERN_A="$tmp"
+info() {
+  echo "$@"
+  echo "#" "$@" >> "$LOGFILE"
+}
+
+infon() {
+  echo -n "$@"
+  echo "#" "$@" >> "$LOGFILE"
+}
+
+log() {
+  echo "+" "$@" >> "$LOGFILE"
+  "$@" >> "$LOGFILE" 2>&1
+}
+
+logdie() {
+  echo "+" "$@" >> "$LOGFILE"
+  "$@" >> "$LOGFILE" 2>&1
+  die "$@"
+}
+
+result() {
+  if [ "$?" = "0" ]; then
+    info "OK"
+  else
+    info "FAILED"
+  fi
+}
+
+# Optional directory name containing "bios.rom" and "*kern*.blob" files. If not
+# provided, we'll attempt to extract them ourselves.
+if [ -d "$1" ]; then
+  TMPDIR="$1"
+  [ -d ${TMPDIR} ] || die "${TMPDIR} doesn't exist"
+  USE_EXISTING=yes
+else
+  TMPDIR=/tmp/debug_vboot
+  [ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
 fi
 
-
-[ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
 cd ${TMPDIR}
+echo "$0 $*" > "$LOGFILE"
+log date
+echo "Saving verbose log as $(pwd)/$LOGFILE"
 
-echo "INFO: extracting BIOS image from flash"
+BIOS=bios.rom
-flashrom -r ${BIOS}
 
-echo "INFO: extracting kernel images from drives"
+# Find BIOS and kernel images
-dd if=${HD_KERN_A} of=hd_kern_a.blob
+if [ -n "$USE_EXISTING" ]; then
-dd if=${HD_KERN_B} of=hd_kern_b.blob
+  info "Using images in $(pwd)/"
-if [ -n "$USB_KERN_A" ]; then
+else
-  dd if=${USB_KERN_A} of=usb_kern_a.blob
+  info "Extracting BIOS image from flash..."
+  log flashrom -r ${BIOS}
+
+  # FIXME: support ARM
+  HD_KERN_A=/dev/sda2
+  HD_KERN_B=/dev/sda4
+  tmp=$(rootdev -s -d)2
+  if [ "$tmp" != "$HD_KERN_A" ]; then
+    USB_KERN_A="$tmp"
+  fi
+
+  info "Extracting kernel images from drives..."
+  log dd if=${HD_KERN_A} of=hd_kern_a.blob
+  log dd if=${HD_KERN_B} of=hd_kern_b.blob
+  if [ -n "$USB_KERN_A" ]; then
+    log dd if=${USB_KERN_A} of=usb_kern_a.blob
+  fi
 fi
 
-echo "INFO: extracting BIOS components"
+# Make sure we have something to work on
-dump_fmap -x ${BIOS} || echo "FAILED"
+[ -f "$BIOS" ] || logdie "no BIOS image found"
+ls *kern*.blob >/dev/null 2>&1 || logdie "no kernel images found"
 
-echo "INFO: pulling root and recovery keys from GBB"
+info "Extracting BIOS components..."
-gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
+log dump_fmap -x ${BIOS} || logdie "Unable to extract BIOS components"
-  GBB_Area || echo "FAILED"
-echo "INFO: display root key"
-vbutil_key --unpack rootkey.vbpubk
-echo "INFO: display recovery key"
-vbutil_key --unpack recoverykey.vbpubk
 
-echo "TEST: verify firmware A with root key"
+info "Pulling root and recovery keys from GBB..."
-vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
+log gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
-  --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk || echo "FAILED"
+  GBB_Area || logdie "Unable to extract keys from GBB"
-echo "TEST: verify firmware B with root key"
+log vbutil_key --unpack rootkey.vbpubk
-vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
+log vbutil_key --unpack recoverykey.vbpubk
-  --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk || echo "FAILED"
 
-echo "TEST: verify HD kernel A with firmware A key"
+infon "Verify firmware A with root key... "
-vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \
+log vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
-  || echo "FAILED"
+  --fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk ; result
-echo "TEST: verify HD kernel B with firmware A key"
+infon "Verify firmware B with root key... "
-vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \
+log vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
-  || echo "FAILED"
+  --fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk ; result
 
-echo "TEST: verify HD kernel A with firmware B key"
+for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk; do
-vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \
+  infon "Test $key... "
-  || echo "FAILED"
+  log vbutil_key --unpack $key ; result
-echo "TEST: verify HD kernel B with firmware B key"
+done
-vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \
-  || echo "FAILED"
 
-if [ -n "$USB_KERN_A" ]; then
+for keyblock in *kern*.blob; do
-  echo "TEST: verify USB kernel A with recovery key"
+  infon "Test $keyblock... "
-  vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \
+  log vbutil_keyblock --unpack $keyblock ; result
-    || echo "FAILED"
+done
-fi
+
+# Test each kernel with each key
+for key in kernel_subkey_a.vbpubk kernel_subkey_b.vbpubk recoverykey.vbpubk; do
+  for kern in *kern*.blob; do
+    infon "Verify $kern with $key... "
+    log vbutil_kernel --verify $kern --signpubkey $key ; result
+  done
+done