mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-02 14:14:12 +00:00
1cd4cdbbae
This option will perform verification operations on an image. 1) Check if the RootFS hash is correct. 2) Check if the image will verify using recovery keys (in recovery mode) 3) Check if the image will verify using SSD keys (in non-recovery mode) 2) and 3) are both tested with and without dev mode. Also re-factor existing code for rootfs calculation and update. BUG=5830,3496 TEST=manual Example usage and output follows: # Verifying an image meant for factory install. sudo ./sign_official_build.sh verify factory_install_image.sh ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): YES With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Verifying an image meant for recovery mode. sudo ./sign_official_build.sh verify recovery_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): YES With Recovery Key (Recovery Mode ON, Dev Mode ON): YES With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Verifying an image meant for the SSD drive. sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Image with an incorrect rootfs hash but otherwise validly signed sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/ Verifying RootFS hash... FAILED: RootFS hash is incorrect. Expected: ebce345727ca05ea9368d3b8d5ce1c81471d7d3b Got: 9b092985996bb2422b11487a66929a1a004df4fc Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES With SSD Key (Recovery Mode OFF, Dev Mode ON): YES # Image signed using a different set of keys (but validly signed). sudo ./sign_official_build.sh verify invalid_image.bin ../../tests/devkeys/ Verifying RootFS hash... PASS: RootFS hash is correct (70e6f2de0220991fd503a6fcc7edac131b4a48ca) Testing key verification... With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO With Recovery Key (Recovery Mode ON, Dev Mode ON): NO With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO With SSD Key (Recovery Mode OFF, Dev Mode ON): YES Change-Id: I4960cdbbbe93e685346417b882739f9cfd5f6b75 Review URL: http://codereview.chromium.org/3327005
96 lines
2.5 KiB
Bash
Executable File
96 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Determine script directory
|
|
SCRIPT_DIR=$(dirname $0)
|
|
PROG=$(basename $0)
|
|
GPT=cgpt
|
|
|
|
# List of Temporary files and mount points.
|
|
TEMP_FILE_LIST=$(mktemp)
|
|
TEMP_DIR_LIST=$(mktemp)
|
|
|
|
# Read GPT table to find the starting location of a specific partition.
|
|
# Args: DEVICE PARTNUM
|
|
# Returns: offset (in sectors) of partition PARTNUM
|
|
partoffset() {
|
|
sudo $GPT show -b -i $2 $1
|
|
}
|
|
|
|
# Read GPT table to find the size of a specific partition.
|
|
# Args: DEVICE PARTNUM
|
|
# Returns: size (in sectors) of partition PARTNUM
|
|
partsize() {
|
|
sudo $GPT show -s -i $2 $1
|
|
}
|
|
|
|
# Mount a partition from an image into a local directory
|
|
# Args: IMAGE PARTNUM MOUNTDIRECTORY
|
|
mount_image_partition() {
|
|
local image=$1
|
|
local partnum=$2
|
|
local mount_dir=$3
|
|
local offset=$(partoffset "$image" "$partnum")
|
|
sudo mount -o loop,offset=$((offset * 512)) "$image" "$mount_dir"
|
|
}
|
|
|
|
# Extract a partition to a file
|
|
# Args: IMAGE PARTNUM OUTPUTFILE
|
|
extract_image_partition() {
|
|
local image=$1
|
|
local partnum=$2
|
|
local output_file=$3
|
|
local offset=$(partoffset "$image" "$partnum")
|
|
local size=$(partsize "$image" "$partnum")
|
|
dd if=$image of=$output_file bs=512 skip=$offset count=$size conv=notrunc >/dev/null 2>&1
|
|
}
|
|
|
|
# Replace a partition in an image from file
|
|
# Args: IMAGE PARTNUM INPUTFILE
|
|
replace_image_partition() {
|
|
local image=$1
|
|
local partnum=$2
|
|
local input_file=$3
|
|
local offset=$(partoffset "$image" "$partnum")
|
|
local size=$(partsize "$image" "$partnum")
|
|
dd if=$input_file of=$image bs=512 seek=$offset count=$size conv=notrunc
|
|
}
|
|
|
|
# Create a new temporary file and return its name.
|
|
# File is automatically cleaned when cleanup_temps_and_mounts() is called.
|
|
make_temp_file() {
|
|
local tempfile=$(mktemp)
|
|
echo "$tempfile" >> $TEMP_FILE_LIST
|
|
echo $tempfile
|
|
}
|
|
|
|
# Create a new temporary directory and return its name.
|
|
# Directory is automatically deleted and any filesystem mounted on it unmounted
|
|
# when cleanup_temps_and_mounts() is called.
|
|
make_temp_dir() {
|
|
local tempdir=$(mktemp -d)
|
|
echo "$tempdir" >> $TEMP_DIR_LIST
|
|
echo $tempdir
|
|
}
|
|
|
|
cleanup_temps_and_mounts() {
|
|
for i in "$(cat $TEMP_FILE_LIST)"; do
|
|
rm -f $i
|
|
done
|
|
set +e # umount may fail for unmounted directories
|
|
for i in "$(cat $TEMP_DIR_LIST)"; do
|
|
if [ -n "$i" ]; then
|
|
sudo umount -d $i 2>/dev/null
|
|
rm -rf $i
|
|
fi
|
|
done
|
|
set -e
|
|
rm -rf $TEMP_DIR_LIST $TEMP_FILE_LIST
|
|
}
|
|
|
|
trap "cleanup_temps_and_mounts" EXIT
|
|
|