mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-27 11:44:02 +00:00
60bcbe3cd4
This adds some tools to help us figure out why a particular kernel isn't booting. Often we suspect it's because it was signed with the wrong keys, or has flags restricting its use to certain boot modes. This change adds some tools to extract and display all the keys from the BIOS, and try them on the various kernels. We also display the sha1sum of all the keys we find, to make comparing them easier. Change-Id: I38e447bf95cb6c3a0b87aa949611bb135f2f94b4 BUG=chromeos-partner:888 TEST=manual To test, obtain a root shell, and run dev_debug_vboot. You should see lots of useful information go by. Review URL: http://codereview.chromium.org/3303018
68 lines
2.2 KiB
Bash
Executable File
68 lines
2.2 KiB
Bash
Executable File
#!/bin/sh
|
|
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
#
|
|
|
|
TMPDIR=/tmp/debug_vboot
|
|
BIOS=bios.rom
|
|
# FIXME: support ARM
|
|
HD_KERN_A=/dev/sda2
|
|
HD_KERN_B=/dev/sda4
|
|
tmp=$(rootdev -s -d)2
|
|
if [ "$tmp" != "$HD_KERN_A" ]; then
|
|
USB_KERN_A="$tmp"
|
|
fi
|
|
|
|
|
|
[ -d ${TMPDIR} ] || mkdir -p ${TMPDIR}
|
|
cd ${TMPDIR}
|
|
|
|
echo "INFO: extracting BIOS image from flash"
|
|
flashrom -r ${BIOS}
|
|
|
|
echo "INFO: extracting kernel images from drives"
|
|
dd if=${HD_KERN_A} of=hd_kern_a.blob
|
|
dd if=${HD_KERN_B} of=hd_kern_b.blob
|
|
if [ -n "$USB_KERN_A" ]; then
|
|
dd if=${USB_KERN_A} of=usb_kern_a.blob
|
|
fi
|
|
|
|
echo "INFO: extracting BIOS components"
|
|
dump_fmap -x ${BIOS} || echo "FAILED"
|
|
|
|
echo "INFO: pulling root and recovery keys from GBB"
|
|
gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk \
|
|
GBB_Area || echo "FAILED"
|
|
echo "INFO: display root key"
|
|
vbutil_key --unpack rootkey.vbpubk
|
|
echo "INFO: display recovery key"
|
|
vbutil_key --unpack recoverykey.vbpubk
|
|
|
|
echo "TEST: verify firmware A with root key"
|
|
vbutil_firmware --verify Firmware_A_Key --signpubkey rootkey.vbpubk \
|
|
--fv Firmware_A_Data --kernelkey kernel_subkey_a.vbpubk || echo "FAILED"
|
|
echo "TEST: verify firmware B with root key"
|
|
vbutil_firmware --verify Firmware_B_Key --signpubkey rootkey.vbpubk \
|
|
--fv Firmware_B_Data --kernelkey kernel_subkey_b.vbpubk || echo "FAILED"
|
|
|
|
echo "TEST: verify HD kernel A with firmware A key"
|
|
vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_a.vbpubk \
|
|
|| echo "FAILED"
|
|
echo "TEST: verify HD kernel B with firmware A key"
|
|
vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_a.vbpubk \
|
|
|| echo "FAILED"
|
|
|
|
echo "TEST: verify HD kernel A with firmware B key"
|
|
vbutil_kernel --verify hd_kern_a.blob --signpubkey kernel_subkey_b.vbpubk \
|
|
|| echo "FAILED"
|
|
echo "TEST: verify HD kernel B with firmware B key"
|
|
vbutil_kernel --verify hd_kern_b.blob --signpubkey kernel_subkey_b.vbpubk \
|
|
|| echo "FAILED"
|
|
|
|
if [ -n "$USB_KERN_A" ]; then
|
|
echo "TEST: verify USB kernel A with recovery key"
|
|
vbutil_kernel --verify usb_kern_a.blob --signpubkey recoverykey.vbpubk \
|
|
|| echo "FAILED"
|
|
fi
|