Change invocation of "gbb_utility" to "futility gbb"
Replace commands using gbb_utility by the new 'gbb' futility command. BRANCH=none BUG=None TEST=USE=test emerge-$BOARD vboot_reference Change-Id: I8c1547d295a955373413482509a33964b0e0c06f Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/538442 Reviewed-by: Stefan Reinauer <reinauer@google.com>
This commit is contained in:
parent
3522e574a2
commit
01dc818924
|
@ -193,7 +193,8 @@ main() {
|
|||
fi
|
||||
|
||||
debug_msg "Extract firmware version and data key version"
|
||||
gbb_utility -g --rootkey="$expanded_firmware_dir/rootkey" "$IMAGE" >/dev/null 2>&1
|
||||
futility gbb -g --rootkey="$expanded_firmware_dir/rootkey" "$IMAGE" \
|
||||
>/dev/null 2>&1
|
||||
|
||||
local data_key_version firmware_version
|
||||
# When we are going to flash directly from or to system, the versions stored
|
||||
|
@ -269,7 +270,7 @@ main() {
|
|||
|
||||
debug_msg "Extract current HWID"
|
||||
local old_hwid
|
||||
old_hwid="$(gbb_utility --get --hwid "$IMAGE" 2>"$EXEC_LOG" |
|
||||
old_hwid="$(futility gbb --get --hwid "$IMAGE" 2>"$EXEC_LOG" |
|
||||
sed -rne 's/^hardware_id: (.*)$/\1/p')"
|
||||
|
||||
debug_msg "Decide new HWID"
|
||||
|
@ -281,7 +282,7 @@ main() {
|
|||
fi
|
||||
|
||||
local old_gbb_flags
|
||||
old_gbb_flags="$(gbb_utility --get --flags "$IMAGE" 2>"$EXEC_LOG" |
|
||||
old_gbb_flags="$(futility gbb --get --flags "$IMAGE" 2>"$EXEC_LOG" |
|
||||
sed -rne 's/^flags: (.*)$/\1/p')"
|
||||
debug_msg "Decide new GBB flags from: $old_gbb_flags"
|
||||
[ -z "$old_gbb_flags" ] &&
|
||||
|
@ -289,8 +290,8 @@ main() {
|
|||
# 0x30: GBB_FLAG_FORCE_DEV_BOOT_USB | GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
|
||||
local new_gbb_flags="$((old_gbb_flags | 0x30))"
|
||||
|
||||
debug_msg "Replace GBB parts (gbb_utility allows changing on-the-fly)"
|
||||
gbb_utility --set \
|
||||
debug_msg "Replace GBB parts (futility gbb allows changing on-the-fly)"
|
||||
futility gbb --set \
|
||||
--hwid="$new_hwid" \
|
||||
--rootkey="$root_pubkey" \
|
||||
--recoverykey="$recovery_pubkey" \
|
||||
|
@ -300,7 +301,7 @@ main() {
|
|||
# Old firmware does not support GBB flags, so let's make it an exception.
|
||||
if [ "$FLAGS_mod_gbb_flags" = "$FLAGS_TRUE" ]; then
|
||||
debug_msg "Changing GBB flags from $old_gbb_flags to $new_gbb_flags"
|
||||
gbb_utility --set \
|
||||
futility gbb --set \
|
||||
--flags="$new_gbb_flags" \
|
||||
"$IMAGE" >"$EXEC_LOG" 2>&1 ||
|
||||
echo "Warning: GBB flags ($old_gbb_flags -> $new_gbb_flags) can't be set."
|
||||
|
|
|
@ -389,7 +389,7 @@ sanity_check_live_firmware() {
|
|||
local rootkey_file="$(make_temp_file)"
|
||||
info "checking system firmware..."
|
||||
sudo flashrom -p host -i GBB -r "$bios_image" >/dev/null 2>&1
|
||||
gbb_utility -g --rootkey="$rootkey_file" "$bios_image" >/dev/null 2>&1
|
||||
futility gbb -g --rootkey="$rootkey_file" "$bios_image" >/dev/null 2>&1
|
||||
if [ ! -s "$rootkey_file" ]; then
|
||||
debug_msg "failed to read root key from system firmware..."
|
||||
else
|
||||
|
|
|
@ -90,9 +90,9 @@ main() {
|
|||
fi
|
||||
|
||||
# Process file
|
||||
local old_value="$(gbb_utility -g --flags "$image_file")"
|
||||
local old_value="$(futility gbb -g --flags "$image_file")"
|
||||
printf "Setting GBB flags from %s to 0x%x.." "$old_value" "$value" >&2
|
||||
gbb_utility -s --flags="$value" "$image_file"
|
||||
futility gbb -s --flags="$value" "$image_file"
|
||||
|
||||
if [ -z "$FLAGS_file" ]; then
|
||||
if [ "$FLAGS_check_wp" = "$FLAGS_TRUE" ]; then
|
||||
|
|
|
@ -37,7 +37,7 @@ gbb_update() {
|
|||
# firmware. Note: This needs to happen after calling resign_firmwarefd.sh
|
||||
# since it needs to be able to verify the firmware using the root key to
|
||||
# determine the preamble flags.
|
||||
gbb_utility \
|
||||
futility gbb \
|
||||
-s \
|
||||
--recoverykey="${key_dir}/recovery_key.vbpubk" \
|
||||
--rootkey="${rootkey}" \
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
#
|
||||
# Prerequisite tools needed in the system path:
|
||||
#
|
||||
# gbb_utility (from src/platform/vboot_reference)
|
||||
# futility (from src/platform/vboot_reference)
|
||||
# vbutil_kernel (from src/platform/vboot_reference)
|
||||
# cgpt (from src/platform/vboot_reference)
|
||||
# dump_kernel_config (from src/platform/vboot_reference)
|
||||
|
@ -84,7 +84,7 @@ set -e
|
|||
PATH=$PATH:/usr/sbin:/sbin
|
||||
|
||||
# Make sure the tools we need are available.
|
||||
for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \
|
||||
for prereqs in futility vbutil_kernel cgpt dump_kernel_config verity \
|
||||
load_kernel_test dumpe2fs sha1sum e2fsck; do
|
||||
type -P "${prereqs}" &>/dev/null || \
|
||||
die "${prereqs} tool not found."
|
||||
|
|
|
@ -15,20 +15,20 @@ REPLACE="${BUILD_RUN}/tests/futility/binary_editor"
|
|||
# First, let's test the basic functionality
|
||||
|
||||
# For simplicity, we'll use the same size for all properties.
|
||||
${FUTILITY} gbb_utility -c 16,0x10,16,0x10 ${TMP}.blob
|
||||
${FUTILITY} gbb -c 16,0x10,16,0x10 ${TMP}.blob
|
||||
|
||||
# Flags
|
||||
${FUTILITY} gbb_utility -s --flags=0xdeadbeef ${TMP}.blob
|
||||
${FUTILITY} gbb_utility -g --flags ${TMP}.blob | grep -i 0xdeadbeef
|
||||
${FUTILITY} gbb -s --flags=0xdeadbeef ${TMP}.blob
|
||||
${FUTILITY} gbb -g --flags ${TMP}.blob | grep -i 0xdeadbeef
|
||||
|
||||
# HWID length should include the terminating null - this is too long
|
||||
if ${FUTILITY} gbb_utility -s --hwid="0123456789ABCDEF" ${TMP}.blob; then
|
||||
if ${FUTILITY} gbb -s --hwid="0123456789ABCDEF" ${TMP}.blob; then
|
||||
false;
|
||||
fi
|
||||
# This works
|
||||
${FUTILITY} gbb_utility -s --hwid="0123456789ABCDE" ${TMP}.blob
|
||||
${FUTILITY} gbb -s --hwid="0123456789ABCDE" ${TMP}.blob
|
||||
# Read it back?
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob | grep "0123456789ABCDE"
|
||||
${FUTILITY} gbb -g ${TMP}.blob | grep "0123456789ABCDE"
|
||||
|
||||
# Same kind of tests for the other fields, but they need binary files.
|
||||
|
||||
|
@ -36,20 +36,20 @@ ${FUTILITY} gbb_utility -g ${TMP}.blob | grep "0123456789ABCDE"
|
|||
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data1.toolong
|
||||
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data2.toolong
|
||||
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data3.toolong
|
||||
if ${FUTILITY} gbb_utility -s --rootkey ${TMP}.data1.toolong ${TMP}.blob; then false; fi
|
||||
if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2.toolong ${TMP}.blob; then false; fi
|
||||
if ${FUTILITY} gbb_utility -s --bmpfv ${TMP}.data3.toolong ${TMP}.blob; then false; fi
|
||||
if ${FUTILITY} gbb -s --rootkey ${TMP}.data1.toolong ${TMP}.blob; then false; fi
|
||||
if ${FUTILITY} gbb -s --recoverykey ${TMP}.data2.toolong ${TMP}.blob; then false; fi
|
||||
if ${FUTILITY} gbb -s --bmpfv ${TMP}.data3.toolong ${TMP}.blob; then false; fi
|
||||
|
||||
# shorter than max should be okay, though
|
||||
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data1.short
|
||||
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data2.short
|
||||
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data3.short
|
||||
${FUTILITY} gbb_utility -s \
|
||||
${FUTILITY} gbb -s \
|
||||
--rootkey ${TMP}.data1.short \
|
||||
--recoverykey ${TMP}.data2.short \
|
||||
--bmpfv ${TMP}.data3.short ${TMP}.blob
|
||||
# read 'em back
|
||||
${FUTILITY} gbb_utility -g \
|
||||
${FUTILITY} gbb -g \
|
||||
--rootkey ${TMP}.read1 \
|
||||
--recoverykey ${TMP}.read2 \
|
||||
--bmpfv ${TMP}.read3 ${TMP}.blob
|
||||
|
@ -62,14 +62,14 @@ cmp -n 10 ${TMP}.data3.short ${TMP}.read3
|
|||
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data1
|
||||
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data2
|
||||
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data3
|
||||
${FUTILITY} gbb_utility -s --rootkey ${TMP}.data1 ${TMP}.blob
|
||||
${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob
|
||||
${FUTILITY} gbb_utility -s --bmpfv ${TMP}.data3 ${TMP}.blob
|
||||
${FUTILITY} gbb -s --rootkey ${TMP}.data1 ${TMP}.blob
|
||||
${FUTILITY} gbb -s --recoverykey ${TMP}.data2 ${TMP}.blob
|
||||
${FUTILITY} gbb -s --bmpfv ${TMP}.data3 ${TMP}.blob
|
||||
|
||||
# Read 'em back.
|
||||
${FUTILITY} gbb_utility -g --rootkey ${TMP}.read1 ${TMP}.blob
|
||||
${FUTILITY} gbb_utility -g --recoverykey ${TMP}.read2 ${TMP}.blob
|
||||
${FUTILITY} gbb_utility -g --bmpfv ${TMP}.read3 ${TMP}.blob
|
||||
${FUTILITY} gbb -g --rootkey ${TMP}.read1 ${TMP}.blob
|
||||
${FUTILITY} gbb -g --recoverykey ${TMP}.read2 ${TMP}.blob
|
||||
${FUTILITY} gbb -g --bmpfv ${TMP}.read3 ${TMP}.blob
|
||||
# Verify
|
||||
cmp ${TMP}.data1 ${TMP}.read1
|
||||
cmp ${TMP}.data2 ${TMP}.read2
|
||||
|
@ -110,98 +110,98 @@ cmp ${TMP}.data3 ${TMP}.read3
|
|||
|
||||
# bad major_version
|
||||
cat ${TMP}.blob | ${REPLACE} 0x4 2 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# header size too large
|
||||
cat ${TMP}.blob | ${REPLACE} 0x8 0x81 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# header size too small
|
||||
cat ${TMP}.blob | ${REPLACE} 0x8 0x7f > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# HWID not null-terminated is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# HWID of length zero is okay
|
||||
cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.ok
|
||||
${FUTILITY} gbb_utility ${TMP}.blob.ok
|
||||
${FUTILITY} gbb ${TMP}.blob.ok
|
||||
# And HWID of length 1 consisting only of '\0' is okay, too.
|
||||
cat ${TMP}.blob | ${REPLACE} 0x14 0x01 | ${REPLACE} 0x80 0x00 > ${TMP}.blob.ok
|
||||
${FUTILITY} gbb_utility ${TMP}.blob.ok
|
||||
${FUTILITY} gbb ${TMP}.blob.ok
|
||||
|
||||
# zero-length HWID not null-terminated is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# hwid_offset < GBB_HEADER_SIZE is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x10 0x7f > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
cat ${TMP}.blob | ${REPLACE} 0x10 0x00 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# rootkey_offset < GBB_HEADER_SIZE is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x18 0x7f > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
cat ${TMP}.blob | ${REPLACE} 0x18 0x00 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# bmpfv_offset < GBB_HEADER_SIZE is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x20 0x7f > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
cat ${TMP}.blob | ${REPLACE} 0x20 0x00 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# recovery_key_offset < GBB_HEADER_SIZE is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x28 0x7f > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
cat ${TMP}.blob | ${REPLACE} 0x28 0x00 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# hwid: offset + size == end of file is okay; beyond is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x14 0x40 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
|
||||
${FUTILITY} gbb -g ${TMP}.blob.bad
|
||||
cat ${TMP}.blob | ${REPLACE} 0x14 0x41 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# rootkey: offset + size == end of file is okay; beyond is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x1c 0x30 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
|
||||
${FUTILITY} gbb -g ${TMP}.blob.bad
|
||||
cat ${TMP}.blob | ${REPLACE} 0x1c 0x31 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# bmpfv: offset + size == end of file is okay; beyond is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x24 0x20 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
|
||||
${FUTILITY} gbb -g ${TMP}.blob.bad
|
||||
cat ${TMP}.blob | ${REPLACE} 0x24 0x21 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# recovery_key: offset + size == end of file is okay; beyond is invalid
|
||||
cat ${TMP}.blob | ${REPLACE} 0x2c 0x10 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
|
||||
${FUTILITY} gbb -g ${TMP}.blob.bad
|
||||
cat ${TMP}.blob | ${REPLACE} 0x2c 0x11 > ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi
|
||||
if ${FUTILITY} gbb -g ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# hwid_size == 0 doesn't complain, but can't be set
|
||||
cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -s --hwid="A" ${TMP}.blob.bad; then false; fi
|
||||
${FUTILITY} gbb -g ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb -s --hwid="A" ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# rootkey_size == 0 gives warning, gets nothing, can't be set
|
||||
cat ${TMP}.blob | ${REPLACE} 0x1c 0x00 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g --rootkey ${TMP}.read1 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -s --rootkey ${TMP}.data1 ${TMP}.blob.bad; then false; fi
|
||||
${FUTILITY} gbb -g --rootkey ${TMP}.read1 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb -s --rootkey ${TMP}.data1 ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# bmpfv_size == 0 gives warning, gets nothing, can't be set
|
||||
cat ${TMP}.blob | ${REPLACE} 0x24 0x00 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g --bmpfv ${TMP}.read3 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -s --bmpfv ${TMP}.data3 ${TMP}.blob.bad; then false; fi
|
||||
${FUTILITY} gbb -g --bmpfv ${TMP}.read3 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb -s --bmpfv ${TMP}.data3 ${TMP}.blob.bad; then false; fi
|
||||
|
||||
# recovery_key_size == 0 gives warning, gets nothing, can't be set
|
||||
cat ${TMP}.blob | ${REPLACE} 0x2c 0x00 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g --recoverykey ${TMP}.read2 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi
|
||||
${FUTILITY} gbb -g --recoverykey ${TMP}.read2 ${TMP}.blob.bad
|
||||
if ${FUTILITY} gbb -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi
|
||||
|
||||
|
||||
# GBB v1.2 adds a sha256 digest field in what was previously padding:
|
||||
|
@ -215,20 +215,20 @@ if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then f
|
|||
|
||||
# See that the digest is updated properly.
|
||||
hwid="123456789ABCDEF"
|
||||
${FUTILITY} gbb_utility -s --hwid=${hwid} ${TMP}.blob
|
||||
${FUTILITY} gbb -s --hwid=${hwid} ${TMP}.blob
|
||||
expect=$(echo -n "$hwid" | sha256sum | cut -d ' ' -f 1)
|
||||
[ $(echo -n ${expect} | wc -c) == "64" ]
|
||||
${FUTILITY} gbb_utility -g --digest ${TMP}.blob | grep ${expect}
|
||||
${FUTILITY} gbb -g --digest ${TMP}.blob | grep ${expect}
|
||||
|
||||
# Garble the digest, see that it's noticed.
|
||||
# (assuming these zeros aren't present)
|
||||
cat ${TMP}.blob | ${REPLACE} 0x33 0x00 0x00 0x00 0x00 0x00 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep '0000000000'
|
||||
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid'
|
||||
${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep '0000000000'
|
||||
${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep 'invalid'
|
||||
|
||||
# Garble the HWID. The digest is unchanged, but now invalid.
|
||||
cat ${TMP}.blob | ${REPLACE} 0x84 0x70 0x71 0x72 > ${TMP}.blob.bad
|
||||
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid'
|
||||
${FUTILITY} gbb -g --digest ${TMP}.blob.bad | grep 'invalid'
|
||||
|
||||
# cleanup
|
||||
rm -f ${TMP}*
|
||||
|
|
|
@ -30,7 +30,7 @@ ${FUTILITY} verify ${DEVKEYS}/firmware.keyblock \
|
|||
# Get some bits to look at
|
||||
${FUTILITY} dump_fmap -x ${SCRIPTDIR}/data/bios_peppy_mp.bin \
|
||||
GBB:${TMP}.gbb VBLOCK_A:${TMP}.vblock_a FW_MAIN_A:${TMP}.fw_main_a
|
||||
${FUTILITY} gbb_utility -g -k ${TMP}.rootkey ${TMP}.gbb
|
||||
${FUTILITY} gbb -g -k ${TMP}.rootkey ${TMP}.gbb
|
||||
|
||||
|
||||
${FUTILITY} show ${TMP}.vblock_a
|
||||
|
|
|
@ -32,8 +32,8 @@ ${FUTILITY} vbutil_key --pack kernkey.test \
|
|||
--key ${TESTKEY_DIR}/key_rsa2048.keyb --algorithm 4
|
||||
|
||||
# Create a GBB with the root key
|
||||
${FUTILITY} gbb_utility -c 128,2400,0,0 gbb.test
|
||||
${FUTILITY} gbb_utility gbb.test -s --hwid='Test GBB' \
|
||||
${FUTILITY} gbb -c 128,2400,0,0 gbb.test
|
||||
${FUTILITY} gbb gbb.test -s --hwid='Test GBB' \
|
||||
--rootkey=rootkey.test
|
||||
|
||||
# Keyblock with firmware subkey is signed by root key
|
||||
|
|
|
@ -311,7 +311,7 @@ else
|
|||
fi
|
||||
|
||||
info "Pulling root and recovery keys from GBB..."
|
||||
log futility gbb_utility -g --rootkey rootkey.vbpubk \
|
||||
log futility gbb -g --rootkey rootkey.vbpubk \
|
||||
--recoverykey recoverykey.vbpubk \
|
||||
"GBB" || logdie "Unable to extract keys from GBB"
|
||||
log futility vbutil_key --unpack rootkey.vbpubk
|
||||
|
|
|
@ -73,15 +73,15 @@ showbios() {
|
|||
local file="$1" space="$2"
|
||||
local hwid matchh rootkey matchn recoverykey matchr
|
||||
|
||||
hwid=$(futility gbb_utility --hwid "$file" | sed -e 's/^.*: *//') || return
|
||||
hwid=$(futility gbb --hwid "$file" | sed -e 's/^.*: *//') || return
|
||||
matchh=$(grep "$hwid" "$0" 2>/dev/null | sed -e 's/^# //')
|
||||
|
||||
futility gbb_utility --rootkey="$TMPFILE" "$file" >/dev/null
|
||||
futility gbb --rootkey="$TMPFILE" "$file" >/dev/null
|
||||
rootkey=$(futility vbutil_key --unpack "$TMPFILE" | grep sha1sum | \
|
||||
sed -e 's/^.*: *//')
|
||||
matchn=$(greppy "$rootkey")
|
||||
|
||||
futility gbb_utility --recoverykey="$TMPFILE" "$file" >/dev/null
|
||||
futility gbb --recoverykey="$TMPFILE" "$file" >/dev/null
|
||||
recoverykey=$(futility vbutil_key --unpack "$TMPFILE" | grep sha1sum | \
|
||||
sed -e 's/^.*: *//')
|
||||
matchr=$(greppy "$recoverykey")
|
||||
|
|
Loading…
Reference in New Issue