1#!/bin/sh 2 3# 4# Test that signing firmware does the expected thing 5# 6 7. "$(cd "$(dirname "$0")" && pwd)/common.sh" 8 9cat >$CONFIG <<EOF 10file-resource TEST { 11 host-path = "${TESTFILE_1K}" 12} 13 14task complete { 15 on-resource TEST { raw_write(0) } 16} 17EOF 18 19cat >$EXPECTED_META_CONF <<EOF 20file-resource "TEST" { 21 length=1024 22 blake2b-256="b25c2dfe31707f5572d9a3670d0dcfe5d59ccb010e6aba3b81aad133eb5e378b" 23} 24task "complete" { 25 on-resource "TEST" { 26 funlist = {"2", "raw_write", "0"} 27 } 28} 29EOF 30 31# Create new keys 32cd $WORK 33$FWUP_CREATE -g 34cd - 35 36# Sign the firmware 37$FWUP_CREATE -s $WORK/fwup-key.priv -c -f $CONFIG -o $FWFILE 38 39# Check that the zip file was created as expected 40check_meta_conf 41 42# Check that applying the firmware without checking signatures works 43$FWUP_APPLY -q -a -d $IMGFILE -i $FWFILE -t complete 44 45# Check that verifying the firmware without checking signatures works 46$FWUP_VERIFY -V -i $FWFILE 47 48# Check that applying the firmware with checking signatures works 49$FWUP_APPLY -q -p $WORK/fwup-key.pub -a -d $IMGFILE -i $FWFILE -t complete 50 51# Check that verifying the firmware with checking signatures works 52$FWUP_VERIFY -V -p $WORK/fwup-key.pub -i $FWFILE 53