| Alex Klein | fa719c9 | 2018-10-15 14:04:22 -0600 | [diff] [blame] | 1 | # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style license that can be |
| 3 | # found in the LICENSE file. |
| 4 | |
| 5 | """This script provides CLI access to run security tests on a Chrome OS images. |
| 6 | |
| 7 | The entry point is available as image_lib.SecurityTest. Call that directly when |
| 8 | possible. |
| 9 | |
| 10 | Note: You probably will need an internal checkout by default for these |
| 11 | tests to be useful. You can provide your own baselines, but you |
| 12 | can certainly provide your own set of configs. |
| 13 | |
| 14 | Note: These tests will fail on dev images. They are designed to |
| 15 | check release recovery images only. |
| 16 | |
| 17 | Note: The --image argument can be a path or a basename. When a basename is |
| 18 | provided, the --board argument is always used to build the path. |
| 19 | Consequently, `./image_name.bin` and `image_name.bin` are treated |
| 20 | very differently. |
| 21 | """ |
| 22 | |
| Alex Klein | fa719c9 | 2018-10-15 14:04:22 -0600 | [diff] [blame] | 23 | import re |
| 24 | |
| 25 | from chromite.lib import commandline |
| 26 | from chromite.lib import cros_build_lib |
| 27 | from chromite.lib import image_lib |
| 28 | |
| 29 | |
| 30 | def GetParser(): |
| 31 | """Build the Argument Parser.""" |
| 32 | parser = commandline.ArgumentParser(description=__doc__) |
| 33 | |
| 34 | parser.add_argument('--board', help='The board to test an image for.') |
| 35 | # Avoiding type='path' to allow the use of `./` to distinguish between a |
| 36 | # local image (e.g. `./image_name.bin`) and a basename (`image_name.bin`) in |
| 37 | # the board's build directory. The `./` would be normalized out of a |
| 38 | # type='path' argument, making it look like it's a basename. |
| 39 | parser.add_argument('--image', |
| 40 | help='Source release image to use (recovery_image.bin by ' |
| 41 | 'default). May be a path to an image or just the ' |
| 42 | 'basename of the image if a board is also provided.') |
| 43 | parser.add_argument('--baselines', type='path', |
| 44 | help='Directory to load security baselines from (default ' |
| 45 | 'from cros-signing).') |
| 46 | parser.add_argument('--vboot-hash', |
| 47 | help='The git rev of the vboot tree to checkout (default ' |
| 48 | 'to the signer hash).') |
| 49 | |
| 50 | return parser |
| 51 | |
| 52 | |
| 53 | def _ParseArgs(argv): |
| 54 | """Parse and validate arguments.""" |
| 55 | parser = GetParser() |
| 56 | opts = parser.parse_args(argv) |
| 57 | |
| 58 | # Need the board if no image provided or only the basename is provided so |
| 59 | # we can build out the full path to an image file. |
| 60 | opts.board = opts.board or cros_build_lib.GetDefaultBoard() |
| 61 | try: |
| 62 | opts.image = image_lib.BuildImagePath(opts.board, opts.image) |
| 63 | except image_lib.ImageDoesNotExistError as e: |
| 64 | # Replace |arg| with --arg, otherwise messages still relevant. |
| Mike Frysinger | 6b5c3cd | 2019-08-27 16:51:00 -0400 | [diff] [blame] | 65 | message = re.sub(r'\|(\w+)\|', r'--\1', str(e)) |
| Alex Klein | fa719c9 | 2018-10-15 14:04:22 -0600 | [diff] [blame] | 66 | parser.error(message) |
| 67 | |
| 68 | opts.Freeze() |
| 69 | return opts |
| 70 | |
| 71 | |
| 72 | def main(argv): |
| 73 | cros_build_lib.AssertInsideChroot() |
| 74 | opts = _ParseArgs(argv) |
| 75 | try: |
| 76 | success = image_lib.SecurityTest(board=opts.board, image=opts.image, |
| 77 | baselines=opts.baselines, |
| 78 | vboot_hash=opts.vboot_hash) |
| 79 | except image_lib.Error as e: |
| Mike Frysinger | 6b5c3cd | 2019-08-27 16:51:00 -0400 | [diff] [blame] | 80 | cros_build_lib.Die(e) |
| Alex Klein | fa719c9 | 2018-10-15 14:04:22 -0600 | [diff] [blame] | 81 | else: |
| 82 | return 0 if success else 1 |