| # Copyright (c) 2018, Linaro Limited |
| # |
| # SPDX-License-Identifier: GPL-2.0+ |
| # |
| # Android Verified Boot 2.0 Test |
| |
| """ |
| This tests Android Verified Boot 2.0 support in U-Boot: |
| |
| For additional details about how to build proper vbmeta partition |
| check doc/android/avb2.rst |
| |
| For configuration verification: |
| - Corrupt boot partition and check for failure |
| - Corrupt vbmeta partition and check for failure |
| """ |
| |
| import pytest |
| import u_boot_utils as util |
| |
| # defauld mmc id |
| mmc_dev = 1 |
| temp_addr = 0x90000000 |
| temp_addr2 = 0x90002000 |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| @pytest.mark.buildconfigspec('cmd_mmc') |
| def test_avb_verify(u_boot_console): |
| """Run AVB 2.0 boot verification chain with avb subset of commands |
| """ |
| |
| success_str = "Verification passed successfully" |
| |
| response = u_boot_console.run_command('avb init %s' %str(mmc_dev)) |
| assert response == '' |
| response = u_boot_console.run_command('avb verify') |
| assert response.find(success_str) |
| |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| @pytest.mark.buildconfigspec('cmd_mmc') |
| @pytest.mark.notbuildconfigspec('sandbox') |
| def test_avb_mmc_uuid(u_boot_console): |
| """Check if 'avb get_uuid' works, compare results with |
| 'part list mmc 1' output |
| """ |
| |
| response = u_boot_console.run_command('avb init %s' % str(mmc_dev)) |
| assert response == '' |
| |
| response = u_boot_console.run_command('mmc rescan; mmc dev %s' % |
| str(mmc_dev)) |
| assert response.find('is current device') |
| |
| part_lines = u_boot_console.run_command('mmc part').splitlines() |
| part_list = {} |
| cur_partname = '' |
| |
| for line in part_lines: |
| if '"' in line: |
| start_pt = line.find('"') |
| end_pt = line.find('"', start_pt + 1) |
| cur_partname = line[start_pt + 1: end_pt] |
| |
| if 'guid:' in line: |
| guid_to_check = line.split('guid:\t') |
| part_list[cur_partname] = guid_to_check[1] |
| |
| # lets check all guids with avb get_guid |
| for part, guid in part_list.items(): |
| avb_guid_resp = u_boot_console.run_command('avb get_uuid %s' % part) |
| assert guid == avb_guid_resp.split('UUID: ')[1] |
| |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| def test_avb_read_rb(u_boot_console): |
| """Test reading rollback indexes |
| """ |
| |
| response = u_boot_console.run_command('avb init %s' % str(mmc_dev)) |
| assert response == '' |
| |
| response = u_boot_console.run_command('avb read_rb 1') |
| assert response == 'Rollback index: 0' |
| |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| def test_avb_is_unlocked(u_boot_console): |
| """Test if device is in the unlocked state |
| """ |
| |
| response = u_boot_console.run_command('avb init %s' % str(mmc_dev)) |
| assert response == '' |
| |
| response = u_boot_console.run_command('avb is_unlocked') |
| assert response == 'Unlocked = 1' |
| |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| @pytest.mark.buildconfigspec('cmd_mmc') |
| @pytest.mark.notbuildconfigspec('sandbox') |
| def test_avb_mmc_read(u_boot_console): |
| """Test mmc read operation |
| """ |
| |
| response = u_boot_console.run_command('mmc rescan; mmc dev %s 0' % |
| str(mmc_dev)) |
| assert response.find('is current device') |
| |
| response = u_boot_console.run_command('mmc read 0x%x 0x100 0x1' % temp_addr) |
| assert response.find('read: OK') |
| |
| response = u_boot_console.run_command('avb init %s' % str(mmc_dev)) |
| assert response == '' |
| |
| response = u_boot_console.run_command('avb read_part xloader 0 100 0x%x' % |
| temp_addr2) |
| assert response.find('Read 512 bytes') |
| |
| # Now lets compare two buffers |
| response = u_boot_console.run_command('cmp 0x%x 0x%x 40' % |
| (temp_addr, temp_addr2)) |
| assert response.find('64 word') |
| |
| |
| @pytest.mark.buildconfigspec('cmd_avb') |
| @pytest.mark.buildconfigspec('optee_ta_avb') |
| def test_avb_persistent_values(u_boot_console): |
| """Test reading/writing persistent storage to avb |
| """ |
| |
| response = u_boot_console.run_command('avb init %s' % str(mmc_dev)) |
| assert response == '' |
| |
| response = u_boot_console.run_command('avb write_pvalue test value_value') |
| assert response == 'Wrote 12 bytes' |
| |
| response = u_boot_console.run_command('avb read_pvalue test 12') |
| assert response == 'Read 12 bytes, value = value_value' |