Alexandru Gagniuc | 16521e7 | 2021-09-15 14:33:01 -0500 | [diff] [blame^] | 1 | # SPDX-License-Identifier: GPL-2.0+ |
| 2 | # |
| 3 | # Copyright (c) 2021 Alexandru Gagniuc <mr.nuke.me@gmail.com> |
| 4 | |
| 5 | """ |
| 6 | Check hashes produced by mkimage against known values |
| 7 | |
| 8 | This test checks the correctness of mkimage's hashes. by comparing the mkimage |
| 9 | output of a fixed data block with known good hashes. |
| 10 | This test doesn't run the sandbox. It only checks the host tool 'mkimage' |
| 11 | """ |
| 12 | |
| 13 | import pytest |
| 14 | import u_boot_utils as util |
| 15 | |
| 16 | kernel_hashes = { |
| 17 | "sha512" : "f18c1486a2c29f56360301576cdfce4dfd8e8e932d0ed8e239a1f314b8ae1d77b2a58cd7fe32e4075e69448e623ce53b0b6aa6ce5626d2c189a5beae29a68d93", |
| 18 | "sha384" : "16e28976740048485d08d793d8bf043ebc7826baf2bc15feac72825ad67530ceb3d09e0deb6932c62a5a0e9f3936baf4", |
| 19 | "sha256" : "2955c56bc1e5050c111ba6e089e0f5342bb47dedf77d87e3f429095feb98a7e5", |
| 20 | "sha1" : "652383e1a6d946953e1f65092c9435f6452c2ab7", |
| 21 | "md5" : "4879e5086e4c76128e525b5fe2af55f1", |
| 22 | "crc32" : "32eddfdf", |
| 23 | "crc16-ccitt" : "d4be" |
| 24 | } |
| 25 | |
| 26 | class ReadonlyFitImage(object): |
| 27 | """ Helper to manipulate a FIT image on disk """ |
| 28 | def __init__(self, cons, file_name): |
| 29 | self.fit = file_name |
| 30 | self.cons = cons |
| 31 | self.hashable_nodes = set() |
| 32 | |
| 33 | def __fdt_list(self, path): |
| 34 | return util.run_and_log(self.cons, f'fdtget -l {self.fit} {path}') |
| 35 | |
| 36 | def __fdt_get(self, node, prop): |
| 37 | val = util.run_and_log(self.cons, f'fdtget {self.fit} {node} {prop}') |
| 38 | return val.rstrip('\n') |
| 39 | |
| 40 | def __fdt_get_sexadecimal(self, node, prop): |
| 41 | numbers = util.run_and_log(self.cons, f'fdtget -tbx {self.fit} {node} {prop}') |
| 42 | |
| 43 | sexadecimal = '' |
| 44 | for num in numbers.rstrip('\n').split(' '): |
| 45 | sexadecimal += num.zfill(2) |
| 46 | return sexadecimal |
| 47 | |
| 48 | def find_hashable_image_nodes(self): |
| 49 | for node in self.__fdt_list('/images').split(): |
| 50 | # We only have known hashes for the kernel node |
| 51 | if 'kernel' not in node: |
| 52 | continue |
| 53 | self.hashable_nodes.add(f'/images/{node}') |
| 54 | |
| 55 | return self.hashable_nodes |
| 56 | |
| 57 | def verify_hashes(self): |
| 58 | for image in self.hashable_nodes: |
| 59 | algos = set() |
| 60 | for node in self.__fdt_list(image).split(): |
| 61 | if "hash-" not in node: |
| 62 | continue |
| 63 | |
| 64 | raw_hash = self.__fdt_get_sexadecimal(f'{image}/{node}', 'value') |
| 65 | algo = self.__fdt_get(f'{image}/{node}', 'algo') |
| 66 | algos.add(algo) |
| 67 | |
| 68 | good_hash = kernel_hashes[algo] |
| 69 | if good_hash != raw_hash: |
| 70 | raise ValueError(f'{image} Borked hash: {algo}'); |
| 71 | |
| 72 | # Did we test all the hashes we set out to test? |
| 73 | missing_algos = kernel_hashes.keys() - algos |
| 74 | if (missing_algos): |
| 75 | raise ValueError(f'Missing hashes from FIT: {missing_algos}') |
| 76 | |
| 77 | |
| 78 | @pytest.mark.buildconfigspec('hash') |
| 79 | @pytest.mark.requiredtool('dtc') |
| 80 | @pytest.mark.requiredtool('fdtget') |
| 81 | @pytest.mark.requiredtool('fdtput') |
| 82 | def test_mkimage_hashes(u_boot_console): |
| 83 | """ Test that hashes generated by mkimage are correct. """ |
| 84 | |
| 85 | def assemble_fit_image(dest_fit, its, destdir): |
| 86 | dtc_args = f'-I dts -O dtb -i {destdir}' |
| 87 | util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f', its, dest_fit]) |
| 88 | |
| 89 | def dtc(dts): |
| 90 | dtb = dts.replace('.dts', '.dtb') |
| 91 | util.run_and_log(cons, f'dtc {datadir}/{dts} -O dtb -o {tempdir}/{dtb}') |
| 92 | |
| 93 | cons = u_boot_console |
| 94 | mkimage = cons.config.build_dir + '/tools/mkimage' |
| 95 | datadir = cons.config.source_dir + '/test/py/tests/vboot/' |
| 96 | tempdir = cons.config.result_dir |
| 97 | fit_file = f'{tempdir}/test.fit' |
| 98 | dtc('sandbox-kernel.dts') |
| 99 | |
| 100 | # Create a fake kernel image -- Avoid zeroes or crc16 will be zero |
| 101 | with open(f'{tempdir}/test-kernel.bin', 'w') as fd: |
| 102 | fd.write(500 * chr(0xa5)) |
| 103 | |
| 104 | assemble_fit_image(fit_file, f'{datadir}/hash-images.its', tempdir) |
| 105 | |
| 106 | fit = ReadonlyFitImage(cons, fit_file) |
| 107 | nodes = fit.find_hashable_image_nodes() |
| 108 | if len(nodes) == 0: |
| 109 | raise ValueError('FIT image has no "/image" nodes with "hash-..."') |
| 110 | |
| 111 | fit.verify_hashes() |