blob: 6e62820743fe03b63c3c4ce8a1885587b04e53c1 [file] [log] [blame]
Simon Glassd5deca02016-07-31 17:35:04 -06001# Copyright (c) 2016, Google Inc.
Simon Glassd977ecd2016-07-03 09:40:46 -06002#
3# SPDX-License-Identifier: GPL-2.0+
4#
5# U-Boot Verified Boot Test
6
7"""
8This tests verified boot in the following ways:
9
10For image verification:
11- Create FIT (unsigned) with mkimage
12- Check that verification shows that no keys are verified
13- Sign image
14- Check that verification shows that a key is now verified
15
16For configuration verification:
17- Corrupt signature and check for failure
18- Create FIT (with unsigned configuration) with mkimage
Simon Glassd5deca02016-07-31 17:35:04 -060019- Check that image verification works
Simon Glassd977ecd2016-07-03 09:40:46 -060020- Sign the FIT and mark the key as 'required' for verification
21- Check that image verification works
22- Corrupt the signature
23- Check that image verification no-longer works
24
25Tests run with both SHA1 and SHA256 hashing.
26"""
27
28import pytest
29import sys
30import u_boot_utils as util
31
Michal Simek6e035ab2016-07-18 08:49:08 +020032@pytest.mark.boardspec('sandbox')
Simon Glassd977ecd2016-07-03 09:40:46 -060033@pytest.mark.buildconfigspec('fit_signature')
34def test_vboot(u_boot_console):
35 """Test verified boot signing with mkimage and verification with 'bootm'.
36
37 This works using sandbox only as it needs to update the device tree used
38 by U-Boot to hold public keys from the signing process.
39
40 The SHA1 and SHA256 tests are combined into a single test since the
41 key-generation process is quite slow and we want to avoid doing it twice.
42 """
43 def dtc(dts):
Simon Glassd5deca02016-07-31 17:35:04 -060044 """Run the device tree compiler to compile a .dts file
Simon Glassd977ecd2016-07-03 09:40:46 -060045
46 The output file will be the same as the input file but with a .dtb
47 extension.
48
49 Args:
50 dts: Device tree file to compile.
51 """
52 dtb = dts.replace('.dts', '.dtb')
Simon Glassba8116c2016-07-31 17:35:05 -060053 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
54 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
Simon Glassd977ecd2016-07-03 09:40:46 -060055
Tom Rinib65ce462016-09-18 09:46:58 -040056 def run_bootm(sha_algo, test_type, expect_string, boots):
Simon Glassd977ecd2016-07-03 09:40:46 -060057 """Run a 'bootm' command U-Boot.
58
59 This always starts a fresh U-Boot instance since the device tree may
60 contain a new public key.
61
62 Args:
Simon Glassf223c732016-07-31 17:35:06 -060063 test_type: A string identifying the test type.
64 expect_string: A string which is expected in the output.
65 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
66 use.
Tom Rinib65ce462016-09-18 09:46:58 -040067 boots: A boolean that is True if Linux should boot and False if
68 we are expected to not boot
Simon Glassd977ecd2016-07-03 09:40:46 -060069 """
Simon Glass37c2ce12016-07-31 17:35:08 -060070 cons.restart_uboot()
Simon Glass2a40d832016-07-31 17:35:07 -060071 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
72 output = cons.run_command_list(
73 ['sb load hostfs - 100 %stest.fit' % tmpdir,
74 'fdt addr 100',
75 'bootm 100'])
Simon Glass2ca73112016-07-31 17:35:09 -060076 assert(expect_string in ''.join(output))
Tom Rinib65ce462016-09-18 09:46:58 -040077 if boots:
78 assert('sandbox: continuing, as we cannot run' in ''.join(output))
Simon Glassd977ecd2016-07-03 09:40:46 -060079
80 def make_fit(its):
Simon Glassd5deca02016-07-31 17:35:04 -060081 """Make a new FIT from the .its source file.
Simon Glassd977ecd2016-07-03 09:40:46 -060082
83 This runs 'mkimage -f' to create a new FIT.
84
85 Args:
Simon Glassd5deca02016-07-31 17:35:04 -060086 its: Filename containing .its source.
Simon Glassd977ecd2016-07-03 09:40:46 -060087 """
88 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
89 '%s%s' % (datadir, its), fit])
90
Simon Glassf223c732016-07-31 17:35:06 -060091 def sign_fit(sha_algo):
Simon Glassd977ecd2016-07-03 09:40:46 -060092 """Sign the FIT
93
94 Signs the FIT and writes the signature into it. It also writes the
95 public key into the dtb.
Simon Glassf223c732016-07-31 17:35:06 -060096
97 Args:
98 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
99 use.
Simon Glassd977ecd2016-07-03 09:40:46 -0600100 """
Simon Glassf223c732016-07-31 17:35:06 -0600101 cons.log.action('%s: Sign images' % sha_algo)
Simon Glassd977ecd2016-07-03 09:40:46 -0600102 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
103 '-r', fit])
104
Simon Glassf223c732016-07-31 17:35:06 -0600105 def test_with_algo(sha_algo):
Simon Glassd5deca02016-07-31 17:35:04 -0600106 """Test verified boot with the given hash algorithm.
Simon Glassd977ecd2016-07-03 09:40:46 -0600107
108 This is the main part of the test code. The same procedure is followed
109 for both hashing algorithms.
110
111 Args:
Simon Glassf223c732016-07-31 17:35:06 -0600112 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
113 use.
Simon Glassd977ecd2016-07-03 09:40:46 -0600114 """
Simon Glassdc3ab7e2016-07-31 17:35:02 -0600115 # Compile our device tree files for kernel and U-Boot. These are
116 # regenerated here since mkimage will modify them (by adding a
117 # public key) below.
Simon Glassd977ecd2016-07-03 09:40:46 -0600118 dtc('sandbox-kernel.dts')
119 dtc('sandbox-u-boot.dts')
120
121 # Build the FIT, but don't sign anything yet
Simon Glassf223c732016-07-31 17:35:06 -0600122 cons.log.action('%s: Test FIT with signed images' % sha_algo)
123 make_fit('sign-images-%s.its' % sha_algo)
Tom Rinib65ce462016-09-18 09:46:58 -0400124 run_bootm(sha_algo, 'unsigned images', 'dev-', True)
Simon Glassd977ecd2016-07-03 09:40:46 -0600125
126 # Sign images with our dev keys
Simon Glassf223c732016-07-31 17:35:06 -0600127 sign_fit(sha_algo)
Tom Rinib65ce462016-09-18 09:46:58 -0400128 run_bootm(sha_algo, 'signed images', 'dev+', True)
Simon Glassd977ecd2016-07-03 09:40:46 -0600129
130 # Create a fresh .dtb without the public keys
131 dtc('sandbox-u-boot.dts')
132
Simon Glassf223c732016-07-31 17:35:06 -0600133 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
134 make_fit('sign-configs-%s.its' % sha_algo)
Tom Rinib65ce462016-09-18 09:46:58 -0400135 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
Simon Glassd977ecd2016-07-03 09:40:46 -0600136
137 # Sign images with our dev keys
Simon Glassf223c732016-07-31 17:35:06 -0600138 sign_fit(sha_algo)
Tom Rinib65ce462016-09-18 09:46:58 -0400139 run_bootm(sha_algo, 'signed config', 'dev+', True)
Simon Glassd977ecd2016-07-03 09:40:46 -0600140
Simon Glassf223c732016-07-31 17:35:06 -0600141 cons.log.action('%s: Check signed config on the host' % sha_algo)
Simon Glassd977ecd2016-07-03 09:40:46 -0600142
143 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
144 '-k', dtb])
145
146 # Increment the first byte of the signature, which should cause failure
Simon Glassba8116c2016-07-31 17:35:05 -0600147 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
148 (fit, sig_node))
Simon Glassd977ecd2016-07-03 09:40:46 -0600149 byte_list = sig.split()
150 byte = int(byte_list[0], 16)
Simon Glassdc3ab7e2016-07-31 17:35:02 -0600151 byte_list[0] = '%x' % (byte + 1)
Simon Glassd977ecd2016-07-03 09:40:46 -0600152 sig = ' '.join(byte_list)
Simon Glassba8116c2016-07-31 17:35:05 -0600153 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
154 (fit, sig_node, sig))
Simon Glassd977ecd2016-07-03 09:40:46 -0600155
Tom Rinib65ce462016-09-18 09:46:58 -0400156 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
Simon Glassd977ecd2016-07-03 09:40:46 -0600157
Simon Glassf223c732016-07-31 17:35:06 -0600158 cons.log.action('%s: Check bad config on the host' % sha_algo)
Simon Glassd977ecd2016-07-03 09:40:46 -0600159 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
160 '-k', dtb], 1, 'Failed to verify required signature')
161
162 cons = u_boot_console
163 tmpdir = cons.config.result_dir + '/'
164 tmp = tmpdir + 'vboot.tmp'
Stephen Warren7047d952016-07-18 10:07:25 -0600165 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
Simon Glassd977ecd2016-07-03 09:40:46 -0600166 fit = '%stest.fit' % tmpdir
167 mkimage = cons.config.build_dir + '/tools/mkimage'
168 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
169 dtc_args = '-I dts -O dtb -i %s' % tmpdir
170 dtb = '%ssandbox-u-boot.dtb' % tmpdir
171 sig_node = '/configurations/conf@1/signature@1'
172
173 # Create an RSA key pair
174 public_exponent = 65537
Simon Glassba8116c2016-07-31 17:35:05 -0600175 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
176 '-pkeyopt rsa_keygen_bits:2048 '
177 '-pkeyopt rsa_keygen_pubexp:%d '
178 '2>/dev/null' % (tmpdir, public_exponent))
Simon Glassd977ecd2016-07-03 09:40:46 -0600179
180 # Create a certificate containing the public key
Simon Glassba8116c2016-07-31 17:35:05 -0600181 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
182 '%sdev.crt' % (tmpdir, tmpdir))
Simon Glassd977ecd2016-07-03 09:40:46 -0600183
184 # Create a number kernel image with zeroes
185 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
186 fd.write(5000 * chr(0))
187
188 try:
189 # We need to use our own device tree file. Remember to restore it
190 # afterwards.
191 old_dtb = cons.config.dtb
192 cons.config.dtb = dtb
193 test_with_algo('sha1')
194 test_with_algo('sha256')
195 finally:
Simon Glass37c2ce12016-07-31 17:35:08 -0600196 # Go back to the original U-Boot with the correct dtb.
Simon Glassd977ecd2016-07-03 09:40:46 -0600197 cons.config.dtb = old_dtb
Simon Glass37c2ce12016-07-31 17:35:08 -0600198 cons.restart_uboot()