Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0+ |
Tom Rini | 10e4779 | 2018-05-06 17:58:06 -0400 | [diff] [blame] | 2 | # Copyright (c) 2016, Google Inc. |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 3 | # |
| 4 | # U-Boot Verified Boot Test |
| 5 | |
| 6 | """ |
| 7 | This tests verified boot in the following ways: |
| 8 | |
| 9 | For image verification: |
| 10 | - Create FIT (unsigned) with mkimage |
| 11 | - Check that verification shows that no keys are verified |
| 12 | - Sign image |
| 13 | - Check that verification shows that a key is now verified |
| 14 | |
| 15 | For configuration verification: |
| 16 | - Corrupt signature and check for failure |
| 17 | - Create FIT (with unsigned configuration) with mkimage |
Simon Glass | d5deca0 | 2016-07-31 17:35:04 -0600 | [diff] [blame] | 18 | - Check that image verification works |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 19 | - Sign the FIT and mark the key as 'required' for verification |
| 20 | - Check that image verification works |
| 21 | - Corrupt the signature |
| 22 | - Check that image verification no-longer works |
| 23 | |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 24 | For pre-load header verification: |
| 25 | - Create FIT image with a pre-load header |
| 26 | - Check that signature verification succeeds |
| 27 | - Corrupt the FIT image |
| 28 | - Check that signature verification fails |
| 29 | - Launch an FIT image without a pre-load header |
| 30 | - Check that image verification fails |
| 31 | |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 32 | Tests run with both SHA1 and SHA256 hashing. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 33 | |
| 34 | This also tests fdt_add_pubkey utility in the simple way: |
| 35 | - Create DTB and FIT files |
| 36 | - Add keys with fdt_add_pubkey to DTB |
| 37 | - Sign FIT image |
| 38 | - Check with fit_check_sign that keys properly added to DTB file |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 39 | """ |
| 40 | |
Simon Glass | e9eeca8 | 2021-09-19 15:14:48 -0600 | [diff] [blame] | 41 | import os |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 42 | import shutil |
Teddy Reed | e6a4783 | 2018-06-09 11:38:05 -0400 | [diff] [blame] | 43 | import struct |
Simon Glass | 861b504 | 2020-03-18 11:44:05 -0600 | [diff] [blame] | 44 | import pytest |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 45 | import u_boot_utils as util |
Simon Glass | c35df8f | 2020-03-18 11:43:59 -0600 | [diff] [blame] | 46 | import vboot_forge |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 47 | import vboot_evil |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 48 | |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 49 | # Common helper functions |
| 50 | def dtc(dts, cons, dtc_args, datadir, tmpdir, dtb): |
| 51 | """Run the device tree compiler to compile a .dts file |
| 52 | |
| 53 | The output file will be the same as the input file but with a .dtb |
| 54 | extension. |
| 55 | |
| 56 | Args: |
| 57 | dts: Device tree file to compile. |
| 58 | cons: U-Boot console. |
| 59 | dtc_args: DTC arguments. |
| 60 | datadir: Path to data directory. |
| 61 | tmpdir: Path to temp directory. |
| 62 | dtb: Resulting DTB file. |
| 63 | """ |
| 64 | dtb = dts.replace('.dts', '.dtb') |
| 65 | util.run_and_log(cons, 'dtc %s %s%s -O dtb ' |
| 66 | '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) |
| 67 | |
| 68 | def make_fit(its, cons, mkimage, dtc_args, datadir, fit): |
| 69 | """Make a new FIT from the .its source file. |
| 70 | |
| 71 | This runs 'mkimage -f' to create a new FIT. |
| 72 | |
| 73 | Args: |
| 74 | its: Filename containing .its source. |
| 75 | cons: U-Boot console. |
| 76 | mkimage: Path to mkimage utility. |
| 77 | dtc_args: DTC arguments. |
| 78 | datadir: Path to data directory. |
| 79 | fit: Resulting FIT file. |
| 80 | """ |
| 81 | util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f', |
| 82 | '%s%s' % (datadir, its), fit]) |
| 83 | |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 84 | # Only run the full suite on a few combinations, since it doesn't add any more |
| 85 | # test coverage. |
Simon Glass | 3539c17 | 2022-08-06 17:51:52 -0600 | [diff] [blame] | 86 | TESTDATA_IN = [ |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 87 | ['sha1-basic', 'sha1', '', None, False, True, False, False], |
| 88 | ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False, False], |
| 89 | ['sha1-pss', 'sha1', '-pss', None, False, False, False, False], |
| 90 | ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False, False], |
| 91 | ['sha256-basic', 'sha256', '', None, False, False, False, False], |
| 92 | ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False, False], |
| 93 | ['sha256-pss', 'sha256', '-pss', None, False, False, False, False], |
| 94 | ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False, False], |
| 95 | ['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False], |
| 96 | ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False, False], |
| 97 | ['sha384-basic', 'sha384', '', None, False, False, False, False], |
| 98 | ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False, False], |
| 99 | ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, False], |
| 100 | ['sha256-global-sign', 'sha256', '', '', False, False, False, True], |
| 101 | ['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, True], |
Simon Glass | a0ba39d | 2020-03-18 11:44:00 -0600 | [diff] [blame] | 102 | ] |
| 103 | |
Simon Glass | 3539c17 | 2022-08-06 17:51:52 -0600 | [diff] [blame] | 104 | # Mark all but the first test as slow, so they are not run with '-k not slow' |
| 105 | TESTDATA = [TESTDATA_IN[0]] |
| 106 | TESTDATA += [pytest.param(*v, marks=pytest.mark.slow) for v in TESTDATA_IN[1:]] |
| 107 | |
Michal Simek | 6e035ab | 2016-07-18 08:49:08 +0200 | [diff] [blame] | 108 | @pytest.mark.boardspec('sandbox') |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 109 | @pytest.mark.buildconfigspec('fit_signature') |
Stephen Warren | 2079db3 | 2017-09-18 11:11:49 -0600 | [diff] [blame] | 110 | @pytest.mark.requiredtool('dtc') |
| 111 | @pytest.mark.requiredtool('fdtget') |
| 112 | @pytest.mark.requiredtool('fdtput') |
| 113 | @pytest.mark.requiredtool('openssl') |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 114 | @pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign", |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 115 | TESTDATA) |
Simon Glass | e9eeca8 | 2021-09-19 15:14:48 -0600 | [diff] [blame] | 116 | def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 117 | full_test, algo_arg, global_sign): |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 118 | """Test verified boot signing with mkimage and verification with 'bootm'. |
| 119 | |
| 120 | This works using sandbox only as it needs to update the device tree used |
| 121 | by U-Boot to hold public keys from the signing process. |
| 122 | |
| 123 | The SHA1 and SHA256 tests are combined into a single test since the |
| 124 | key-generation process is quite slow and we want to avoid doing it twice. |
| 125 | """ |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 126 | def dtc_options(dts, options): |
| 127 | """Run the device tree compiler to compile a .dts file |
| 128 | |
| 129 | The output file will be the same as the input file but with a .dtb |
| 130 | extension. |
| 131 | |
| 132 | Args: |
| 133 | dts: Device tree file to compile. |
| 134 | options: Options provided to the compiler. |
| 135 | """ |
| 136 | dtb = dts.replace('.dts', '.dtb') |
| 137 | util.run_and_log(cons, 'dtc %s %s%s -O dtb ' |
| 138 | '-o %s%s %s' % (dtc_args, datadir, dts, tmpdir, dtb, options)) |
| 139 | |
| 140 | def run_binman(dtb): |
| 141 | """Run binman to build an image |
| 142 | |
| 143 | Args: |
| 144 | dtb: Device tree file used as input file. |
| 145 | """ |
| 146 | pythonpath = os.environ.get('PYTHONPATH', '') |
| 147 | os.environ['PYTHONPATH'] = pythonpath + ':' + '%s/../scripts/dtc/pylibfdt' % tmpdir |
| 148 | util.run_and_log(cons, [binman, 'build', '-d', "%s/%s" % (tmpdir,dtb), |
| 149 | '-a', "pre-load-key-path=%s" % tmpdir, '-O', |
| 150 | tmpdir, '-I', tmpdir]) |
| 151 | os.environ['PYTHONPATH'] = pythonpath |
| 152 | |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 153 | def run_bootm(sha_algo, test_type, expect_string, boots, fit=None): |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 154 | """Run a 'bootm' command U-Boot. |
| 155 | |
| 156 | This always starts a fresh U-Boot instance since the device tree may |
| 157 | contain a new public key. |
| 158 | |
| 159 | Args: |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 160 | test_type: A string identifying the test type. |
| 161 | expect_string: A string which is expected in the output. |
| 162 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 163 | use. |
Tom Rini | b65ce46 | 2016-09-18 09:46:58 -0400 | [diff] [blame] | 164 | boots: A boolean that is True if Linux should boot and False if |
| 165 | we are expected to not boot |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 166 | fit: FIT filename to load and verify |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 167 | """ |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 168 | if not fit: |
| 169 | fit = '%stest.fit' % tmpdir |
Simon Glass | 37c2ce1 | 2016-07-31 17:35:08 -0600 | [diff] [blame] | 170 | cons.restart_uboot() |
Simon Glass | 2a40d83 | 2016-07-31 17:35:07 -0600 | [diff] [blame] | 171 | with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)): |
| 172 | output = cons.run_command_list( |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 173 | ['host load hostfs - 100 %s' % fit, |
Simon Glass | 861b504 | 2020-03-18 11:44:05 -0600 | [diff] [blame] | 174 | 'fdt addr 100', |
| 175 | 'bootm 100']) |
| 176 | assert expect_string in ''.join(output) |
Tom Rini | b65ce46 | 2016-09-18 09:46:58 -0400 | [diff] [blame] | 177 | if boots: |
Simon Glass | 861b504 | 2020-03-18 11:44:05 -0600 | [diff] [blame] | 178 | assert 'sandbox: continuing, as we cannot run' in ''.join(output) |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 179 | else: |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 180 | assert('sandbox: continuing, as we cannot run' |
| 181 | not in ''.join(output)) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 182 | |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 183 | def sign_fit(sha_algo, options): |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 184 | """Sign the FIT |
| 185 | |
| 186 | Signs the FIT and writes the signature into it. It also writes the |
| 187 | public key into the dtb. |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 188 | |
| 189 | Args: |
| 190 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 191 | use. |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 192 | options: Options to provide to mkimage. |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 193 | """ |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 194 | args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit] |
| 195 | if options: |
| 196 | args += options.split(' ') |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 197 | cons.log.action('%s: Sign images' % sha_algo) |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 198 | util.run_and_log(cons, args) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 199 | |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 200 | def sign_fit_dtb(sha_algo, options, dtb): |
| 201 | """Sign the FIT |
| 202 | |
| 203 | Signs the FIT and writes the signature into it. It also writes the |
| 204 | public key into the dtb. |
| 205 | |
| 206 | Args: |
| 207 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 208 | use. |
| 209 | options: Options to provide to mkimage. |
| 210 | """ |
| 211 | args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit] |
| 212 | if options: |
| 213 | args += options.split(' ') |
| 214 | cons.log.action('%s: Sign images' % sha_algo) |
| 215 | util.run_and_log(cons, args) |
| 216 | |
Thirupathaiah Annapureddy | 7e703f7 | 2020-08-16 23:01:10 -0700 | [diff] [blame] | 217 | def sign_fit_norequire(sha_algo, options): |
| 218 | """Sign the FIT |
| 219 | |
| 220 | Signs the FIT and writes the signature into it. It also writes the |
| 221 | public key into the dtb. It does not mark key as 'required' in dtb. |
| 222 | |
| 223 | Args: |
| 224 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 225 | use. |
| 226 | options: Options to provide to mkimage. |
| 227 | """ |
| 228 | args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, fit] |
| 229 | if options: |
| 230 | args += options.split(' ') |
| 231 | cons.log.action('%s: Sign images' % sha_algo) |
| 232 | util.run_and_log(cons, args) |
| 233 | |
Teddy Reed | e6a4783 | 2018-06-09 11:38:05 -0400 | [diff] [blame] | 234 | def replace_fit_totalsize(size): |
| 235 | """Replace FIT header's totalsize with something greater. |
| 236 | |
| 237 | The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE. |
| 238 | If the size is greater, the signature verification should return false. |
| 239 | |
| 240 | Args: |
| 241 | size: The new totalsize of the header |
| 242 | |
| 243 | Returns: |
| 244 | prev_size: The previous totalsize read from the header |
| 245 | """ |
| 246 | total_size = 0 |
| 247 | with open(fit, 'r+b') as handle: |
| 248 | handle.seek(4) |
| 249 | total_size = handle.read(4) |
| 250 | handle.seek(4) |
| 251 | handle.write(struct.pack(">I", size)) |
| 252 | return struct.unpack(">I", total_size)[0] |
| 253 | |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 254 | def corrupt_file(fit, offset, value): |
| 255 | """Corrupt a file |
| 256 | |
| 257 | To corrupt a file, a value is written at the specified offset |
| 258 | |
| 259 | Args: |
| 260 | fit: The file to corrupt |
| 261 | offset: Offset to write |
| 262 | value: Value written |
| 263 | """ |
| 264 | with open(fit, 'r+b') as handle: |
| 265 | handle.seek(offset) |
| 266 | handle.write(struct.pack(">I", value)) |
| 267 | |
Simon Glass | b4a2f6a | 2020-03-18 11:44:07 -0600 | [diff] [blame] | 268 | def create_rsa_pair(name): |
| 269 | """Generate a new RSA key paid and certificate |
| 270 | |
| 271 | Args: |
| 272 | name: Name of of the key (e.g. 'dev') |
| 273 | """ |
| 274 | public_exponent = 65537 |
Jamin Lin | 5975ad7 | 2022-01-19 16:23:21 +0800 | [diff] [blame] | 275 | |
| 276 | if sha_algo == "sha384": |
| 277 | rsa_keygen_bits = 3072 |
| 278 | else: |
| 279 | rsa_keygen_bits = 2048 |
| 280 | |
Simon Glass | b4a2f6a | 2020-03-18 11:44:07 -0600 | [diff] [blame] | 281 | util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %s%s.key ' |
Jamin Lin | 5975ad7 | 2022-01-19 16:23:21 +0800 | [diff] [blame] | 282 | '-pkeyopt rsa_keygen_bits:%d ' |
Simon Glass | b4a2f6a | 2020-03-18 11:44:07 -0600 | [diff] [blame] | 283 | '-pkeyopt rsa_keygen_pubexp:%d' % |
Jamin Lin | 5975ad7 | 2022-01-19 16:23:21 +0800 | [diff] [blame] | 284 | (tmpdir, name, rsa_keygen_bits, public_exponent)) |
Simon Glass | b4a2f6a | 2020-03-18 11:44:07 -0600 | [diff] [blame] | 285 | |
| 286 | # Create a certificate containing the public key |
| 287 | util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key ' |
| 288 | '-out %s%s.crt' % (tmpdir, name, tmpdir, name)) |
| 289 | |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 290 | def test_with_algo(sha_algo, padding, sign_options): |
Simon Glass | d5deca0 | 2016-07-31 17:35:04 -0600 | [diff] [blame] | 291 | """Test verified boot with the given hash algorithm. |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 292 | |
| 293 | This is the main part of the test code. The same procedure is followed |
| 294 | for both hashing algorithms. |
| 295 | |
| 296 | Args: |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 297 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 298 | use. |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 299 | padding: Either '' or '-pss', to select the padding to use for the |
| 300 | rsa signature algorithm. |
| 301 | sign_options: Options to mkimage when signing a fit image. |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 302 | """ |
Simon Glass | dc3ab7e | 2016-07-31 17:35:02 -0600 | [diff] [blame] | 303 | # Compile our device tree files for kernel and U-Boot. These are |
| 304 | # regenerated here since mkimage will modify them (by adding a |
| 305 | # public key) below. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 306 | dtc('sandbox-kernel.dts', cons, dtc_args, datadir, tmpdir, dtb) |
| 307 | dtc('sandbox-u-boot.dts', cons, dtc_args, datadir, tmpdir, dtb) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 308 | |
| 309 | # Build the FIT, but don't sign anything yet |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 310 | cons.log.action('%s: Test FIT with signed images' % sha_algo) |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 311 | make_fit('sign-images-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Jan Kiszka | 30f6465 | 2022-02-03 21:43:50 +0100 | [diff] [blame] | 312 | run_bootm(sha_algo, 'unsigned images', ' - OK' if algo_arg else 'dev-', True) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 313 | |
| 314 | # Sign images with our dev keys |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 315 | sign_fit(sha_algo, sign_options) |
Tom Rini | b65ce46 | 2016-09-18 09:46:58 -0400 | [diff] [blame] | 316 | run_bootm(sha_algo, 'signed images', 'dev+', True) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 317 | |
| 318 | # Create a fresh .dtb without the public keys |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 319 | dtc('sandbox-u-boot.dts', cons, dtc_args, datadir, tmpdir, dtb) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 320 | |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 321 | cons.log.action('%s: Test FIT with signed configuration' % sha_algo) |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 322 | make_fit('sign-configs-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Jan Kiszka | 30f6465 | 2022-02-03 21:43:50 +0100 | [diff] [blame] | 323 | run_bootm(sha_algo, 'unsigned config', '%s+ OK' % ('sha256' if algo_arg else sha_algo), True) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 324 | |
| 325 | # Sign images with our dev keys |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 326 | sign_fit(sha_algo, sign_options) |
Tom Rini | b65ce46 | 2016-09-18 09:46:58 -0400 | [diff] [blame] | 327 | run_bootm(sha_algo, 'signed config', 'dev+', True) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 328 | |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 329 | cons.log.action('%s: Check signed config on the host' % sha_algo) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 330 | |
Simon Glass | f411a89 | 2020-03-18 11:43:58 -0600 | [diff] [blame] | 331 | util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb]) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 332 | |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 333 | if full_test: |
Simon Glass | b823daa | 2021-02-15 17:08:12 -0700 | [diff] [blame] | 334 | # Make sure that U-Boot checks that the config is in the list of |
| 335 | # hashed nodes. If it isn't, a security bypass is possible. |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 336 | ffit = '%stest.forged.fit' % tmpdir |
| 337 | shutil.copyfile(fit, ffit) |
| 338 | with open(ffit, 'rb') as fd: |
| 339 | root, strblock = vboot_forge.read_fdt(fd) |
| 340 | root, strblock = vboot_forge.manipulate(root, strblock) |
| 341 | with open(ffit, 'w+b') as fd: |
| 342 | vboot_forge.write_fdt(root, strblock, fd) |
| 343 | util.run_and_log_expect_exception( |
| 344 | cons, [fit_check_sign, '-f', ffit, '-k', dtb], |
| 345 | 1, 'Failed to verify required signature') |
| 346 | |
| 347 | run_bootm(sha_algo, 'forged config', 'Bad Data Hash', False, ffit) |
Simon Glass | c35df8f | 2020-03-18 11:43:59 -0600 | [diff] [blame] | 348 | |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 349 | # Try adding an evil root node. This should be detected. |
| 350 | efit = '%stest.evilf.fit' % tmpdir |
| 351 | shutil.copyfile(fit, efit) |
| 352 | vboot_evil.add_evil_node(fit, efit, evil_kernel, 'fakeroot') |
| 353 | |
| 354 | util.run_and_log_expect_exception( |
| 355 | cons, [fit_check_sign, '-f', efit, '-k', dtb], |
| 356 | 1, 'Failed to verify required signature') |
Simon Glass | 19d2c02 | 2021-02-15 17:08:11 -0700 | [diff] [blame] | 357 | run_bootm(sha_algo, 'evil fakeroot', 'Bad FIT kernel image format', |
| 358 | False, efit) |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 359 | |
| 360 | # Try adding an @ to the kernel node name. This should be detected. |
| 361 | efit = '%stest.evilk.fit' % tmpdir |
| 362 | shutil.copyfile(fit, efit) |
| 363 | vboot_evil.add_evil_node(fit, efit, evil_kernel, 'kernel@') |
| 364 | |
Simon Glass | b823daa | 2021-02-15 17:08:12 -0700 | [diff] [blame] | 365 | msg = 'Signature checking prevents use of unit addresses (@) in nodes' |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 366 | util.run_and_log_expect_exception( |
| 367 | cons, [fit_check_sign, '-f', efit, '-k', dtb], |
Simon Glass | b823daa | 2021-02-15 17:08:12 -0700 | [diff] [blame] | 368 | 1, msg) |
| 369 | run_bootm(sha_algo, 'evil kernel@', msg, False, efit) |
Simon Glass | c35df8f | 2020-03-18 11:43:59 -0600 | [diff] [blame] | 370 | |
| 371 | # Create a new properly signed fit and replace header bytes |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 372 | make_fit('sign-configs-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 373 | sign_fit(sha_algo, sign_options) |
Teddy Reed | e6a4783 | 2018-06-09 11:38:05 -0400 | [diff] [blame] | 374 | bcfg = u_boot_console.config.buildconfig |
| 375 | max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0) |
| 376 | existing_size = replace_fit_totalsize(max_size + 1) |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 377 | run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', |
| 378 | False) |
Teddy Reed | e6a4783 | 2018-06-09 11:38:05 -0400 | [diff] [blame] | 379 | cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo) |
| 380 | |
| 381 | # Replace with existing header bytes |
| 382 | replace_fit_totalsize(existing_size) |
| 383 | run_bootm(sha_algo, 'signed config', 'dev+', True) |
| 384 | cons.log.action('%s: Check default FIT header totalsize' % sha_algo) |
| 385 | |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 386 | # Increment the first byte of the signature, which should cause failure |
Simon Glass | ba8116c | 2016-07-31 17:35:05 -0600 | [diff] [blame] | 387 | sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' % |
| 388 | (fit, sig_node)) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 389 | byte_list = sig.split() |
| 390 | byte = int(byte_list[0], 16) |
Simon Glass | dc3ab7e | 2016-07-31 17:35:02 -0600 | [diff] [blame] | 391 | byte_list[0] = '%x' % (byte + 1) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 392 | sig = ' '.join(byte_list) |
Simon Glass | ba8116c | 2016-07-31 17:35:05 -0600 | [diff] [blame] | 393 | util.run_and_log(cons, 'fdtput -t bx %s %s value %s' % |
| 394 | (fit, sig_node, sig)) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 395 | |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 396 | run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', |
| 397 | False) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 398 | |
Simon Glass | f223c73 | 2016-07-31 17:35:06 -0600 | [diff] [blame] | 399 | cons.log.action('%s: Check bad config on the host' % sha_algo) |
Simon Glass | 861b504 | 2020-03-18 11:44:05 -0600 | [diff] [blame] | 400 | util.run_and_log_expect_exception( |
| 401 | cons, [fit_check_sign, '-f', fit, '-k', dtb], |
| 402 | 1, 'Failed to verify required signature') |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 403 | |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 404 | def test_required_key(sha_algo, padding, sign_options): |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 405 | """Test verified boot with the given hash algorithm. |
| 406 | |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 407 | This function tests if U-Boot rejects an image when a required key isn't |
| 408 | used to sign a FIT. |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 409 | |
| 410 | Args: |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 411 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 412 | padding: Either '' or '-pss', to select the padding to use for the |
| 413 | rsa signature algorithm. |
| 414 | sign_options: Options to mkimage when signing a fit image. |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 415 | """ |
| 416 | # Compile our device tree files for kernel and U-Boot. These are |
| 417 | # regenerated here since mkimage will modify them (by adding a |
| 418 | # public key) below. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 419 | dtc('sandbox-kernel.dts', cons, dtc_args, datadir, tmpdir, dtb) |
| 420 | dtc('sandbox-u-boot.dts', cons, dtc_args, datadir, tmpdir, dtb) |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 421 | |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 422 | cons.log.action('%s: Test FIT with configs images' % sha_algo) |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 423 | |
| 424 | # Build the FIT with prod key (keys required) and sign it. This puts the |
| 425 | # signature into sandbox-u-boot.dtb, marked 'required' |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 426 | make_fit('sign-configs-%s%s-prod.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 427 | sign_fit(sha_algo, sign_options) |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 428 | |
| 429 | # Build the FIT with dev key (keys NOT required). This adds the |
| 430 | # signature into sandbox-u-boot.dtb, NOT marked 'required'. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 431 | make_fit('sign-configs-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Thirupathaiah Annapureddy | 7e703f7 | 2020-08-16 23:01:10 -0700 | [diff] [blame] | 432 | sign_fit_norequire(sha_algo, sign_options) |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 433 | |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 434 | # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys. |
| 435 | # Only the prod key is set as 'required'. But FIT we just built has |
Thirupathaiah Annapureddy | 7e703f7 | 2020-08-16 23:01:10 -0700 | [diff] [blame] | 436 | # a dev signature only (sign_fit_norequire() overwrites the FIT). |
Simon Glass | 724c03b | 2020-03-18 11:44:04 -0600 | [diff] [blame] | 437 | # Try to boot the FIT with dev key. This FIT should not be accepted by |
| 438 | # U-Boot because the prod key is required. |
| 439 | run_bootm(sha_algo, 'required key', '', False) |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 440 | |
Thirupathaiah Annapureddy | 7e703f7 | 2020-08-16 23:01:10 -0700 | [diff] [blame] | 441 | # Build the FIT with dev key (keys required) and sign it. This puts the |
| 442 | # signature into sandbox-u-boot.dtb, marked 'required'. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 443 | make_fit('sign-configs-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
Thirupathaiah Annapureddy | 7e703f7 | 2020-08-16 23:01:10 -0700 | [diff] [blame] | 444 | sign_fit(sha_algo, sign_options) |
| 445 | |
| 446 | # Set the required-mode policy to "any". |
| 447 | # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys. |
| 448 | # Both the dev and prod key are set as 'required'. But FIT we just built has |
| 449 | # a dev signature only (sign_fit() overwrites the FIT). |
| 450 | # Try to boot the FIT with dev key. This FIT should be accepted by |
| 451 | # U-Boot because the dev key is required and policy is "any" required key. |
| 452 | util.run_and_log(cons, 'fdtput -t s %s /signature required-mode any' % |
| 453 | (dtb)) |
| 454 | run_bootm(sha_algo, 'multi required key', 'dev+', True) |
| 455 | |
| 456 | # Set the required-mode policy to "all". |
| 457 | # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys. |
| 458 | # Both the dev and prod key are set as 'required'. But FIT we just built has |
| 459 | # a dev signature only (sign_fit() overwrites the FIT). |
| 460 | # Try to boot the FIT with dev key. This FIT should not be accepted by |
| 461 | # U-Boot because the prod key is required and policy is "all" required key |
| 462 | util.run_and_log(cons, 'fdtput -t s %s /signature required-mode all' % |
| 463 | (dtb)) |
| 464 | run_bootm(sha_algo, 'multi required key', '', False) |
| 465 | |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 466 | def test_global_sign(sha_algo, padding, sign_options): |
| 467 | """Test global image signature with the given hash algorithm and padding. |
| 468 | |
| 469 | Args: |
| 470 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use |
| 471 | padding: Either '' or '-pss', to select the padding to use for the |
| 472 | rsa signature algorithm. |
| 473 | """ |
| 474 | |
| 475 | dtb = '%ssandbox-u-boot-global%s.dtb' % (tmpdir, padding) |
| 476 | cons.config.dtb = dtb |
| 477 | |
| 478 | # Compile our device tree files for kernel and U-Boot. These are |
| 479 | # regenerated here since mkimage will modify them (by adding a |
| 480 | # public key) below. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 481 | dtc('sandbox-kernel.dts', cons, dtc_args, datadir, tmpdir, dtb) |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 482 | dtc_options('sandbox-u-boot-global%s.dts' % padding, '-p 1024') |
| 483 | |
| 484 | # Build the FIT with dev key (keys NOT required). This adds the |
| 485 | # signature into sandbox-u-boot.dtb, NOT marked 'required'. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 486 | make_fit('simple-images.its', cons, mkimage, dtc_args, datadir, fit) |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 487 | sign_fit_dtb(sha_algo, '', dtb) |
| 488 | |
| 489 | # Build the dtb for binman that define the pre-load header |
| 490 | # with the global sigature. |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 491 | dtc('sandbox-binman%s.dts' % padding, cons, dtc_args, datadir, tmpdir, dtb) |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 492 | |
| 493 | # Run binman to create the final image with the not signed fit |
| 494 | # and the pre-load header that contains the global signature. |
| 495 | run_binman('sandbox-binman%s.dtb' % padding) |
| 496 | |
| 497 | # Check that the signature is correctly verified by u-boot |
| 498 | run_bootm(sha_algo, 'global image signature', |
| 499 | 'signature check has succeed', True, "%ssandbox.img" % tmpdir) |
| 500 | |
| 501 | # Corrupt the image (just one byte after the pre-load header) |
| 502 | corrupt_file("%ssandbox.img" % tmpdir, 4096, 255); |
| 503 | |
| 504 | # Check that the signature verification fails |
| 505 | run_bootm(sha_algo, 'global image signature', |
| 506 | 'signature check has failed', False, "%ssandbox.img" % tmpdir) |
| 507 | |
| 508 | # Check that the boot fails if the global signature is not provided |
| 509 | run_bootm(sha_algo, 'global image signature', 'signature is mandatory', False) |
| 510 | |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 511 | cons = u_boot_console |
Simon Glass | e9eeca8 | 2021-09-19 15:14:48 -0600 | [diff] [blame] | 512 | tmpdir = os.path.join(cons.config.result_dir, name) + '/' |
| 513 | if not os.path.exists(tmpdir): |
| 514 | os.mkdir(tmpdir) |
Stephen Warren | 7047d95 | 2016-07-18 10:07:25 -0600 | [diff] [blame] | 515 | datadir = cons.config.source_dir + '/test/py/tests/vboot/' |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 516 | fit = '%stest.fit' % tmpdir |
| 517 | mkimage = cons.config.build_dir + '/tools/mkimage' |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 518 | binman = cons.config.source_dir + '/tools/binman/binman' |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 519 | fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' |
| 520 | dtc_args = '-I dts -O dtb -i %s' % tmpdir |
| 521 | dtb = '%ssandbox-u-boot.dtb' % tmpdir |
Philippe Reynes | a28e922 | 2018-11-14 13:51:05 +0100 | [diff] [blame] | 522 | sig_node = '/configurations/conf-1/signature' |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 523 | |
Simon Glass | b4a2f6a | 2020-03-18 11:44:07 -0600 | [diff] [blame] | 524 | create_rsa_pair('dev') |
| 525 | create_rsa_pair('prod') |
Philippe Reynes | 1d5ef52 | 2019-09-18 16:04:53 +0200 | [diff] [blame] | 526 | |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 527 | # Create a number kernel image with zeroes |
Simon Glass | 5e942f7 | 2021-02-15 17:08:08 -0700 | [diff] [blame] | 528 | with open('%stest-kernel.bin' % tmpdir, 'wb') as fd: |
| 529 | fd.write(500 * b'\0') |
| 530 | |
| 531 | # Create a second kernel image with ones |
| 532 | evil_kernel = '%stest-kernel1.bin' % tmpdir |
| 533 | with open(evil_kernel, 'wb') as fd: |
| 534 | fd.write(500 * b'\x01') |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 535 | |
Heinrich Schuchardt | 25da81a | 2023-12-11 19:07:33 +0100 | [diff] [blame] | 536 | # We need to use our own device tree file. Remember to restore it |
| 537 | # afterwards. |
| 538 | old_dtb = cons.config.dtb |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 539 | try: |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 540 | cons.config.dtb = dtb |
Philippe Reynes | 5d472d3 | 2022-03-28 22:57:06 +0200 | [diff] [blame] | 541 | if global_sign: |
| 542 | test_global_sign(sha_algo, padding, sign_options) |
| 543 | elif required: |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 544 | test_required_key(sha_algo, padding, sign_options) |
Simon Glass | a0ba39d | 2020-03-18 11:44:00 -0600 | [diff] [blame] | 545 | else: |
Philippe Reynes | 2fbd17c | 2020-04-29 15:26:16 +0200 | [diff] [blame] | 546 | test_with_algo(sha_algo, padding, sign_options) |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 547 | finally: |
Simon Glass | 37c2ce1 | 2016-07-31 17:35:08 -0600 | [diff] [blame] | 548 | # Go back to the original U-Boot with the correct dtb. |
Simon Glass | d977ecd | 2016-07-03 09:40:46 -0600 | [diff] [blame] | 549 | cons.config.dtb = old_dtb |
Simon Glass | 37c2ce1 | 2016-07-31 17:35:08 -0600 | [diff] [blame] | 550 | cons.restart_uboot() |
Roman Kopytin | 84e2b2b | 2023-03-20 03:28:13 +0000 | [diff] [blame] | 551 | |
| 552 | |
| 553 | TESTDATA_IN = [ |
| 554 | ['sha1-basic', 'sha1', '', None, False], |
| 555 | ['sha1-pad', 'sha1', '', '-E -p 0x10000', False], |
| 556 | ['sha1-pss', 'sha1', '-pss', None, False], |
| 557 | ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False], |
| 558 | ['sha256-basic', 'sha256', '', None, False], |
| 559 | ['sha256-pad', 'sha256', '', '-E -p 0x10000', False], |
| 560 | ['sha256-pss', 'sha256', '-pss', None, False], |
| 561 | ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False], |
| 562 | ['sha256-pss-required', 'sha256', '-pss', None, False], |
| 563 | ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', False], |
| 564 | ['sha384-basic', 'sha384', '', None, False], |
| 565 | ['sha384-pad', 'sha384', '', '-E -p 0x10000', False], |
| 566 | ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', True], |
| 567 | ['sha256-global-sign', 'sha256', '', '', False], |
| 568 | ['sha256-global-sign-pss', 'sha256', '-pss', '', False], |
| 569 | ] |
| 570 | |
| 571 | # Mark all but the first test as slow, so they are not run with '-k not slow' |
| 572 | TESTDATA = [TESTDATA_IN[0]] |
| 573 | TESTDATA += [pytest.param(*v, marks=pytest.mark.slow) for v in TESTDATA_IN[1:]] |
| 574 | |
| 575 | @pytest.mark.boardspec('sandbox') |
| 576 | @pytest.mark.buildconfigspec('fit_signature') |
| 577 | @pytest.mark.requiredtool('dtc') |
| 578 | @pytest.mark.requiredtool('openssl') |
| 579 | @pytest.mark.parametrize("name,sha_algo,padding,sign_options,algo_arg", TESTDATA) |
| 580 | def test_fdt_add_pubkey(u_boot_console, name, sha_algo, padding, sign_options, algo_arg): |
| 581 | """Test fdt_add_pubkey utility with bunch of different algo options.""" |
| 582 | |
| 583 | def sign_fit(sha_algo, options): |
| 584 | """Sign the FIT |
| 585 | |
| 586 | Signs the FIT and writes the signature into it. |
| 587 | |
| 588 | Args: |
| 589 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
| 590 | use. |
| 591 | options: Options to provide to mkimage. |
| 592 | """ |
| 593 | args = [mkimage, '-F', '-k', tmpdir, fit] |
| 594 | if options: |
| 595 | args += options.split(' ') |
| 596 | cons.log.action('%s: Sign images' % sha_algo) |
| 597 | util.run_and_log(cons, args) |
| 598 | |
| 599 | def test_add_pubkey(sha_algo, padding, sign_options): |
| 600 | """Test fdt_add_pubkey utility with given hash algorithm and padding. |
| 601 | |
| 602 | This function tests if fdt_add_pubkey utility may add public keys into dtb. |
| 603 | |
| 604 | Args: |
| 605 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use |
| 606 | padding: Either '' or '-pss', to select the padding to use for the |
| 607 | rsa signature algorithm. |
| 608 | sign_options: Options to mkimage when signing a fit image. |
| 609 | """ |
| 610 | |
| 611 | # Create a fresh .dtb without the public keys |
| 612 | dtc('sandbox-u-boot.dts', cons, dtc_args, datadir, tmpdir, dtb) |
| 613 | |
| 614 | cons.log.action('%s: Test fdt_add_pubkey with signed configuration' % sha_algo) |
| 615 | # Then add the dev key via the fdt_add_pubkey tool |
| 616 | util.run_and_log(cons, [fdt_add_pubkey, '-a', '%s,%s' % ('sha256' if algo_arg else sha_algo, \ |
| 617 | 'rsa3072' if sha_algo == 'sha384' else 'rsa2048'), |
| 618 | '-k', tmpdir, '-n', 'dev', '-r', 'conf', dtb]) |
| 619 | |
| 620 | make_fit('sign-configs-%s%s.its' % (sha_algo, padding), cons, mkimage, dtc_args, datadir, fit) |
| 621 | |
| 622 | # Sign images with our dev keys |
| 623 | sign_fit(sha_algo, sign_options) |
| 624 | |
| 625 | # Check with fit_check_sign that FIT is signed with key |
| 626 | util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb]) |
| 627 | |
| 628 | cons = u_boot_console |
| 629 | tmpdir = os.path.join(cons.config.result_dir, name) + '/' |
| 630 | if not os.path.exists(tmpdir): |
| 631 | os.mkdir(tmpdir) |
| 632 | datadir = cons.config.source_dir + '/test/py/tests/vboot/' |
| 633 | fit = '%stest.fit' % tmpdir |
| 634 | mkimage = cons.config.build_dir + '/tools/mkimage' |
| 635 | binman = cons.config.source_dir + '/tools/binman/binman' |
| 636 | fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' |
| 637 | fdt_add_pubkey = cons.config.build_dir + '/tools/fdt_add_pubkey' |
| 638 | dtc_args = '-I dts -O dtb -i %s' % tmpdir |
| 639 | dtb = '%ssandbox-u-boot.dtb' % tmpdir |
| 640 | |
| 641 | # keys created in test_vboot test |
| 642 | |
| 643 | test_add_pubkey(sha_algo, padding, sign_options) |