]>
Commit | Line | Data |
---|---|---|
8729d582 | 1 | # SPDX-License-Identifier: GPL-2.0+ |
83d290c5 | 2 | # Copyright (c) 2016, Google Inc. |
8729d582 SG |
3 | # |
4 | # U-Boot Verified Boot Test | |
5 | ||
6 | """ | |
7 | This tests verified boot in the following ways: | |
8 | ||
9 | For image verification: | |
10 | - Create FIT (unsigned) with mkimage | |
11 | - Check that verification shows that no keys are verified | |
12 | - Sign image | |
13 | - Check that verification shows that a key is now verified | |
14 | ||
15 | For configuration verification: | |
16 | - Corrupt signature and check for failure | |
17 | - Create FIT (with unsigned configuration) with mkimage | |
72f52268 | 18 | - Check that image verification works |
8729d582 SG |
19 | - Sign the FIT and mark the key as 'required' for verification |
20 | - Check that image verification works | |
21 | - Corrupt the signature | |
22 | - Check that image verification no-longer works | |
23 | ||
24 | Tests run with both SHA1 and SHA256 hashing. | |
25 | """ | |
26 | ||
27 | import pytest | |
28 | import sys | |
29 | import u_boot_utils as util | |
30 | ||
04a4786c | 31 | @pytest.mark.boardspec('sandbox') |
8729d582 | 32 | @pytest.mark.buildconfigspec('fit_signature') |
2d26bf6c SW |
33 | @pytest.mark.requiredtool('dtc') |
34 | @pytest.mark.requiredtool('fdtget') | |
35 | @pytest.mark.requiredtool('fdtput') | |
36 | @pytest.mark.requiredtool('openssl') | |
8729d582 SG |
37 | def test_vboot(u_boot_console): |
38 | """Test verified boot signing with mkimage and verification with 'bootm'. | |
39 | ||
40 | This works using sandbox only as it needs to update the device tree used | |
41 | by U-Boot to hold public keys from the signing process. | |
42 | ||
43 | The SHA1 and SHA256 tests are combined into a single test since the | |
44 | key-generation process is quite slow and we want to avoid doing it twice. | |
45 | """ | |
46 | def dtc(dts): | |
72f52268 | 47 | """Run the device tree compiler to compile a .dts file |
8729d582 SG |
48 | |
49 | The output file will be the same as the input file but with a .dtb | |
50 | extension. | |
51 | ||
52 | Args: | |
53 | dts: Device tree file to compile. | |
54 | """ | |
55 | dtb = dts.replace('.dts', '.dtb') | |
ec70f8a9 SG |
56 | util.run_and_log(cons, 'dtc %s %s%s -O dtb ' |
57 | '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) | |
8729d582 | 58 | |
de4be9ec | 59 | def run_bootm(sha_algo, test_type, expect_string, boots): |
8729d582 SG |
60 | """Run a 'bootm' command U-Boot. |
61 | ||
62 | This always starts a fresh U-Boot instance since the device tree may | |
63 | contain a new public key. | |
64 | ||
65 | Args: | |
ac9a23cf SG |
66 | test_type: A string identifying the test type. |
67 | expect_string: A string which is expected in the output. | |
68 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to | |
69 | use. | |
de4be9ec TR |
70 | boots: A boolean that is True if Linux should boot and False if |
71 | we are expected to not boot | |
8729d582 | 72 | """ |
27c087d5 | 73 | cons.restart_uboot() |
851271a7 SG |
74 | with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)): |
75 | output = cons.run_command_list( | |
76 | ['sb load hostfs - 100 %stest.fit' % tmpdir, | |
77 | 'fdt addr 100', | |
78 | 'bootm 100']) | |
f6d34651 | 79 | assert(expect_string in ''.join(output)) |
de4be9ec TR |
80 | if boots: |
81 | assert('sandbox: continuing, as we cannot run' in ''.join(output)) | |
8729d582 SG |
82 | |
83 | def make_fit(its): | |
72f52268 | 84 | """Make a new FIT from the .its source file. |
8729d582 SG |
85 | |
86 | This runs 'mkimage -f' to create a new FIT. | |
87 | ||
88 | Args: | |
72f52268 | 89 | its: Filename containing .its source. |
8729d582 SG |
90 | """ |
91 | util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f', | |
92 | '%s%s' % (datadir, its), fit]) | |
93 | ||
ac9a23cf | 94 | def sign_fit(sha_algo): |
8729d582 SG |
95 | """Sign the FIT |
96 | ||
97 | Signs the FIT and writes the signature into it. It also writes the | |
98 | public key into the dtb. | |
ac9a23cf SG |
99 | |
100 | Args: | |
101 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to | |
102 | use. | |
8729d582 | 103 | """ |
ac9a23cf | 104 | cons.log.action('%s: Sign images' % sha_algo) |
8729d582 SG |
105 | util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb, |
106 | '-r', fit]) | |
107 | ||
ac9a23cf | 108 | def test_with_algo(sha_algo): |
72f52268 | 109 | """Test verified boot with the given hash algorithm. |
8729d582 SG |
110 | |
111 | This is the main part of the test code. The same procedure is followed | |
112 | for both hashing algorithms. | |
113 | ||
114 | Args: | |
ac9a23cf SG |
115 | sha_algo: Either 'sha1' or 'sha256', to select the algorithm to |
116 | use. | |
8729d582 | 117 | """ |
bcbd0c8f SG |
118 | # Compile our device tree files for kernel and U-Boot. These are |
119 | # regenerated here since mkimage will modify them (by adding a | |
120 | # public key) below. | |
8729d582 SG |
121 | dtc('sandbox-kernel.dts') |
122 | dtc('sandbox-u-boot.dts') | |
123 | ||
124 | # Build the FIT, but don't sign anything yet | |
ac9a23cf SG |
125 | cons.log.action('%s: Test FIT with signed images' % sha_algo) |
126 | make_fit('sign-images-%s.its' % sha_algo) | |
de4be9ec | 127 | run_bootm(sha_algo, 'unsigned images', 'dev-', True) |
8729d582 SG |
128 | |
129 | # Sign images with our dev keys | |
ac9a23cf | 130 | sign_fit(sha_algo) |
de4be9ec | 131 | run_bootm(sha_algo, 'signed images', 'dev+', True) |
8729d582 SG |
132 | |
133 | # Create a fresh .dtb without the public keys | |
134 | dtc('sandbox-u-boot.dts') | |
135 | ||
ac9a23cf SG |
136 | cons.log.action('%s: Test FIT with signed configuration' % sha_algo) |
137 | make_fit('sign-configs-%s.its' % sha_algo) | |
de4be9ec | 138 | run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True) |
8729d582 SG |
139 | |
140 | # Sign images with our dev keys | |
ac9a23cf | 141 | sign_fit(sha_algo) |
de4be9ec | 142 | run_bootm(sha_algo, 'signed config', 'dev+', True) |
8729d582 | 143 | |
ac9a23cf | 144 | cons.log.action('%s: Check signed config on the host' % sha_algo) |
8729d582 SG |
145 | |
146 | util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir, | |
147 | '-k', dtb]) | |
148 | ||
149 | # Increment the first byte of the signature, which should cause failure | |
ec70f8a9 SG |
150 | sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' % |
151 | (fit, sig_node)) | |
8729d582 SG |
152 | byte_list = sig.split() |
153 | byte = int(byte_list[0], 16) | |
bcbd0c8f | 154 | byte_list[0] = '%x' % (byte + 1) |
8729d582 | 155 | sig = ' '.join(byte_list) |
ec70f8a9 SG |
156 | util.run_and_log(cons, 'fdtput -t bx %s %s value %s' % |
157 | (fit, sig_node, sig)) | |
8729d582 | 158 | |
de4be9ec | 159 | run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False) |
8729d582 | 160 | |
ac9a23cf | 161 | cons.log.action('%s: Check bad config on the host' % sha_algo) |
8729d582 SG |
162 | util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit, |
163 | '-k', dtb], 1, 'Failed to verify required signature') | |
164 | ||
165 | cons = u_boot_console | |
166 | tmpdir = cons.config.result_dir + '/' | |
167 | tmp = tmpdir + 'vboot.tmp' | |
c9ba60c4 | 168 | datadir = cons.config.source_dir + '/test/py/tests/vboot/' |
8729d582 SG |
169 | fit = '%stest.fit' % tmpdir |
170 | mkimage = cons.config.build_dir + '/tools/mkimage' | |
171 | fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' | |
172 | dtc_args = '-I dts -O dtb -i %s' % tmpdir | |
173 | dtb = '%ssandbox-u-boot.dtb' % tmpdir | |
174 | sig_node = '/configurations/conf@1/signature@1' | |
175 | ||
176 | # Create an RSA key pair | |
177 | public_exponent = 65537 | |
ec70f8a9 SG |
178 | util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key ' |
179 | '-pkeyopt rsa_keygen_bits:2048 ' | |
180 | '-pkeyopt rsa_keygen_pubexp:%d ' | |
181 | '2>/dev/null' % (tmpdir, public_exponent)) | |
8729d582 SG |
182 | |
183 | # Create a certificate containing the public key | |
ec70f8a9 SG |
184 | util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out ' |
185 | '%sdev.crt' % (tmpdir, tmpdir)) | |
8729d582 SG |
186 | |
187 | # Create a number kernel image with zeroes | |
188 | with open('%stest-kernel.bin' % tmpdir, 'w') as fd: | |
189 | fd.write(5000 * chr(0)) | |
190 | ||
191 | try: | |
192 | # We need to use our own device tree file. Remember to restore it | |
193 | # afterwards. | |
194 | old_dtb = cons.config.dtb | |
195 | cons.config.dtb = dtb | |
196 | test_with_algo('sha1') | |
197 | test_with_algo('sha256') | |
198 | finally: | |
27c087d5 | 199 | # Go back to the original U-Boot with the correct dtb. |
8729d582 | 200 | cons.config.dtb = old_dtb |
27c087d5 | 201 | cons.restart_uboot() |