1# Copyright (c) 2013, Google Inc. 2# 3# SPDX-License-Identifier: GPL-2.0+ 4# 5# U-Boot Verified Boot Test 6 7""" 8This tests verified boot in the following ways: 9 10For image verification: 11- Create FIT (unsigned) with mkimage 12- Check that verification shows that no keys are verified 13- Sign image 14- Check that verification shows that a key is now verified 15 16For configuration verification: 17- Corrupt signature and check for failure 18- Create FIT (with unsigned configuration) with mkimage 19- Check that image veriication works 20- Sign the FIT and mark the key as 'required' for verification 21- Check that image verification works 22- Corrupt the signature 23- Check that image verification no-longer works 24 25Tests run with both SHA1 and SHA256 hashing. 26""" 27 28import pytest 29import sys 30import u_boot_utils as util 31 32@pytest.mark.buildconfigspec('fit_signature') 33def test_vboot(u_boot_console): 34 """Test verified boot signing with mkimage and verification with 'bootm'. 35 36 This works using sandbox only as it needs to update the device tree used 37 by U-Boot to hold public keys from the signing process. 38 39 The SHA1 and SHA256 tests are combined into a single test since the 40 key-generation process is quite slow and we want to avoid doing it twice. 41 """ 42 def dtc(dts): 43 """Run the device-tree compiler to compile a .dts file 44 45 The output file will be the same as the input file but with a .dtb 46 extension. 47 48 Args: 49 dts: Device tree file to compile. 50 """ 51 dtb = dts.replace('.dts', '.dtb') 52 util.cmd(cons, 'dtc %s %s%s -O dtb ' 53 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) 54 55 def run_bootm(test_type, expect_string): 56 """Run a 'bootm' command U-Boot. 57 58 This always starts a fresh U-Boot instance since the device tree may 59 contain a new public key. 60 61 Args: 62 test_type: A string identifying the test type 63 expect_string: A string which is expected in the output 64 """ 65 cons.cleanup_spawn() 66 cons.ensure_spawned() 67 cons.log.action('%s: Test Verified Boot Run: %s' % (algo, test_type)) 68 output = cons.run_command_list( 69 ['sb load hostfs - 100 %stest.fit' % tmpdir, 70 'fdt addr 100', 71 'bootm 100']) 72 assert(expect_string in output) 73 74 def make_fit(its): 75 """Make a new FIT from the .its source file 76 77 This runs 'mkimage -f' to create a new FIT. 78 79 Args: 80 its: Filename containing .its source 81 """ 82 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f', 83 '%s%s' % (datadir, its), fit]) 84 85 def sign_fit(): 86 """Sign the FIT 87 88 Signs the FIT and writes the signature into it. It also writes the 89 public key into the dtb. 90 """ 91 cons.log.action('%s: Sign images' % algo) 92 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb, 93 '-r', fit]) 94 95 def test_with_algo(sha): 96 """Test verified boot with the given hash algorithm 97 98 This is the main part of the test code. The same procedure is followed 99 for both hashing algorithms. 100 101 Args: 102 sha: Either 'sha1' or 'sha256', to select the algorithm to use 103 """ 104 global algo 105 106 algo = sha 107 108 # Compile our device tree files for kernel and U-Boot 109 dtc('sandbox-kernel.dts') 110 dtc('sandbox-u-boot.dts') 111 112 # Build the FIT, but don't sign anything yet 113 cons.log.action('%s: Test FIT with signed images' % algo) 114 make_fit('sign-images-%s.its' % algo) 115 run_bootm('unsigned images', 'dev-') 116 117 # Sign images with our dev keys 118 sign_fit() 119 run_bootm('signed images', 'dev+') 120 121 # Create a fresh .dtb without the public keys 122 dtc('sandbox-u-boot.dts') 123 124 cons.log.action('%s: Test FIT with signed configuration' % algo) 125 make_fit('sign-configs-%s.its' % algo) 126 run_bootm('unsigned config', '%s+ OK' % algo) 127 128 # Sign images with our dev keys 129 sign_fit() 130 run_bootm('signed config', 'dev+') 131 132 cons.log.action('%s: Check signed config on the host' % algo) 133 134 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir, 135 '-k', dtb]) 136 137 # Increment the first byte of the signature, which should cause failure 138 sig = util.cmd(cons, 'fdtget -t bx %s %s value' % (fit, sig_node)) 139 byte_list = sig.split() 140 byte = int(byte_list[0], 16) 141 byte_list = ['%x' % (byte + 1)] + byte_list[1:] 142 sig = ' '.join(byte_list) 143 util.cmd(cons, 'fdtput -t bx %s %s value %s' % (fit, sig_node, sig)) 144 145 run_bootm('Signed config with bad hash', 'Bad Data Hash') 146 147 cons.log.action('%s: Check bad config on the host' % algo) 148 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit, 149 '-k', dtb], 1, 'Failed to verify required signature') 150 151 cons = u_boot_console 152 tmpdir = cons.config.result_dir + '/' 153 tmp = tmpdir + 'vboot.tmp' 154 datadir = 'test/py/tests/vboot/' 155 fit = '%stest.fit' % tmpdir 156 mkimage = cons.config.build_dir + '/tools/mkimage' 157 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' 158 dtc_args = '-I dts -O dtb -i %s' % tmpdir 159 dtb = '%ssandbox-u-boot.dtb' % tmpdir 160 sig_node = '/configurations/conf@1/signature@1' 161 162 # Create an RSA key pair 163 public_exponent = 65537 164 util.cmd(cons, 'openssl genpkey -algorithm RSA -out %sdev.key ' 165 '-pkeyopt rsa_keygen_bits:2048 ' 166 '-pkeyopt rsa_keygen_pubexp:%d ' 167 '2>/dev/null' % (tmpdir, public_exponent)) 168 169 # Create a certificate containing the public key 170 util.cmd(cons, 'openssl req -batch -new -x509 -key %sdev.key -out ' 171 '%sdev.crt' % (tmpdir, tmpdir)) 172 173 # Create a number kernel image with zeroes 174 with open('%stest-kernel.bin' % tmpdir, 'w') as fd: 175 fd.write(5000 * chr(0)) 176 177 try: 178 # We need to use our own device tree file. Remember to restore it 179 # afterwards. 180 old_dtb = cons.config.dtb 181 cons.config.dtb = dtb 182 test_with_algo('sha1') 183 test_with_algo('sha256') 184 finally: 185 cons.config.dtb = old_dtb 186