1 # Copyright (c) 2016, Google Inc.
3 # SPDX-License-Identifier: GPL-2.0+
5 # U-Boot Verified Boot Test
8 This tests verified boot in the following ways:
10 For image verification:
11 - Create FIT (unsigned) with mkimage
12 - Check that verification shows that no keys are verified
14 - Check that verification shows that a key is now verified
16 For configuration verification:
17 - Corrupt signature and check for failure
18 - Create FIT (with unsigned configuration) with mkimage
19 - Check that image verification works
20 - Sign the FIT and mark the key as 'required' for verification
21 - Check that image verification works
22 - Corrupt the signature
23 - Check that image verification no-longer works
25 Tests run with both SHA1 and SHA256 hashing.
30 import u_boot_utils as util
32 @pytest.mark.boardspec('sandbox')
33 @pytest.mark.buildconfigspec('fit_signature')
34 def test_vboot(u_boot_console):
35 """Test verified boot signing with mkimage and verification with 'bootm'.
37 This works using sandbox only as it needs to update the device tree used
38 by U-Boot to hold public keys from the signing process.
40 The SHA1 and SHA256 tests are combined into a single test since the
41 key-generation process is quite slow and we want to avoid doing it twice.
44 """Run the device tree compiler to compile a .dts file
46 The output file will be the same as the input file but with a .dtb
50 dts: Device tree file to compile.
52 dtb = dts.replace('.dts', '.dtb')
53 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
54 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
56 def run_bootm(sha_algo, test_type, expect_string):
57 """Run a 'bootm' command U-Boot.
59 This always starts a fresh U-Boot instance since the device tree may
60 contain a new public key.
63 test_type: A string identifying the test type.
64 expect_string: A string which is expected in the output.
65 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
70 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
71 output = cons.run_command_list(
72 ['sb load hostfs - 100 %stest.fit' % tmpdir,
75 assert(expect_string in output)
78 """Make a new FIT from the .its source file.
80 This runs 'mkimage -f' to create a new FIT.
83 its: Filename containing .its source.
85 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
86 '%s%s' % (datadir, its), fit])
88 def sign_fit(sha_algo):
91 Signs the FIT and writes the signature into it. It also writes the
92 public key into the dtb.
95 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
98 cons.log.action('%s: Sign images' % sha_algo)
99 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
102 def test_with_algo(sha_algo):
103 """Test verified boot with the given hash algorithm.
105 This is the main part of the test code. The same procedure is followed
106 for both hashing algorithms.
109 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
112 # Compile our device tree files for kernel and U-Boot. These are
113 # regenerated here since mkimage will modify them (by adding a
115 dtc('sandbox-kernel.dts')
116 dtc('sandbox-u-boot.dts')
118 # Build the FIT, but don't sign anything yet
119 cons.log.action('%s: Test FIT with signed images' % sha_algo)
120 make_fit('sign-images-%s.its' % sha_algo)
121 run_bootm(sha_algo, 'unsigned images', 'dev-')
123 # Sign images with our dev keys
125 run_bootm(sha_algo, 'signed images', 'dev+')
127 # Create a fresh .dtb without the public keys
128 dtc('sandbox-u-boot.dts')
130 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
131 make_fit('sign-configs-%s.its' % sha_algo)
132 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo)
134 # Sign images with our dev keys
136 run_bootm(sha_algo, 'signed config', 'dev+')
138 cons.log.action('%s: Check signed config on the host' % sha_algo)
140 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
143 # Increment the first byte of the signature, which should cause failure
144 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
146 byte_list = sig.split()
147 byte = int(byte_list[0], 16)
148 byte_list[0] = '%x' % (byte + 1)
149 sig = ' '.join(byte_list)
150 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
151 (fit, sig_node, sig))
153 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash')
155 cons.log.action('%s: Check bad config on the host' % sha_algo)
156 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
157 '-k', dtb], 1, 'Failed to verify required signature')
159 cons = u_boot_console
160 tmpdir = cons.config.result_dir + '/'
161 tmp = tmpdir + 'vboot.tmp'
162 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
163 fit = '%stest.fit' % tmpdir
164 mkimage = cons.config.build_dir + '/tools/mkimage'
165 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
166 dtc_args = '-I dts -O dtb -i %s' % tmpdir
167 dtb = '%ssandbox-u-boot.dtb' % tmpdir
168 sig_node = '/configurations/conf@1/signature@1'
170 # Create an RSA key pair
171 public_exponent = 65537
172 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
173 '-pkeyopt rsa_keygen_bits:2048 '
174 '-pkeyopt rsa_keygen_pubexp:%d '
175 '2>/dev/null' % (tmpdir, public_exponent))
177 # Create a certificate containing the public key
178 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
179 '%sdev.crt' % (tmpdir, tmpdir))
181 # Create a number kernel image with zeroes
182 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
183 fd.write(5000 * chr(0))
186 # We need to use our own device tree file. Remember to restore it
188 old_dtb = cons.config.dtb
189 cons.config.dtb = dtb
190 test_with_algo('sha1')
191 test_with_algo('sha256')
193 cons.config.dtb = old_dtb