1 # SPDX-License-Identifier: GPL-2.0+
2 # Copyright (c) 2016, Google Inc.
4 # U-Boot Verified Boot Test
7 This tests verified boot in the following ways:
9 For image verification:
10 - Create FIT (unsigned) with mkimage
11 - Check that verification shows that no keys are verified
13 - Check that verification shows that a key is now verified
15 For configuration verification:
16 - Corrupt signature and check for failure
17 - Create FIT (with unsigned configuration) with mkimage
18 - Check that image verification works
19 - Sign the FIT and mark the key as 'required' for verification
20 - Check that image verification works
21 - Corrupt the signature
22 - Check that image verification no-longer works
24 Tests run with both SHA1 and SHA256 hashing.
30 import u_boot_utils as util
32 @pytest.mark.boardspec('sandbox')
33 @pytest.mark.buildconfigspec('fit_signature')
34 @pytest.mark.requiredtool('dtc')
35 @pytest.mark.requiredtool('fdtget')
36 @pytest.mark.requiredtool('fdtput')
37 @pytest.mark.requiredtool('openssl')
38 def test_vboot(u_boot_console):
39 """Test verified boot signing with mkimage and verification with 'bootm'.
41 This works using sandbox only as it needs to update the device tree used
42 by U-Boot to hold public keys from the signing process.
44 The SHA1 and SHA256 tests are combined into a single test since the
45 key-generation process is quite slow and we want to avoid doing it twice.
48 """Run the device tree compiler to compile a .dts file
50 The output file will be the same as the input file but with a .dtb
54 dts: Device tree file to compile.
56 dtb = dts.replace('.dts', '.dtb')
57 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
58 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
60 def run_bootm(sha_algo, test_type, expect_string, boots):
61 """Run a 'bootm' command U-Boot.
63 This always starts a fresh U-Boot instance since the device tree may
64 contain a new public key.
67 test_type: A string identifying the test type.
68 expect_string: A string which is expected in the output.
69 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
71 boots: A boolean that is True if Linux should boot and False if
72 we are expected to not boot
75 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
76 output = cons.run_command_list(
77 ['host load hostfs - 100 %stest.fit' % tmpdir,
80 assert(expect_string in ''.join(output))
82 assert('sandbox: continuing, as we cannot run' in ''.join(output))
84 assert('sandbox: continuing, as we cannot run' not in ''.join(output))
87 """Make a new FIT from the .its source file.
89 This runs 'mkimage -f' to create a new FIT.
92 its: Filename containing .its source.
94 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
95 '%s%s' % (datadir, its), fit])
97 def sign_fit(sha_algo):
100 Signs the FIT and writes the signature into it. It also writes the
101 public key into the dtb.
104 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
107 cons.log.action('%s: Sign images' % sha_algo)
108 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
111 def sign_fit_norequire(sha_algo):
114 Signs the FIT and writes the signature into it. It also writes the
115 public key into the dtb.
118 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
121 cons.log.action('%s: Sign images' % sha_algo)
122 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
125 def replace_fit_totalsize(size):
126 """Replace FIT header's totalsize with something greater.
128 The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE.
129 If the size is greater, the signature verification should return false.
132 size: The new totalsize of the header
135 prev_size: The previous totalsize read from the header
138 with open(fit, 'r+b') as handle:
140 total_size = handle.read(4)
142 handle.write(struct.pack(">I", size))
143 return struct.unpack(">I", total_size)[0]
145 def test_with_algo(sha_algo, padding):
146 """Test verified boot with the given hash algorithm.
148 This is the main part of the test code. The same procedure is followed
149 for both hashing algorithms.
152 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
155 # Compile our device tree files for kernel and U-Boot. These are
156 # regenerated here since mkimage will modify them (by adding a
158 dtc('sandbox-kernel.dts')
159 dtc('sandbox-u-boot.dts')
161 # Build the FIT, but don't sign anything yet
162 cons.log.action('%s: Test FIT with signed images' % sha_algo)
163 make_fit('sign-images-%s%s.its' % (sha_algo , padding))
164 run_bootm(sha_algo, 'unsigned images', 'dev-', True)
166 # Sign images with our dev keys
168 run_bootm(sha_algo, 'signed images', 'dev+', True)
170 # Create a fresh .dtb without the public keys
171 dtc('sandbox-u-boot.dts')
173 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
174 make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
175 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
177 # Sign images with our dev keys
179 run_bootm(sha_algo, 'signed config', 'dev+', True)
181 cons.log.action('%s: Check signed config on the host' % sha_algo)
183 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
186 # Replace header bytes
187 bcfg = u_boot_console.config.buildconfig
188 max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
189 existing_size = replace_fit_totalsize(max_size + 1)
190 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
191 cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)
193 # Replace with existing header bytes
194 replace_fit_totalsize(existing_size)
195 run_bootm(sha_algo, 'signed config', 'dev+', True)
196 cons.log.action('%s: Check default FIT header totalsize' % sha_algo)
198 # Increment the first byte of the signature, which should cause failure
199 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
201 byte_list = sig.split()
202 byte = int(byte_list[0], 16)
203 byte_list[0] = '%x' % (byte + 1)
204 sig = ' '.join(byte_list)
205 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
206 (fit, sig_node, sig))
208 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
210 cons.log.action('%s: Check bad config on the host' % sha_algo)
211 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
212 '-k', dtb], 1, 'Failed to verify required signature')
214 def test_required_key(sha_algo, padding):
215 """Test verified boot with the given hash algorithm.
217 This function test if u-boot reject an image when a required
218 key isn't used to sign a FIT.
221 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
224 # Compile our device tree files for kernel and U-Boot. These are
225 # regenerated here since mkimage will modify them (by adding a
227 dtc('sandbox-kernel.dts')
228 dtc('sandbox-u-boot.dts')
230 # Build the FIT with prod key (keys required)
231 # Build the FIT with dev key (keys NOT required)
232 # The dtb contain the key prod and dev and the key prod are set as required.
233 # Then try to boot the FIT with dev key
234 # This FIT should not be accepted by u-boot because the key prod is required
235 cons.log.action('%s: Test FIT with configs images' % sha_algo)
236 make_fit('sign-configs-%s%s-prod.its' % (sha_algo , padding))
238 make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
241 run_bootm(sha_algo, 'signed configs', '', False)
243 cons = u_boot_console
244 tmpdir = cons.config.result_dir + '/'
245 tmp = tmpdir + 'vboot.tmp'
246 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
247 fit = '%stest.fit' % tmpdir
248 mkimage = cons.config.build_dir + '/tools/mkimage'
249 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
250 dtc_args = '-I dts -O dtb -i %s' % tmpdir
251 dtb = '%ssandbox-u-boot.dtb' % tmpdir
252 sig_node = '/configurations/conf-1/signature'
254 # Create an RSA key pair
255 public_exponent = 65537
256 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
257 '-pkeyopt rsa_keygen_bits:2048 '
258 '-pkeyopt rsa_keygen_pubexp:%d' %
259 (tmpdir, public_exponent))
261 # Create a certificate containing the public key
262 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
263 '%sdev.crt' % (tmpdir, tmpdir))
265 # Create an RSA key pair (prod)
266 public_exponent = 65537
267 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sprod.key '
268 '-pkeyopt rsa_keygen_bits:2048 '
269 '-pkeyopt rsa_keygen_pubexp:%d' %
270 (tmpdir, public_exponent))
272 # Create a certificate containing the public key (prod)
273 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sprod.key -out '
274 '%sprod.crt' % (tmpdir, tmpdir))
276 # Create a number kernel image with zeroes
277 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
278 fd.write(5000 * chr(0))
281 # We need to use our own device tree file. Remember to restore it
283 old_dtb = cons.config.dtb
284 cons.config.dtb = dtb
285 test_with_algo('sha1','')
286 test_with_algo('sha1','-pss')
287 test_with_algo('sha256','')
288 test_with_algo('sha256','-pss')
289 test_required_key('sha256','-pss')
291 # Go back to the original U-Boot with the correct dtb.
292 cons.config.dtb = old_dtb