1 # SPDX-License-Identifier: GPL-2.0+
2 # Copyright (c) 2016, Google Inc.
4 # U-Boot Verified Boot Test
7 This tests verified boot in the following ways:
9 For image verification:
10 - Create FIT (unsigned) with mkimage
11 - Check that verification shows that no keys are verified
13 - Check that verification shows that a key is now verified
15 For configuration verification:
16 - Corrupt signature and check for failure
17 - Create FIT (with unsigned configuration) with mkimage
18 - Check that image verification works
19 - Sign the FIT and mark the key as 'required' for verification
20 - Check that image verification works
21 - Corrupt the signature
22 - Check that image verification no-longer works
24 Tests run with both SHA1 and SHA256 hashing.
30 import u_boot_utils as util
35 ['sha1', '-pss', False],
36 ['sha256', '', False],
37 ['sha256', '-pss', False],
38 ['sha256', '-pss', True],
41 @pytest.mark.boardspec('sandbox')
42 @pytest.mark.buildconfigspec('fit_signature')
43 @pytest.mark.requiredtool('dtc')
44 @pytest.mark.requiredtool('fdtget')
45 @pytest.mark.requiredtool('fdtput')
46 @pytest.mark.requiredtool('openssl')
47 @pytest.mark.parametrize("sha_algo,padding,required", TESTDATA)
48 def test_vboot(u_boot_console, sha_algo, padding, required):
49 """Test verified boot signing with mkimage and verification with 'bootm'.
51 This works using sandbox only as it needs to update the device tree used
52 by U-Boot to hold public keys from the signing process.
54 The SHA1 and SHA256 tests are combined into a single test since the
55 key-generation process is quite slow and we want to avoid doing it twice.
58 """Run the device tree compiler to compile a .dts file
60 The output file will be the same as the input file but with a .dtb
64 dts: Device tree file to compile.
66 dtb = dts.replace('.dts', '.dtb')
67 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
68 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
70 def run_bootm(sha_algo, test_type, expect_string, boots):
71 """Run a 'bootm' command U-Boot.
73 This always starts a fresh U-Boot instance since the device tree may
74 contain a new public key.
77 test_type: A string identifying the test type.
78 expect_string: A string which is expected in the output.
79 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
81 boots: A boolean that is True if Linux should boot and False if
82 we are expected to not boot
85 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
86 output = cons.run_command_list(
87 ['host load hostfs - 100 %stest.fit' % tmpdir,
90 assert(expect_string in ''.join(output))
92 assert('sandbox: continuing, as we cannot run' in ''.join(output))
94 assert('sandbox: continuing, as we cannot run' not in ''.join(output))
97 """Make a new FIT from the .its source file.
99 This runs 'mkimage -f' to create a new FIT.
102 its: Filename containing .its source.
104 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
105 '%s%s' % (datadir, its), fit])
107 def sign_fit(sha_algo):
110 Signs the FIT and writes the signature into it. It also writes the
111 public key into the dtb.
114 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
117 cons.log.action('%s: Sign images' % sha_algo)
118 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
121 def sign_fit_norequire(sha_algo):
124 Signs the FIT and writes the signature into it. It also writes the
125 public key into the dtb.
128 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
131 cons.log.action('%s: Sign images' % sha_algo)
132 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
135 def replace_fit_totalsize(size):
136 """Replace FIT header's totalsize with something greater.
138 The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE.
139 If the size is greater, the signature verification should return false.
142 size: The new totalsize of the header
145 prev_size: The previous totalsize read from the header
148 with open(fit, 'r+b') as handle:
150 total_size = handle.read(4)
152 handle.write(struct.pack(">I", size))
153 return struct.unpack(">I", total_size)[0]
155 def test_with_algo(sha_algo, padding):
156 """Test verified boot with the given hash algorithm.
158 This is the main part of the test code. The same procedure is followed
159 for both hashing algorithms.
162 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
165 # Compile our device tree files for kernel and U-Boot. These are
166 # regenerated here since mkimage will modify them (by adding a
168 dtc('sandbox-kernel.dts')
169 dtc('sandbox-u-boot.dts')
171 # Build the FIT, but don't sign anything yet
172 cons.log.action('%s: Test FIT with signed images' % sha_algo)
173 make_fit('sign-images-%s%s.its' % (sha_algo , padding))
174 run_bootm(sha_algo, 'unsigned images', 'dev-', True)
176 # Sign images with our dev keys
178 run_bootm(sha_algo, 'signed images', 'dev+', True)
180 # Create a fresh .dtb without the public keys
181 dtc('sandbox-u-boot.dts')
183 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
184 make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
185 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
187 # Sign images with our dev keys
189 run_bootm(sha_algo, 'signed config', 'dev+', True)
191 cons.log.action('%s: Check signed config on the host' % sha_algo)
193 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb])
195 # Make sure that U-Boot checks that the config is in the list of hashed
196 # nodes. If it isn't, a security bypass is possible.
197 with open(fit, 'rb') as fp:
198 root, strblock = vboot_forge.read_fdt(fp)
199 root, strblock = vboot_forge.manipulate(root, strblock)
200 with open(fit, 'w+b') as fp:
201 vboot_forge.write_fdt(root, strblock, fp)
202 util.run_and_log_expect_exception(cons,
203 [fit_check_sign, '-f', fit, '-k', dtb],
204 1, 'Failed to verify required signature')
206 run_bootm(sha_algo, 'forged config', 'Bad Data Hash', False)
208 # Create a new properly signed fit and replace header bytes
209 make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
211 bcfg = u_boot_console.config.buildconfig
212 max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
213 existing_size = replace_fit_totalsize(max_size + 1)
214 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
215 cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)
217 # Replace with existing header bytes
218 replace_fit_totalsize(existing_size)
219 run_bootm(sha_algo, 'signed config', 'dev+', True)
220 cons.log.action('%s: Check default FIT header totalsize' % sha_algo)
222 # Increment the first byte of the signature, which should cause failure
223 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
225 byte_list = sig.split()
226 byte = int(byte_list[0], 16)
227 byte_list[0] = '%x' % (byte + 1)
228 sig = ' '.join(byte_list)
229 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
230 (fit, sig_node, sig))
232 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
234 cons.log.action('%s: Check bad config on the host' % sha_algo)
235 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
236 '-k', dtb], 1, 'Failed to verify required signature')
238 def test_required_key(sha_algo, padding):
239 """Test verified boot with the given hash algorithm.
241 This function test if u-boot reject an image when a required
242 key isn't used to sign a FIT.
245 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
248 # Compile our device tree files for kernel and U-Boot. These are
249 # regenerated here since mkimage will modify them (by adding a
251 dtc('sandbox-kernel.dts')
252 dtc('sandbox-u-boot.dts')
254 # Build the FIT with prod key (keys required)
255 # Build the FIT with dev key (keys NOT required)
256 # The dtb contain the key prod and dev and the key prod are set as required.
257 # Then try to boot the FIT with dev key
258 # This FIT should not be accepted by u-boot because the key prod is required
259 cons.log.action('%s: Test FIT with configs images' % sha_algo)
260 make_fit('sign-configs-%s%s-prod.its' % (sha_algo , padding))
262 make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
265 run_bootm(sha_algo, 'signed configs', '', False)
267 cons = u_boot_console
268 tmpdir = cons.config.result_dir + '/'
269 tmp = tmpdir + 'vboot.tmp'
270 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
271 fit = '%stest.fit' % tmpdir
272 mkimage = cons.config.build_dir + '/tools/mkimage'
273 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
274 dtc_args = '-I dts -O dtb -i %s' % tmpdir
275 dtb = '%ssandbox-u-boot.dtb' % tmpdir
276 sig_node = '/configurations/conf-1/signature'
278 # Create an RSA key pair
279 public_exponent = 65537
280 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
281 '-pkeyopt rsa_keygen_bits:2048 '
282 '-pkeyopt rsa_keygen_pubexp:%d' %
283 (tmpdir, public_exponent))
285 # Create a certificate containing the public key
286 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
287 '%sdev.crt' % (tmpdir, tmpdir))
289 # Create an RSA key pair (prod)
290 public_exponent = 65537
291 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sprod.key '
292 '-pkeyopt rsa_keygen_bits:2048 '
293 '-pkeyopt rsa_keygen_pubexp:%d' %
294 (tmpdir, public_exponent))
296 # Create a certificate containing the public key (prod)
297 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sprod.key -out '
298 '%sprod.crt' % (tmpdir, tmpdir))
300 # Create a number kernel image with zeroes
301 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
302 fd.write(5000 * chr(0))
305 # We need to use our own device tree file. Remember to restore it
307 old_dtb = cons.config.dtb
308 cons.config.dtb = dtb
310 test_required_key(sha_algo, padding)
312 test_with_algo(sha_algo, padding)
314 # Go back to the original U-Boot with the correct dtb.
315 cons.config.dtb = old_dtb