1 # SPDX-License-Identifier: GPL-2.0+
2 # Copyright (c) 2016, Google Inc.
4 # U-Boot Verified Boot Test
7 This tests verified boot in the following ways:
9 For image verification:
10 - Create FIT (unsigned) with mkimage
11 - Check that verification shows that no keys are verified
13 - Check that verification shows that a key is now verified
15 For configuration verification:
16 - Corrupt signature and check for failure
17 - Create FIT (with unsigned configuration) with mkimage
18 - Check that image verification works
19 - Sign the FIT and mark the key as 'required' for verification
20 - Check that image verification works
21 - Corrupt the signature
22 - Check that image verification no-longer works
24 Tests run with both SHA1 and SHA256 hashing.
29 import u_boot_utils as util
33 ['sha1', '', None, False],
34 ['sha1', '', '-E -p 0x10000', False],
35 ['sha1', '-pss', None, False],
36 ['sha1', '-pss', '-E -p 0x10000', False],
37 ['sha256', '', None, False],
38 ['sha256', '', '-E -p 0x10000', False],
39 ['sha256', '-pss', None, False],
40 ['sha256', '-pss', '-E -p 0x10000', False],
41 ['sha256', '-pss', None, True],
42 ['sha256', '-pss', '-E -p 0x10000', True],
45 @pytest.mark.boardspec('sandbox')
46 @pytest.mark.buildconfigspec('fit_signature')
47 @pytest.mark.requiredtool('dtc')
48 @pytest.mark.requiredtool('fdtget')
49 @pytest.mark.requiredtool('fdtput')
50 @pytest.mark.requiredtool('openssl')
51 @pytest.mark.parametrize("sha_algo,padding,sign_options,required", TESTDATA)
52 def test_vboot(u_boot_console, sha_algo, padding, sign_options, required):
53 """Test verified boot signing with mkimage and verification with 'bootm'.
55 This works using sandbox only as it needs to update the device tree used
56 by U-Boot to hold public keys from the signing process.
58 The SHA1 and SHA256 tests are combined into a single test since the
59 key-generation process is quite slow and we want to avoid doing it twice.
62 """Run the device tree compiler to compile a .dts file
64 The output file will be the same as the input file but with a .dtb
68 dts: Device tree file to compile.
70 dtb = dts.replace('.dts', '.dtb')
71 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
72 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
74 def run_bootm(sha_algo, test_type, expect_string, boots):
75 """Run a 'bootm' command U-Boot.
77 This always starts a fresh U-Boot instance since the device tree may
78 contain a new public key.
81 test_type: A string identifying the test type.
82 expect_string: A string which is expected in the output.
83 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
85 boots: A boolean that is True if Linux should boot and False if
86 we are expected to not boot
89 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
90 output = cons.run_command_list(
91 ['host load hostfs - 100 %stest.fit' % tmpdir,
94 assert expect_string in ''.join(output)
96 assert 'sandbox: continuing, as we cannot run' in ''.join(output)
98 assert('sandbox: continuing, as we cannot run'
99 not in ''.join(output))
102 """Make a new FIT from the .its source file.
104 This runs 'mkimage -f' to create a new FIT.
107 its: Filename containing .its source.
109 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
110 '%s%s' % (datadir, its), fit])
112 def sign_fit(sha_algo, options):
115 Signs the FIT and writes the signature into it. It also writes the
116 public key into the dtb.
119 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
121 options: Options to provide to mkimage.
123 args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit]
125 args += options.split(' ')
126 cons.log.action('%s: Sign images' % sha_algo)
127 util.run_and_log(cons, args)
129 def replace_fit_totalsize(size):
130 """Replace FIT header's totalsize with something greater.
132 The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE.
133 If the size is greater, the signature verification should return false.
136 size: The new totalsize of the header
139 prev_size: The previous totalsize read from the header
142 with open(fit, 'r+b') as handle:
144 total_size = handle.read(4)
146 handle.write(struct.pack(">I", size))
147 return struct.unpack(">I", total_size)[0]
149 def create_rsa_pair(name):
150 """Generate a new RSA key paid and certificate
153 name: Name of of the key (e.g. 'dev')
155 public_exponent = 65537
156 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %s%s.key '
157 '-pkeyopt rsa_keygen_bits:2048 '
158 '-pkeyopt rsa_keygen_pubexp:%d' %
159 (tmpdir, name, public_exponent))
161 # Create a certificate containing the public key
162 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key '
163 '-out %s%s.crt' % (tmpdir, name, tmpdir, name))
165 def test_with_algo(sha_algo, padding, sign_options):
166 """Test verified boot with the given hash algorithm.
168 This is the main part of the test code. The same procedure is followed
169 for both hashing algorithms.
172 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
174 padding: Either '' or '-pss', to select the padding to use for the
175 rsa signature algorithm.
176 sign_options: Options to mkimage when signing a fit image.
178 # Compile our device tree files for kernel and U-Boot. These are
179 # regenerated here since mkimage will modify them (by adding a
181 dtc('sandbox-kernel.dts')
182 dtc('sandbox-u-boot.dts')
184 # Build the FIT, but don't sign anything yet
185 cons.log.action('%s: Test FIT with signed images' % sha_algo)
186 make_fit('sign-images-%s%s.its' % (sha_algo, padding))
187 run_bootm(sha_algo, 'unsigned images', 'dev-', True)
189 # Sign images with our dev keys
190 sign_fit(sha_algo, sign_options)
191 run_bootm(sha_algo, 'signed images', 'dev+', True)
193 # Create a fresh .dtb without the public keys
194 dtc('sandbox-u-boot.dts')
196 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
197 make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
198 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
200 # Sign images with our dev keys
201 sign_fit(sha_algo, sign_options)
202 run_bootm(sha_algo, 'signed config', 'dev+', True)
204 cons.log.action('%s: Check signed config on the host' % sha_algo)
206 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb])
208 # Make sure that U-Boot checks that the config is in the list of hashed
209 # nodes. If it isn't, a security bypass is possible.
210 with open(fit, 'rb') as fd:
211 root, strblock = vboot_forge.read_fdt(fd)
212 root, strblock = vboot_forge.manipulate(root, strblock)
213 with open(fit, 'w+b') as fd:
214 vboot_forge.write_fdt(root, strblock, fd)
215 util.run_and_log_expect_exception(
216 cons, [fit_check_sign, '-f', fit, '-k', dtb],
217 1, 'Failed to verify required signature')
219 run_bootm(sha_algo, 'forged config', 'Bad Data Hash', False)
221 # Create a new properly signed fit and replace header bytes
222 make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
223 sign_fit(sha_algo, sign_options)
224 bcfg = u_boot_console.config.buildconfig
225 max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
226 existing_size = replace_fit_totalsize(max_size + 1)
227 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash',
229 cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)
231 # Replace with existing header bytes
232 replace_fit_totalsize(existing_size)
233 run_bootm(sha_algo, 'signed config', 'dev+', True)
234 cons.log.action('%s: Check default FIT header totalsize' % sha_algo)
236 # Increment the first byte of the signature, which should cause failure
237 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
239 byte_list = sig.split()
240 byte = int(byte_list[0], 16)
241 byte_list[0] = '%x' % (byte + 1)
242 sig = ' '.join(byte_list)
243 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
244 (fit, sig_node, sig))
246 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash',
249 cons.log.action('%s: Check bad config on the host' % sha_algo)
250 util.run_and_log_expect_exception(
251 cons, [fit_check_sign, '-f', fit, '-k', dtb],
252 1, 'Failed to verify required signature')
254 def test_required_key(sha_algo, padding, sign_options):
255 """Test verified boot with the given hash algorithm.
257 This function tests if U-Boot rejects an image when a required key isn't
261 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use
262 padding: Either '' or '-pss', to select the padding to use for the
263 rsa signature algorithm.
264 sign_options: Options to mkimage when signing a fit image.
266 # Compile our device tree files for kernel and U-Boot. These are
267 # regenerated here since mkimage will modify them (by adding a
269 dtc('sandbox-kernel.dts')
270 dtc('sandbox-u-boot.dts')
272 cons.log.action('%s: Test FIT with configs images' % sha_algo)
274 # Build the FIT with prod key (keys required) and sign it. This puts the
275 # signature into sandbox-u-boot.dtb, marked 'required'
276 make_fit('sign-configs-%s%s-prod.its' % (sha_algo, padding))
277 sign_fit(sha_algo, sign_options)
279 # Build the FIT with dev key (keys NOT required). This adds the
280 # signature into sandbox-u-boot.dtb, NOT marked 'required'.
281 make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
282 sign_fit(sha_algo, sign_options)
284 # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys.
285 # Only the prod key is set as 'required'. But FIT we just built has
286 # a dev signature only (sign_fit() overwrites the FIT).
287 # Try to boot the FIT with dev key. This FIT should not be accepted by
288 # U-Boot because the prod key is required.
289 run_bootm(sha_algo, 'required key', '', False)
291 cons = u_boot_console
292 tmpdir = cons.config.result_dir + '/'
293 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
294 fit = '%stest.fit' % tmpdir
295 mkimage = cons.config.build_dir + '/tools/mkimage'
296 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
297 dtc_args = '-I dts -O dtb -i %s' % tmpdir
298 dtb = '%ssandbox-u-boot.dtb' % tmpdir
299 sig_node = '/configurations/conf-1/signature'
301 create_rsa_pair('dev')
302 create_rsa_pair('prod')
304 # Create a number kernel image with zeroes
305 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
306 fd.write(500 * chr(0))
309 # We need to use our own device tree file. Remember to restore it
311 old_dtb = cons.config.dtb
312 cons.config.dtb = dtb
314 test_required_key(sha_algo, padding, sign_options)
316 test_with_algo(sha_algo, padding, sign_options)
318 # Go back to the original U-Boot with the correct dtb.
319 cons.config.dtb = old_dtb