blob: 021892bb3dac917458e95904e3336312aca45d2a [file] [log] [blame]
Simon Glass72f52262016-07-31 17:35:04 -06001# Copyright (c) 2016, Google Inc.
Simon Glass8729d582016-07-03 09:40:46 -06002#
3# SPDX-License-Identifier: GPL-2.0+
4#
5# U-Boot Verified Boot Test
6
7"""
8This tests verified boot in the following ways:
9
10For image verification:
11- Create FIT (unsigned) with mkimage
12- Check that verification shows that no keys are verified
13- Sign image
14- Check that verification shows that a key is now verified
15
16For configuration verification:
17- Corrupt signature and check for failure
18- Create FIT (with unsigned configuration) with mkimage
Simon Glass72f52262016-07-31 17:35:04 -060019- Check that image verification works
Simon Glass8729d582016-07-03 09:40:46 -060020- Sign the FIT and mark the key as 'required' for verification
21- Check that image verification works
22- Corrupt the signature
23- Check that image verification no-longer works
24
25Tests run with both SHA1 and SHA256 hashing.
26"""
27
28import pytest
29import sys
30import u_boot_utils as util
31
Michal Simek04a47862016-07-18 08:49:08 +020032@pytest.mark.boardspec('sandbox')
Simon Glass8729d582016-07-03 09:40:46 -060033@pytest.mark.buildconfigspec('fit_signature')
34def test_vboot(u_boot_console):
35 """Test verified boot signing with mkimage and verification with 'bootm'.
36
37 This works using sandbox only as it needs to update the device tree used
38 by U-Boot to hold public keys from the signing process.
39
40 The SHA1 and SHA256 tests are combined into a single test since the
41 key-generation process is quite slow and we want to avoid doing it twice.
42 """
43 def dtc(dts):
Simon Glass72f52262016-07-31 17:35:04 -060044 """Run the device tree compiler to compile a .dts file
Simon Glass8729d582016-07-03 09:40:46 -060045
46 The output file will be the same as the input file but with a .dtb
47 extension.
48
49 Args:
50 dts: Device tree file to compile.
51 """
52 dtb = dts.replace('.dts', '.dtb')
Simon Glassec70f8a2016-07-31 17:35:05 -060053 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
54 '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
Simon Glass8729d582016-07-03 09:40:46 -060055
Simon Glassac9a23c2016-07-31 17:35:06 -060056 def run_bootm(sha_algo, test_type, expect_string):
Simon Glass8729d582016-07-03 09:40:46 -060057 """Run a 'bootm' command U-Boot.
58
59 This always starts a fresh U-Boot instance since the device tree may
60 contain a new public key.
61
62 Args:
Simon Glassac9a23c2016-07-31 17:35:06 -060063 test_type: A string identifying the test type.
64 expect_string: A string which is expected in the output.
65 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
66 use.
Simon Glass8729d582016-07-03 09:40:46 -060067 """
Simon Glass27c087d2016-07-31 17:35:08 -060068 cons.restart_uboot()
Simon Glass851271a2016-07-31 17:35:07 -060069 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
70 output = cons.run_command_list(
71 ['sb load hostfs - 100 %stest.fit' % tmpdir,
72 'fdt addr 100',
73 'bootm 100'])
Simon Glassf6d34652016-07-31 17:35:09 -060074 assert(expect_string in ''.join(output))
Simon Glass8729d582016-07-03 09:40:46 -060075
76 def make_fit(its):
Simon Glass72f52262016-07-31 17:35:04 -060077 """Make a new FIT from the .its source file.
Simon Glass8729d582016-07-03 09:40:46 -060078
79 This runs 'mkimage -f' to create a new FIT.
80
81 Args:
Simon Glass72f52262016-07-31 17:35:04 -060082 its: Filename containing .its source.
Simon Glass8729d582016-07-03 09:40:46 -060083 """
84 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
85 '%s%s' % (datadir, its), fit])
86
Simon Glassac9a23c2016-07-31 17:35:06 -060087 def sign_fit(sha_algo):
Simon Glass8729d582016-07-03 09:40:46 -060088 """Sign the FIT
89
90 Signs the FIT and writes the signature into it. It also writes the
91 public key into the dtb.
Simon Glassac9a23c2016-07-31 17:35:06 -060092
93 Args:
94 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
95 use.
Simon Glass8729d582016-07-03 09:40:46 -060096 """
Simon Glassac9a23c2016-07-31 17:35:06 -060097 cons.log.action('%s: Sign images' % sha_algo)
Simon Glass8729d582016-07-03 09:40:46 -060098 util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
99 '-r', fit])
100
Simon Glassac9a23c2016-07-31 17:35:06 -0600101 def test_with_algo(sha_algo):
Simon Glass72f52262016-07-31 17:35:04 -0600102 """Test verified boot with the given hash algorithm.
Simon Glass8729d582016-07-03 09:40:46 -0600103
104 This is the main part of the test code. The same procedure is followed
105 for both hashing algorithms.
106
107 Args:
Simon Glassac9a23c2016-07-31 17:35:06 -0600108 sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
109 use.
Simon Glass8729d582016-07-03 09:40:46 -0600110 """
Simon Glassbcbd0c82016-07-31 17:35:02 -0600111 # Compile our device tree files for kernel and U-Boot. These are
112 # regenerated here since mkimage will modify them (by adding a
113 # public key) below.
Simon Glass8729d582016-07-03 09:40:46 -0600114 dtc('sandbox-kernel.dts')
115 dtc('sandbox-u-boot.dts')
116
117 # Build the FIT, but don't sign anything yet
Simon Glassac9a23c2016-07-31 17:35:06 -0600118 cons.log.action('%s: Test FIT with signed images' % sha_algo)
119 make_fit('sign-images-%s.its' % sha_algo)
120 run_bootm(sha_algo, 'unsigned images', 'dev-')
Simon Glass8729d582016-07-03 09:40:46 -0600121
122 # Sign images with our dev keys
Simon Glassac9a23c2016-07-31 17:35:06 -0600123 sign_fit(sha_algo)
124 run_bootm(sha_algo, 'signed images', 'dev+')
Simon Glass8729d582016-07-03 09:40:46 -0600125
126 # Create a fresh .dtb without the public keys
127 dtc('sandbox-u-boot.dts')
128
Simon Glassac9a23c2016-07-31 17:35:06 -0600129 cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
130 make_fit('sign-configs-%s.its' % sha_algo)
131 run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo)
Simon Glass8729d582016-07-03 09:40:46 -0600132
133 # Sign images with our dev keys
Simon Glassac9a23c2016-07-31 17:35:06 -0600134 sign_fit(sha_algo)
135 run_bootm(sha_algo, 'signed config', 'dev+')
Simon Glass8729d582016-07-03 09:40:46 -0600136
Simon Glassac9a23c2016-07-31 17:35:06 -0600137 cons.log.action('%s: Check signed config on the host' % sha_algo)
Simon Glass8729d582016-07-03 09:40:46 -0600138
139 util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
140 '-k', dtb])
141
142 # Increment the first byte of the signature, which should cause failure
Simon Glassec70f8a2016-07-31 17:35:05 -0600143 sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
144 (fit, sig_node))
Simon Glass8729d582016-07-03 09:40:46 -0600145 byte_list = sig.split()
146 byte = int(byte_list[0], 16)
Simon Glassbcbd0c82016-07-31 17:35:02 -0600147 byte_list[0] = '%x' % (byte + 1)
Simon Glass8729d582016-07-03 09:40:46 -0600148 sig = ' '.join(byte_list)
Simon Glassec70f8a2016-07-31 17:35:05 -0600149 util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
150 (fit, sig_node, sig))
Simon Glass8729d582016-07-03 09:40:46 -0600151
Simon Glassac9a23c2016-07-31 17:35:06 -0600152 run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash')
Simon Glass8729d582016-07-03 09:40:46 -0600153
Simon Glassac9a23c2016-07-31 17:35:06 -0600154 cons.log.action('%s: Check bad config on the host' % sha_algo)
Simon Glass8729d582016-07-03 09:40:46 -0600155 util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
156 '-k', dtb], 1, 'Failed to verify required signature')
157
158 cons = u_boot_console
159 tmpdir = cons.config.result_dir + '/'
160 tmp = tmpdir + 'vboot.tmp'
Stephen Warrenc9ba60c2016-07-18 10:07:25 -0600161 datadir = cons.config.source_dir + '/test/py/tests/vboot/'
Simon Glass8729d582016-07-03 09:40:46 -0600162 fit = '%stest.fit' % tmpdir
163 mkimage = cons.config.build_dir + '/tools/mkimage'
164 fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
165 dtc_args = '-I dts -O dtb -i %s' % tmpdir
166 dtb = '%ssandbox-u-boot.dtb' % tmpdir
167 sig_node = '/configurations/conf@1/signature@1'
168
169 # Create an RSA key pair
170 public_exponent = 65537
Simon Glassec70f8a2016-07-31 17:35:05 -0600171 util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
172 '-pkeyopt rsa_keygen_bits:2048 '
173 '-pkeyopt rsa_keygen_pubexp:%d '
174 '2>/dev/null' % (tmpdir, public_exponent))
Simon Glass8729d582016-07-03 09:40:46 -0600175
176 # Create a certificate containing the public key
Simon Glassec70f8a2016-07-31 17:35:05 -0600177 util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
178 '%sdev.crt' % (tmpdir, tmpdir))
Simon Glass8729d582016-07-03 09:40:46 -0600179
180 # Create a number kernel image with zeroes
181 with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
182 fd.write(5000 * chr(0))
183
184 try:
185 # We need to use our own device tree file. Remember to restore it
186 # afterwards.
187 old_dtb = cons.config.dtb
188 cons.config.dtb = dtb
189 test_with_algo('sha1')
190 test_with_algo('sha256')
191 finally:
Simon Glass27c087d2016-07-31 17:35:08 -0600192 # Go back to the original U-Boot with the correct dtb.
Simon Glass8729d582016-07-03 09:40:46 -0600193 cons.config.dtb = old_dtb
Simon Glass27c087d2016-07-31 17:35:08 -0600194 cons.restart_uboot()