[J-u-boot.git] / test / py / tests / test_vboot.py

# SPDX-License-Identifier:	GPL-2.0+
# Copyright (c) 2016, Google Inc.
#
# U-Boot Verified Boot Test

"""
This tests verified boot in the following ways:

For image verification:
- Create FIT (unsigned) with mkimage
- Check that verification shows that no keys are verified
- Sign image
- Check that verification shows that a key is now verified

For configuration verification:
- Corrupt signature and check for failure
- Create FIT (with unsigned configuration) with mkimage
- Check that image verification works
- Sign the FIT and mark the key as 'required' for verification
- Check that image verification works
- Corrupt the signature
- Check that image verification no-longer works

Tests run with both SHA1 and SHA256 hashing.
"""

import pytest
import sys
import struct
import u_boot_utils as util

@pytest.mark.boardspec('sandbox')
@pytest.mark.buildconfigspec('fit_signature')
@pytest.mark.requiredtool('dtc')
@pytest.mark.requiredtool('fdtget')
@pytest.mark.requiredtool('fdtput')
@pytest.mark.requiredtool('openssl')
def test_vboot(u_boot_console):
    """Test verified boot signing with mkimage and verification with 'bootm'.

    This works using sandbox only as it needs to update the device tree used
    by U-Boot to hold public keys from the signing process.

    The SHA1 and SHA256 tests are combined into a single test since the
    key-generation process is quite slow and we want to avoid doing it twice.
    """
    def dtc(dts):
        """Run the device tree compiler to compile a .dts file

        The output file will be the same as the input file but with a .dtb
        extension.

        Args:
            dts: Device tree file to compile.
        """
        dtb = dts.replace('.dts', '.dtb')
        util.run_and_log(cons, 'dtc %s %s%s -O dtb '
                         '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))

    def run_bootm(sha_algo, test_type, expect_string, boots):
        """Run a 'bootm' command U-Boot.

        This always starts a fresh U-Boot instance since the device tree may
        contain a new public key.

        Args:
            test_type: A string identifying the test type.
            expect_string: A string which is expected in the output.
            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
                    use.
            boots: A boolean that is True if Linux should boot and False if
                    we are expected to not boot
        """
        cons.restart_uboot()
        with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
            output = cons.run_command_list(
                ['sb load hostfs - 100 %stest.fit' % tmpdir,
                'fdt addr 100',
                'bootm 100'])
        assert(expect_string in ''.join(output))
        if boots:
            assert('sandbox: continuing, as we cannot run' in ''.join(output))

    def make_fit(its):
        """Make a new FIT from the .its source file.

        This runs 'mkimage -f' to create a new FIT.

        Args:
            its: Filename containing .its source.
        """
        util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
                                '%s%s' % (datadir, its), fit])

    def sign_fit(sha_algo):
        """Sign the FIT

        Signs the FIT and writes the signature into it. It also writes the
        public key into the dtb.

        Args:
            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
                    use.
        """
        cons.log.action('%s: Sign images' % sha_algo)
        util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
                                '-r', fit])

    def replace_fit_totalsize(size):
        """Replace FIT header's totalsize with something greater.

        The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE.
        If the size is greater, the signature verification should return false.

        Args:
            size: The new totalsize of the header

        Returns:
            prev_size: The previous totalsize read from the header
        """
        total_size = 0
        with open(fit, 'r+b') as handle:
            handle.seek(4)
            total_size = handle.read(4)
            handle.seek(4)
            handle.write(struct.pack(">I", size))
        return struct.unpack(">I", total_size)[0]

    def test_with_algo(sha_algo):
        """Test verified boot with the given hash algorithm.

        This is the main part of the test code. The same procedure is followed
        for both hashing algorithms.

        Args:
            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
                    use.
        """
        # Compile our device tree files for kernel and U-Boot. These are
        # regenerated here since mkimage will modify them (by adding a
        # public key) below.
        dtc('sandbox-kernel.dts')
        dtc('sandbox-u-boot.dts')

        # Build the FIT, but don't sign anything yet
        cons.log.action('%s: Test FIT with signed images' % sha_algo)
        make_fit('sign-images-%s.its' % sha_algo)
        run_bootm(sha_algo, 'unsigned images', 'dev-', True)

        # Sign images with our dev keys
        sign_fit(sha_algo)
        run_bootm(sha_algo, 'signed images', 'dev+', True)

        # Create a fresh .dtb without the public keys
        dtc('sandbox-u-boot.dts')

        cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
        make_fit('sign-configs-%s.its' % sha_algo)
        run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)

        # Sign images with our dev keys
        sign_fit(sha_algo)
        run_bootm(sha_algo, 'signed config', 'dev+', True)

        cons.log.action('%s: Check signed config on the host' % sha_algo)

        util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
                                '-k', dtb])

        # Replace header bytes
        bcfg = u_boot_console.config.buildconfig
        max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
        existing_size = replace_fit_totalsize(max_size + 1)
        run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
        cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)

        # Replace with existing header bytes
        replace_fit_totalsize(existing_size)
        run_bootm(sha_algo, 'signed config', 'dev+', True)
        cons.log.action('%s: Check default FIT header totalsize' % sha_algo)

        # Increment the first byte of the signature, which should cause failure
        sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
                               (fit, sig_node))
        byte_list = sig.split()
        byte = int(byte_list[0], 16)
        byte_list[0] = '%x' % (byte + 1)
        sig = ' '.join(byte_list)
        util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
                         (fit, sig_node, sig))

        run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)

        cons.log.action('%s: Check bad config on the host' % sha_algo)
        util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
                '-k', dtb], 1, 'Failed to verify required signature')

    cons = u_boot_console
    tmpdir = cons.config.result_dir + '/'
    tmp = tmpdir + 'vboot.tmp'
    datadir = cons.config.source_dir + '/test/py/tests/vboot/'
    fit = '%stest.fit' % tmpdir
    mkimage = cons.config.build_dir + '/tools/mkimage'
    fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
    dtc_args = '-I dts -O dtb -i %s' % tmpdir
    dtb = '%ssandbox-u-boot.dtb' % tmpdir
    sig_node = '/configurations/conf@1/signature@1'

    # Create an RSA key pair
    public_exponent = 65537
    util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
                     '-pkeyopt rsa_keygen_bits:2048 '
                     '-pkeyopt rsa_keygen_pubexp:%d' %
                     (tmpdir, public_exponent))

    # Create a certificate containing the public key
    util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
                     '%sdev.crt' % (tmpdir, tmpdir))

    # Create a number kernel image with zeroes
    with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
        fd.write(5000 * chr(0))

    try:
        # We need to use our own device tree file. Remember to restore it
        # afterwards.
        old_dtb = cons.config.dtb
        cons.config.dtb = dtb
        test_with_algo('sha1')
        test_with_algo('sha256')
    finally:
        # Go back to the original U-Boot with the correct dtb.
        cons.config.dtb = old_dtb
        cons.restart_uboot()
Commit	Line	Data
8729d582	1	# SPDX-License-Identifier: GPL-2.0+
83d290c5	2	# Copyright (c) 2016, Google Inc.
8729d582 SG	3	#
	4	# U-Boot Verified Boot Test
	5
	6	"""
	7	This tests verified boot in the following ways:
	8
	9	For image verification:
	10	- Create FIT (unsigned) with mkimage
	11	- Check that verification shows that no keys are verified
	12	- Sign image
	13	- Check that verification shows that a key is now verified
	14
	15	For configuration verification:
	16	- Corrupt signature and check for failure
	17	- Create FIT (with unsigned configuration) with mkimage
72f52268	18	- Check that image verification works
8729d582 SG	19	- Sign the FIT and mark the key as 'required' for verification
	20	- Check that image verification works
	21	- Corrupt the signature
	22	- Check that image verification no-longer works
	23
	24	Tests run with both SHA1 and SHA256 hashing.
	25	"""
	26
	27	import pytest
	28	import sys
72239fc8	29	import struct
8729d582 SG	30	import u_boot_utils as util
8729d582 SG	31
04a4786c	32	@pytest.mark.boardspec('sandbox')
8729d582	33	@pytest.mark.buildconfigspec('fit_signature')
2d26bf6c SW	34	@pytest.mark.requiredtool('dtc')
	35	@pytest.mark.requiredtool('fdtget')
	36	@pytest.mark.requiredtool('fdtput')
	37	@pytest.mark.requiredtool('openssl')
8729d582 SG	38	def test_vboot(u_boot_console):
	39	"""Test verified boot signing with mkimage and verification with 'bootm'.
	40
	41	This works using sandbox only as it needs to update the device tree used
	42	by U-Boot to hold public keys from the signing process.
	43
	44	The SHA1 and SHA256 tests are combined into a single test since the
	45	key-generation process is quite slow and we want to avoid doing it twice.
	46	"""
	47	def dtc(dts):
72f52268	48	"""Run the device tree compiler to compile a .dts file
8729d582 SG	49
	50	The output file will be the same as the input file but with a .dtb
	51	extension.
	52
	53	Args:
	54	dts: Device tree file to compile.
	55	"""
	56	dtb = dts.replace('.dts', '.dtb')
ec70f8a9 SG	57	util.run_and_log(cons, 'dtc %s %s%s -O dtb '
ec70f8a9 SG	58	'-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
8729d582	59
de4be9ec	60	def run_bootm(sha_algo, test_type, expect_string, boots):
8729d582 SG	61	"""Run a 'bootm' command U-Boot.
	62
	63	This always starts a fresh U-Boot instance since the device tree may
	64	contain a new public key.
	65
	66	Args:
ac9a23cf SG	67	test_type: A string identifying the test type.
	68	expect_string: A string which is expected in the output.
	69	sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
	70	use.
de4be9ec TR	71	boots: A boolean that is True if Linux should boot and False if
de4be9ec TR	72	we are expected to not boot
8729d582	73	"""
27c087d5	74	cons.restart_uboot()
851271a7 SG	75	with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
	76	output = cons.run_command_list(
	77	['sb load hostfs - 100 %stest.fit' % tmpdir,
	78	'fdt addr 100',
	79	'bootm 100'])
f6d34651	80	assert(expect_string in ''.join(output))
de4be9ec TR	81	if boots:
de4be9ec TR	82	assert('sandbox: continuing, as we cannot run' in ''.join(output))
8729d582 SG	83
8729d582 SG	84	def make_fit(its):
72f52268	85	"""Make a new FIT from the .its source file.
8729d582 SG	86
	87	This runs 'mkimage -f' to create a new FIT.
	88
	89	Args:
72f52268	90	its: Filename containing .its source.
8729d582 SG	91	"""
	92	util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
	93	'%s%s' % (datadir, its), fit])
	94
ac9a23cf	95	def sign_fit(sha_algo):
8729d582 SG	96	"""Sign the FIT
	97
	98	Signs the FIT and writes the signature into it. It also writes the
	99	public key into the dtb.
ac9a23cf SG	100
	101	Args:
	102	sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
	103	use.
8729d582	104	"""
ac9a23cf	105	cons.log.action('%s: Sign images' % sha_algo)
8729d582 SG	106	util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
	107	'-r', fit])
	108
72239fc8 TR	109	def replace_fit_totalsize(size):
	110	"""Replace FIT header's totalsize with something greater.
	111
	112	The totalsize must be less than or equal to FIT_SIGNATURE_MAX_SIZE.
	113	If the size is greater, the signature verification should return false.
	114
	115	Args:
	116	size: The new totalsize of the header
	117
	118	Returns:
	119	prev_size: The previous totalsize read from the header
	120	"""
	121	total_size = 0
	122	with open(fit, 'r+b') as handle:
	123	handle.seek(4)
	124	total_size = handle.read(4)
	125	handle.seek(4)
	126	handle.write(struct.pack(">I", size))
	127	return struct.unpack(">I", total_size)[0]
	128
ac9a23cf	129	def test_with_algo(sha_algo):
72f52268	130	"""Test verified boot with the given hash algorithm.
8729d582 SG	131
	132	This is the main part of the test code. The same procedure is followed
	133	for both hashing algorithms.
	134
	135	Args:
ac9a23cf SG	136	sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
ac9a23cf SG	137	use.
8729d582	138	"""
bcbd0c8f SG	139	# Compile our device tree files for kernel and U-Boot. These are
	140	# regenerated here since mkimage will modify them (by adding a
	141	# public key) below.
8729d582 SG	142	dtc('sandbox-kernel.dts')
	143	dtc('sandbox-u-boot.dts')
	144
	145	# Build the FIT, but don't sign anything yet
ac9a23cf SG	146	cons.log.action('%s: Test FIT with signed images' % sha_algo)
ac9a23cf SG	147	make_fit('sign-images-%s.its' % sha_algo)
de4be9ec	148	run_bootm(sha_algo, 'unsigned images', 'dev-', True)
8729d582 SG	149
8729d582 SG	150	# Sign images with our dev keys
ac9a23cf	151	sign_fit(sha_algo)
de4be9ec	152	run_bootm(sha_algo, 'signed images', 'dev+', True)
8729d582 SG	153
	154	# Create a fresh .dtb without the public keys
	155	dtc('sandbox-u-boot.dts')
	156
ac9a23cf SG	157	cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
ac9a23cf SG	158	make_fit('sign-configs-%s.its' % sha_algo)
de4be9ec	159	run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
8729d582 SG	160
8729d582 SG	161	# Sign images with our dev keys
ac9a23cf	162	sign_fit(sha_algo)
de4be9ec	163	run_bootm(sha_algo, 'signed config', 'dev+', True)
8729d582	164
ac9a23cf	165	cons.log.action('%s: Check signed config on the host' % sha_algo)
8729d582 SG	166
	167	util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', tmpdir,
	168	'-k', dtb])
	169
72239fc8 TR	170	# Replace header bytes
	171	bcfg = u_boot_console.config.buildconfig
	172	max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
	173	existing_size = replace_fit_totalsize(max_size + 1)
	174	run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
	175	cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)
	176
	177	# Replace with existing header bytes
	178	replace_fit_totalsize(existing_size)
	179	run_bootm(sha_algo, 'signed config', 'dev+', True)
	180	cons.log.action('%s: Check default FIT header totalsize' % sha_algo)
	181
8729d582	182	# Increment the first byte of the signature, which should cause failure
ec70f8a9 SG	183	sig = util.run_and_log(cons, 'fdtget -t bx %s %s value' %
ec70f8a9 SG	184	(fit, sig_node))
8729d582 SG	185	byte_list = sig.split()
8729d582 SG	186	byte = int(byte_list[0], 16)
bcbd0c8f	187	byte_list[0] = '%x' % (byte + 1)
8729d582	188	sig = ' '.join(byte_list)
ec70f8a9 SG	189	util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
ec70f8a9 SG	190	(fit, sig_node, sig))
8729d582	191
de4be9ec	192	run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False)
8729d582	193
ac9a23cf	194	cons.log.action('%s: Check bad config on the host' % sha_algo)
8729d582 SG	195	util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
	196	'-k', dtb], 1, 'Failed to verify required signature')
	197
	198	cons = u_boot_console
	199	tmpdir = cons.config.result_dir + '/'
	200	tmp = tmpdir + 'vboot.tmp'
c9ba60c4	201	datadir = cons.config.source_dir + '/test/py/tests/vboot/'
8729d582 SG	202	fit = '%stest.fit' % tmpdir
	203	mkimage = cons.config.build_dir + '/tools/mkimage'
	204	fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
	205	dtc_args = '-I dts -O dtb -i %s' % tmpdir
	206	dtb = '%ssandbox-u-boot.dtb' % tmpdir
	207	sig_node = '/configurations/conf@1/signature@1'
	208
	209	# Create an RSA key pair
	210	public_exponent = 65537
ec70f8a9 SG	211	util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sdev.key '
ec70f8a9 SG	212	'-pkeyopt rsa_keygen_bits:2048 '
8793631e PB	213	'-pkeyopt rsa_keygen_pubexp:%d' %
8793631e PB	214	(tmpdir, public_exponent))
8729d582 SG	215
8729d582 SG	216	# Create a certificate containing the public key
ec70f8a9 SG	217	util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
ec70f8a9 SG	218	'%sdev.crt' % (tmpdir, tmpdir))
8729d582 SG	219
	220	# Create a number kernel image with zeroes
	221	with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
	222	fd.write(5000 * chr(0))
	223
	224	try:
	225	# We need to use our own device tree file. Remember to restore it
	226	# afterwards.
	227	old_dtb = cons.config.dtb
	228	cons.config.dtb = dtb
	229	test_with_algo('sha1')
	230	test_with_algo('sha256')
	231	finally:
27c087d5	232	# Go back to the original U-Boot with the correct dtb.
8729d582	233	cons.config.dtb = old_dtb
27c087d5	234	cons.restart_uboot()