Commit graph

34 commits

Author SHA1 Message Date
Jamin Lin
2a4b0d5890 rsa: adds rsa3072 algorithm
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-28 17:58:41 -05:00
Simon Glass
cfb83f3666 test: Allow vboot tests to run in parallel
Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-05 08:50:15 -04:00
Simon Glass
3f04db891a image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:54 -05:00
Simon Glass
124c255731 libfdt: Check for multiple/invalid root nodes
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
d5f3aadacb test: Add tests for the 'evil' vboot attacks
Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:33 -05:00
Thirupathaiah Annapureddy
feaeee8b5f test: vboot: add tests for multiple required keys
This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:37 -04:00
Philippe Reynes
eb7690e81f test/py: vboot: add a test to check fit signature on fit with padding
The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-05-01 11:34:01 -04:00
Simon Glass
0e29648f8e test: vboot: Reduce fake kernel size to 500 bytes
We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
da76ed2795 test: vboot: Move key creation into a function
This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
b008677daf test: vboot: Fix pylint errors
Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
3156ee35a3 test: vboot: Tidy up the code a little
Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
1b09003202 test: vboot: Parameterise the test
This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
c021971e13 test: vboot: Add a test for a forged configuration
Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
477f559edf test: vboot: Drop unnecessary parameter for fit_check_sign
This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Philippe Reynes
ce5172cf65 pytest: vboot: add a test for required key
This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2019-10-15 08:40:02 -06:00
Philippe Reynes
ed47097a04 test: vboot: clean its file
This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Philippe Reynes
e246b728ee test: vboot: add padding pss for rsa signature
The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Simon Glass
6d07d63d2f sandbox: Drop the deprecated 'sb' command
The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>
2018-11-26 08:25:35 -05:00
Tom Rini
1703fbefd9 Merge git://git.denx.de/u-boot-dm 2018-07-11 09:40:38 -04:00
Teddy Reed
72239fc85f vboot: Add FIT_SIGNATURE_MAX_SIZE protection
This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-10 16:55:58 -04:00
Paul Burton
8793631ec1 test/py: vboot: Remove stderr redirect from openssl command
The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

  genpkey: Use -help for summary.
  Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
2018-07-10 14:50:50 -06:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Stephen Warren
2d26bf6c26 test/py: add skip marker for reliance on tools
Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2017-09-29 14:07:53 -04:00
Tom Rini
de4be9ec17 test/py/tests/test_vboot.py: Add check that we boot the image
Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>
2016-09-22 11:34:58 -04:00
Simon Glass
f6d34651d8 test: Adjust run_command_list() to return a list of strings
Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
2016-08-05 20:55:23 -04:00
Simon Glass
27c087d58a test: Add a function to restart U-Boot
Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>
2016-08-05 20:55:22 -04:00
Simon Glass
851271a71a test: vboot: Put each test variant in its own section
Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-08-05 20:55:22 -04:00
Simon Glass
ac9a23cffc test: Rename sha to sha_algo and pass it around
Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-08-05 20:55:21 -04:00
Simon Glass
ec70f8a911 test: Drop the cmd() function
Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-08-05 20:55:20 -04:00
Simon Glass
72f5226894 test: Fix typos in comments
Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-08-05 20:55:20 -04:00
Simon Glass
bcbd0c8fe1 test: Fix typos and tidy up
Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)
2016-08-05 20:55:19 -04:00
Michal Simek
04a4786c7c test/py: vboot can be run only at Sandbox
Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>
2016-07-22 14:52:04 -04:00
Stephen Warren
c9ba60c438 test/py: use absolute dts path in vboot test
Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d58259 ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-07-22 14:46:24 -04:00
Simon Glass
8729d58259 test: Convert the vboot test to test/py
Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 18:22:40 -04:00