mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-15 01:17:39 +00:00
fc1fe01b08
AVB 2.0 spec. revision 1.1 introduces support for named persistent values that must be tamper evident and allows AVB to store arbitrary key-value pairs [1]. Introduce implementation of two additional AVB operations read_persistent_value()/write_persistent_value() for retrieving/storing named persistent values. Correspondent pull request in the OP-TEE OS project repo [2]. [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22 [2]: https://github.com/OP-TEE/optee_os/pull/2699 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
134 lines
4.1 KiB
Python
134 lines
4.1 KiB
Python
# Copyright (c) 2018, Linaro Limited
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0+
|
|
#
|
|
# Android Verified Boot 2.0 Test
|
|
|
|
"""
|
|
This tests Android Verified Boot 2.0 support in U-boot:
|
|
|
|
For additional details about how to build proper vbmeta partition
|
|
check doc/README.avb2
|
|
|
|
For configuration verification:
|
|
- Corrupt boot partition and check for failure
|
|
- Corrupt vbmeta partition and check for failure
|
|
"""
|
|
|
|
import pytest
|
|
import u_boot_utils as util
|
|
|
|
# defauld mmc id
|
|
mmc_dev = 1
|
|
temp_addr = 0x90000000
|
|
temp_addr2 = 0x90002000
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb', 'cmd_mmc')
|
|
def test_avb_verify(u_boot_console):
|
|
"""Run AVB 2.0 boot verification chain with avb subset of commands
|
|
"""
|
|
|
|
success_str = "Verification passed successfully"
|
|
|
|
response = u_boot_console.run_command('avb init %s' %str(mmc_dev))
|
|
assert response == ''
|
|
response = u_boot_console.run_command('avb verify')
|
|
assert response.find(success_str)
|
|
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb', 'cmd_mmc')
|
|
def test_avb_mmc_uuid(u_boot_console):
|
|
"""Check if 'avb get_uuid' works, compare results with
|
|
'part list mmc 1' output
|
|
"""
|
|
|
|
response = u_boot_console.run_command('avb init %s' % str(mmc_dev))
|
|
assert response == ''
|
|
|
|
response = u_boot_console.run_command('mmc rescan; mmc dev %s' %
|
|
str(mmc_dev))
|
|
assert response.find('is current device')
|
|
|
|
part_lines = u_boot_console.run_command('mmc part').splitlines()
|
|
part_list = {}
|
|
cur_partname = ''
|
|
|
|
for line in part_lines:
|
|
if '"' in line:
|
|
start_pt = line.find('"')
|
|
end_pt = line.find('"', start_pt + 1)
|
|
cur_partname = line[start_pt + 1: end_pt]
|
|
|
|
if 'guid:' in line:
|
|
guid_to_check = line.split('guid:\t')
|
|
part_list[cur_partname] = guid_to_check[1]
|
|
|
|
# lets check all guids with avb get_guid
|
|
for part, guid in part_list.iteritems():
|
|
avb_guid_resp = u_boot_console.run_command('avb get_uuid %s' % part)
|
|
assert guid == avb_guid_resp.split('UUID: ')[1]
|
|
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb')
|
|
def test_avb_read_rb(u_boot_console):
|
|
"""Test reading rollback indexes
|
|
"""
|
|
|
|
response = u_boot_console.run_command('avb init %s' % str(mmc_dev))
|
|
assert response == ''
|
|
|
|
response = u_boot_console.run_command('avb read_rb 1')
|
|
assert response == 'Rollback index: 0'
|
|
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb')
|
|
def test_avb_is_unlocked(u_boot_console):
|
|
"""Test if device is in the unlocked state
|
|
"""
|
|
|
|
response = u_boot_console.run_command('avb init %s' % str(mmc_dev))
|
|
assert response == ''
|
|
|
|
response = u_boot_console.run_command('avb is_unlocked')
|
|
assert response == 'Unlocked = 1'
|
|
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb', 'cmd_mmc')
|
|
def test_avb_mmc_read(u_boot_console):
|
|
"""Test mmc read operation
|
|
"""
|
|
|
|
response = u_boot_console.run_command('mmc rescan; mmc dev %s 0' %
|
|
str(mmc_dev))
|
|
assert response.find('is current device')
|
|
|
|
response = u_boot_console.run_command('mmc read 0x%x 0x100 0x1' % temp_addr)
|
|
assert response.find('read: OK')
|
|
|
|
response = u_boot_console.run_command('avb init %s' % str(mmc_dev))
|
|
assert response == ''
|
|
|
|
response = u_boot_console.run_command('avb read_part xloader 0 100 0x%x' %
|
|
temp_addr2)
|
|
assert response.find('Read 512 bytes')
|
|
|
|
# Now lets compare two buffers
|
|
response = u_boot_console.run_command('cmp 0x%x 0x%x 40' %
|
|
(temp_addr, temp_addr2))
|
|
assert response.find('64 word')
|
|
|
|
|
|
@pytest.mark.buildconfigspec('cmd_avb')
|
|
@pytest.mark.buildconfigspec('optee_ta_avb')
|
|
def test_avb_persistent_values(u_boot_console):
|
|
"""Test reading/writing persistent storage to avb
|
|
"""
|
|
|
|
response = u_boot_console.run_command('avb init %s' % str(mmc_dev))
|
|
assert response == ''
|
|
|
|
response = u_boot_console.run_command('avb write_pvalue test value_value')
|
|
assert response == 'Wrote 12 bytes'
|
|
|
|
response = u_boot_console.run_command('avb read_pvalue test 12')
|
|
assert response == 'Read 12 bytes, value = value_value'
|