scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5cf3f30ccd5f26bdce4ae03bec8dcad4d70b37f
OpenCellular/tests/kernel_image_tests.c
Gaurav Shah bf7615bc31 Change kernel vboot header layout and add support for separate header verification. 
This CL adds 2 things:
- Instead of having a kernel config, now we have a kernel preamble which contains some important parameters needed by the bootloader in the firmware to kernel hand-off. These parameters are verified using a separate preamble signature in addition to the kernel signature on actual kernel image data.

- Adds a new VerifyKernelHeader() API function which verifies the kernel verified boot header excluding the kernel data and also extracts parameters out of this header needed to verify the actual kernel image data (if deemed necessary). This allows for vboot header verification and data verification to be performed separately.

Review URL: http://codereview.chromium.org/2234003
2010-05-26 10:26:00 -07:00

141 lines
4.8 KiB
C
Raw Blame History

/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Tests for kernel image library.
*/
#include <stdio.h>
#include <stdlib.h>
#include "cryptolib.h"
#include "file_keys.h"
#include "kernel_image.h"
#include "test_common.h"
#include "utility.h"
/* Normal Kernel Blob Verification Tests. */
void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) {
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED),
VERIFY_KERNEL_SUCCESS,
"Normal Kernel Blob Verification (Dev Mode)");
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED),
VERIFY_KERNEL_SUCCESS,
"Normal Kernel Blob Verification (Trusted)");
}
/* Normal KernelImage Verification Tests. */
void VerifyKernelImageTest(KernelImage* image,
RSAPublicKey* firmware_key) {
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
VERIFY_KERNEL_SUCCESS,
"Normal KernelImage Verification (Dev Mode)");
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
VERIFY_KERNEL_SUCCESS,
"Normal KernelImage Verification (Trusted)");
}
/* Tampered KernelImage Verification Tests. */
void VerifyKernelImageTamperTest(KernelImage* image,
RSAPublicKey* firmware_key) {
image->bootloader_offset ^= 0xFF;
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
"KernelImage Config Tamper Verification (Dev Mode)");
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
"KernelImage Config Tamper Verification (Trusted)");
image->bootloader_offset ^= 0xFF;
image->kernel_data[0] = 'T';
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
VERIFY_KERNEL_SIGNATURE_FAILED,
"KernelImage Tamper Verification (Dev Mode)");
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
VERIFY_KERNEL_SIGNATURE_FAILED,
"KernelImage Tamper Verification (Trusted)");
image->kernel_data[0] = 'K';
image->kernel_key_signature[0] = 0xFF;
image->kernel_key_signature[1] = 0x00;
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
VERIFY_KERNEL_SUCCESS,
"KernelImage Key Signature Tamper Verification (Dev Mode)");
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
VERIFY_KERNEL_KEY_SIGNATURE_FAILED,
"KernelImage Key Signature Tamper Verification (Trusted)");
}
int main(int argc, char* argv[]) {
uint64_t len;
const char* firmware_key_file = NULL;
const char* kernel_key_file = NULL;
uint8_t* kernel_sign_key_buf = NULL;
uint8_t* firmware_key_blob = NULL;
uint8_t* kernel_blob = NULL;
uint64_t kernel_blob_len = 0;
KernelImage* image = NULL;
RSAPublicKey* firmware_key = NULL;
int error_code = 0;
if(argc != 7) {
fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */
"<kernel signing algorithm> " /* argv[2] */
"<firmware key> " /* argv[3] */
"<processed firmware pubkey> " /* argv[4] */
"<kernel signing key> " /* argv[5] */
"<processed kernel signing key>\n", /* argv[6] */
argv[0]);
return -1;
}
/* Read verification keys and create a test image. */
firmware_key = RSAPublicKeyFromFile(argv[4]);
firmware_key_blob = BufferFromFile(argv[4], &len);
kernel_sign_key_buf = BufferFromFile(argv[6], &len);
firmware_key_file = argv[3];
kernel_key_file = argv[5];
if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) {
error_code = 1;
goto failure;
}
image = GenerateTestKernelImage(atoi(argv[1]),
atoi(argv[2]),
kernel_sign_key_buf,
1, /* Kernel Key Version */
1, /* Kernel Version */
1000, /* Kernel Size */
firmware_key_file,
kernel_key_file,
'K');
if (!image) {
error_code = 1;
goto failure;
}
kernel_blob = GetKernelBlob(image, &kernel_blob_len);
/* Test Kernel blob verify operations. */
VerifyKernelTest(kernel_blob, firmware_key_blob);
/* Test KernelImage verify operations. */
VerifyKernelImageTest(image, firmware_key);
VerifyKernelImageTamperTest(image, firmware_key);
if (!gTestSuccess)
error_code = 255;
failure:
Free(kernel_blob);
KernelImageFree(image);
Free(kernel_sign_key_buf);
Free(firmware_key_blob);
RSAPublicKeyFree(firmware_key);
return error_code;
}
Reference in New Issue View Git Blame Copy Permalink