| Age | Commit message (Collapse) | Author |
|---|
|
The EFI secure boot tests install a security data base.
Other EFI tests assume that secure boot is not enabled.
Add the missing tear-down at the end of each secboot test sequence.
Reported-by: Tom Rini <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Tested-by: Tom Rini <[email protected]>
|
|
The problem with using "virt-make-fs" to make a filesystem image is that
it is extremely slow. Switch to using the fs_helper functions we have
instead from the filesystem tests as these can add files to images and
are significantly faster and still do not require root access.
Signed-off-by: Tom Rini <[email protected]>
|
|
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".
This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.
Signed-off-by: Weizhao Ouyang <[email protected]>
|
|
Use proper project name in comments, Kconfig, readmes.
Reviewed-by: Neil Armstrong <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Stefan Roese <[email protected]>
Reviewed-by: Qu Wenruo <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Link: https://lore.kernel.org/r/0dbdf0432405c1c38ffca55703b6737a48219e79.1684307818.git.michal.simek@amd.com
|
|
Fix issues reported by pydocstyle.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
'cert-to-efi-hash-list -t 0' does not work as expected, it produces
indeterminate timestamp.
$ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-113-0 00:00:255
If we need the CRL revoked for all the time, just don't specify
'-t' option.
$ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-0-0 00:00:00
Signed-off-by: Masahisa Kojima <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
* Remove unused import
* Provide module docstring
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx. Update the sandbox selftests
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").
Signed-off-by: AKASHI Takahiro <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.
Signed-off-by: AKASHI Takahiro <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.
In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.
Signed-off-by: AKASHI Takahiro <[email protected]>
Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.
Signed-off-by: AKASHI Takahiro <[email protected]>
Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).
In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.
Signed-off-by: AKASHI Takahiro <[email protected]>
Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
More fixes against pylint warnings that autopep8 didn't handle
in the previous commit.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
A time authenticated variable cannot be overwritten with another value
with the same time stamp. So we must ensure the correct sequence of time
stamps when generating out test data.
Using parameter -t for sign-efi-sig-list gives reproducible results and
avoids sleep statements.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
If udisksctl is present
test/py/tests/test_efi_secboot/conftest.py
fails because the disk image is never mounted.
Normal users can only mount fuse file systems. Unfortunately fusefat is
still in an experimental state and seems not to work here correctly.
So as we have to be root or use the sudo command anyway delete all coding
referring to udisksctl.
--
We should not use mount point /mnt as this directory or one of its
sub-directories might already be in use as active mount points. Instead
create a new directory in the build root as mount point.
--
Remove debug print statements that have been commented out. print without
parentheses is anyway invalid in Python 3. And pytest anyway filters out
the output if there is no exception reported.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
A fixture for UEFI secure boot tests (image authentication and variable
authentication) is defined. A small file system with test data in a single
partition formatted in fat is created.
This test requires efitools v1.5.2 or later. If the system's efitools
is older, you have to build it on your own and define EFITOOLS_PATH.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
