From e246b728ee71d01c6b978aea642a3fb972ec60a9 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 14 Nov 2018 13:51:04 +0100 Subject: test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/py/tests/test_vboot.py | 12 ++++--- test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ 5 files changed, 187 insertions(+), 5 deletions(-) create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its (limited to 'test') diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index 92144d4c1e3..ee6a0965001 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -126,7 +126,7 @@ def test_vboot(u_boot_console): handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] - def test_with_algo(sha_algo): + def test_with_algo(sha_algo, padding): """Test verified boot with the given hash algorithm. This is the main part of the test code. The same procedure is followed @@ -144,7 +144,7 @@ def test_vboot(u_boot_console): # Build the FIT, but don't sign anything yet cons.log.action('%s: Test FIT with signed images' % sha_algo) - make_fit('sign-images-%s.its' % sha_algo) + make_fit('sign-images-%s%s.its' % (sha_algo , padding)) run_bootm(sha_algo, 'unsigned images', 'dev-', True) # Sign images with our dev keys @@ -155,7 +155,7 @@ def test_vboot(u_boot_console): dtc('sandbox-u-boot.dts') cons.log.action('%s: Test FIT with signed configuration' % sha_algo) - make_fit('sign-configs-%s.its' % sha_algo) + make_fit('sign-configs-%s%s.its' % (sha_algo , padding)) run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True) # Sign images with our dev keys @@ -226,8 +226,10 @@ def test_vboot(u_boot_console): # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - test_with_algo('sha1') - test_with_algo('sha256') + test_with_algo('sha1','') + test_with_algo('sha1','-pss') + test_with_algo('sha256','') + test_with_algo('sha256','-pss') finally: # Go back to the original U-Boot with the correct dtb. cons.config.dtb = old_dtb diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its new file mode 100644 index 00000000000..3c3ab20ca9f --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its new file mode 100644 index 00000000000..8e335105eb3 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its new file mode 100644 index 00000000000..d19c4d7745a --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha1-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its new file mode 100644 index 00000000000..43612f819d2 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha256-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +}; -- cgit v1.3.1 From ed47097a04d52f3f5fb1524c552dbeafb1156396 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 14 Nov 2018 13:51:05 +0100 Subject: test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/py/tests/test_vboot.py | 2 +- test/py/tests/vboot/sign-configs-sha1-pss.its | 18 +++++++++--------- test/py/tests/vboot/sign-configs-sha1.its | 18 +++++++++--------- test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++--------- test/py/tests/vboot/sign-configs-sha256.its | 18 +++++++++--------- test/py/tests/vboot/sign-images-sha1-pss.its | 16 ++++++++-------- test/py/tests/vboot/sign-images-sha1.its | 16 ++++++++-------- test/py/tests/vboot/sign-images-sha256-pss.its | 16 ++++++++-------- test/py/tests/vboot/sign-images-sha256.its | 16 ++++++++-------- 9 files changed, 69 insertions(+), 69 deletions(-) (limited to 'test') diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index ee6a0965001..4627ceb0260 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -204,7 +204,7 @@ def test_vboot(u_boot_console): fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' dtc_args = '-I dts -O dtb -i %s' % tmpdir dtb = '%ssandbox-u-boot.dtb' % tmpdir - sig_node = '/configurations/conf@1/signature@1' + sig_node = '/configurations/conf-1/signature' # Create an RSA key pair public_exponent = 65537 diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its index 3c3ab20ca9f..72a5637e3a1 100644 --- a/test/py/tests/vboot/sign-configs-sha1-pss.its +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,28 +14,28 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - hash@1 { + hash-1 { algo = "sha1"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - hash@1 { + hash-1 { algo = "sha1"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature { algo = "sha1,rsa2048"; padding = "pss"; key-name-hint = "dev"; diff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1.its index db2ed793552..d8bc1fa0919 100644 --- a/test/py/tests/vboot/sign-configs-sha1.its +++ b/test/py/tests/vboot/sign-configs-sha1.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,28 +14,28 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - hash@1 { + hash-1 { algo = "sha1"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - hash@1 { + hash-1 { algo = "sha1"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature { algo = "sha1,rsa2048"; key-name-hint = "dev"; sign-images = "fdt", "kernel"; diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its index 8e335105eb3..7bdcc7e286f 100644 --- a/test/py/tests/vboot/sign-configs-sha256-pss.its +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,28 +14,28 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - hash@1 { + hash-1 { algo = "sha256"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - hash@1 { + hash-1 { algo = "sha256"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature { algo = "sha256,rsa2048"; padding = "pss"; key-name-hint = "dev"; diff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256.its index 1b3432ec144..f5591aad305 100644 --- a/test/py/tests/vboot/sign-configs-sha256.its +++ b/test/py/tests/vboot/sign-configs-sha256.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,28 +14,28 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - hash@1 { + hash-1 { algo = "sha256"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - hash@1 { + hash-1 { algo = "sha256"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature { algo = "sha256,rsa2048"; key-name-hint = "dev"; sign-images = "fdt", "kernel"; diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its index d19c4d7745a..ded7ae4f552 100644 --- a/test/py/tests/vboot/sign-images-sha1-pss.its +++ b/test/py/tests/vboot/sign-images-sha1-pss.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,20 +14,20 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - signature@1 { + signature { algo = "sha1,rsa2048"; padding = "pss"; key-name-hint = "dev"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - signature@1 { + signature { algo = "sha1,rsa2048"; padding = "pss"; key-name-hint = "dev"; @@ -35,10 +35,10 @@ }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; }; }; }; diff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1.its index f69326a39bc..18c759e9e65 100644 --- a/test/py/tests/vboot/sign-images-sha1.its +++ b/test/py/tests/vboot/sign-images-sha1.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,29 +14,29 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - signature@1 { + signature { algo = "sha1,rsa2048"; key-name-hint = "dev"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - signature@1 { + signature { algo = "sha1,rsa2048"; key-name-hint = "dev"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; }; }; }; diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its index 43612f819d2..34850cc6c58 100644 --- a/test/py/tests/vboot/sign-images-sha256-pss.its +++ b/test/py/tests/vboot/sign-images-sha256-pss.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,20 +14,20 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - signature@1 { + signature { algo = "sha256,rsa2048"; padding = "pss"; key-name-hint = "dev"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - signature@1 { + signature { algo = "sha256,rsa2048"; padding = "pss"; key-name-hint = "dev"; @@ -35,10 +35,10 @@ }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; }; }; }; diff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256.its index e6aa9fc4098..bb0f8ee8a66 100644 --- a/test/py/tests/vboot/sign-images-sha256.its +++ b/test/py/tests/vboot/sign-images-sha256.its @@ -5,7 +5,7 @@ #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("test-kernel.bin"); type = "kernel_noload"; arch = "sandbox"; @@ -14,29 +14,29 @@ load = <0x4>; entry = <0x8>; kernel-version = <1>; - signature@1 { + signature { algo = "sha256,rsa2048"; key-name-hint = "dev"; }; }; - fdt@1 { + fdt-1 { description = "snow"; data = /incbin/("sandbox-kernel.dtb"); type = "flat_dt"; arch = "sandbox"; compression = "none"; fdt-version = <1>; - signature@1 { + signature { algo = "sha256,rsa2048"; key-name-hint = "dev"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; }; }; }; -- cgit v1.3.1