Gaurav Shah | a82bf26 | 2010-03-26 10:38:08 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | * |
| 5 | * Tests for checking kernel rollback-prevention logic. |
| 6 | */ |
| 7 | |
| 8 | #include <stdio.h> |
| 9 | #include <stdlib.h> |
| 10 | |
| 11 | #include "file_keys.h" |
| 12 | #include "kernel_image.h" |
| 13 | #include "rsa_utility.h" |
| 14 | #include "rollback_index.h" |
| 15 | #include "test_common.h" |
| 16 | #include "utility.h" |
| 17 | |
| 18 | /* Tests that check for correctness of the VerifyFirmwareDriver_f() logic |
| 19 | * and rollback prevention. */ |
| 20 | void VerifyKernelDriverTest(void) { |
| 21 | uint64_t len; |
| 22 | uint8_t* firmware_key_pub = BufferFromFile("testkeys/key_rsa1024.keyb", |
| 23 | &len); |
| 24 | /* Initialize kernel blobs, including their associated parition |
| 25 | * table attributed. */ |
| 26 | kernel_entry valid_kernelA = { |
| 27 | GenerateRollbackTestKernelBlob(1, 1, 0), |
| 28 | 15, /* Highest Priority. */ |
| 29 | 5, /* Enough for tests. */ |
| 30 | 0 /* Assume we haven't boot off it yet. */ |
| 31 | }; |
| 32 | kernel_entry corrupt_kernelA = { |
| 33 | GenerateRollbackTestKernelBlob(1, 1, 1), |
| 34 | 15, /* Highest Priority. */ |
| 35 | 5, /* Enough for tests. */ |
| 36 | 0 /* Assume we haven't boot off it yet. */ |
| 37 | }; |
| 38 | kernel_entry valid_kernelB = { |
| 39 | GenerateRollbackTestKernelBlob(1, 1, 0), |
| 40 | 1, /* Lower Priority. */ |
| 41 | 5, /* Enough for tests. */ |
| 42 | 0 /* Assume we haven't boot off it yet. */ |
| 43 | }; |
| 44 | kernel_entry corrupt_kernelB = { |
| 45 | GenerateRollbackTestKernelBlob(1, 1, 1), |
| 46 | 1, /* Lower Priority. */ |
| 47 | 5, /* Enough for tests. */ |
| 48 | 0 /* Assume we haven't boot off it yet. */ |
| 49 | }; |
| 50 | |
| 51 | /* Initialize rollback index state. */ |
| 52 | g_kernel_key_version = 1; |
| 53 | g_kernel_version = 1; |
| 54 | |
| 55 | /* Note: This test just checks the rollback prevention mechanism and not |
| 56 | * the full blown kernel boot logic. Updates to the kernel attributes |
| 57 | * in the paritition table are not tested. |
| 58 | */ |
| 59 | fprintf(stderr, "Kernel A boot priority(15) > Kernel B boot priority(1)\n"); |
| 60 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 61 | &valid_kernelA, &valid_kernelB, |
| 62 | DEV_MODE_DISABLED), |
| 63 | BOOT_KERNEL_A_CONTINUE, |
| 64 | "(Valid Kernel A (current version)\n" |
| 65 | " Valid Kernel B (current version) runs A):"); |
| 66 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 67 | &corrupt_kernelA, &valid_kernelB, |
| 68 | DEV_MODE_DISABLED), |
| 69 | BOOT_KERNEL_B_CONTINUE, |
| 70 | "(Corrupt Kernel A (current version)\n" |
| 71 | " Valid Kernel B (current version) runs B):"); |
| 72 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 73 | &valid_kernelA, &corrupt_kernelB, |
| 74 | DEV_MODE_DISABLED), |
| 75 | BOOT_KERNEL_A_CONTINUE, |
| 76 | "(Valid Kernel A (current version)\n" |
| 77 | " Corrupt Kernel B (current version) runs A):"); |
| 78 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 79 | &corrupt_kernelA, &corrupt_kernelB, |
| 80 | DEV_MODE_DISABLED), |
| 81 | BOOT_KERNEL_RECOVERY_CONTINUE, |
| 82 | "(Corrupt Kernel A (current version)\n" |
| 83 | " Corrupt Kernel B (current version) runs Recovery):"); |
| 84 | |
| 85 | fprintf(stderr, "\nSwapping boot priorities...\n" |
| 86 | "Kernel B boot priority(15) > Kernel A boot priority(1)\n"); |
| 87 | valid_kernelA.boot_priority = corrupt_kernelA.boot_priority = 1; |
| 88 | valid_kernelB.boot_priority = corrupt_kernelB.boot_priority = 15; |
| 89 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 90 | &valid_kernelA, &valid_kernelB, |
| 91 | DEV_MODE_DISABLED), |
| 92 | BOOT_KERNEL_B_CONTINUE, |
| 93 | "(Valid Kernel A (current version)\n" |
| 94 | " Valid Kernel B (current version) runs B):"); |
| 95 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 96 | &corrupt_kernelA, &valid_kernelB, |
| 97 | DEV_MODE_DISABLED), |
| 98 | BOOT_KERNEL_B_CONTINUE, |
| 99 | "(Corrupt Kernel A (current version)\n" |
| 100 | " Valid Kernel B (current version) runs B):"); |
| 101 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 102 | &valid_kernelA, &corrupt_kernelB, |
| 103 | DEV_MODE_DISABLED), |
| 104 | BOOT_KERNEL_A_CONTINUE, |
| 105 | "(Valid Kernel A (current version)\n" |
| 106 | " Corrupt Kernel B (current version) runs A):"); |
| 107 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 108 | &corrupt_kernelA, &corrupt_kernelB, |
| 109 | DEV_MODE_DISABLED), |
| 110 | BOOT_KERNEL_RECOVERY_CONTINUE, |
| 111 | "(Corrupt Kernel A (current version)\n" |
| 112 | " Corrupt Kernel B (current version) runs Recovery):"); |
| 113 | |
| 114 | fprintf(stderr, "\nUpdating stored version information. Obsoleting " |
| 115 | "exiting kernel images.\n"); |
| 116 | g_kernel_key_version = 2; |
| 117 | g_kernel_version = 2; |
| 118 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 119 | &valid_kernelA, &valid_kernelB, |
| 120 | DEV_MODE_DISABLED), |
| 121 | BOOT_KERNEL_RECOVERY_CONTINUE, |
| 122 | "(Valid Kernel A (old version)\n" |
| 123 | " Valid Kernel B (old version) runs Recovery):"); |
| 124 | |
| 125 | fprintf(stderr, "\nGenerating updated Kernel A blob with " |
| 126 | "new version.\n"); |
| 127 | Free(valid_kernelA.kernel_blob); |
| 128 | valid_kernelA.kernel_blob = GenerateRollbackTestKernelBlob(3, 3, 0); |
| 129 | TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, |
| 130 | &valid_kernelA, &valid_kernelB, |
| 131 | DEV_MODE_DISABLED), |
| 132 | BOOT_KERNEL_A_CONTINUE, |
| 133 | "(Valid Kernel A (new version)\n" |
| 134 | " Valid Kernel B (old version) runs A):"); |
| 135 | |
| 136 | Free(firmware_key_pub); |
| 137 | Free(valid_kernelA.kernel_blob); |
| 138 | Free(valid_kernelB.kernel_blob); |
| 139 | Free(corrupt_kernelA.kernel_blob); |
| 140 | Free(corrupt_kernelB.kernel_blob); |
| 141 | } |
| 142 | |
| 143 | int main(int argc, char* argv[]) { |
| 144 | int error_code = 0; |
| 145 | VerifyKernelDriverTest(); |
| 146 | if (!gTestSuccess) |
| 147 | error_code = 255; |
| 148 | return error_code; |
| 149 | } |