diff options
author | Hung-Te Lin <hungte@chromium.org> | 2018-08-27 13:03:36 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-05 16:10:58 -0700 |
commit | 86e12ef99dfcc71c6e4903e3ed892330e78f66ff (patch) | |
tree | 18f1cc0939c4cf30b9ec6a615101fb11dafce775 /tests/futility/test_update.sh | |
parent | e53fbd1be95a79db0f66382cd0207a6bbd990309 (diff) | |
download | vboot-86e12ef99dfcc71c6e4903e3ed892330e78f66ff.tar.gz |
futility: cmd_update: Check RO and RW signing compatibility before updating
If the RW is not signed by RO root key then verified boot will fail and enter
recovery mode. This may happen when user is trying to flash a DEV (or
PreMP) signed firmware on a MP-signed device, with write protection
enabled.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1cee0b5f42f1f403d9baa5f9b2659f75511fbcb8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183659
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests/futility/test_update.sh')
-rwxr-xr-x | tests/futility/test_update.sh | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh index 26d993d8..d51219ff 100755 --- a/tests/futility/test_update.sh +++ b/tests/futility/test_update.sh @@ -62,12 +62,18 @@ unpack_image() { local image="$2" mkdir -p "${folder}" (cd "${folder}" && ${FUTILITY} dump_fmap -x "../${image}") + ${FUTILITY} gbb -g --rootkey="${folder}/rootkey" "${image}" } # Unpack images so we can prepare expected results by individual sections. unpack_image "to" "${TO_IMAGE}" unpack_image "from" "${FROM_IMAGE}" +# Hack FROM_IMAGE so it has same root key as TO_IMAGE (for RW update). +FROM_DIFFERENT_ROOTKEY_IMAGE="${FROM_IMAGE}2" +cp -f "${FROM_IMAGE}" "${FROM_DIFFERENT_ROOTKEY_IMAGE}" +"${FUTILITY}" gbb -s --rootkey="${TMP}.to/rootkey" "${FROM_IMAGE}" + # Generate expected results. cp -f "${TO_IMAGE}" "${TMP}.expected.full" cp -f "${FROM_IMAGE}" "${TMP}.expected.rw" @@ -136,6 +142,10 @@ test_update "RW update (incompatible platform)" \ "${FROM_IMAGE}" "!platform is not compatible" \ -i "${LINK_BIOS}" --wp=1 --sys_props 0,0x10001,1 +test_update "RW update (incompatible rootkey)" \ + "${FROM_DIFFERENT_ROOTKEY_IMAGE}" "!RW not signed by same RO root key" \ + -i "${TO_IMAGE}" --wp=1 --sys_props 0,0x10001,1 + test_update "RW update (TPM Anti-rollback: data key)" \ "${FROM_IMAGE}" "!Data key version rollback detected (2->1)" \ -i "${TO_IMAGE}" --wp=1 --sys_props 1,0x20001,1 @@ -160,6 +170,10 @@ test_update "RW update (incompatible platform)" \ "${FROM_IMAGE}" "!platform is not compatible" \ -i "${LINK_BIOS}" -t --wp=1 --sys_props 0x10001,1 +test_update "RW update (incompatible rootkey)" \ + "${FROM_DIFFERENT_ROOTKEY_IMAGE}" "!RW not signed by same RO root key" \ + -i "${TO_IMAGE}" -t --wp=1 --sys_props 0,0x10001,1 + test_update "RW update (TPM Anti-rollback: data key)" \ "${FROM_IMAGE}" "!Data key version rollback detected (2->1)" \ -i "${TO_IMAGE}" -t --wp=1 --sys_props 1,0x20001,1 |