diff options
author | Furquan Shaikh <furquan@google.com> | 2015-10-28 13:01:27 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-28 20:44:39 -0700 |
commit | 55484550bcedc2b70d84504ec59932f441988838 (patch) | |
tree | 11e104b115fa7920461044bf7e29c497f4a87b6b /tests/vboot_api_kernel5_tests.c | |
parent | d6723ed12b429834c2627c009aab58f0db20ce73 (diff) | |
download | vboot-55484550bcedc2b70d84504ec59932f441988838.tar.gz |
VbVerifyMemoryBootImage: Allow integrity-only check in dev mode with
FASTBOOT_FULL_CAP set
This change allows developers to boot dev-signed boot images in
unlocked mode if DEV_BOOT_FASTBOOT_FULL_CAP is set in VbNvStorage or
GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set.
BUG=chrome-os-partner:47002
BRANCH=None
TEST=Compiles successfully. make -j runtests
Change-Id: I56e3879594da1b57051dfe242ff347ac970c96bb
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/309606
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'tests/vboot_api_kernel5_tests.c')
-rw-r--r-- | tests/vboot_api_kernel5_tests.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/vboot_api_kernel5_tests.c b/tests/vboot_api_kernel5_tests.c index 8c59622f..a372e178 100644 --- a/tests/vboot_api_kernel5_tests.c +++ b/tests/vboot_api_kernel5_tests.c @@ -145,6 +145,12 @@ int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig, return VBERROR_SUCCESS; } +VbError_t VbExNvStorageRead(uint8_t *buf) +{ + Memcpy(buf, vnc.raw, sizeof(vnc.raw)); + return VBERROR_SUCCESS; +} + static void VerifyMemoryBootImageTest(void) { uint32_t u; @@ -200,6 +206,17 @@ static void VerifyMemoryBootImageTest(void) VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); TEST_EQ(hash_only_check, 1, " hash check"); + /* Key Block Hash Failure -- VBNV */ + ResetMocks(); + shared->flags = VBSD_BOOT_DEV_SWITCH_ON; + key_block_verify_fail = 1; + VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); + VbNvTeardown(&vnc); + TEST_EQ(VbVerifyMemoryBootImage(&cparams, &kparams, kernel_buffer, + kernel_buffer_size), + VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); + TEST_EQ(hash_only_check, 1, " hash check -- VBNV flag"); + /* Developer flag mismatch - dev switch on */ ResetMocks(); kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | |