diff options
| author | Joel Kitching <kitching@google.com> | 2021-02-12 09:56:29 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-03-24 05:32:52 +0000 |
| commit | 230d9688b9498518774096109a5c31639f5f6cc0 (patch) | |
| tree | ecf7a7f0677b439e02728d81fade7bef23ebb640 /tests | |
| parent | 6e4d58cb49da19ce15e17261cb1a5d4660d12de3 (diff) | |
| download | vboot-230d9688b9498518774096109a5c31639f5f6cc0.tar.gz | |
vboot/vboot_kernel: rewrite require_official_osfirmware-quiche-13883.B
Function no longer needs the `params` argument. Use more
precise language, replacing the term "OS" with "kernel".
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ie4162760744a6c341fee122c5be247d86bd49c05
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2741921
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/vboot_kernel_tests.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index 41b710ac..631cd5be 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -705,6 +705,24 @@ static void LoadKernelTest(void) TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, "Keyblock rec!dev flag mismatch"); + /* Check keyblock flag mismatches (dev mode + signed kernel required) */ + ResetMocks(); + ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; + vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1); + kbh.keyblock_flags = + VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0; + TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, + "Keyblock dev flag mismatch (signed kernel required)"); + + ResetMocks(); + ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY; + kbh.keyblock_flags = + VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0; + TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, + "Keyblock dev flag mismatch (signed kernel required)"); + + /* Check kernel key version */ ResetMocks(); kbh.data_key.key_version = 1; TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, @@ -761,6 +779,23 @@ static void LoadKernelTest(void) ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; TestLoadKernel(0, "Kernel version ignored in rec mode"); + /* Check kernel version (dev mode + signed kernel required) */ + ResetMocks(); + kbh.data_key.key_version = 0; + ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; + vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1); + TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, + "Keyblock key version checked in dev mode " + "(signed kernel required)"); + + ResetMocks(); + kbh.data_key.key_version = 0; + ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY; + TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, + "Keyblock key version checked in dev mode " + "(signed kernel required)"); + /* Check developer key hash - bad */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; |