diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-09-24 10:59:41 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2015-09-25 10:31:24 -0700 |
commit | 82db93d5fc924860e4f1fb4cf24f29b5b335a480 (patch) | |
tree | 084dfc2c4854fa2fd4b378a496c935a35abb162e /tests | |
parent | 5b202a94f0ef30421c532b2aed963ac9f6f78521 (diff) | |
download | vboot-82db93d5fc924860e4f1fb4cf24f29b5b335a480.tar.gz |
futility: Add show capability for usbpd1 images
The firmware for the USB Type-C power adapters uses raw binary
blobs for the public keys and signatures instead of
readily-identifiable structs. We've been able to sign these
firmware images for some time, but verifying the result generally
required testing them on hardware.
This CL adds some futilty support for recognizing and verifying
those images too. It just tries various sig and hash algorithms,
until it finds a combination for which the image is
self-consistent (where the pubkey blob verifies the signature
blob).
BUG=none
BRANCH=none
TEST=make runtests
This change also adds additional tests for usbpd1 images. We
ensure that we correctly recognize and verify an MP-signed
firmware, plus test signing and verifying usbpd1 images using
multiple signature and hash algorithms.
Change-Id: I4fbe8b37a694992f635d5469ae1c2449b1610dfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/302415
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/futility/data/zinger_mp_image.bin | bin | 0 -> 32768 bytes | |||
-rwxr-xr-x | tests/futility/run_test_scripts.sh | 1 | ||||
-rw-r--r-- | tests/futility/test_file_types.c | 9 | ||||
-rwxr-xr-x | tests/futility/test_show_usbpd1.sh | 46 |
4 files changed, 51 insertions, 5 deletions
diff --git a/tests/futility/data/zinger_mp_image.bin b/tests/futility/data/zinger_mp_image.bin Binary files differnew file mode 100644 index 00000000..68152c02 --- /dev/null +++ b/tests/futility/data/zinger_mp_image.bin diff --git a/tests/futility/run_test_scripts.sh b/tests/futility/run_test_scripts.sh index 8e6281a1..a0d9e471 100755 --- a/tests/futility/run_test_scripts.sh +++ b/tests/futility/run_test_scripts.sh @@ -47,6 +47,7 @@ ${SCRIPTDIR}/test_load_fmap.sh ${SCRIPTDIR}/test_main.sh ${SCRIPTDIR}/test_show_kernel.sh ${SCRIPTDIR}/test_show_vs_verify.sh +${SCRIPTDIR}/test_show_usbpd1.sh ${SCRIPTDIR}/test_sign_firmware.sh ${SCRIPTDIR}/test_sign_fw_main.sh ${SCRIPTDIR}/test_sign_kernel.sh diff --git a/tests/futility/test_file_types.c b/tests/futility/test_file_types.c index 3fb21cc6..9f90a0f3 100644 --- a/tests/futility/test_file_types.c +++ b/tests/futility/test_file_types.c @@ -29,15 +29,14 @@ static struct { {FILE_TYPE_BIOS_IMAGE, "tests/futility/data/bios_zgb_mp.bin"}, {FILE_TYPE_OLD_BIOS_IMAGE, "tests/futility/data/bios_mario_mp.bin"}, {FILE_TYPE_KERN_PREAMBLE, "tests/futility/data/kern_preamble.bin"}, - /* We don't have a way to identify these (yet?) */ - {FILE_TYPE_RAW_FIRMWARE, }, - {FILE_TYPE_RAW_KERNEL, }, - {FILE_TYPE_CHROMIUMOS_DISK, }, + {FILE_TYPE_RAW_FIRMWARE, }, /* need a test for this */ + {FILE_TYPE_RAW_KERNEL, }, /* need a test for this */ + {FILE_TYPE_CHROMIUMOS_DISK, }, /* need a test for this */ {FILE_TYPE_PRIVKEY, "tests/devkeys/root_key.vbprivk"}, {FILE_TYPE_VB2_PUBKEY, "tests/futility/data/sample.vbpubk2"}, {FILE_TYPE_VB2_PRIVKEY, "tests/futility/data/sample.vbprik2"}, {FILE_TYPE_PEM, "tests/testkeys/key_rsa2048.pem"}, - {FILE_TYPE_USBPD1, }, + {FILE_TYPE_USBPD1, "tests/futility/data/zinger_mp_image.bin"}, }; BUILD_ASSERT(ARRAY_SIZE(test_case) == NUM_FILE_TYPES); diff --git a/tests/futility/test_show_usbpd1.sh b/tests/futility/test_show_usbpd1.sh new file mode 100755 index 00000000..5fa5b93c --- /dev/null +++ b/tests/futility/test_show_usbpd1.sh @@ -0,0 +1,46 @@ +#!/bin/bash -eux +# Copyright 2015 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +me=${0##*/} +TMP="$me.tmp" + +# Work in scratch directory +cd "$OUTDIR" + +DATADIR="${SCRIPTDIR}/data" +TESTS="dingdong hoho minimuffin zinger" +TESTKEYS=${SRCDIR}/tests/testkeys + +SIGS="1024 2048 4096 8192" +HASHES="SHA1 SHA256 SHA512" + +set -o pipefail + +for s in $SIGS; do + + echo -n "$s " 1>&3 + + for test in $TESTS; do + + infile=${DATADIR}/${test}.unsigned + + for h in $HASHES; do + + pemfile=${TESTKEYS}/key_rsa${s}.pem + outfile=${TMP}.${test}_${s}_${h}.new + + # sign it + ${FUTILITY} sign --type usbpd1 --pem ${pemfile} ${infile} ${outfile} + + # make sure it identifies correctly + ${FUTILITY} verify ${outfile} + + done + done +done + +# cleanup +rm -rf ${TMP}* +exit 0 |