summaryrefslogtreecommitdiff
path: root/tests/vboot_kernel_tests.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/vboot_kernel_tests.c')
-rw-r--r--tests/vboot_kernel_tests.c72
1 files changed, 58 insertions, 14 deletions
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 944be0aa..14e7e1f2 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -363,50 +363,94 @@ static void LoadKernelTest(void)
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Fail key block dev sig fwmp");
- /* Check keyblock flag mismatches */
+ /* Check keyblock flags */
ResetMocks();
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_0 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_1
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock dev flag mismatch");
ResetMocks();
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock rec flag mismatch");
ResetMocks();
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_1;
+ TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
+ "Keyblock minios flag mismatch");
+
+ ResetMocks();
ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_1
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock recdev flag mismatch");
ResetMocks();
+ ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
+ TestLoadKernel(0, "Keyblock rec flag okay");
+
+ ResetMocks();
ctx->flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock rec!dev flag mismatch");
- /* Check keyblock flag mismatches (dev mode + signed kernel required) */
+ ResetMocks();
+ ctx->flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_1
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
+ TestLoadKernel(0, "Keyblock recdev flag okay");
+
+ /* Check keyblock flags (dev mode + signed kernel required) */
ResetMocks();
ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock dev flag mismatch (signed kernel required)");
ResetMocks();
ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
- kbh.keyblock_flags =
- VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Keyblock dev flag mismatch (signed kernel required)");
+ ResetMocks();
+ ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
+ fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_0
+ | VB2_KEYBLOCK_FLAG_MINIOS_1;
+ TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
+ "Keyblock dev flag mismatch (signed kernel required)");
+
+ ResetMocks();
+ ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
+ vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
+ kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
+ | VB2_KEYBLOCK_FLAG_DEVELOPER_1
+ | VB2_KEYBLOCK_FLAG_MINIOS_0;
+ TestLoadKernel(0, "Keyblock dev flag okay (signed kernel required)");
+
/* Check kernel key version */
ResetMocks();
kbh.data_key.key_version = 1;
View Lorry Controller Status