diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/secdata_tpm_tests.c | 584 | ||||
-rw-r--r-- | tests/test_common.h | 2 | ||||
-rw-r--r-- | tests/vboot_api_devmode_tests.c | 10 | ||||
-rw-r--r-- | tests/vboot_api_kernel2_tests.c | 26 | ||||
-rw-r--r-- | tests/vboot_api_kernel4_tests.c | 137 | ||||
-rw-r--r-- | tests/vboot_detach_menu_tests.c | 25 | ||||
-rw-r--r-- | tests/vboot_display_tests.c | 6 | ||||
-rw-r--r-- | tests/vboot_kernel_tests.c | 21 |
8 files changed, 445 insertions, 366 deletions
diff --git a/tests/secdata_tpm_tests.c b/tests/secdata_tpm_tests.c index dd28e62a..32285ded 100644 --- a/tests/secdata_tpm_tests.c +++ b/tests/secdata_tpm_tests.c @@ -2,24 +2,16 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * - * Tests for secdata_tpm functions + * Tests for TPM secure data space functions */ -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "2crc8.h" +#include "2api.h" +#include "2secdata.h" #include "secdata_tpm.h" #include "test_common.h" #include "tlcl.h" - -_Static_assert(ROLLBACK_SPACE_FIRMWARE_VERSION > 0, - "ROLLBACK_SPACE_FIRMWARE_VERSION must be greater than 0"); - -_Static_assert(ROLLBACK_SPACE_KERNEL_VERSION > 0, - "ROLLBACK_SPACE_KERNEL_VERSION must be greater than 0"); +#include "tss_constants.h" +#include "vboot_test.h" /* * Buffer to hold accumulated list of calls to mocked Tlcl functions. @@ -45,59 +37,85 @@ static char *mock_cnext = mock_calls; static int mock_count = 0; static int fail_at_count = 0; static uint32_t fail_with_error = TPM_SUCCESS; +static int mock_bad_crc = 0; /* Params / backing store for mocked Tlcl functions. */ static TPM_PERMANENT_FLAGS mock_pflags; -static RollbackSpaceFirmware mock_rsf; -static RollbackSpaceKernel mock_rsk; - -static union { - struct RollbackSpaceFwmp fwmp; - uint8_t buf[FWMP_NV_MAX_SIZE]; -} mock_fwmp; - +static uint8_t mock_rsf[VB2_SECDATA_FIRMWARE_SIZE]; +static uint8_t mock_rsk[VB2_SECDATA_KERNEL_SIZE]; +static uint8_t mock_fwmp[VB2_SECDATA_FWMP_MAX_SIZE]; +static uint32_t mock_fwmp_real_size; static uint32_t mock_permissions; -/* Recalculate CRC of FWMP data */ -static void RecalcFwmpCrc(void) -{ - mock_fwmp.fwmp.crc = vb2_crc8(mock_fwmp.buf + 2, - mock_fwmp.fwmp.struct_size - 2); -} +static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] + __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); +static struct vb2_context *ctx; /* Reset the variables for the Tlcl mock functions. */ -static void ResetMocks(int fail_on_call, uint32_t fail_with_err) +static void reset_common_data(int fail_on_call, uint32_t fail_with_err) { *mock_calls = 0; mock_cnext = mock_calls; mock_count = 0; fail_at_count = fail_on_call; fail_with_error = fail_with_err; + mock_bad_crc = 0; memset(&mock_pflags, 0, sizeof(mock_pflags)); - memset(&mock_rsf, 0, sizeof(mock_rsf)); - mock_rsf.struct_version = ROLLBACK_SPACE_FIRMWARE_VERSION; - mock_rsf.crc8 = vb2_crc8(&mock_rsf, - offsetof(RollbackSpaceFirmware, crc8)); + /* Use value other than 0 for memcmp() checks */ + memset(&mock_rsf, 0xa6, sizeof(mock_rsf)); + memset(&mock_rsk, 0xa7, sizeof(mock_rsk)); + memset(&mock_fwmp, 0xa8, sizeof(mock_fwmp)); - memset(&mock_rsk, 0, sizeof(mock_rsk)); - mock_rsk.uid = ROLLBACK_SPACE_KERNEL_UID; - mock_rsk.struct_version = ROLLBACK_SPACE_KERNEL_VERSION; - mock_rsk.kernel_versions = 0x87654321; - mock_rsk.crc8 = vb2_crc8(&mock_rsk, - offsetof(RollbackSpaceKernel, crc8)); + mock_fwmp_real_size = VB2_SECDATA_FWMP_MIN_SIZE; + /* Note: only used when TPM2_MODE is disabled. */ +#ifndef TPM2_MODE mock_permissions = TPM_NV_PER_PPWRITE; +#else + mock_permissions = 0; +#endif + + secdata_kernel_locked = 0; + + TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), + "vb2api_init failed"); + + ctx->flags |= VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; + ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED; + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; +} + +/* Mock functions */ + +vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *c) +{ + if (mock_bad_crc) + return VB2_ERROR_SECDATA_FIRMWARE_CRC; + + return VB2_SUCCESS; +} - memset(mock_fwmp.buf, 0, sizeof(mock_fwmp.buf)); - mock_fwmp.fwmp.struct_size = sizeof(mock_fwmp.fwmp); - mock_fwmp.fwmp.struct_version = ROLLBACK_SPACE_FWMP_VERSION; - mock_fwmp.fwmp.flags = 0x1234; - /* Put some data in the hash */ - mock_fwmp.fwmp.dev_key_hash[0] = 0xaa; - mock_fwmp.fwmp.dev_key_hash[FWMP_HASH_SIZE - 1] = 0xbb; - RecalcFwmpCrc(); +vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *c) +{ + if (mock_bad_crc) + return VB2_ERROR_SECDATA_FIRMWARE_CRC; + + return VB2_SUCCESS; +} + +vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *c, uint8_t *size) +{ + if (*size < mock_fwmp_real_size) { + *size = mock_fwmp_real_size; + return VB2_ERROR_SECDATA_FWMP_INCOMPLETE; + } + + if (mock_bad_crc) + return VB2_ERROR_SECDATA_FIRMWARE_CRC; + + return VB2_SUCCESS; } /****************************************************************************/ @@ -212,26 +230,12 @@ uint32_t TlclAssertPhysicalPresence(void) return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } -uint32_t TlclFinalizePhysicalPresence(void) -{ - mock_cnext += sprintf(mock_cnext, "TlclFinalizePhysicalPresence()\n"); - mock_pflags.physicalPresenceLifetimeLock = 1; - return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; -} - uint32_t TlclPhysicalPresenceCMDEnable(void) { mock_cnext += sprintf(mock_cnext, "TlclPhysicalPresenceCMDEnable()\n"); return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } -uint32_t TlclSetNvLocked(void) -{ - mock_cnext += sprintf(mock_cnext, "TlclSetNvLocked()\n"); - mock_pflags.nvLocked = 1; - return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; -} - uint32_t TlclSetGlobalLock(void) { mock_cnext += sprintf(mock_cnext, "TlclSetGlobalLock()\n"); @@ -244,6 +248,7 @@ uint32_t TlclLockPhysicalPresence(void) return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } +#ifndef TPM2_MODE uint32_t TlclGetPermissions(uint32_t index, uint32_t* permissions) { mock_cnext += sprintf(mock_cnext, "TlclGetPermissions(%#x)\n", index); @@ -251,297 +256,332 @@ uint32_t TlclGetPermissions(uint32_t index, uint32_t* permissions) return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } -/****************************************************************************/ -/* Tests for CRC errors */ - -static void FirmwareSpaceTest(void) +uint32_t TlclFinalizePhysicalPresence(void) { - RollbackSpaceFirmware rsf; - - /* Old version, valid CRC */ - ResetMocks(0, 0); - mock_rsf.struct_version -= 1; - mock_rsf.crc8 = vb2_crc8(&mock_rsf, - offsetof(RollbackSpaceFirmware, crc8)); - TEST_EQ(ReadSpaceFirmware(&rsf), TPM_E_STRUCT_VERSION, - "ReadSpaceFirmware(), old version"); - TEST_STR_EQ(mock_calls, - "TlclRead(0x1007, 10)\n", - "tlcl calls"); - - /* Current version, bad CRC */ - ResetMocks(0, 0); - mock_rsf.crc8 = 0; - TEST_EQ(ReadSpaceFirmware(&rsf), TPM_E_CORRUPTED_STATE, - "ReadSpaceFirmware(), bad CRC"); - TEST_STR_EQ(mock_calls, - "TlclRead(0x1007, 10)\n", - "tlcl calls"); - - /* Current version, valid CRC */ - ResetMocks(0, 0); - TEST_EQ(ReadSpaceFirmware(&rsf), 0, - "ReadSpaceFirmware(), successful read"); - TEST_STR_EQ(mock_calls, - "TlclRead(0x1007, 10)\n", - "tlcl calls"); + mock_cnext += sprintf(mock_cnext, "TlclFinalizePhysicalPresence()\n"); + mock_pflags.physicalPresenceLifetimeLock = 1; + return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } -static void KernelSpaceTest(void) +uint32_t TlclSetNvLocked(void) { - RollbackSpaceKernel rsk; - - /* Current version, bad perms, valid CRC, valid UID */ - ResetMocks(0, 0); - mock_permissions = 0; - TEST_EQ(ReadSpaceKernel(&rsk), TPM_E_CORRUPTED_STATE, - "ReadSpaceKernel(), bad permissions"); - TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n", - "tlcl calls"); - - /* Old version, good perms, valid CRC, valid UID */ - ResetMocks(0, 0); - mock_rsk.struct_version -= 1; - mock_rsk.crc8 = vb2_crc8(&mock_rsk, - offsetof(RollbackSpaceKernel, crc8)); - TEST_EQ(ReadSpaceKernel(&rsk), TPM_E_STRUCT_VERSION, - "ReadSpaceKernel(), old version"); - TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n" - "TlclRead(0x1008, 13)\n", - "tlcl calls"); - - /* Current version, good perms, bad CRC, valid UID */ - ResetMocks(0, 0); - mock_rsk.crc8 = 0; - TEST_EQ(ReadSpaceKernel(&rsk), TPM_E_CORRUPTED_STATE, - "ReadSpaceKernel(), bad CRC"); - TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n" - "TlclRead(0x1008, 13)\n", - "tlcl calls"); - - /* Current version, good perms, valid CRC, bad UID */ - ResetMocks(0, 0); - mock_rsk.uid = 0; - mock_rsk.crc8 = vb2_crc8(&mock_rsk, - offsetof(RollbackSpaceKernel, crc8)); - TEST_EQ(ReadSpaceKernel(&rsk), TPM_E_CORRUPTED_STATE, - "ReadSpaceKernel(), bad UID"); - TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n" - "TlclRead(0x1008, 13)\n", - "tlcl calls"); - - /* Current version, good perms, valid CRC, valid UID */ - ResetMocks(0, 0); - TEST_EQ(ReadSpaceKernel(&rsk), 0, - "ReadSpaceKernel(), successful read"); - TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n" - "TlclRead(0x1008, 13)\n", - "tlcl calls"); + mock_cnext += sprintf(mock_cnext, "TlclSetNvLocked()\n"); + mock_pflags.nvLocked = 1; + return (++mock_count == fail_at_count) ? fail_with_error : TPM_SUCCESS; } +#endif /****************************************************************************/ /* Tests for misc helper functions */ -static void MiscTest(void) +static void misc_tests(void) { uint8_t buf[8]; - ResetMocks(0, 0); - TEST_EQ(TPMClearAndReenable(), 0, "TPMClearAndReenable()"); + reset_common_data(0, 0); + TEST_EQ(tlcl_clear_and_reenable(), 0, "tlcl_clear_and_enable()"); TEST_STR_EQ(mock_calls, "TlclForceClear()\n" "TlclSetEnable()\n" "TlclSetDeactivated(0)\n", - "tlcl calls"); + " tlcl calls"); - ResetMocks(0, 0); - TEST_EQ(SafeWrite(0x123, buf, 8), 0, "SafeWrite()"); + reset_common_data(0, 0); + TEST_EQ(tlcl_safe_write(0x123, buf, 8), 0, "tlcl_safe_write()"); TEST_STR_EQ(mock_calls, "TlclWrite(0x123, 8)\n", - "tlcl calls"); + " tlcl calls"); - ResetMocks(1, TPM_E_BADINDEX); - TEST_EQ(SafeWrite(0x123, buf, 8), TPM_E_BADINDEX, "SafeWrite() bad"); + reset_common_data(1, TPM_E_BADINDEX); + TEST_EQ(tlcl_safe_write(0x123, buf, 8), TPM_E_BADINDEX, + "tlcl_safe_write() bad"); TEST_STR_EQ(mock_calls, "TlclWrite(0x123, 8)\n", - "tlcl calls"); + " tlcl calls"); - ResetMocks(1, TPM_E_MAXNVWRITES); - TEST_EQ(SafeWrite(0x123, buf, 8), 0, "SafeWrite() retry max writes"); + reset_common_data(1, TPM_E_MAXNVWRITES); + TEST_EQ(tlcl_safe_write(0x123, buf, 8), 0, + "tlcl_safe_write() retry max writes"); TEST_STR_EQ(mock_calls, "TlclWrite(0x123, 8)\n" "TlclForceClear()\n" "TlclSetEnable()\n" "TlclSetDeactivated(0)\n" "TlclWrite(0x123, 8)\n", - "tlcl calls"); + " tlcl calls"); } /****************************************************************************/ -/* Tests for RollbackKernel() calls */ +/* Tests for firmware space functions */ -static void RollbackKernelTest(void) +static void secdata_firmware_tests(void) { - uint32_t version = 0; + /* Write with no new changes */ + reset_common_data(0, 0); + ctx->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; + TEST_SUCC(secdata_firmware_write(ctx), + "secdata_firmware_write(), no changes, success"); + TEST_STR_EQ(mock_calls, + "", + " tlcl calls"); - /* Normal read */ - ResetMocks(0, 0); - TEST_EQ(RollbackKernelRead(&version), 0, "RollbackKernelRead()"); + /* Write failure */ + reset_common_data(1, TPM_E_IOERROR); + TEST_EQ(secdata_firmware_write(ctx), TPM_E_IOERROR, + "secdata_firmware_write(), failure"); TEST_STR_EQ(mock_calls, - "TlclGetPermissions(0x1008)\n" + "TlclWrite(0x1007, 10)\n", + " tlcl calls"); + TEST_NEQ(ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED, 0, + " should leave SECDATA_FIRMWARE_CHANGED context flag"); + + /* Write in normal mode */ + reset_common_data(0, 0); + ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE; + TEST_EQ(secdata_firmware_write(ctx), TPM_E_AREA_LOCKED, + "secdata_firmware_write(), normal mode, failure"); + TEST_STR_EQ(mock_calls, + "", + " tlcl calls"); + TEST_NEQ(ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED, 0, + " should leave SECDATA_FIRMWARE_CHANGED context flag"); + + /* Write success and readback */ + reset_common_data(0, 0); + memset(ctx->secdata_firmware, 0xaa, sizeof(ctx->secdata_firmware)); + TEST_SUCC(secdata_firmware_write(ctx), + "secdata_firmware_write(), success"); + TEST_STR_EQ(mock_calls, + "TlclWrite(0x1007, 10)\n", + " tlcl calls"); + memset(ctx->secdata_firmware, 0xaa, sizeof(ctx->secdata_firmware)); + TEST_EQ(memcmp(ctx->secdata_firmware, &mock_rsf, + sizeof(ctx->secdata_firmware)), 0, + " unchanged on readback"); + TEST_EQ(ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED, 0, + " should reset SECDATA_FIRMWARE_CHANGED context flag"); +} + +/****************************************************************************/ +/* Tests for kernel space functions */ + +static void secdata_kernel_tests(void) +{ + /* Not present is an error */ + reset_common_data(1, TPM_E_BADINDEX); + TEST_EQ(secdata_kernel_read(ctx), TPM_E_BADINDEX, + "secdata_kernel_read(), not present"); + TEST_STR_EQ(mock_calls, +#ifndef TPM2_MODE + "TlclGetPermissions(0x1008)\n", +#else "TlclRead(0x1008, 13)\n", - "tlcl calls"); - TEST_EQ(version, 0x87654321, "RollbackKernelRead() version"); +#endif + " tlcl calls"); - /* Read error */ - ResetMocks(1, TPM_E_IOERROR); - TEST_EQ(RollbackKernelRead(&version), TPM_E_IOERROR, - "RollbackKernelRead() error"); - - /* Wrong permission or UID will return error */ - ResetMocks(0, 0); - mock_rsk.uid = 0; - mock_rsk.crc8 = vb2_crc8(&mock_rsk, - offsetof(RollbackSpaceKernel, crc8)); - TEST_EQ(RollbackKernelRead(&version), TPM_E_CORRUPTED_STATE, - "RollbackKernelRead() bad uid"); - - ResetMocks(0, 0); +#ifndef TPM2_MODE + /* Bad permissions */ + reset_common_data(0, 0); mock_permissions = 0; - TEST_EQ(RollbackKernelRead(&version), TPM_E_CORRUPTED_STATE, - "RollbackKernelRead() bad permissions"); - - /* Test write */ - ResetMocks(0, 0); - TEST_EQ(RollbackKernelWrite(0xBEAD4321), 0, "RollbackKernelWrite()"); - TEST_EQ(mock_rsk.kernel_versions, 0xBEAD4321, - "RollbackKernelWrite() version"); + TEST_EQ(secdata_kernel_read(ctx), TPM_E_CORRUPTED_STATE, + "secdata_kernel_read(), bad permissions"); + TEST_STR_EQ(mock_calls, + "TlclGetPermissions(0x1008)\n", + " tlcl calls"); +#endif + + /* Good permissions, read failure */ +#ifndef TPM2_MODE + int read_failure_on_call = 2; +#else + int read_failure_on_call = 1; +#endif + reset_common_data(read_failure_on_call, TPM_E_IOERROR); + TEST_EQ(secdata_kernel_read(ctx), TPM_E_IOERROR, + "secdata_kernel_read(), good permissions, failure"); TEST_STR_EQ(mock_calls, +#ifndef TPM2_MODE "TlclGetPermissions(0x1008)\n" - "TlclRead(0x1008, 13)\n" - "TlclWrite(0x1008, 13)\n", - "tlcl calls"); +#endif + "TlclRead(0x1008, 13)\n", + " tlcl calls"); + + /* Good permissions, read success, bad CRC */ + reset_common_data(0, 0); + mock_bad_crc = 1; + TEST_EQ(secdata_kernel_read(ctx), TPM_E_CORRUPTED_STATE, + "secdata_kernel_read(), read success, bad CRC"); + TEST_STR_EQ(mock_calls, +#ifndef TPM2_MODE + "TlclGetPermissions(0x1008)\n" +#endif + "TlclRead(0x1008, 13)\n", + " tlcl calls"); - ResetMocks(1, TPM_E_IOERROR); - TEST_EQ(RollbackKernelWrite(123), TPM_E_IOERROR, - "RollbackKernelWrite() error"); + /* Good permissions, read success */ + reset_common_data(0, 0); + TEST_SUCC(secdata_kernel_read(ctx), + "secdata_kernel_read(), good permissions, success"); + TEST_STR_EQ(mock_calls, +#ifndef TPM2_MODE + "TlclGetPermissions(0x1008)\n" +#endif + "TlclRead(0x1008, 13)\n", + " tlcl calls"); + TEST_EQ(memcmp(ctx->secdata_kernel, &mock_rsk, + sizeof(ctx->secdata_kernel)), 0, " data"); + + /* Write with no new changes */ + reset_common_data(0, 0); + ctx->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED; + TEST_SUCC(secdata_kernel_write(ctx), + "secdata_kernel_write(), no changes, success"); + TEST_STR_EQ(mock_calls, + "", + " tlcl calls"); - /* Test lock (recovery off) */ - ResetMocks(1, TPM_E_IOERROR); - TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR, - "RollbackKernelLock() error"); + /* Write failure */ + reset_common_data(1, TPM_E_IOERROR); + TEST_EQ(secdata_kernel_write(ctx), TPM_E_IOERROR, + "secdata_kernel_write(), failure"); + TEST_STR_EQ(mock_calls, + "TlclWrite(0x1008, 13)\n", + " tlcl calls"); + TEST_NEQ(ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, + " should leave SECDATA_KERNEL_CHANGED context flag"); + + /* Write success and readback */ + reset_common_data(0, 0); + memset(ctx->secdata_kernel, 0xaa, sizeof(ctx->secdata_kernel)); + TEST_SUCC(secdata_kernel_write(ctx), + "secdata_kernel_write(), failure"); + TEST_STR_EQ(mock_calls, + "TlclWrite(0x1008, 13)\n", + " tlcl calls"); + memset(ctx->secdata_kernel, 0xaa, sizeof(ctx->secdata_kernel)); + TEST_EQ(memcmp(ctx->secdata_kernel, &mock_rsk, + sizeof(ctx->secdata_kernel)), 0, + " unchanged on readback"); + TEST_EQ(ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, + " should reset SECDATA_KERNEL_CHANGED context flag"); + + /* Lock in normal mode with failure */ + reset_common_data(1, TPM_E_AREA_LOCKED); + TEST_EQ(secdata_kernel_lock(ctx), TPM_E_AREA_LOCKED, + "secdata_kernel_lock(), lock failure"); + TEST_STR_EQ(mock_calls, + "TlclLockPhysicalPresence()\n", + " tlcl calls"); - /* Test lock with recovery on; shouldn't lock PP */ - ResetMocks(0, 0); - TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery"); - TEST_STR_EQ(mock_calls, "", "no tlcl calls"); + /* Lock in normal mode */ + reset_common_data(0, 0); + TEST_SUCC(secdata_kernel_lock(ctx), + "secdata_kernel_lock(), success (locked)"); + TEST_STR_EQ(mock_calls, + "TlclLockPhysicalPresence()\n", + " tlcl calls"); - ResetMocks(0, 0); - TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()"); + /* Lock after already locked (only one TlclLockPhysicalPresence). */ + reset_common_data(0, 0); + TEST_SUCC(secdata_kernel_lock(ctx), + "secdata_kernel_lock(), lock first run"); + TEST_SUCC(secdata_kernel_lock(ctx), + "secdata_kernel_lock(), already locked"); TEST_STR_EQ(mock_calls, "TlclLockPhysicalPresence()\n", - "tlcl calls"); + " tlcl calls"); } /****************************************************************************/ -/* Tests for RollbackFwmpRead() calls */ +/* Tests for fwmp space functions */ -static void RollbackFwmpTest(void) +static void secdata_fwmp_tests(void) { - struct RollbackSpaceFwmp fwmp; - struct RollbackSpaceFwmp fwmp_zero = {0}; + /* Read failure */ + reset_common_data(1, TPM_E_IOERROR); + TEST_EQ(secdata_fwmp_read(ctx), TPM_E_IOERROR, + "secdata_fwmp_read(), failure"); + TEST_STR_EQ(mock_calls, + "TlclRead(0x100a, 40)\n", + " tlcl calls"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); + + /* Normal read, bad CRC */ + reset_common_data(0, 0); + mock_bad_crc = 1; + TEST_EQ(secdata_fwmp_read(ctx), TPM_E_CORRUPTED_STATE, + "secdata_fwmp_read(), success, bad CRC"); + TEST_STR_EQ(mock_calls, + "TlclRead(0x100a, 40)\n", + " tlcl calls"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); /* Normal read */ - ResetMocks(0, 0); - TEST_EQ(RollbackFwmpRead(&fwmp), 0, "RollbackFwmpRead()"); + reset_common_data(0, 0); + TEST_SUCC(secdata_fwmp_read(ctx), + "secdata_fwmp_read(), success"); TEST_STR_EQ(mock_calls, "TlclRead(0x100a, 40)\n", " tlcl calls"); - TEST_EQ(0, memcmp(&fwmp, &mock_fwmp, sizeof(fwmp)), " data"); + TEST_EQ(memcmp(ctx->secdata_fwmp, &mock_fwmp, + mock_fwmp_real_size), 0, " data"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); /* Read error */ - ResetMocks(1, TPM_E_IOERROR); - TEST_EQ(RollbackFwmpRead(&fwmp), TPM_E_IOERROR, - "RollbackFwmpRead() error"); + reset_common_data(1, TPM_E_IOERROR); + TEST_EQ(secdata_fwmp_read(ctx), TPM_E_IOERROR, + "secdata_fwmp_read(), error"); TEST_STR_EQ(mock_calls, "TlclRead(0x100a, 40)\n", " tlcl calls"); - TEST_EQ(0, memcmp(&fwmp, &fwmp_zero, sizeof(fwmp)), " data clear"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); - /* Not present isn't an error; just returns empty data */ - ResetMocks(1, TPM_E_BADINDEX); - TEST_EQ(RollbackFwmpRead(&fwmp), 0, "RollbackFwmpRead() not present"); + /* Not present isn't an error; just sets context flag */ + reset_common_data(1, TPM_E_BADINDEX); + TEST_SUCC(secdata_fwmp_read(ctx), "secdata_fwmp_read(), not present"); TEST_STR_EQ(mock_calls, "TlclRead(0x100a, 40)\n", " tlcl calls"); - TEST_EQ(0, memcmp(&fwmp, &fwmp_zero, sizeof(fwmp)), " data clear"); - - /* Struct size too small */ - ResetMocks(0, 0); - mock_fwmp.fwmp.struct_size--; - TEST_EQ(RollbackFwmpRead(&fwmp), TPM_E_STRUCT_SIZE, - "RollbackFwmpRead() too small"); - - /* Struct size too large with good CRC */ - ResetMocks(0, 0); - mock_fwmp.fwmp.struct_size += 4; - RecalcFwmpCrc(); - TEST_EQ(RollbackFwmpRead(&fwmp), 0, "RollbackFwmpRead() bigger"); + TEST_NEQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should set NO_SECDATA_FWMP context flag"); + + /* Struct size too large, then bad CRC */ + reset_common_data(0, 0); + mock_fwmp_real_size += 4; + mock_bad_crc = 1; + TEST_EQ(secdata_fwmp_read(ctx), TPM_E_CORRUPTED_STATE, + "secdata_fwmp_read(), bigger, bad CRC"); TEST_STR_EQ(mock_calls, "TlclRead(0x100a, 40)\n" "TlclRead(0x100a, 44)\n", " tlcl calls"); - TEST_EQ(0, memcmp(&fwmp, &mock_fwmp, sizeof(fwmp)), " data"); - - /* Bad CRC causes retry, then eventual failure */ - ResetMocks(0, 0); - mock_fwmp.fwmp.crc++; - TEST_EQ(RollbackFwmpRead(&fwmp), TPM_E_CORRUPTED_STATE, - "RollbackFwmpRead() crc"); - TEST_STR_EQ(mock_calls, - "TlclRead(0x100a, 40)\n", - " tlcl calls"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); - /* Struct size too large with bad CRC */ - ResetMocks(0, 0); - mock_fwmp.fwmp.struct_size += 4; - RecalcFwmpCrc(); - mock_fwmp.fwmp.crc++; - TEST_EQ(RollbackFwmpRead(&fwmp), TPM_E_CORRUPTED_STATE, - "RollbackFwmpRead() bigger crc"); + /* Struct size too large */ + reset_common_data(0, 0); + mock_fwmp_real_size += 4; + TEST_SUCC(secdata_fwmp_read(ctx), "secdata_fwmp_read(), bigger"); TEST_STR_EQ(mock_calls, "TlclRead(0x100a, 40)\n" "TlclRead(0x100a, 44)\n", " tlcl calls"); - TEST_EQ(0, memcmp(&fwmp, &fwmp_zero, sizeof(fwmp)), " data"); - - /* Minor version difference ok */ - ResetMocks(0, 0); - mock_fwmp.fwmp.struct_version++; - RecalcFwmpCrc(); - TEST_EQ(RollbackFwmpRead(&fwmp), 0, "RollbackFwmpRead() minor version"); - TEST_EQ(0, memcmp(&fwmp, &mock_fwmp, sizeof(fwmp)), " data"); - - /* Major version difference not ok */ - ResetMocks(0, 0); - mock_fwmp.fwmp.struct_version += 0x10; - RecalcFwmpCrc(); - TEST_EQ(RollbackFwmpRead(&fwmp), TPM_E_STRUCT_VERSION, - "RollbackFwmpRead() major version"); + TEST_EQ(memcmp(ctx->secdata_fwmp, &mock_fwmp, + mock_fwmp_real_size), 0, " data"); + TEST_EQ(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP, 0, + " should leave NO_SECDATA_FWMP context flag"); } int main(int argc, char* argv[]) { - FirmwareSpaceTest(); - KernelSpaceTest(); - MiscTest(); - RollbackKernelTest(); - RollbackFwmpTest(); + misc_tests(); + secdata_firmware_tests(); + secdata_kernel_tests(); + secdata_fwmp_tests(); return gTestSuccess ? 0 : 255; } diff --git a/tests/test_common.h b/tests/test_common.h index 17689b71..e0d8ef3b 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -109,7 +109,7 @@ int test_false(int result, #result " == false", \ comment) -/* Return 1 if result is 0 (VB_ERROR_SUCCESS / VB2_SUCCESS), else return 0. +/* Return 1 if result is 0 (VB2_SUCCESS or other), else return 0. * Also update the global gTestSuccess flag if test fails. */ int test_succ(int result, const char *preamble, const char *desc, const char *comment); diff --git a/tests/vboot_api_devmode_tests.c b/tests/vboot_api_devmode_tests.c index 6cbcedec..36983d1f 100644 --- a/tests/vboot_api_devmode_tests.c +++ b/tests/vboot_api_devmode_tests.c @@ -122,6 +122,9 @@ static void ResetMocks(void) sd = vb2_get_sd(ctx); sd->vbsd = shared; + ctx->flags |= VB2_CONTEXT_NO_SECDATA_FWMP; + sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; + memset(&gbb, 0, sizeof(gbb)); memset(&shared_data, 0, sizeof(shared_data)); @@ -149,12 +152,7 @@ struct vb2_gbb_header *vb2_get_gbb(struct vb2_context *c) return &gbb; } -vb2_error_t VbExNvStorageRead(uint8_t* buf) -{ - return VB2_SUCCESS; -} - -vb2_error_t VbExNvStorageWrite(const uint8_t* buf) +vb2_error_t vb2_commit_data(struct vb2_context *c) { return VB2_SUCCESS; } diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c index 50ee0752..6d8946ee 100644 --- a/tests/vboot_api_kernel2_tests.c +++ b/tests/vboot_api_kernel2_tests.c @@ -9,6 +9,7 @@ #include "2misc.h" #include "2nvstorage.h" #include "2secdata.h" +#include "2secdata_struct.h" #include "host_common.h" #include "load_kernel_fw.h" #include "secdata_tpm.h" @@ -30,6 +31,7 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] static struct vb2_context *ctx; static struct vb2_shared_data *sd; static struct vb2_gbb_header gbb; +static struct vb2_secdata_fwmp *fwmp; static int audio_looping_calls_left; static uint32_t vbtlk_retval; @@ -82,7 +84,6 @@ static void MockGpioAfter(uint32_t ticks, uint32_t gpio_flags) static void ResetMocks(void) { vb2_init_ui(); - memset(VbApiKernelGetFwmp(), 0, sizeof(struct RollbackSpaceFwmp)); memset(&shared_data, 0, sizeof(shared_data)); VbSharedDataInit(shared, sizeof(shared_data)); @@ -97,6 +98,10 @@ static void ResetMocks(void) sd->vbsd = shared; sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE; + /* CRC will be invalid after here, but nobody's checking */ + sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; + fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp; + memset(&gbb, 0, sizeof(gbb)); audio_looping_calls_left = 30; @@ -125,7 +130,8 @@ static void ResetMocks(void) } /* Mock functions */ -uint32_t RollbackKernelLock(int recovery_mode) + +uint32_t secdata_kernel_lock(struct vb2_context *c) { return TPM_SUCCESS; } @@ -252,9 +258,9 @@ vb2_error_t VbDisplayScreen(struct vb2_context *c, uint32_t screen, int force, return VB2_SUCCESS; } -vb2_error_t SetVirtualDevMode(int val) +vb2_error_t vb2_enable_developer_mode(struct vb2_context *c) { - virtdev_set = val; + virtdev_set = 1; return virtdev_retval; } @@ -718,7 +724,7 @@ static void VbBootDevTest(void) /* Enter altfw menu and select firmware 0 */ ResetMocks(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_ENABLE_LEGACY; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY; mock_keypress[0] = VB_KEY_CTRL('L'); mock_keypress[1] = '0'; TEST_EQ(VbBootDeveloper(ctx), 1002, @@ -750,7 +756,7 @@ static void VbBootDevTest(void) TEST_EQ(altfw_num, key - '0', " check altfw_num"); ResetMocks(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_ENABLE_LEGACY; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY; mock_keypress[0] = key; TEST_EQ(VbBootDeveloper(ctx), 1002, "Ctrl+L fwmp legacy"); @@ -779,7 +785,7 @@ static void VbBootDevTest(void) /* Ctrl+U enabled via FWMP */ ResetMocks(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_ENABLE_USB; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_USB; mock_keypress[0] = VB_KEY_CTRL('U'); vbtlk_retval = VB2_SUCCESS - VB_DISK_FLAG_REMOVABLE; TEST_EQ(VbBootDeveloper(ctx), 0, "Ctrl+U force USB"); @@ -984,7 +990,7 @@ static void VbBootDevTest(void) /* If dev mode is disabled, goes to TONORM screen repeatedly */ ResetMocks(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; mock_keypress[0] = VB_KEY_ESC; /* Just causes TONORM again */ mock_keypress[1] = VB_KEY_ENTER; TEST_EQ(VbBootDeveloper(ctx), VBERROR_REBOOT_REQUIRED, @@ -1001,7 +1007,7 @@ static void VbBootDevTest(void) /* Shutdown requested when dev disabled */ ResetMocks(); shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; MockGpioAfter(1, GPIO_SHUTDOWN); TEST_EQ(VbBootDeveloper(ctx), VBERROR_SHUTDOWN_REQUESTED, @@ -1012,7 +1018,7 @@ static void VbBootDevTest(void) /* Shutdown requested by keyboard when dev disabled */ ResetMocks(); shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; mock_keypress[0] = VB_BUTTON_POWER_SHORT_PRESS; TEST_EQ(VbBootDeveloper(ctx), VBERROR_SHUTDOWN_REQUESTED, diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c index c168f82d..c0a10727 100644 --- a/tests/vboot_api_kernel4_tests.c +++ b/tests/vboot_api_kernel4_tests.c @@ -21,27 +21,31 @@ #include "vboot_common.h" #include "vboot_kernel.h" #include "vboot_struct.h" +#include "vboot_test.h" /* Mock data */ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] __attribute__((aligned(VB2_WORKBUF_ALIGN))); static struct vb2_context *ctx; -static struct vb2_context ctx_nvram_backend; static struct vb2_shared_data *sd; static VbSelectAndLoadKernelParams kparams; static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static struct vb2_gbb_header gbb; -static uint32_t rkr_version; +static uint32_t kernel_version; static uint32_t new_version; -static struct RollbackSpaceFwmp rfr_fwmp; -static int rkr_retval, rkw_retval, rkl_retval, rfr_retval; +static uint8_t fwmp_buf[VB2_SECDATA_FWMP_MIN_SIZE]; +static uint32_t kernel_read_retval; +static uint32_t kernel_write_retval; +static uint32_t kernel_lock_retval; +static uint32_t fwmp_read_retval; static vb2_error_t vbboot_retval; static uint32_t mock_switches[8]; static uint32_t mock_switches_count; static int mock_switches_are_stuck; +static int commit_data_called; /* Reset mock data (for use before each test) */ static void ResetMocks(void) @@ -57,26 +61,22 @@ static void ResetMocks(void) "vb2api_init failed"); sd = vb2_get_sd(ctx); sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE; + ctx->flags |= VB2_CONTEXT_NO_SECDATA_FWMP; - /* - * ctx_nvram_backend is only used as an NVRAM backend (see - * VbExNvStorageRead and VbExNvStorageWrite), and with - * vb2_set_nvdata and nv2_get_nvdata to manually read and tweak - * contents. No other initialization is needed. - */ - memset(&ctx_nvram_backend, 0, sizeof(ctx_nvram_backend)); - vb2_nv_init(&ctx_nvram_backend); - vb2_nv_set(&ctx_nvram_backend, VB2_NV_KERNEL_MAX_ROLLFORWARD, - 0xffffffff); + vb2_nv_init(ctx); + vb2_nv_set(ctx, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0xffffffff); + commit_data_called = 0; memset(&shared_data, 0, sizeof(shared_data)); VbSharedDataInit(shared, sizeof(shared_data)); - memset(&rfr_fwmp, 0, sizeof(rfr_fwmp)); - rfr_retval = TPM_SUCCESS; + memset(&fwmp_buf, 0, sizeof(fwmp_buf)); + fwmp_read_retval = TPM_SUCCESS; - rkr_version = new_version = 0x10002; - rkr_retval = rkw_retval = rkl_retval = VB2_SUCCESS; + kernel_version = new_version = 0x10002; + kernel_read_retval = TPM_SUCCESS; + kernel_write_retval = TPM_SUCCESS; + kernel_lock_retval = TPM_SUCCESS; vbboot_retval = VB2_SUCCESS; memset(mock_switches, 0, sizeof(mock_switches)); @@ -86,41 +86,59 @@ static void ResetMocks(void) /* Mock functions */ -vb2_error_t VbExNvStorageRead(uint8_t *buf) +vb2_error_t vb2ex_commit_data(struct vb2_context *c) { - memcpy(buf, ctx_nvram_backend.nvdata, - vb2_nv_get_size(&ctx_nvram_backend)); + commit_data_called = 1; return VB2_SUCCESS; } -vb2_error_t VbExNvStorageWrite(const uint8_t *buf) +uint32_t secdata_firmware_write(struct vb2_context *c) { - memcpy(ctx_nvram_backend.nvdata, buf, - vb2_nv_get_size(&ctx_nvram_backend)); - return VB2_SUCCESS; + return TPM_SUCCESS; +} + +uint32_t secdata_kernel_read(struct vb2_context *c) +{ + return kernel_read_retval; +} + +uint32_t secdata_kernel_write(struct vb2_context *c) +{ + return kernel_write_retval; } -uint32_t RollbackKernelRead(uint32_t *version) +uint32_t secdata_kernel_lock(struct vb2_context *c) { - *version = rkr_version; - return rkr_retval; + return kernel_lock_retval; } -uint32_t RollbackKernelWrite(uint32_t version) +uint32_t secdata_fwmp_read(struct vb2_context *c) { - rkr_version = version; - return rkw_retval; + memcpy(&c->secdata_fwmp, &fwmp_buf, sizeof(fwmp_buf)); + return fwmp_read_retval; } -uint32_t RollbackKernelLock(int recovery_mode) +vb2_error_t vb2_secdata_firmware_init(struct vb2_context *c) { - return rkl_retval; + return VB2_SUCCESS; +} + +vb2_error_t vb2_secdata_kernel_init(struct vb2_context *c) +{ + return VB2_SUCCESS; } -uint32_t RollbackFwmpRead(struct RollbackSpaceFwmp *fwmp) +uint32_t vb2_secdata_kernel_get(struct vb2_context *c, + enum vb2_secdata_kernel_param param) { - memcpy(fwmp, &rfr_fwmp, sizeof(*fwmp)); - return rfr_retval; + return kernel_version; +} + +void vb2_secdata_kernel_set(struct vb2_context *c, + enum vb2_secdata_kernel_param param, + uint32_t value) +{ + kernel_version = value; } vb2_error_t VbTryLoadKernel(struct vb2_context *c, uint32_t get_info_flags) @@ -164,8 +182,10 @@ vb2_error_t VbBootDiagnostic(struct vb2_context *c) static void test_slk(vb2_error_t retval, int recovery_reason, const char *desc) { TEST_EQ(VbSelectAndLoadKernel(ctx, shared, &kparams), retval, desc); - TEST_EQ(vb2_nv_get(&ctx_nvram_backend, VB2_NV_RECOVERY_REQUEST), + TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), recovery_reason, " recovery reason"); + if (recovery_reason) + TEST_TRUE(commit_data_called, " didn't commit nvdata"); } uint32_t VbExGetSwitches(uint32_t request_mask) @@ -189,7 +209,7 @@ static void VbSlkTest(void) { ResetMocks(); test_slk(0, 0, "Normal"); - TEST_EQ(rkr_version, 0x10002, " version"); + TEST_EQ(kernel_version, 0x10002, " version"); /* * If shared->flags doesn't ask for software sync, we won't notice @@ -206,42 +226,43 @@ static void VbSlkTest(void) /* Rollback kernel version */ ResetMocks(); - rkr_retval = 123; - test_slk(VBERROR_TPM_READ_KERNEL, + kernel_read_retval = 123; + test_slk(VB2_ERROR_SECDATA_KERNEL_READ, VB2_RECOVERY_RW_TPM_R_ERROR, "Read kernel rollback"); ResetMocks(); new_version = 0x20003; test_slk(0, 0, "Roll forward"); - TEST_EQ(rkr_version, 0x20003, " version"); + TEST_EQ(kernel_version, 0x20003, " version"); ResetMocks(); - vb2_nv_set(&ctx_nvram_backend, VB2_NV_FW_RESULT, VB2_FW_RESULT_TRYING); + vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_TRYING); new_version = 0x20003; test_slk(0, 0, "Don't roll forward kernel when trying new FW"); - TEST_EQ(rkr_version, 0x10002, " version"); + TEST_EQ(kernel_version, 0x10002, " version"); ResetMocks(); - vb2_nv_set(&ctx_nvram_backend, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0x30005); + vb2_nv_set(ctx, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0x30005); new_version = 0x40006; test_slk(0, 0, "Limit max roll forward"); - TEST_EQ(rkr_version, 0x30005, " version"); + TEST_EQ(kernel_version, 0x30005, " version"); ResetMocks(); - vb2_nv_set(&ctx_nvram_backend, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0x10001); + vb2_nv_set(ctx, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0x10001); new_version = 0x40006; test_slk(0, 0, "Max roll forward can't rollback"); - TEST_EQ(rkr_version, 0x10002, " version"); + TEST_EQ(kernel_version, 0x10002, " version"); + ResetMocks(); new_version = 0x20003; - rkw_retval = 123; - test_slk(VBERROR_TPM_WRITE_KERNEL, + kernel_write_retval = 123; + test_slk(VB2_ERROR_SECDATA_KERNEL_WRITE, VB2_RECOVERY_RW_TPM_W_ERROR, "Write kernel rollback"); ResetMocks(); - rkl_retval = 123; - test_slk(VBERROR_TPM_LOCK_KERNEL, + kernel_lock_retval = 123; + test_slk(VB2_ERROR_SECDATA_KERNEL_LOCK, VB2_RECOVERY_RW_TPM_L_ERROR, "Lock kernel rollback"); /* Boot normal */ @@ -253,12 +274,14 @@ static void VbSlkTest(void) if (DIAGNOSTIC_UI) { ResetMocks(); mock_switches[1] = VB_SWITCH_FLAG_PHYS_PRESENCE_PRESSED; - vb2_nv_set(&ctx_nvram_backend, VB2_NV_DIAG_REQUEST, 1); + vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 1); vbboot_retval = -4; test_slk(VB2_ERROR_MOCK, 0, "Normal boot with diag"); - TEST_EQ(vb2_nv_get(&ctx_nvram_backend, VB2_NV_DIAG_REQUEST), + TEST_EQ(vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST), 0, " diag not requested"); + TEST_TRUE(commit_data_called, + " didn't commit nvdata"); } /* Boot dev */ @@ -271,7 +294,7 @@ static void VbSlkTest(void) shared->flags |= VBSD_BOOT_DEV_SWITCH_ON; new_version = 0x20003; test_slk(0, 0, "Dev doesn't roll forward"); - TEST_EQ(rkr_version, 0x10002, " version"); + TEST_EQ(kernel_version, 0x10002, " version"); /* Boot recovery */ ResetMocks(); @@ -283,11 +306,13 @@ static void VbSlkTest(void) shared->recovery_reason = 123; new_version = 0x20003; test_slk(0, 0, "Recovery doesn't roll forward"); - TEST_EQ(rkr_version, 0x10002, " version"); + TEST_EQ(kernel_version, 0x10002, " version"); ResetMocks(); shared->recovery_reason = 123; - rkr_retval = rkw_retval = rkl_retval = VB2_ERROR_MOCK; + kernel_read_retval = TPM_E_IOERROR; + kernel_write_retval = TPM_E_IOERROR; + kernel_lock_retval = TPM_E_IOERROR; test_slk(0, 0, "Recovery ignore TPM errors"); ResetMocks(); diff --git a/tests/vboot_detach_menu_tests.c b/tests/vboot_detach_menu_tests.c index f0440cfb..d85acbc6 100644 --- a/tests/vboot_detach_menu_tests.c +++ b/tests/vboot_detach_menu_tests.c @@ -9,6 +9,7 @@ #include "2misc.h" #include "2nvstorage.h" #include "2secdata.h" +#include "2secdata_struct.h" #include "host_common.h" #include "load_kernel_fw.h" #include "secdata_tpm.h" @@ -32,6 +33,7 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] static struct vb2_context *ctx; static struct vb2_shared_data *sd; static struct vb2_gbb_header gbb; +static struct vb2_secdata_fwmp *fwmp; static int shutdown_request_calls_left; static int audio_looping_calls_left; @@ -61,8 +63,6 @@ static int vbexaltfwmask_called; /* Reset mock data (for use before each test) */ static void ResetMocks(void) { - memset(VbApiKernelGetFwmp(), 0, sizeof(struct RollbackSpaceFwmp)); - memset(&shared_data, 0, sizeof(shared_data)); VbSharedDataInit(shared, sizeof(shared_data)); shared->flags = VBSD_BOOT_FIRMWARE_VBOOT2; @@ -76,6 +76,10 @@ static void ResetMocks(void) sd = vb2_get_sd(ctx); sd->vbsd = shared; + /* CRC will be invalid after here, but nobody's checking */ + sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; + fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp; + memset(&gbb, 0, sizeof(gbb)); /* In recovery we have 50 keyscans per disk scan, this must be high. */ @@ -124,7 +128,8 @@ static void ResetMocksForManualRecovery(void) } /* Mock functions */ -uint32_t RollbackKernelLock(int recovery_mode) + +uint32_t secdata_kernel_lock(struct vb2_context *c) { return TPM_SUCCESS; } @@ -252,9 +257,9 @@ vb2_error_t VbExBeep(uint32_t msec, uint32_t frequency) return VB2_SUCCESS; } -vb2_error_t SetVirtualDevMode(int val) +vb2_error_t vb2_enable_developer_mode(struct vb2_context *c) { - virtdev_set = val; + virtdev_set = 1; return virtdev_retval; } @@ -665,7 +670,7 @@ static void VbBootDevTest(void) /* Ctrl+L boots legacy if enabled by FWMP */ ResetMocksForDeveloper(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_ENABLE_LEGACY; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY; mock_keypress[0] = VB_KEY_CTRL('L'); mock_keypress[1] = VB_BUTTON_POWER_SHORT_PRESS; TEST_EQ(VbBootDeveloperMenu(ctx), vbtlk_retval_fixed, @@ -755,7 +760,7 @@ static void VbBootDevTest(void) /* Ctrl+U enabled via FWMP */ ResetMocksForDeveloper(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_ENABLE_USB; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_USB; mock_keypress[0] = VB_KEY_CTRL('U'); vbtlk_retval[0] = VB2_SUCCESS - VB_DISK_FLAG_REMOVABLE; TEST_EQ(VbBootDeveloperMenu(ctx), VB2_SUCCESS, "Ctrl+U force USB"); @@ -1148,7 +1153,7 @@ static void VbBootDevTest(void) /* If dev mode is disabled, goes to TONORM screen repeatedly */ ResetMocksForDeveloper(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; audio_looping_calls_left = 1; /* Confirm audio doesn't tick down. */ i = 0; mock_keypress[i++] = VB_KEY_CTRL('D'); /* Just stays on TONORM and flashes */ @@ -1202,7 +1207,7 @@ static void VbBootDevTest(void) /* Shutdown requested when dev disabled */ ResetMocksForDeveloper(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; shutdown_request_calls_left = 1; TEST_EQ(VbBootDeveloperMenu(ctx), VBERROR_SHUTDOWN_REQUESTED, "Shutdown requested when dev disabled"); @@ -1218,7 +1223,7 @@ static void VbBootDevTest(void) /* Explicit Power Off when dev disabled */ ResetMocksForDeveloper(); - VbApiKernelGetFwmp()->flags |= FWMP_DEV_DISABLE_BOOT; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; i = 0; mock_keypress[i++] = VB_BUTTON_VOL_DOWN_SHORT_PRESS; // Power Off mock_keypress[i++] = VB_BUTTON_POWER_SHORT_PRESS; diff --git a/tests/vboot_display_tests.c b/tests/vboot_display_tests.c index 58ccda07..7565a196 100644 --- a/tests/vboot_display_tests.c +++ b/tests/vboot_display_tests.c @@ -16,6 +16,7 @@ #include "2struct.h" #include "2sysincludes.h" #include "host_common.h" +#include "secdata_tpm.h" #include "test_common.h" #include "vboot_common.h" #include "vboot_display.h" @@ -72,6 +73,11 @@ vb2_error_t VbExDisplayDebugInfo(const char *info_str, int full_info) return VB2_SUCCESS; } +vb2_error_t vb2_commit_data(struct vb2_context *c) +{ + return VB2_SUCCESS; +} + /* Test displaying debug info */ static void DebugInfoTest(void) { diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index b43a2acd..86afcb8d 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -63,7 +63,7 @@ static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static LoadKernelParams lkp; static struct vb2_keyblock kbh; static VbKernelPreambleHeader kph; -static struct RollbackSpaceFwmp fwmp; +static struct vb2_secdata_fwmp *fwmp; static uint8_t mock_disk[MOCK_SECTOR_SIZE * MOCK_SECTOR_COUNT]; static GptHeader *mock_gpt_primary = (GptHeader*)&mock_disk[MOCK_SECTOR_SIZE * 1]; @@ -164,9 +164,6 @@ static void ResetMocks(void) kph.bootloader_address = 0xbeadd008; kph.bootloader_size = 0x1234; - memset(&fwmp, 0, sizeof(fwmp)); - memcpy(fwmp.dev_key_hash, mock_digest, sizeof(fwmp.dev_key_hash)); - memset(mock_parts, 0, sizeof(mock_parts)); mock_parts[0].start = 100; mock_parts[0].size = 150; /* 75 KB */ @@ -181,6 +178,11 @@ static void ResetMocks(void) struct vb2_shared_data *sd = vb2_get_sd(ctx); sd->vbsd = shared; + /* CRC will be invalid after here, but nobody's checking */ + sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; + fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp; + memcpy(&fwmp->dev_key_hash, mock_digest, sizeof(fwmp->dev_key_hash)); + // TODO: more workbuf fields - flags, secdata_firmware, secdata_kernel } @@ -670,8 +672,7 @@ static void LoadKernelTest(void) ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_ENABLE_OFFICIAL_ONLY; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY; keyblock_verify_fail = 1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev sig fwmp"); @@ -761,17 +762,15 @@ static void LoadKernelTest(void) /* Check developer key hash - bad */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_USE_KEY_HASH; - fwmp.dev_key_hash[0]++; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH; + fwmp->dev_key_hash[0]++; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev fwmp hash"); /* Check developer key hash - good */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_USE_KEY_HASH; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH; TestLoadKernel(0, "Good keyblock dev fwmp hash"); ResetMocks(); |