commit 5c1a75600d69637d811845d0dd2f4f5ee1573ad3
author Alice Wang <aliceywang@google.com> Fri Jan 13 17:19:57 2023 +0000
committer Alice Wang <aliceywang@google.com> Fri Jan 20 11:01:40 2023 +0000
tree 362393b06c499f25b016fd2f785ed717e470d9cf
parent 2925b0a47dd274ce7b9f6bb091846d681f308d33

[avb] Verify initrd in the payload verification

Bug: 256148034
Test: m pvmfw_img && atest libpvmfw_avb.integration_test
Change-Id: I055838691e0d7dca6d3f1965f2023e3ee69cb9e9

pvmfw/avb/tests/api_test.rs

diff --git a/pvmfw/avb/tests/api_test.rs b/pvmfw/avb/tests/api_test.rs
index 2bd46d5..f0967eb 100644
--- a/pvmfw/avb/tests/api_test.rs
+++ b/pvmfw/avb/tests/api_test.rs
@@ -18,7 +18,7 @@
 
 use anyhow::Result;
 use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
-use pvmfw_avb::AvbSlotVerifyError;
+use pvmfw_avb::{AvbSlotVerifyError, DebugLevel};
 use std::{fs, mem::size_of, ptr};
 use utils::*;
 
@@ -37,7 +37,7 @@
         &load_latest_signed_kernel()?,
         &load_latest_initrd_normal()?,
         &load_trusted_public_key()?,
-        Ok(()),
+        Ok(DebugLevel::None),
     )
 }
 
@@ -47,7 +47,7 @@
         &load_latest_signed_kernel()?,
         &load_latest_initrd_debug()?,
         &load_trusted_public_key()?,
-        Ok(()),
+        Ok(DebugLevel::Full),
     )
 }
 
@@ -57,7 +57,7 @@
         &fs::read(TEST_IMG_WITH_ONE_HASHDESC_PATH)?,
         /*initrd=*/ None,
         &load_trusted_public_key()?,
-        Ok(()),
+        Ok(DebugLevel::None),
     )
 }
 
@@ -67,7 +67,7 @@
         &fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
         /*initrd=*/ None,
         &load_trusted_public_key()?,
-        Ok(()),
+        Ok(DebugLevel::None),
     )
 }
 
@@ -122,6 +122,16 @@
 }
 
 #[test]
+fn payload_with_an_invalid_initrd_fails_verification() -> Result<()> {
+    assert_payload_verification_with_initrd_eq(
+        &load_latest_signed_kernel()?,
+        /*initrd=*/ &fs::read(UNSIGNED_TEST_IMG_PATH)?,
+        &load_trusted_public_key()?,
+        Err(AvbSlotVerifyError::Verification),
+    )
+}
+
+#[test]
 fn unsigned_kernel_fails_verification() -> Result<()> {
     assert_payload_verification_with_initrd_eq(
         &fs::read(UNSIGNED_TEST_IMG_PATH)?,

pvmfw/avb/tests/utils.rs

diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
index aa40bb8..0d9657e 100644
--- a/pvmfw/avb/tests/utils.rs
+++ b/pvmfw/avb/tests/utils.rs
@@ -21,7 +21,7 @@
     avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
     AvbVBMetaImageHeader,
 };
-use pvmfw_avb::{verify_payload, AvbSlotVerifyError};
+use pvmfw_avb::{verify_payload, AvbSlotVerifyError, DebugLevel};
 use std::{
     fs,
     mem::{size_of, transmute, MaybeUninit},
@@ -38,7 +38,7 @@
     kernel: &[u8],
     initrd: &[u8],
     trusted_public_key: &[u8],
-    expected_result: Result<(), AvbSlotVerifyError>,
+    expected_result: Result<DebugLevel, AvbSlotVerifyError>,
 ) -> Result<()> {
     assert_payload_verification_eq(kernel, Some(initrd), trusted_public_key, expected_result)
 }
@@ -47,7 +47,7 @@
     kernel: &[u8],
     initrd: Option<&[u8]>,
     trusted_public_key: &[u8],
-    expected_result: Result<(), AvbSlotVerifyError>,
+    expected_result: Result<DebugLevel, AvbSlotVerifyError>,
 ) -> Result<()> {
     assert_eq!(expected_result, verify_payload(kernel, initrd, trusted_public_key));
     Ok(())