Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / f06bfd77fe200476d4de4ce8bb529da5e796dfdb^! / .
commitf06bfd77fe200476d4de4ce8bb529da5e796dfdb[log] [tgz]
authorAlice Wang <aliceywang@google.com>Thu Jan 19 09:24:21 2023 +0000
committerAlice Wang <aliceywang@google.com>Thu Jan 19 10:00:20 2023 +0000
tree10eee9043ddaadcc4c4563921bbfbab2d1e6c7f3
parenta2ddd112acf5959b072e0c57bea5c0e37881ae64 [diff]
[avb] Test vbmeta with verifiaction flag disabled fails verification

And the latest signed kernel always have the verification enabled.

Bug: 264662910
Bug: 256148034
Test: atest libpvmfw_avb.integration_test
Change-Id: Ic511fab2a326c19e6e537f86050fb4098577d432

diff --git a/pvmfw/avb/tests/api_test.rs b/pvmfw/avb/tests/api_test.rs
index fc6bb1c..872ad63 100644
--- a/pvmfw/avb/tests/api_test.rs
+++ b/pvmfw/avb/tests/api_test.rs

@@ -23,6 +23,7 @@
 use std::{
     fs,
     mem::{size_of, transmute, MaybeUninit},
+    ptr,
 };
 
 const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
@@ -205,7 +206,41 @@
     )
 }
 
-// TODO(b/256148034): Test that vbmeta with its verification flag overwritten fails verification.
+#[test]
+fn vbmeta_with_verification_flag_disabled_fails_verification() -> Result<()> {
+    // From external/avb/libavb/avb_vbmeta_image.h
+    const AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED: u32 = 2;
+
+    // Arrange.
+    let mut kernel = load_latest_signed_kernel()?;
+    let footer = extract_avb_footer(&kernel)?;
+    let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
+    assert_eq!(
+        0, vbmeta_header.flags as u32,
+        "The disable flag should not be set in the latest kernel."
+    );
+    let flags_addr = ptr::addr_of!(vbmeta_header.flags) as *const u8;
+    // SAFETY: It is safe as both raw pointers `flags_addr` and `vbmeta_header` are not null.
+    let flags_offset = unsafe { flags_addr.offset_from(ptr::addr_of!(vbmeta_header) as *const u8) };
+    let flags_offset = usize::try_from(footer.vbmeta_offset)? + usize::try_from(flags_offset)?;
+
+    // Act.
+    kernel[flags_offset..(flags_offset + size_of::<u32>())]
+        .copy_from_slice(&AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED.to_be_bytes());
+
+    // Assert.
+    let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
+    assert_eq!(
+        AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED, vbmeta_header.flags as u32,
+        "VBMeta verification flag should be disabled now."
+    );
+    assert_payload_verification_fails(
+        &kernel,
+        &load_latest_initrd_normal()?,
+        &load_trusted_public_key()?,
+        AvbSlotVerifyError::Verification,
+    )
+}
 
 fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
     let footer_start = kernel.len() - size_of::<AvbFooter>();