Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 4a0651de655e2dc2964b13a6c3a8dd13bb767881 / . / pvmfw / avb / tests / api_test.rs
blob: 63444330b5b5e0a6d676062362cb7d5152fa92fb [file] [log] [blame]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]17mod utils;
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]18
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]19use anyhow::{anyhow, Result};
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]20use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]21use pvmfw_avb::{verify_payload, Capability, DebugLevel, PvmfwVerifyError, VerifiedBootData};
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]22use std::{fs, mem::size_of, ptr};
23use utils::*;
24
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]25const TEST_IMG_WITH_ONE_HASHDESC_PATH: &str = "test_image_with_one_hashdesc.img";
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]26const TEST_IMG_WITH_ROLLBACK_INDEX_5: &str = "test_image_with_rollback_index_5.img";
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]27const TEST_IMG_WITH_PROP_DESC_PATH: &str = "test_image_with_prop_desc.img";
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]28const TEST_IMG_WITH_SERVICE_VM_PROP_PATH: &str = "test_image_with_service_vm_prop.img";
29const TEST_IMG_WITH_UNKNOWN_VM_TYPE_PROP_PATH: &str = "test_image_with_unknown_vm_type_prop.img";
30const TEST_IMG_WITH_MULTIPLE_PROPS_PATH: &str = "test_image_with_multiple_props.img";
31const TEST_IMG_WITH_DUPLICATED_CAP_PATH: &str = "test_image_with_duplicated_capability.img";
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]32const TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH: &str = "test_image_with_non_initrd_hashdesc.img";
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]33const TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH: &str =
34 "test_image_with_initrd_and_non_initrd_desc.img";
Shikha Panwar4a0651d2023-09-28 13:06:13 +0000[diff] [blame^]35const TEST_IMG_WITH_MULTIPLE_CAPABILITIES: &str = "test_image_with_multiple_capabilities.img";
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]36const UNSIGNED_TEST_IMG_PATH: &str = "unsigned_test.img";
37
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]38const RANDOM_FOOTER_POS: usize = 30;
39
40/// This test uses the Microdroid payload compiled on the fly to check that
41/// the latest payload can be verified successfully.
42#[test]
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]43fn latest_normal_payload_passes_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]44 assert_latest_payload_verification_passes(
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]45 &load_latest_initrd_normal()?,
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]46 b"initrd_normal",
47 DebugLevel::None,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]48 )
49}
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]50
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]51#[test]
52fn latest_debug_payload_passes_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]53 assert_latest_payload_verification_passes(
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]54 &load_latest_initrd_debug()?,
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]55 b"initrd_debug",
56 DebugLevel::Full,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]57 )
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]58}
59
60#[test]
61fn payload_expecting_no_initrd_passes_verification_with_no_initrd() -> Result<()> {
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]62 let public_key = load_trusted_public_key()?;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]63 let verified_boot_data = verify_payload(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]64 &fs::read(TEST_IMG_WITH_ONE_HASHDESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]65 /* initrd= */ None,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]66 &public_key,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]67 )
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]68 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
69
Pierre-Clément Tosi81ca0802023-02-14 10:41:38 +0000[diff] [blame]70 let kernel_digest = hash(&[&hex::decode("1111")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]71 let expected_boot_data = VerifiedBootData {
72 debug_level: DebugLevel::None,
73 kernel_digest,
74 initrd_digest: None,
75 public_key: &public_key,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]76 capabilities: vec![],
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]77 rollback_index: 0,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]78 };
Pierre-Clément Tosi81ca0802023-02-14 10:41:38 +0000[diff] [blame]79 assert_eq!(expected_boot_data, verified_boot_data);
80
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]81 Ok(())
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]82}
83
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]84#[test]
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]85fn payload_with_non_initrd_descriptor_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]86 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]87 &fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]88 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]89 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]90 PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]91 )
92}
93
94#[test]
95fn payload_with_non_initrd_descriptor_fails_verification_with_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]96 assert_payload_verification_with_initrd_fails(
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]97 &fs::read(TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH)?,
98 &load_latest_initrd_normal()?,
99 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]100 PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]101 )
102}
103
104#[test]
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]105fn payload_expecting_no_initrd_passes_verification_with_service_vm_prop() -> Result<()> {
106 let public_key = load_trusted_public_key()?;
107 let verified_boot_data = verify_payload(
108 &fs::read(TEST_IMG_WITH_SERVICE_VM_PROP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]109 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]110 &public_key,
111 )
112 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
113
114 let kernel_digest = hash(&[&hex::decode("2131")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
115 let expected_boot_data = VerifiedBootData {
116 debug_level: DebugLevel::None,
117 kernel_digest,
118 initrd_digest: None,
119 public_key: &public_key,
120 capabilities: vec![Capability::RemoteAttest],
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]121 rollback_index: 0,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]122 };
123 assert_eq!(expected_boot_data, verified_boot_data);
124
125 Ok(())
126}
127
128#[test]
129fn payload_with_unknown_vm_type_fails_verification_with_no_initrd() -> Result<()> {
130 assert_payload_verification_fails(
131 &fs::read(TEST_IMG_WITH_UNKNOWN_VM_TYPE_PROP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]132 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]133 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]134 PvmfwVerifyError::UnknownVbmetaProperty,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]135 )
136}
137
138#[test]
139fn payload_with_multiple_props_fails_verification_with_no_initrd() -> Result<()> {
140 assert_payload_verification_fails(
141 &fs::read(TEST_IMG_WITH_MULTIPLE_PROPS_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]142 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]143 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]144 PvmfwVerifyError::InvalidDescriptors(avb::IoError::Io),
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]145 )
146}
147
148#[test]
149fn payload_with_duplicated_capability_fails_verification_with_no_initrd() -> Result<()> {
150 assert_payload_verification_fails(
151 &fs::read(TEST_IMG_WITH_DUPLICATED_CAP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]152 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]153 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]154 avb::SlotVerifyError::InvalidMetadata.into(),
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]155 )
156}
157
158#[test]
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]159fn payload_with_prop_descriptor_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]160 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]161 &fs::read(TEST_IMG_WITH_PROP_DESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]162 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]163 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]164 PvmfwVerifyError::UnknownVbmetaProperty,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]165 )
166}
167
168#[test]
169fn payload_expecting_initrd_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]170 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]171 &load_latest_signed_kernel()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]172 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]173 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]174 avb::SlotVerifyError::InvalidMetadata.into(),
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]175 )
176}
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]177
178#[test]
179fn payload_with_empty_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]180 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]181 &load_latest_signed_kernel()?,
182 &load_latest_initrd_normal()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]183 /* trusted_public_key= */ &[0u8; 0],
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]184 avb::SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]185 )
186}
187
188#[test]
189fn payload_with_an_invalid_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]190 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]191 &load_latest_signed_kernel()?,
192 &load_latest_initrd_normal()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]193 /* trusted_public_key= */ &[0u8; 512],
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]194 avb::SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]195 )
196}
197
198#[test]
199fn payload_with_a_different_valid_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]200 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]201 &load_latest_signed_kernel()?,
202 &load_latest_initrd_normal()?,
203 &fs::read(PUBLIC_KEY_RSA2048_PATH)?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]204 avb::SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]205 )
206}
207
208#[test]
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]209fn payload_with_an_invalid_initrd_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]210 assert_payload_verification_with_initrd_fails(
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]211 &load_latest_signed_kernel()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]212 /* initrd= */ &fs::read(UNSIGNED_TEST_IMG_PATH)?,
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]213 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]214 avb::SlotVerifyError::Verification.into(),
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]215 )
216}
217
218#[test]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]219fn unsigned_kernel_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]220 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]221 &fs::read(UNSIGNED_TEST_IMG_PATH)?,
222 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]223 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]224 avb::SlotVerifyError::Io.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]225 )
226}
227
228#[test]
229fn tampered_kernel_fails_verification() -> Result<()> {
230 let mut kernel = load_latest_signed_kernel()?;
231 kernel[1] = !kernel[1]; // Flip the bits
232
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]233 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]234 &kernel,
235 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]236 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]237 avb::SlotVerifyError::Verification.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]238 )
239}
240
241#[test]
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]242fn kernel_footer_with_vbmeta_offset_overwritten_fails_verification() -> Result<()> {
243 // Arrange.
244 let mut kernel = load_latest_signed_kernel()?;
245 let total_len = kernel.len() as u64;
246 let footer = extract_avb_footer(&kernel)?;
247 assert!(footer.vbmeta_offset < total_len);
Alan Stokes196192b2023-07-24 11:44:08 +0100[diff] [blame]248 // TODO: use core::mem::offset_of once stable.
249 let footer_addr = ptr::addr_of!(footer) as *const u8;
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]250 let vbmeta_offset_addr = ptr::addr_of!(footer.vbmeta_offset) as *const u8;
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]251 let vbmeta_offset_start =
Alan Stokes196192b2023-07-24 11:44:08 +0100[diff] [blame]252 // SAFETY:
253 // - both raw pointers `vbmeta_offset_addr` and `footer_addr` are not null;
254 // - they are both derived from the `footer` object;
255 // - the offset is known from the struct definition to be a small positive number of bytes.
256 unsafe { vbmeta_offset_addr.offset_from(footer_addr) };
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]257 let footer_start = kernel.len() - size_of::<AvbFooter>();
258 let vbmeta_offset_start = footer_start + usize::try_from(vbmeta_offset_start)?;
259
260 let wrong_offsets = [total_len, u64::MAX];
261 for &wrong_offset in wrong_offsets.iter() {
262 // Act.
263 kernel[vbmeta_offset_start..(vbmeta_offset_start + size_of::<u64>())]
264 .copy_from_slice(&wrong_offset.to_be_bytes());
265
266 // Assert.
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]267 let footer = extract_avb_footer(&kernel)?;
268 // footer is unaligned; copy vbmeta_offset to local variable
269 let vbmeta_offset = footer.vbmeta_offset;
270 assert_eq!(wrong_offset, vbmeta_offset);
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]271 assert_payload_verification_with_initrd_fails(
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]272 &kernel,
273 &load_latest_initrd_normal()?,
274 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]275 avb::SlotVerifyError::Io.into(),
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]276 )?;
277 }
278 Ok(())
279}
280
281#[test]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]282fn tampered_kernel_footer_fails_verification() -> Result<()> {
283 let mut kernel = load_latest_signed_kernel()?;
284 let avb_footer_index = kernel.len() - size_of::<AvbFooter>() + RANDOM_FOOTER_POS;
285 kernel[avb_footer_index] = !kernel[avb_footer_index];
286
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]287 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]288 &kernel,
289 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]290 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]291 avb::SlotVerifyError::InvalidMetadata.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]292 )
293}
294
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]295#[test]
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]296fn extended_initrd_fails_verification() -> Result<()> {
297 let mut initrd = load_latest_initrd_normal()?;
298 initrd.extend(b"androidboot.vbmeta.digest=1111");
299
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]300 assert_payload_verification_with_initrd_fails(
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]301 &load_latest_signed_kernel()?,
302 &initrd,
303 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]304 avb::SlotVerifyError::Verification.into(),
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]305 )
306}
307
308#[test]
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]309fn tampered_vbmeta_fails_verification() -> Result<()> {
310 let mut kernel = load_latest_signed_kernel()?;
311 let footer = extract_avb_footer(&kernel)?;
312 let vbmeta_index: usize = (footer.vbmeta_offset + 1).try_into()?;
313
314 kernel[vbmeta_index] = !kernel[vbmeta_index]; // Flip the bits
315
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]316 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]317 &kernel,
318 &load_latest_initrd_normal()?,
319 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]320 avb::SlotVerifyError::InvalidMetadata.into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]321 )
322}
323
324#[test]
325fn vbmeta_with_public_key_overwritten_fails_verification() -> Result<()> {
326 let mut kernel = load_latest_signed_kernel()?;
327 let footer = extract_avb_footer(&kernel)?;
328 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
329 let public_key_offset = footer.vbmeta_offset as usize
330 + size_of::<AvbVBMetaImageHeader>()
331 + vbmeta_header.authentication_data_block_size as usize
332 + vbmeta_header.public_key_offset as usize;
333 let public_key_size: usize = vbmeta_header.public_key_size.try_into()?;
334 let empty_public_key = vec![0u8; public_key_size];
335
336 kernel[public_key_offset..(public_key_offset + public_key_size)]
337 .copy_from_slice(&empty_public_key);
338
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]339 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]340 &kernel,
341 &load_latest_initrd_normal()?,
342 &empty_public_key,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]343 avb::SlotVerifyError::Verification.into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]344 )?;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]345 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]346 &kernel,
347 &load_latest_initrd_normal()?,
348 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]349 avb::SlotVerifyError::Verification.into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]350 )
351}
352
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]353#[test]
354fn vbmeta_with_verification_flag_disabled_fails_verification() -> Result<()> {
355 // From external/avb/libavb/avb_vbmeta_image.h
356 const AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED: u32 = 2;
357
358 // Arrange.
359 let mut kernel = load_latest_signed_kernel()?;
360 let footer = extract_avb_footer(&kernel)?;
361 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]362
363 // vbmeta_header is unaligned; copy flags to local variable
364 let vbmeta_header_flags = vbmeta_header.flags;
365 assert_eq!(0, vbmeta_header_flags, "The disable flag should not be set in the latest kernel.");
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]366 let flags_addr = ptr::addr_of!(vbmeta_header.flags) as *const u8;
367 // SAFETY: It is safe as both raw pointers `flags_addr` and `vbmeta_header` are not null.
368 let flags_offset = unsafe { flags_addr.offset_from(ptr::addr_of!(vbmeta_header) as *const u8) };
369 let flags_offset = usize::try_from(footer.vbmeta_offset)? + usize::try_from(flags_offset)?;
370
371 // Act.
372 kernel[flags_offset..(flags_offset + size_of::<u32>())]
373 .copy_from_slice(&AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED.to_be_bytes());
374
375 // Assert.
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]376 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
377 // vbmeta_header is unaligned; copy flags to local variable
378 let vbmeta_header_flags = vbmeta_header.flags;
379 assert_eq!(
380 AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED, vbmeta_header_flags,
381 "VBMeta verification flag should be disabled now."
382 );
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]383 assert_payload_verification_with_initrd_fails(
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]384 &kernel,
385 &load_latest_initrd_normal()?,
386 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]387 avb::SlotVerifyError::Verification.into(),
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]388 )
389}
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]390
391#[test]
392fn payload_with_rollback_index() -> Result<()> {
393 let public_key = load_trusted_public_key()?;
394 let verified_boot_data = verify_payload(
395 &fs::read(TEST_IMG_WITH_ROLLBACK_INDEX_5)?,
396 /* initrd= */ None,
397 &public_key,
398 )
399 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
400
401 let kernel_digest = hash(&[&hex::decode("1211")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
402 let expected_boot_data = VerifiedBootData {
403 debug_level: DebugLevel::None,
404 kernel_digest,
405 initrd_digest: None,
406 public_key: &public_key,
407 capabilities: vec![],
408 rollback_index: 5,
409 };
410 assert_eq!(expected_boot_data, verified_boot_data);
411 Ok(())
412}
Shikha Panwar4a0651d2023-09-28 13:06:13 +0000[diff] [blame^]413
414#[test]
415fn payload_with_multiple_capabilities() -> Result<()> {
416 let public_key = load_trusted_public_key()?;
417 let verified_boot_data = verify_payload(
418 &fs::read(TEST_IMG_WITH_MULTIPLE_CAPABILITIES)?,
419 /* initrd= */ None,
420 &public_key,
421 )
422 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
423
424 assert!(verified_boot_data.has_capability(Capability::RemoteAttest));
425 assert!(verified_boot_data.has_capability(Capability::SecretkeeperProtection));
426 Ok(())
427}