Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / b59bcc44e1eed99da13b83bc34051bc997a6c68e / . / pvmfw / avb / tests / api_test.rs
blob: 6dc5a0a0627794ed3e3334e6662c2d818a913bc8 [file] [log] [blame]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]17mod utils;
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]18
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]19use anyhow::{anyhow, Result};
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]20use avb::{IoError, SlotVerifyError};
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]21use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]22use pvmfw_avb::{verify_payload, Capability, DebugLevel, PvmfwVerifyError, VerifiedBootData};
Alice Wang2925b0a2023-01-19 10:44:24 +0000[diff] [blame]23use std::{fs, mem::size_of, ptr};
24use utils::*;
25
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]26const TEST_IMG_WITH_ONE_HASHDESC_PATH: &str = "test_image_with_one_hashdesc.img";
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]27const TEST_IMG_WITH_ROLLBACK_INDEX_5: &str = "test_image_with_rollback_index_5.img";
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]28const TEST_IMG_WITH_PROP_DESC_PATH: &str = "test_image_with_prop_desc.img";
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]29const TEST_IMG_WITH_SERVICE_VM_PROP_PATH: &str = "test_image_with_service_vm_prop.img";
30const TEST_IMG_WITH_UNKNOWN_VM_TYPE_PROP_PATH: &str = "test_image_with_unknown_vm_type_prop.img";
31const TEST_IMG_WITH_MULTIPLE_PROPS_PATH: &str = "test_image_with_multiple_props.img";
32const TEST_IMG_WITH_DUPLICATED_CAP_PATH: &str = "test_image_with_duplicated_capability.img";
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]33const TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH: &str = "test_image_with_non_initrd_hashdesc.img";
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]34const TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH: &str =
35 "test_image_with_initrd_and_non_initrd_desc.img";
Shikha Panwar4a0651d2023-09-28 13:06:13 +0000[diff] [blame]36const TEST_IMG_WITH_MULTIPLE_CAPABILITIES: &str = "test_image_with_multiple_capabilities.img";
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]37const UNSIGNED_TEST_IMG_PATH: &str = "unsigned_test.img";
38
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]39const RANDOM_FOOTER_POS: usize = 30;
40
41/// This test uses the Microdroid payload compiled on the fly to check that
42/// the latest payload can be verified successfully.
43#[test]
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]44fn latest_normal_payload_passes_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]45 assert_latest_payload_verification_passes(
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]46 &load_latest_initrd_normal()?,
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]47 b"initrd_normal",
48 DebugLevel::None,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]49 )
50}
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]51
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]52#[test]
53fn latest_debug_payload_passes_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]54 assert_latest_payload_verification_passes(
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]55 &load_latest_initrd_debug()?,
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]56 b"initrd_debug",
57 DebugLevel::Full,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]58 )
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]59}
60
61#[test]
62fn payload_expecting_no_initrd_passes_verification_with_no_initrd() -> Result<()> {
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]63 let public_key = load_trusted_public_key()?;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]64 let verified_boot_data = verify_payload(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]65 &fs::read(TEST_IMG_WITH_ONE_HASHDESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]66 /* initrd= */ None,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]67 &public_key,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]68 )
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]69 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
70
Pierre-Clément Tosi81ca0802023-02-14 10:41:38 +0000[diff] [blame]71 let kernel_digest = hash(&[&hex::decode("1111")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]72 let expected_boot_data = VerifiedBootData {
73 debug_level: DebugLevel::None,
74 kernel_digest,
75 initrd_digest: None,
76 public_key: &public_key,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]77 capabilities: vec![],
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]78 rollback_index: 0,
Pierre-Clément Tosif58f3a32023-02-02 16:24:23 +0000[diff] [blame]79 };
Pierre-Clément Tosi81ca0802023-02-14 10:41:38 +0000[diff] [blame]80 assert_eq!(expected_boot_data, verified_boot_data);
81
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]82 Ok(())
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]83}
84
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]85#[test]
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]86fn payload_with_non_initrd_descriptor_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]87 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]88 &fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]89 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]90 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]91 PvmfwVerifyError::InvalidDescriptors(IoError::NoSuchPartition),
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]92 )
93}
94
95#[test]
96fn payload_with_non_initrd_descriptor_fails_verification_with_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]97 assert_payload_verification_with_initrd_fails(
Alice Wangf2752862023-01-18 11:51:25 +0000[diff] [blame]98 &fs::read(TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH)?,
99 &load_latest_initrd_normal()?,
100 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]101 PvmfwVerifyError::InvalidDescriptors(IoError::NoSuchPartition),
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]102 )
103}
104
105#[test]
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]106fn payload_expecting_no_initrd_passes_verification_with_service_vm_prop() -> Result<()> {
107 let public_key = load_trusted_public_key()?;
108 let verified_boot_data = verify_payload(
109 &fs::read(TEST_IMG_WITH_SERVICE_VM_PROP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]110 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]111 &public_key,
112 )
113 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
114
115 let kernel_digest = hash(&[&hex::decode("2131")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
116 let expected_boot_data = VerifiedBootData {
117 debug_level: DebugLevel::None,
118 kernel_digest,
119 initrd_digest: None,
120 public_key: &public_key,
121 capabilities: vec![Capability::RemoteAttest],
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]122 rollback_index: 0,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]123 };
124 assert_eq!(expected_boot_data, verified_boot_data);
125
126 Ok(())
127}
128
129#[test]
130fn payload_with_unknown_vm_type_fails_verification_with_no_initrd() -> Result<()> {
131 assert_payload_verification_fails(
132 &fs::read(TEST_IMG_WITH_UNKNOWN_VM_TYPE_PROP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]133 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]134 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]135 PvmfwVerifyError::UnknownVbmetaProperty,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]136 )
137}
138
139#[test]
140fn payload_with_multiple_props_fails_verification_with_no_initrd() -> Result<()> {
141 assert_payload_verification_fails(
142 &fs::read(TEST_IMG_WITH_MULTIPLE_PROPS_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]143 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]144 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]145 PvmfwVerifyError::InvalidDescriptors(IoError::Io),
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]146 )
147}
148
149#[test]
150fn payload_with_duplicated_capability_fails_verification_with_no_initrd() -> Result<()> {
151 assert_payload_verification_fails(
152 &fs::read(TEST_IMG_WITH_DUPLICATED_CAP_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]153 /* initrd= */ None,
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]154 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]155 SlotVerifyError::InvalidMetadata.into(),
Alice Wangab0d0202023-05-17 08:07:41 +0000[diff] [blame]156 )
157}
158
159#[test]
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]160fn payload_with_prop_descriptor_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]161 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]162 &fs::read(TEST_IMG_WITH_PROP_DESC_PATH)?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]163 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]164 &load_trusted_public_key()?,
David Pursella7c727b2023-08-14 16:24:40 -0700[diff] [blame]165 PvmfwVerifyError::UnknownVbmetaProperty,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]166 )
167}
168
169#[test]
170fn payload_expecting_initrd_fails_verification_with_no_initrd() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]171 assert_payload_verification_fails(
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]172 &load_latest_signed_kernel()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]173 /* initrd= */ None,
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]174 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]175 SlotVerifyError::InvalidMetadata.into(),
Alice Wang86383df2023-01-11 10:03:56 +0000[diff] [blame]176 )
177}
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]178
179#[test]
180fn payload_with_empty_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]181 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]182 &load_latest_signed_kernel()?,
183 &load_latest_initrd_normal()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]184 /* trusted_public_key= */ &[0u8; 0],
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]185 SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]186 )
187}
188
189#[test]
190fn payload_with_an_invalid_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]191 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]192 &load_latest_signed_kernel()?,
193 &load_latest_initrd_normal()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]194 /* trusted_public_key= */ &[0u8; 512],
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]195 SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]196 )
197}
198
199#[test]
200fn payload_with_a_different_valid_public_key_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]201 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]202 &load_latest_signed_kernel()?,
203 &load_latest_initrd_normal()?,
204 &fs::read(PUBLIC_KEY_RSA2048_PATH)?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]205 SlotVerifyError::PublicKeyRejected.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]206 )
207}
208
209#[test]
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]210fn payload_with_an_invalid_initrd_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]211 assert_payload_verification_with_initrd_fails(
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]212 &load_latest_signed_kernel()?,
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]213 /* initrd= */ &fs::read(UNSIGNED_TEST_IMG_PATH)?,
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]214 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]215 SlotVerifyError::Verification(None).into(),
Alice Wang5c1a7562023-01-13 17:19:57 +0000[diff] [blame]216 )
217}
218
219#[test]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]220fn unsigned_kernel_fails_verification() -> Result<()> {
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]221 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]222 &fs::read(UNSIGNED_TEST_IMG_PATH)?,
223 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]224 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]225 SlotVerifyError::Io.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]226 )
227}
228
229#[test]
230fn tampered_kernel_fails_verification() -> Result<()> {
231 let mut kernel = load_latest_signed_kernel()?;
232 kernel[1] = !kernel[1]; // Flip the bits
233
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]234 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]235 &kernel,
236 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]237 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]238 SlotVerifyError::Verification(None).into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]239 )
240}
241
242#[test]
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]243fn kernel_footer_with_vbmeta_offset_overwritten_fails_verification() -> Result<()> {
244 // Arrange.
245 let mut kernel = load_latest_signed_kernel()?;
246 let total_len = kernel.len() as u64;
247 let footer = extract_avb_footer(&kernel)?;
248 assert!(footer.vbmeta_offset < total_len);
Alan Stokes196192b2023-07-24 11:44:08 +0100[diff] [blame]249 // TODO: use core::mem::offset_of once stable.
250 let footer_addr = ptr::addr_of!(footer) as *const u8;
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]251 let vbmeta_offset_addr = ptr::addr_of!(footer.vbmeta_offset) as *const u8;
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]252 let vbmeta_offset_start =
Alan Stokes196192b2023-07-24 11:44:08 +0100[diff] [blame]253 // SAFETY:
254 // - both raw pointers `vbmeta_offset_addr` and `footer_addr` are not null;
255 // - they are both derived from the `footer` object;
256 // - the offset is known from the struct definition to be a small positive number of bytes.
257 unsafe { vbmeta_offset_addr.offset_from(footer_addr) };
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]258 let footer_start = kernel.len() - size_of::<AvbFooter>();
259 let vbmeta_offset_start = footer_start + usize::try_from(vbmeta_offset_start)?;
260
261 let wrong_offsets = [total_len, u64::MAX];
262 for &wrong_offset in wrong_offsets.iter() {
263 // Act.
264 kernel[vbmeta_offset_start..(vbmeta_offset_start + size_of::<u64>())]
265 .copy_from_slice(&wrong_offset.to_be_bytes());
266
267 // Assert.
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]268 let footer = extract_avb_footer(&kernel)?;
269 // footer is unaligned; copy vbmeta_offset to local variable
270 let vbmeta_offset = footer.vbmeta_offset;
271 assert_eq!(wrong_offset, vbmeta_offset);
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]272 assert_payload_verification_with_initrd_fails(
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]273 &kernel,
274 &load_latest_initrd_normal()?,
275 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]276 SlotVerifyError::Io.into(),
Alice Wangfaceff42023-01-19 09:54:38 +0000[diff] [blame]277 )?;
278 }
279 Ok(())
280}
281
282#[test]
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]283fn tampered_kernel_footer_fails_verification() -> Result<()> {
284 let mut kernel = load_latest_signed_kernel()?;
285 let avb_footer_index = kernel.len() - size_of::<AvbFooter>() + RANDOM_FOOTER_POS;
286 kernel[avb_footer_index] = !kernel[avb_footer_index];
287
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]288 assert_payload_verification_with_initrd_fails(
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]289 &kernel,
290 &load_latest_initrd_normal()?,
Alice Wang4e55dd92023-01-11 10:17:01 +0000[diff] [blame]291 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]292 SlotVerifyError::InvalidMetadata.into(),
Alice Wangbf7fadd2023-01-13 12:18:24 +0000[diff] [blame]293 )
294}
295
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]296#[test]
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]297fn extended_initrd_fails_verification() -> Result<()> {
298 let mut initrd = load_latest_initrd_normal()?;
299 initrd.extend(b"androidboot.vbmeta.digest=1111");
300
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]301 assert_payload_verification_with_initrd_fails(
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]302 &load_latest_signed_kernel()?,
303 &initrd,
304 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]305 SlotVerifyError::Verification(None).into(),
Alice Wang75d05632023-01-25 13:31:18 +0000[diff] [blame]306 )
307}
308
309#[test]
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]310fn tampered_vbmeta_fails_verification() -> Result<()> {
311 let mut kernel = load_latest_signed_kernel()?;
312 let footer = extract_avb_footer(&kernel)?;
313 let vbmeta_index: usize = (footer.vbmeta_offset + 1).try_into()?;
314
315 kernel[vbmeta_index] = !kernel[vbmeta_index]; // Flip the bits
316
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]317 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]318 &kernel,
319 &load_latest_initrd_normal()?,
320 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]321 SlotVerifyError::InvalidMetadata.into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]322 )
323}
324
325#[test]
326fn vbmeta_with_public_key_overwritten_fails_verification() -> Result<()> {
327 let mut kernel = load_latest_signed_kernel()?;
328 let footer = extract_avb_footer(&kernel)?;
329 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
330 let public_key_offset = footer.vbmeta_offset as usize
331 + size_of::<AvbVBMetaImageHeader>()
332 + vbmeta_header.authentication_data_block_size as usize
333 + vbmeta_header.public_key_offset as usize;
334 let public_key_size: usize = vbmeta_header.public_key_size.try_into()?;
335 let empty_public_key = vec![0u8; public_key_size];
336
337 kernel[public_key_offset..(public_key_offset + public_key_size)]
338 .copy_from_slice(&empty_public_key);
339
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]340 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]341 &kernel,
342 &load_latest_initrd_normal()?,
343 &empty_public_key,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]344 SlotVerifyError::Verification(None).into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]345 )?;
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]346 assert_payload_verification_with_initrd_fails(
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]347 &kernel,
348 &load_latest_initrd_normal()?,
349 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]350 SlotVerifyError::Verification(None).into(),
Alice Wang58dac082023-01-13 13:03:59 +0000[diff] [blame]351 )
352}
353
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]354#[test]
355fn vbmeta_with_verification_flag_disabled_fails_verification() -> Result<()> {
356 // From external/avb/libavb/avb_vbmeta_image.h
357 const AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED: u32 = 2;
358
359 // Arrange.
360 let mut kernel = load_latest_signed_kernel()?;
361 let footer = extract_avb_footer(&kernel)?;
362 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]363
364 // vbmeta_header is unaligned; copy flags to local variable
365 let vbmeta_header_flags = vbmeta_header.flags;
366 assert_eq!(0, vbmeta_header_flags, "The disable flag should not be set in the latest kernel.");
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]367 let flags_addr = ptr::addr_of!(vbmeta_header.flags) as *const u8;
368 // SAFETY: It is safe as both raw pointers `flags_addr` and `vbmeta_header` are not null.
369 let flags_offset = unsafe { flags_addr.offset_from(ptr::addr_of!(vbmeta_header) as *const u8) };
370 let flags_offset = usize::try_from(footer.vbmeta_offset)? + usize::try_from(flags_offset)?;
371
372 // Act.
373 kernel[flags_offset..(flags_offset + size_of::<u32>())]
374 .copy_from_slice(&AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED.to_be_bytes());
375
376 // Assert.
Inseob Kim8ebf1da2023-01-27 18:12:57 +0900[diff] [blame]377 let vbmeta_header = extract_vbmeta_header(&kernel, &footer)?;
378 // vbmeta_header is unaligned; copy flags to local variable
379 let vbmeta_header_flags = vbmeta_header.flags;
380 assert_eq!(
381 AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED, vbmeta_header_flags,
382 "VBMeta verification flag should be disabled now."
383 );
Alice Wang1f0add02023-01-23 16:22:53 +0000[diff] [blame]384 assert_payload_verification_with_initrd_fails(
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]385 &kernel,
386 &load_latest_initrd_normal()?,
387 &load_trusted_public_key()?,
David Pursellb59bcc42023-11-10 16:59:19 -0800[diff] [blame^]388 SlotVerifyError::Verification(None).into(),
Alice Wangf06bfd72023-01-19 09:24:21 +0000[diff] [blame]389 )
390}
Shikha Panwara26f16a2023-09-27 09:39:00 +0000[diff] [blame]391
392#[test]
393fn payload_with_rollback_index() -> Result<()> {
394 let public_key = load_trusted_public_key()?;
395 let verified_boot_data = verify_payload(
396 &fs::read(TEST_IMG_WITH_ROLLBACK_INDEX_5)?,
397 /* initrd= */ None,
398 &public_key,
399 )
400 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
401
402 let kernel_digest = hash(&[&hex::decode("1211")?, &fs::read(UNSIGNED_TEST_IMG_PATH)?]);
403 let expected_boot_data = VerifiedBootData {
404 debug_level: DebugLevel::None,
405 kernel_digest,
406 initrd_digest: None,
407 public_key: &public_key,
408 capabilities: vec![],
409 rollback_index: 5,
410 };
411 assert_eq!(expected_boot_data, verified_boot_data);
412 Ok(())
413}
Shikha Panwar4a0651d2023-09-28 13:06:13 +0000[diff] [blame]414
415#[test]
416fn payload_with_multiple_capabilities() -> Result<()> {
417 let public_key = load_trusted_public_key()?;
418 let verified_boot_data = verify_payload(
419 &fs::read(TEST_IMG_WITH_MULTIPLE_CAPABILITIES)?,
420 /* initrd= */ None,
421 &public_key,
422 )
423 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
424
425 assert!(verified_boot_data.has_capability(Capability::RemoteAttest));
426 assert!(verified_boot_data.has_capability(Capability::SecretkeeperProtection));
427 Ok(())
428}