smallsolar/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test/py: efi_secboot: add a test for a forged signed image

Browse Source 
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.

This binary must be rejected under secure boot mode.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit is contained in:
AKASHI Takahiro
2022-07-05 14:48:15 +09:00
committed by Heinrich Schuchardt
parent 634f6b2fb1
commit 8fb9dbdea7
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/py/tests/test_efi_secboot/conftest.py
View File

@@ -105,6 +105,9 @@ def efi_boot_env(request, u_boot_config):
# Sign already-signed image with another key
check_call('cd %s; sbsign --key db1.key --cert db1.crt --output helloworld.efi.signed_2sigs helloworld.efi.signed'
% mnt_point, shell=True)
# Create a corrupted signed image
check_call('cd %s; sh %s/test/py/tests/test_efi_secboot/forge_image.sh helloworld.efi.signed helloworld_forged.efi.signed'
% (mnt_point, u_boot_config.source_dir), shell=True)
# Digest image
check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -t "2020-04-07" -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth'
% (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH),