@@ -105,6 +105,9 @@ def efi_boot_env(request, u_boot_config):
# Sign already-signed image with another key
check_call('cd %s; sbsign --key db1.key --cert db1.crt --output helloworld.efi.signed_2sigs helloworld.efi.signed'
% mnt_point, shell=True)
+ # Create a corrupted signed image
+ check_call('cd %s; sh %s/test/py/tests/test_efi_secboot/forge_image.sh helloworld.efi.signed helloworld_forged.efi.signed'
+ % (mnt_point, u_boot_config.source_dir), shell=True)
# Digest image
check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -t "2020-04-07" -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth'
% (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH),
new file mode 100644
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+#!/bin/sh
+
+replace_exp="s/H\0e\0l\0l\0o\0/h\0E\0L\0L\0O\0/g"
+perl -p -e ${replace_exp} < $1 > $2
@@ -334,3 +334,38 @@ class TestEfiSignedImage(object):
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
assert 'efi_start_image() returned: 26' in ''.join(output)
+
+ def test_efi_signed_image_auth8(self, u_boot_console, efi_boot_env):
+ """
+ Test Case 8 - Secure boot is in force,
+ Same as Test Case 2 but the image binary to be loaded
+ was willfully modified (forged)
+ Must be rejected.
+ """
+ u_boot_console.restart_uboot()
+ disk_img = efi_boot_env
+ with u_boot_console.log.section('Test Case 8a'):
+ # Test Case 8a, Secure boot is not yet forced
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'efidebug boot add -b 1 HELLO1 host 0:1 /helloworld_forged.efi.signed -s ""',
+ 'efidebug boot next 1',
+ 'efidebug test bootmgr'])
+ assert('hELLO, world!' in ''.join(output))
+
+ with u_boot_console.log.section('Test Case 8b'):
+ # Test Case 8b, Install signature database and verify the image
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 db.auth',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
+ 'fatload host 0:1 4000000 KEK.auth',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
+ 'fatload host 0:1 4000000 PK.auth',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
+ assert 'Failed to set EFI variable' not in ''.join(output)
+ output = u_boot_console.run_command_list([
+ 'efidebug boot next 1',
+ 'efidebug test bootmgr'])
+ assert(not 'hELLO, world!' in ''.join(output))
+ assert('\'HELLO1\' failed' in ''.join(output))
+ assert('efi_start_image() returned: 26' in ''.join(output))
In this test case, a image binary, helloworld.efi.signed, is willfully modified to print a corrupted message while the signature itself is unchanged. This binary must be rejected under secure boot mode. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- test/py/tests/test_efi_secboot/conftest.py | 3 ++ test/py/tests/test_efi_secboot/forge_image.sh | 5 +++ test/py/tests/test_efi_secboot/test_signed.py | 35 +++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 test/py/tests/test_efi_secboot/forge_image.sh