ba557707d8
For a given (signed) target-files.zip, this CLs allows verifying the
Verified Boot related images. It works with both of VB 1.0 and VB 2.0
images.
As part of the CL, it also moves validate_target_files.py to argparse,
which is more flexible than the traditional getopt module.
Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in
follow-up CL.
Example usage:
- Run the script on aosp_bullhead target-files.zip.
$ ./build/make/tools/releasetools/validate_target_files.py \
--verity_key build/target/product/security/verity.x509.pem \
--verity_key_mincrypt build/target/product/security/verity_key \
aosp_bullhead-target_files-4522605.zip
- Run the script on aosp_walleye target-files.zip.
$ ./build/make/tools/releasetools/validate_target_files.py \
--verity_key external/avb/test/data/testkey_rsa4096.pem \
aosp_walleye-target_files-4627254.zip
Bug: 63706333
Bug: 65486807
Test: Run validate_target_files.py on target_files.zip files.
Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \
test_validate_target_files
Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
180 lines
6.1 KiB
Python
180 lines
6.1 KiB
Python
#
|
|
# Copyright (C) 2018 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
"""Unittests for validate_target_files.py.
|
|
|
|
Note: This file calls functions in build_image.py that hard-code the path in
|
|
relative to ANDROID_BUILD_TOP (e.g.
|
|
system/extras/verity/build_verity_metadata.py). So the test needs to be
|
|
triggered under ANDROID_BUILD_TOP or the top-level OTA tools directory (i.e.
|
|
the one after unzipping otatools.zip).
|
|
|
|
(from ANDROID_BUILD_TOP)
|
|
$ PYTHONPATH=build/make/tools/releasetools python -m unittest \\
|
|
test_validate_target_files
|
|
|
|
(from OTA tools directory)
|
|
$ PYTHONPATH=releasetools python -m unittest test_validate_target_files
|
|
"""
|
|
|
|
from __future__ import print_function
|
|
|
|
import os
|
|
import os.path
|
|
import shutil
|
|
import subprocess
|
|
import unittest
|
|
|
|
import build_image
|
|
import common
|
|
import test_utils
|
|
from validate_target_files import ValidateVerifiedBootImages
|
|
|
|
|
|
class ValidateTargetFilesTest(unittest.TestCase):
|
|
|
|
def setUp(self):
|
|
self.testdata_dir = test_utils.get_testdata_dir()
|
|
|
|
def tearDown(self):
|
|
common.Cleanup()
|
|
|
|
def _generate_boot_image(self, output_file):
|
|
kernel = common.MakeTempFile(prefix='kernel-')
|
|
with open(kernel, 'wb') as kernel_fp:
|
|
kernel_fp.write(os.urandom(10))
|
|
|
|
cmd = ['mkbootimg', '--kernel', kernel, '-o', output_file]
|
|
proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
|
|
stdoutdata, _ = proc.communicate()
|
|
self.assertEqual(
|
|
0, proc.returncode,
|
|
"Failed to run mkbootimg: {}".format(stdoutdata))
|
|
|
|
cmd = ['boot_signer', '/boot', output_file,
|
|
os.path.join(self.testdata_dir, 'testkey.pk8'),
|
|
os.path.join(self.testdata_dir, 'testkey.x509.pem'), output_file]
|
|
proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
|
|
stdoutdata, _ = proc.communicate()
|
|
self.assertEqual(
|
|
0, proc.returncode,
|
|
"Failed to sign boot image with boot_signer: {}".format(stdoutdata))
|
|
|
|
def test_ValidateVerifiedBootImages_bootImage(self):
|
|
input_tmp = common.MakeTempDir()
|
|
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
|
|
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
|
|
self._generate_boot_image(boot_image)
|
|
|
|
info_dict = {
|
|
'boot_signer' : 'true',
|
|
}
|
|
options = {
|
|
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
|
|
}
|
|
ValidateVerifiedBootImages(input_tmp, info_dict, options)
|
|
|
|
def test_ValidateVerifiedBootImages_bootImage_wrongKey(self):
|
|
input_tmp = common.MakeTempDir()
|
|
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
|
|
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
|
|
self._generate_boot_image(boot_image)
|
|
|
|
info_dict = {
|
|
'boot_signer' : 'true',
|
|
}
|
|
options = {
|
|
'verity_key' : os.path.join(self.testdata_dir, 'verity.x509.pem'),
|
|
}
|
|
self.assertRaises(
|
|
AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
|
|
options)
|
|
|
|
def test_ValidateVerifiedBootImages_bootImage_corrupted(self):
|
|
input_tmp = common.MakeTempDir()
|
|
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
|
|
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
|
|
self._generate_boot_image(boot_image)
|
|
|
|
# Corrupt the late byte of the image.
|
|
with open(boot_image, 'r+b') as boot_fp:
|
|
boot_fp.seek(-1, os.SEEK_END)
|
|
last_byte = boot_fp.read(1)
|
|
last_byte = chr(255 - ord(last_byte))
|
|
boot_fp.seek(-1, os.SEEK_END)
|
|
boot_fp.write(last_byte)
|
|
|
|
info_dict = {
|
|
'boot_signer' : 'true',
|
|
}
|
|
options = {
|
|
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
|
|
}
|
|
self.assertRaises(
|
|
AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
|
|
options)
|
|
|
|
def _generate_system_image(self, output_file):
|
|
verity_fec = True
|
|
partition_size = 1024 * 1024
|
|
adjusted_size, verity_size = build_image.AdjustPartitionSizeForVerity(
|
|
partition_size, verity_fec)
|
|
|
|
# Use an empty root directory.
|
|
system_root = common.MakeTempDir()
|
|
cmd = ['mkuserimg_mke2fs.sh', '-s', system_root, output_file, 'ext4',
|
|
'/system', str(adjusted_size), '-j', '0']
|
|
proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
|
|
stdoutdata, _ = proc.communicate()
|
|
self.assertEqual(
|
|
0, proc.returncode,
|
|
"Failed to create system image with mkuserimg_mke2fs.sh: {}".format(
|
|
stdoutdata))
|
|
|
|
# Append the verity metadata.
|
|
prop_dict = {
|
|
'original_partition_size' : str(partition_size),
|
|
'partition_size' : str(adjusted_size),
|
|
'verity_block_device' : '/dev/block/system',
|
|
'verity_key' : os.path.join(self.testdata_dir, 'testkey'),
|
|
'verity_signer_cmd' : 'verity_signer',
|
|
'verity_size' : str(verity_size),
|
|
}
|
|
self.assertTrue(
|
|
build_image.MakeVerityEnabledImage(output_file, verity_fec, prop_dict))
|
|
|
|
def test_ValidateVerifiedBootImages_systemImage(self):
|
|
input_tmp = common.MakeTempDir()
|
|
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
|
|
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
|
|
self._generate_system_image(system_image)
|
|
|
|
# Pack the verity key.
|
|
verity_key_mincrypt = os.path.join(
|
|
input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
|
|
os.makedirs(os.path.dirname(verity_key_mincrypt))
|
|
shutil.copyfile(
|
|
os.path.join(self.testdata_dir, 'testkey_mincrypt'),
|
|
verity_key_mincrypt)
|
|
|
|
info_dict = {
|
|
'verity' : 'true',
|
|
}
|
|
options = {
|
|
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
|
|
'verity_key_mincrypt' : verity_key_mincrypt,
|
|
}
|
|
ValidateVerifiedBootImages(input_tmp, info_dict, options)
|