test: Add a simple loopback test for signed boot

2026-01-20 21:13:36 +08:00 · 2021-02-18 13:26:51 +00:00
parent 3d5ab049d4
commit 77784b4b6a
6 changed files with 75 additions and 0 deletions
--- a/test/bootconf.sig
+++ b/test/bootconf.sig
@@ -0,0 +1,3 @@
+b5b917dc53a59c23035a89d4c58606211a07d4fb6e16bd00d74457a93ea5a264
+ts: 1614092425
+rsa2048: 284d3ef8b960ef9dd0bf5f320eacccb527623890b11136801fcfaf950ef3fb32c9b86ee48337d2cd21e00665a62215ff4d811b15d89867fb55d71b6372a4fa4b79af60cdda84c8a7d9b52d5f2b3026d3b088345d9424842cc2eb73e23f4577e12c74bc3bc1890bfbb6509fc8702cd3a202929bb6f9e5162ea53ec6e8503e08dda7b0c86a90bc21d33bd49535554383fe88e7d1d8e46e27c2bce60cf15b69c56ee27ccdd81ff8f47a616a2796cc2d943e17c6c01ac191f9b7dcda440238062e6c49df01f4bb8b97ce380a46aa29a03bf3fcbede3d76c13d862fc8b60b472a4d1017d5535f5188858a6e1103db2666aa63264e7c1f752b917405527094ed0da737
--- a/test/bootconf.txt
+++ b/test/bootconf.txt
@@ -0,0 +1,8 @@
+[all]
+BOOT_UART=1
+WAKE_ON_GPIO=1
+POWER_OFF_ON_HALT=0
+HDMI_DELAY=0
+# Load firmware and kernel from signed boot.img file
+SIGNED_BOOT=1
+
--- a/test/pieeprom-signed.bin
+++ b/test/pieeprom-signed.bin
--- a/test/private.pem
+++ b/test/private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA+l3E+h/QNjrIR1cG6NpzP0fBwp2UDpuQAafXDS5yryrfCPDY
+TO9DvzAfOk9Dz/putDfHV0RTOFXv1tmc4nqOgU6nKx7tTdsjTiY4CgG3vXRMuAmD
+GX5ssJFCVmljGuILt1INlCmtun7Ow35VTxOcRDDfrBDKnSitzOTf6KTR7xJhqFFh
+dMpIg8hW4bDBKMavyt38pRvDaO1o01qaQT/GgAPmJm27y5RKNAe6iVTqsm4TMAhK
+C6P4XyRAbe6OMdFZyEWEk7Asexuc7uZlVHsUI6pebSW/07O+5l/U7/3k6r//hO/H
+DFOBUUW55EjzzC1BhTlWHWfZNI+5+NdN8o323QIDAQABAoIBAByQGZKSkhG5w5MV
++ERWQARaurNyPAgsb1qnUdw8t8GlFLkDT07t74mWo2vsNQXpU0Upv6O+jKNZVMc
+2P/ijQL2Cu7JtLeC5mR6Sj7kAscPr1f4p9b+/B3puIh8tfSBcOY9a3Spi5sg7+xQ
+K6HdoiCKdd4evUrQMwHS47OaKCQuuibm46LWbXO1nk9QkymUy6zyaT5IuNpfKYKD
+UdFqV1FNwZ9A2Yb89rweBgU4DWdbjgVqBc23vS9l913rqd2LHN/4+XDBOGrovu5r
+mJy4WsyXuT0twuqi7FzhtbCdN/zhLo2od1XK6uA65EKdA9rrRMkNeGvxts6q3fPE
+i6tj7OECgYEA/YbIR8n8Vvb5XPAav/aAon4qjXyhkUTjnJfVT0yA+6T1AJwvQ+O4
+AhYgN4ld7msKRDJLcJs0EU8CmWUKJRt5Ai+JsOCbPuBNo+VGEFSsdG0mrSjFZf2e
+Bjm41lnvAEWReGwr9MVIf/prDE2/3aUl9irkNdu5q6NpG9M0N7AhzGECgYEA/M8Y
+Ew9Nv+XqEVKvOzxKRZBa6yzlOUj5PQ3cD7jl1aUNK4rTucvr3sJZAsgm5j+0XG99
+AJ447zdDEdcQbsOSaBR69pccdHYEaRSiIxWaCAir2BBS5DxYtgB6BLrIfBd1cKHv
+qB6u4M6FRJ5BcQa6VYlizAfG2yXoJv0xFrlQ2/0CgYEAwq0Alb+QOOckzCzDHayX
+Ui83VbXiCr6vWMtuTJoeYR1l1LYZxTPTVCbRTlP5AN7I310PeMR00uWsxUVE6QGT
+hg4i2ONf0oRCmhuwFVIvqqc2D7lC+vIoqfcg69fbIoZJEgNeLXJgHYWZNbVuIzBx
+WfnNi13R0O6GA4vGiQyCp4ECgYB1ZTG3wBaJsxlDnBLVPgT7UrJ1nO6A8HsUt/fl
+sSXBVRjNjHUPRTutwLAW050EtLZrajYw8EheBVp20VjHJrg47rG/CqLjDd60cSlt
+g114t5YdCk+DvuYu9f+zbI0m2rnlaL1iY4UvzZcjKx4Wf1pN2DNxrXbRU0P/vvlp
+pPqAfQKBgDZnxWuvRsT9rztGrEottifchfrStZx7u/2+iBtjFeFXr7L4MI14fNm2
+HkoThCpfFXCJFpRxy+kYi6xbPK/Om/hFNs3J5xqheTW8hFx7KN/zPg7jc0MlZ2R/
+uuOgZU9kkzLOamDyP85Doah7kAyA2PnLUno2k4IirbNVoH3aV++G
+-----END RSA PRIVATE KEY-----
--- a/test/public.pem
+++ b/test/public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+l3E+h/QNjrIR1cG6Npz
+P0fBwp2UDpuQAafXDS5yryrfCPDYTO9DvzAfOk9Dz/putDfHV0RTOFXv1tmc4nqO
+gU6nKx7tTdsjTiY4CgG3vXRMuAmDGX5ssJFCVmljGuILt1INlCmtun7Ow35VTxOc
+RDDfrBDKnSitzOTf6KTR7xJhqFFhdMpIg8hW4bDBKMavyt38pRvDaO1o01qaQT/G
+gAPmJm27y5RKNAe6iVTqsm4TMAhKC6P4XyRAbe6OMdFZyEWEk7Asexuc7uZlVHsU
+I6pebSW/07O+5l/U7/3k6r//hO/HDFOBUUW55EjzzC1BhTlWHWfZNI+5+NdN8o32
+3QIDAQAB
+-----END PUBLIC KEY-----
--- a/test/test-rpi-eeprom-config
+++ b/test/test-rpi-eeprom-config
@@ -59,6 +59,29 @@ check_reduce_size()

 }

+check_signed_loopback()
+{
+   echo "check_signed $1 $2"
+
+   image="${script_dir}/$1"
+   conf="${script_dir}/$2"
+   digest="${script_dir}/$3"
+   pubkey="${script_dir}/$4"
+
+   # Replace the config, config.sig and pubkey and verify that the output is the same
+   TMP_EEPROM="$(mktemp)"
+   "${script_dir}/../rpi-eeprom-config" \
+      "${image}" \
+      --config "${conf}" \
+      --digest "${digest}" \
+      --pubkey "${pubkey}" \
+      --out "${TMP_EEPROM}"
+
+   expected_md5="$(md5sum "${image}" | awk '{print $1}')"
+   actual_md5="$(md5sum "${TMP_EEPROM}" | awk '{print $1}')"
+   [ "${actual_md5}" = "${expected_md5}" ] || die "EEPROM signed-loopback: checksum mismatch"
+}
+
 check_loopback()
 {
   echo "check_loopback $1 $2"
@@ -148,6 +171,11 @@ for ver in ${versions}; do
   cleanup
 done

+echo "Test lookback with a signed EEPROM image"
+check_loopback pieeprom-signed.bin bootconf.txt
+check_signed_loopback pieeprom-signed.bin bootconf.txt bootconf.sig public.pem
+cleanup
+
 check_update "../firmware/old/beta/pieeprom-2019-07-15.bin" "pieeprom-2019-07-15-freeze.bin" "bootconf-2019-07-15-freeze.txt"
 cleanup