diff options
author | Joel Kitching <kitching@google.com> | 2021-04-22 18:44:41 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-05-09 19:28:30 +0000 |
commit | 0902a08d74f090b747f59de616abfdf2131b1ae3 (patch) | |
tree | f089492438a2b558f6569baeb2d5404a10566fc3 /tests | |
parent | e79d276999bc92409df399c1f3cbb5b3b941ee4d (diff) | |
download | vboot-0902a08d74f090b747f59de616abfdf2131b1ae3.tar.gz |
vboot/vboot_kernel: update keyblock flag mismatch logicfactory-strongbad-13963.B
A keyblock flag mismatch should cause keyblock verification to
fail regardless of whether a valid keyblock is required (i.e.
self-signed keyblock case).
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I47096ab7fcf0fbd47a46a9a92a5406e9aa9b3596
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2846251
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/vboot_kernel_tests.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index 01b8b342..2cae6d14 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -705,7 +705,15 @@ static void LoadKernelTest(void) TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, "Keyblock rec!dev flag mismatch"); - /* Check keyblock flag mismatches (dev mode + signed kernel required) */ + /* Check keyblock flag mismatch (dev mode) */ + ResetMocks(); + ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; + kbh.keyblock_flags = + VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0; + TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND, + "Keyblock dev flag mismatch"); + + /* Check keyblock flag mismatch (dev mode + signed kernel required) */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1); |