| /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| * Use of this source code is governed by a BSD-style license that can be |
| * found in the LICENSE file. |
| * |
| * Tests for vboot_api_firmware |
| */ |
| |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| |
| #include "gbb_header.h" |
| #include "host_common.h" |
| #include "rollback_index.h" |
| #include "test_common.h" |
| #include "vboot_common.h" |
| #include "vboot_nvstorage.h" |
| #include "vboot_struct.h" |
| |
| /* Flags for mock_*_got_flags variables */ |
| #define MOCK_DEV_FLAG 0x01 /* Developer parameter non-zero */ |
| #define MOCK_REC_FLAG 0x02 /* Recovery parameter non-zero */ |
| |
| /* Mock data */ |
| static VbCommonParams cparams; |
| static VbSelectFirmwareParams fparams; |
| static GoogleBinaryBlockHeader gbb; |
| static VbNvContext vnc; |
| static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; |
| static VbSharedDataHeader* shared = (VbSharedDataHeader*)shared_data; |
| static uint64_t mock_timer; |
| static int nv_write_called; |
| /* Mock TPM versions */ |
| static uint32_t mock_tpm_version; |
| static uint32_t mock_lf_tpm_version; /* TPM version set by LoadFirmware() */ |
| /* Variables for tracking params passed to mock functions */ |
| static uint32_t mock_stbms_got_flags; |
| static uint64_t mock_stbms_got_fw_flags; |
| static int mock_rfl_called; |
| /* Mock return values, so we can simulate errors */ |
| static VbError_t mock_rfw_retval; |
| static VbError_t mock_rfl_retval; |
| static VbError_t mock_lf_retval; |
| static VbError_t mock_stbms_retval; |
| |
| /* Reset mock data (for use before each test) */ |
| static void ResetMocks(void) { |
| Memset(&cparams, 0, sizeof(cparams)); |
| cparams.shared_data_size = sizeof(shared_data); |
| cparams.shared_data_blob = shared_data; |
| |
| Memset(&fparams, 0, sizeof(fparams)); |
| |
| Memset(&gbb, 0, sizeof(gbb)); |
| cparams.gbb_data = &gbb; |
| cparams.gbb_size = sizeof(gbb); |
| cparams.gbb = &gbb; |
| |
| Memset(&vnc, 0, sizeof(vnc)); |
| VbNvSetup(&vnc); |
| VbNvTeardown(&vnc); /* So CRC gets generated */ |
| |
| Memset(&shared_data, 0, sizeof(shared_data)); |
| VbSharedDataInit(shared, sizeof(shared_data)); |
| shared->fw_keyblock_flags = 0xABCDE0; |
| |
| mock_timer = 10; |
| nv_write_called = mock_rfl_called = 0; |
| |
| mock_stbms_got_flags = 0; |
| mock_stbms_got_fw_flags = 0; |
| |
| mock_tpm_version = mock_lf_tpm_version = 0x20004; |
| shared->fw_version_tpm_start = mock_tpm_version; |
| mock_rfw_retval = mock_rfl_retval = 0; |
| mock_lf_retval = mock_stbms_retval = 0; |
| } |
| |
| /****************************************************************************/ |
| /* Mocked verification functions */ |
| |
| VbError_t VbExNvStorageRead(uint8_t* buf) { |
| Memcpy(buf, vnc.raw, sizeof(vnc.raw)); |
| return VBERROR_SUCCESS; |
| } |
| |
| VbError_t VbExNvStorageWrite(const uint8_t* buf) { |
| nv_write_called = 1; |
| Memcpy(vnc.raw, buf, sizeof(vnc.raw)); |
| return VBERROR_SUCCESS; |
| } |
| |
| uint64_t VbExGetTimer(void) { |
| /* Exponential-ish rather than linear time, so that subtracting any |
| * two mock values will yield a unique result. */ |
| uint64_t new_timer = mock_timer * 2 + 1; |
| VbAssert(new_timer > mock_timer); /* Make sure we don't overflow */ |
| mock_timer = new_timer; |
| return mock_timer; |
| } |
| |
| uint32_t RollbackFirmwareWrite(uint32_t version) { |
| mock_tpm_version = version; |
| return mock_rfw_retval; |
| } |
| |
| uint32_t RollbackFirmwareLock(void) { |
| mock_rfl_called = 1; |
| return mock_rfl_retval; |
| } |
| |
| uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode, |
| uint64_t fw_keyblock_flags, |
| GoogleBinaryBlockHeader *gbb) { |
| if (recovery_mode) |
| mock_stbms_got_flags |= MOCK_REC_FLAG; |
| if (developer_mode) |
| mock_stbms_got_flags |= MOCK_DEV_FLAG; |
| |
| mock_stbms_got_fw_flags = fw_keyblock_flags; |
| |
| return mock_stbms_retval; |
| } |
| |
| int LoadFirmware(VbCommonParams* cparams, VbSelectFirmwareParams* fparams, |
| VbNvContext* vnc) { |
| shared->fw_version_tpm = mock_lf_tpm_version; |
| return mock_lf_retval; |
| } |
| |
| |
| /****************************************************************************/ |
| /* Test VbSelectFirmware() and check expected return value and |
| * recovery reason */ |
| static void TestVbSf(VbError_t expected_retval, |
| uint8_t expected_recovery, const char* desc) { |
| uint32_t rr = 256; |
| |
| TEST_EQ(VbSelectFirmware(&cparams, &fparams), expected_retval, desc); |
| VbNvGet(&vnc, VBNV_RECOVERY_REQUEST, &rr); |
| TEST_EQ(rr, expected_recovery, " recovery request"); |
| } |
| |
| /****************************************************************************/ |
| |
| static void VbSelectFirmwareTest(void) { |
| /* Normal call */ |
| ResetMocks(); |
| TestVbSf(0, 0, "Normal call"); |
| TEST_EQ(shared->timer_vb_select_firmware_enter, 21, " time enter"); |
| TEST_EQ(shared->timer_vb_select_firmware_exit, 43, " time exit"); |
| TEST_EQ(nv_write_called, 0, " NV write not called since nothing changed"); |
| TEST_EQ(mock_stbms_got_flags, 0, " SetTPMBootModeState() flags"); |
| TEST_EQ(mock_stbms_got_fw_flags, 0xABCDE0, " fw keyblock flags"); |
| TEST_EQ(mock_rfl_called, 1, " RollbackFirmwareLock() called"); |
| |
| /* Developer mode call */ |
| ResetMocks(); |
| shared->flags |= VBSD_BOOT_DEV_SWITCH_ON; |
| TestVbSf(0, 0, "Developer mode"); |
| TEST_EQ(mock_stbms_got_flags, MOCK_DEV_FLAG, " SetTPMBootModeState() flags"); |
| TEST_EQ(mock_rfl_called, 1, " RollbackFirmwareLock() called"); |
| |
| /* Recovery mode doesn't call LoadFirmware(), |
| * RollbackFirmwareWrite(), or RollbackFirmwareLock(). */ |
| ResetMocks(); |
| shared->recovery_reason = VBNV_RECOVERY_US_TEST; |
| mock_lf_retval = VBERROR_UNKNOWN; |
| mock_rfw_retval = mock_rfl_retval = TPM_E_IOERROR; |
| TestVbSf(0, 0, "Recovery mode"); |
| TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_RECOVERY, |
| " select recovery"); |
| TEST_EQ(mock_stbms_got_flags, MOCK_REC_FLAG, " SetTPMBootModeState() flags"); |
| TEST_EQ(mock_rfl_called, 0, " RollbackFirmwareLock() not called"); |
| |
| /* Dev + recovery */ |
| ResetMocks(); |
| shared->recovery_reason = VBNV_RECOVERY_US_TEST; |
| shared->flags |= VBSD_BOOT_DEV_SWITCH_ON; |
| TestVbSf(0, 0, "Recovery+developer mode"); |
| TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_RECOVERY, |
| " select recovery"); |
| TEST_EQ(mock_stbms_got_flags, MOCK_DEV_FLAG|MOCK_REC_FLAG, |
| " SetTPMBootModeState() flags"); |
| TEST_EQ(mock_rfl_called, 0, " RollbackFirmwareLock() not called"); |
| |
| /* LoadFirmware() error code passed through */ |
| ResetMocks(); |
| mock_lf_retval = 0x12345; |
| TestVbSf(0x12345, 0, "LoadFirmware() error"); |
| |
| /* Select different firmware paths based on LoadFirmware() result */ |
| ResetMocks(); |
| shared->flags |= VBSD_LF_USE_RO_NORMAL; |
| TestVbSf(0, 0, "LoadFirmware() RO-normal"); |
| TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_READONLY, |
| " select RO normal"); |
| ResetMocks(); |
| shared->firmware_index = 0; |
| TestVbSf(0, 0, "LoadFirmware() A"); |
| TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_A, " select A"); |
| ResetMocks(); |
| shared->firmware_index = 1; |
| TestVbSf(0, 0, "LoadFirmware() B"); |
| TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_B, " select B"); |
| |
| /* Handle TPM version updates */ |
| ResetMocks(); |
| mock_lf_tpm_version = 0x30005; |
| TestVbSf(0, 0, "TPM version update"); |
| TEST_EQ(shared->fw_version_tpm_start, 0x20004, " TPM version start"); |
| TEST_EQ(shared->fw_version_tpm, 0x30005, " TPM version"); |
| TEST_EQ(mock_tpm_version, 0x30005, " TPM version written back"); |
| |
| /* Check error writing TPM version */ |
| ResetMocks(); |
| mock_lf_tpm_version = 0x30005; |
| mock_rfw_retval = TPM_E_IOERROR; |
| TestVbSf(VBERROR_TPM_WRITE_FIRMWARE, VBNV_RECOVERY_RO_TPM_W_ERROR, |
| "TPM version update failure"); |
| |
| /* If no change to TPM version, RollbackFirmwareWrite() not called */ |
| ResetMocks(); |
| mock_rfw_retval = TPM_E_IOERROR; |
| TestVbSf(0, 0, "LoadFirmware() TPM version not updated"); |
| TEST_EQ(shared->fw_version_tpm_start, 0x20004, " TPM version start"); |
| TEST_EQ(shared->fw_version_tpm, 0x20004, " TPM version"); |
| TEST_EQ(mock_tpm_version, 0x20004, " TPM version (not) written back"); |
| |
| /* Check errors from SetTPMBootModeState() */ |
| ResetMocks(); |
| mock_stbms_retval = TPM_E_IOERROR; |
| TestVbSf(VBERROR_TPM_SET_BOOT_MODE_STATE, VBNV_RECOVERY_RO_TPM_U_ERROR, |
| "TPM set boot mode state failure"); |
| ResetMocks(); |
| mock_stbms_retval = TPM_E_IOERROR; |
| shared->recovery_reason = VBNV_RECOVERY_US_TEST; |
| TestVbSf(0, 0, "TPM set boot mode state failure ignored in recovery"); |
| |
| /* Handle RollbackFirmwareLock() errors */ |
| ResetMocks(); |
| mock_rfl_retval = TPM_E_IOERROR; |
| TestVbSf(VBERROR_TPM_LOCK_FIRMWARE, VBNV_RECOVERY_RO_TPM_L_ERROR, |
| "TPM lock firmware failure"); |
| } |
| |
| |
| int main(int argc, char* argv[]) { |
| int error_code = 0; |
| |
| VbSelectFirmwareTest(); |
| |
| if (vboot_api_stub_check_memory()) |
| error_code = 255; |
| if (!gTestSuccess) |
| error_code = 255; |
| |
| return error_code; |
| } |