1# SPDX-License-Identifier: GPL-2.0+ 2# 3# Copyright (c) 2021 Alexandru Gagniuc <mr.nuke.me@gmail.com> 4 5""" 6Check hashes produced by mkimage against known values 7 8This test checks the correctness of mkimage's hashes. by comparing the mkimage 9output of a fixed data block with known good hashes. 10This test doesn't run the sandbox. It only checks the host tool 'mkimage' 11""" 12 13import os 14import pytest 15import u_boot_utils as util 16 17kernel_hashes = { 18 "sha512" : "f18c1486a2c29f56360301576cdfce4dfd8e8e932d0ed8e239a1f314b8ae1d77b2a58cd7fe32e4075e69448e623ce53b0b6aa6ce5626d2c189a5beae29a68d93", 19 "sha384" : "16e28976740048485d08d793d8bf043ebc7826baf2bc15feac72825ad67530ceb3d09e0deb6932c62a5a0e9f3936baf4", 20 "sha256" : "2955c56bc1e5050c111ba6e089e0f5342bb47dedf77d87e3f429095feb98a7e5", 21 "sha1" : "652383e1a6d946953e1f65092c9435f6452c2ab7", 22 "md5" : "4879e5086e4c76128e525b5fe2af55f1", 23 "crc32" : "32eddfdf", 24 "crc16-ccitt" : "d4be" 25} 26 27class ReadonlyFitImage(object): 28 """ Helper to manipulate a FIT image on disk """ 29 def __init__(self, cons, file_name): 30 self.fit = file_name 31 self.cons = cons 32 self.hashable_nodes = set() 33 34 def __fdt_list(self, path): 35 return util.run_and_log(self.cons, f'fdtget -l {self.fit} {path}') 36 37 def __fdt_get(self, node, prop): 38 val = util.run_and_log(self.cons, f'fdtget {self.fit} {node} {prop}') 39 return val.rstrip('\n') 40 41 def __fdt_get_sexadecimal(self, node, prop): 42 numbers = util.run_and_log(self.cons, f'fdtget -tbx {self.fit} {node} {prop}') 43 44 sexadecimal = '' 45 for num in numbers.rstrip('\n').split(' '): 46 sexadecimal += num.zfill(2) 47 return sexadecimal 48 49 def find_hashable_image_nodes(self): 50 for node in self.__fdt_list('/images').split(): 51 # We only have known hashes for the kernel node 52 if 'kernel' not in node: 53 continue 54 self.hashable_nodes.add(f'/images/{node}') 55 56 return self.hashable_nodes 57 58 def verify_hashes(self): 59 for image in self.hashable_nodes: 60 algos = set() 61 for node in self.__fdt_list(image).split(): 62 if "hash-" not in node: 63 continue 64 65 raw_hash = self.__fdt_get_sexadecimal(f'{image}/{node}', 'value') 66 algo = self.__fdt_get(f'{image}/{node}', 'algo') 67 algos.add(algo) 68 69 good_hash = kernel_hashes[algo] 70 if good_hash != raw_hash: 71 raise ValueError(f'{image} Borked hash: {algo}'); 72 73 # Did we test all the hashes we set out to test? 74 missing_algos = kernel_hashes.keys() - algos 75 if (missing_algos): 76 raise ValueError(f'Missing hashes from FIT: {missing_algos}') 77 78 79@pytest.mark.buildconfigspec('hash') 80@pytest.mark.requiredtool('dtc') 81@pytest.mark.requiredtool('fdtget') 82@pytest.mark.requiredtool('fdtput') 83def test_mkimage_hashes(u_boot_console): 84 """ Test that hashes generated by mkimage are correct. """ 85 86 def assemble_fit_image(dest_fit, its, destdir): 87 dtc_args = f'-I dts -O dtb -i {destdir}' 88 util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f', its, dest_fit]) 89 90 def dtc(dts): 91 dtb = dts.replace('.dts', '.dtb') 92 util.run_and_log(cons, f'dtc {datadir}/{dts} -O dtb -o {tempdir}/{dtb}') 93 94 cons = u_boot_console 95 mkimage = cons.config.build_dir + '/tools/mkimage' 96 datadir = cons.config.source_dir + '/test/py/tests/vboot/' 97 tempdir = os.path.join(cons.config.result_dir, 'hashes') 98 os.makedirs(tempdir, exist_ok=True) 99 100 fit_file = f'{tempdir}/test.fit' 101 dtc('sandbox-kernel.dts') 102 103 # Create a fake kernel image -- Avoid zeroes or crc16 will be zero 104 with open(f'{tempdir}/test-kernel.bin', 'w') as fd: 105 fd.write(500 * chr(0xa5)) 106 107 assemble_fit_image(fit_file, f'{datadir}/hash-images.its', tempdir) 108 109 fit = ReadonlyFitImage(cons, fit_file) 110 nodes = fit.find_hashable_image_nodes() 111 if len(nodes) == 0: 112 raise ValueError('FIT image has no "/image" nodes with "hash-..."') 113 114 fit.verify_hashes() 115