/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Tests for vboot_api_kernel, part 3 - software sync */ #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include "gbb_header.h" #include "host_common.h" #include "load_kernel_fw.h" #include "rollback_index.h" #include "test_common.h" #include "vboot_audio.h" #include "vboot_common.h" #include "vboot_kernel.h" #include "vboot_nvstorage.h" #include "vboot_struct.h" /* Mock data */ static VbCommonParams cparams; static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static GoogleBinaryBlockHeader gbb; static int trust_ec; static int mock_in_rw; static VbError_t in_rw_retval; static int protect_retval; static int ec_protected; static int run_retval; static int ec_run_image; static int update_retval; static int ec_updated; static int get_expected_retval; static int shutdown_request_calls_left; static uint8_t mock_ec_hash[32]; static int mock_ec_hash_size; static uint8_t want_ec_hash[32]; static int want_ec_hash_size; static uint8_t mock_sha[32]; static uint32_t screens_displayed[8]; static uint32_t screens_count = 0; /* Reset mock data (for use before each test) */ static void ResetMocks(void) { Memset(&cparams, 0, sizeof(cparams)); cparams.shared_data_size = sizeof(shared_data); cparams.shared_data_blob = shared_data; cparams.gbb_data = &gbb; Memset(&gbb, 0, sizeof(gbb)); gbb.major_version = GBB_MAJOR_VER; gbb.minor_version = GBB_MINOR_VER; gbb.flags = 0; /* * Only the outermost vboot_api_kernel call sets vboot_api_kernel's * vnc. So clear it here too. */ Memset(VbApiKernelGetVnc(), 0, sizeof(VbNvContext)); VbNvSetup(VbApiKernelGetVnc()); VbNvTeardown(VbApiKernelGetVnc()); /* So CRC gets generated */ Memset(&shared_data, 0, sizeof(shared_data)); VbSharedDataInit(shared, sizeof(shared_data)); trust_ec = 0; mock_in_rw = 0; ec_protected = 0; ec_run_image = 0; /* 0 = RO, 1 = RW */ ec_updated = 0; in_rw_retval = VBERROR_SUCCESS; protect_retval = VBERROR_SUCCESS; update_retval = VBERROR_SUCCESS; run_retval = VBERROR_SUCCESS; get_expected_retval = VBERROR_SUCCESS; shutdown_request_calls_left = -1; Memset(mock_ec_hash, 0, sizeof(mock_ec_hash)); mock_ec_hash[0] = 42; mock_ec_hash_size = sizeof(mock_ec_hash); Memset(want_ec_hash, 0, sizeof(want_ec_hash)); want_ec_hash[0] = 42; want_ec_hash_size = sizeof(want_ec_hash); Memset(mock_sha, 0, sizeof(want_ec_hash)); mock_sha[0] = 42; // TODO: ensure these are actually needed Memset(screens_displayed, 0, sizeof(screens_displayed)); screens_count = 0; } /* Mock functions */ uint32_t VbExIsShutdownRequested(void) { if (shutdown_request_calls_left == 0) return 1; else if (shutdown_request_calls_left > 0) shutdown_request_calls_left--; return 0; } int VbExTrustEC(int devidx) { return trust_ec; } VbError_t VbExEcRunningRW(int devidx, int *in_rw) { *in_rw = mock_in_rw; return in_rw_retval; } VbError_t VbExEcProtectRW(int devidx) { ec_protected = 1; return protect_retval; } VbError_t VbExEcDisableJump(int devidx) { return run_retval; } VbError_t VbExEcJumpToRW(int devidx) { ec_run_image = 1; return run_retval; } VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size) { *hash = mock_ec_hash; *hash_size = mock_ec_hash_size; return mock_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED; } VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select, const uint8_t **image, int *image_size) { static uint8_t fake_image[64] = {5, 6, 7, 8}; *image = fake_image; *image_size = sizeof(fake_image); return get_expected_retval; } VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select, const uint8_t **hash, int *hash_size) { *hash = want_ec_hash; *hash_size = want_ec_hash_size; if (want_ec_hash_size == -1) return VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE; else return want_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED; } uint8_t *internal_SHA256(const uint8_t *data, uint64_t len, uint8_t *digest) { Memcpy(digest, mock_sha, sizeof(mock_sha)); return digest; } VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size) { ec_updated = 1; return update_retval; } VbError_t VbDisplayScreen(VbCommonParams *cparams, uint32_t screen, int force, VbNvContext *vncptr) { if (screens_count < ARRAY_SIZE(screens_displayed)) screens_displayed[screens_count++] = screen; return VBERROR_SUCCESS; } static void test_ssync(VbError_t retval, int recovery_reason, const char *desc) { uint32_t u; TEST_EQ(VbEcSoftwareSync(0, &cparams), retval, desc); VbNvGet(VbApiKernelGetVnc(), VBNV_RECOVERY_REQUEST, &u); TEST_EQ(u, recovery_reason, " recovery reason"); } /* Tests */ static void VbSoftwareSyncTest(void) { /* Recovery cases */ ResetMocks(); shared->recovery_reason = 123; test_ssync(0, 0, "In recovery, EC-RO"); TEST_EQ(ec_protected, 0, " ec protected"); ResetMocks(); shared->recovery_reason = 123; mock_in_rw = 1; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, 123, "Recovery needs EC-RO"); /* AP-RO cases */ ResetMocks(); in_rw_retval = VBERROR_SIMULATED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_UNKNOWN_IMAGE, "Unknown EC image"); ResetMocks(); shared->flags |= VBSD_LF_USE_RO_NORMAL; mock_in_rw = 1; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, 0, "AP-RO needs EC-RO"); ResetMocks(); shared->flags |= VBSD_LF_USE_RO_NORMAL; test_ssync(0, 0, "AP-RO, EC-RO"); TEST_EQ(ec_protected, 1, " ec protected"); TEST_EQ(ec_run_image, 0, " ec run image"); ResetMocks(); shared->flags |= VBSD_LF_USE_RO_NORMAL; run_retval = VBERROR_SIMULATED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_SOFTWARE_SYNC, "Stay in RO fail"); ResetMocks(); shared->flags |= VBSD_LF_USE_RO_NORMAL; protect_retval = VBERROR_SIMULATED; test_ssync(VBERROR_SIMULATED, VBNV_RECOVERY_EC_PROTECT, "Protect error"); /* No longer check for shutdown requested */ ResetMocks(); shared->flags |= VBSD_LF_USE_RO_NORMAL; shutdown_request_calls_left = 0; test_ssync(0, 0, "AP-RO shutdown requested"); /* Calculate hashes */ ResetMocks(); mock_ec_hash_size = 0; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_HASH_FAILED, "Bad EC hash"); ResetMocks(); mock_ec_hash_size = 16; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_HASH_SIZE, "Bad EC hash size"); ResetMocks(); want_ec_hash_size = 0; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_EXPECTED_HASH, "Bad precalculated hash"); ResetMocks(); want_ec_hash_size = 16; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_EXPECTED_HASH, "Bad precalculated hash size"); ResetMocks(); mock_in_rw = 1; want_ec_hash_size = -1; test_ssync(0, 0, "No precomputed hash"); ResetMocks(); want_ec_hash_size = -1; get_expected_retval = VBERROR_SIMULATED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_EXPECTED_IMAGE, "Can't fetch image"); /* Updates required */ ResetMocks(); mock_in_rw = 1; want_ec_hash[0]++; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_HASH_MISMATCH, "Precalculated hash mismatch"); ResetMocks(); mock_in_rw = 1; mock_ec_hash[0]++; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, 0, "Pending update needs reboot"); ResetMocks(); mock_ec_hash[0]++; test_ssync(0, 0, "Update without reboot"); TEST_EQ(ec_protected, 1, " ec protected"); TEST_EQ(ec_run_image, 1, " ec run image"); TEST_EQ(ec_updated, 1, " ec updated"); ResetMocks(); mock_ec_hash[0]++; update_retval = VBERROR_EC_REBOOT_TO_RO_REQUIRED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, 0, "Reboot after update"); TEST_EQ(ec_updated, 1, " ec updated"); ResetMocks(); mock_ec_hash[0]++; update_retval = VBERROR_SIMULATED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_UPDATE, "Update failed"); ResetMocks(); mock_ec_hash[0]++; shared->flags |= VBSD_EC_SLOW_UPDATE; test_ssync(0, 0, "Slow update"); TEST_EQ(screens_displayed[0], VB_SCREEN_WAIT, " wait screen"); /* RW cases, no update */ ResetMocks(); mock_in_rw = 1; test_ssync(0, 0, "AP-RW, EC-RW"); ResetMocks(); test_ssync(0, 0, "AP-RW, EC-RO -> EC-RW"); TEST_EQ(ec_protected, 1, " ec protected"); TEST_EQ(ec_run_image, 1, " ec run image"); TEST_EQ(ec_updated, 0, " ec updated"); ResetMocks(); run_retval = VBERROR_SIMULATED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, VBNV_RECOVERY_EC_JUMP_RW, "Jump to RW fail"); ResetMocks(); run_retval = VBERROR_EC_REBOOT_TO_RO_REQUIRED; test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, 0, "Jump to RW fail because locked"); ResetMocks(); protect_retval = VBERROR_SIMULATED; test_ssync(VBERROR_SIMULATED, VBNV_RECOVERY_EC_PROTECT, "Protect error"); /* No longer check for shutdown requested */ ResetMocks(); shutdown_request_calls_left = 0; test_ssync(0, 0, "AP-RW, EC-RO -> EC-RW shutdown requested"); ResetMocks(); mock_in_rw = 1; shutdown_request_calls_left = 0; test_ssync(0, 0, "AP-RW shutdown requested"); } int main(void) { VbSoftwareSyncTest(); if (vboot_api_stub_check_memory()) return 255; return gTestSuccess ? 0 : 255; }