test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

1 files changed, 17 insertions, 1 deletions

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index 3dd8e3cb664..22c79ef3136 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -28,6 +28,7 @@ import pytest
 import sys
 import struct
 import u_boot_utils as util
+import vboot_forge
 
 @pytest.mark.boardspec('sandbox')
 @pytest.mark.buildconfigspec('fit_signature')
@@ -182,7 +183,22 @@ def test_vboot(u_boot_console):
 
         util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb])
 
-        # Replace header bytes
+        # Make sure that U-Boot checks that the config is in the list of hashed
+        # nodes. If it isn't, a security bypass is possible.
+        with open(fit, 'rb') as fp:
+            root, strblock = vboot_forge.read_fdt(fp)
+        root, strblock = vboot_forge.manipulate(root, strblock)
+        with open(fit, 'w+b') as fp:
+            vboot_forge.write_fdt(root, strblock, fp)
+        util.run_and_log_expect_exception(cons,
+                [fit_check_sign, '-f', fit, '-k', dtb],
+                1, 'Failed to verify required signature')
+
+        run_bootm(sha_algo, 'forged config', 'Bad Data Hash', False)
+
+        # Create a new properly signed fit and replace header bytes
+        make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
+        sign_fit(sha_algo)
         bcfg = u_boot_console.config.buildconfig
         max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
         existing_size = replace_fit_totalsize(max_size + 1)