Loading fs_mgr/libfs_avb/avb_util.cpp +22 −11 Original line number Diff line number Diff line Loading @@ -361,13 +361,21 @@ bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& e } VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob) { const std::string& expected_public_key_blob, std::string* out_public_key_data) { const uint8_t* pk_data; size_t pk_len; ::AvbVBMetaVerifyResult vbmeta_ret; vbmeta_ret = avb_vbmeta_image_verify(vbmeta.data(), vbmeta.size(), &pk_data, &pk_len); if (out_public_key_data != nullptr) { out_public_key_data->clear(); if (pk_len > 0) { out_public_key_data->append(reinterpret_cast<const char*>(pk_data), pk_len); } } switch (vbmeta_ret) { case AVB_VBMETA_VERIFY_RESULT_OK: if (pk_data == nullptr || pk_len <= 0) { Loading Loading @@ -406,6 +414,7 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name, const std::string& expected_public_key_blob, std::string* out_public_key_data, VBMetaVerifyResult* out_verify_result) { uint64_t vbmeta_offset = 0; uint64_t vbmeta_size = VBMetaData::kMaxVBMetaSize; Loading Loading @@ -434,7 +443,8 @@ std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partitio return nullptr; } auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob); auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob, out_public_key_data); if (out_verify_result != nullptr) *out_verify_result = verify_result; if (verify_result == VBMetaVerifyResult::kSuccess || Loading Loading @@ -496,8 +506,8 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( const std::string& image_path, const std::string& partition_name, const std::string& expected_public_key_blob, bool allow_verification_error, bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) { bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) { // Ensures the device path (might be a symlink created by init) is ready to access. if (!WaitForFile(image_path, 1s)) { PERROR << "No such path: " << image_path; Loading @@ -511,8 +521,8 @@ std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( } VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, partition_name, expected_public_key_blob, &verify_result); std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, partition_name, expected_public_key_blob, out_public_key_data, &verify_result); if (!vbmeta) { LERROR << partition_name << ": Failed to load vbmeta, result: " << verify_result; return nullptr; Loading Loading @@ -569,9 +579,10 @@ VBMetaVerifyResult LoadAndVerifyVbmetaByPartition( bool verification_disabled = false; VBMetaVerifyResult verify_result; auto vbmeta = LoadAndVerifyVbmetaByPath( image_path, partition_name, expected_public_key_blob, allow_verification_error, rollback_protection, is_chained_vbmeta, &verification_disabled, &verify_result); auto vbmeta = LoadAndVerifyVbmetaByPath(image_path, partition_name, expected_public_key_blob, allow_verification_error, rollback_protection, is_chained_vbmeta, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); if (!vbmeta) { return VBMetaVerifyResult::kError; Loading fs_mgr/libfs_avb/avb_util.h +7 −5 Original line number Diff line number Diff line Loading @@ -79,10 +79,12 @@ std::unique_ptr<AvbFooter> GetAvbFooter(int fd); std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name, const std::string& expected_public_key_blob, std::string* out_public_key_data, VBMetaVerifyResult* out_verify_result); VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob); const std::string& expected_public_key_blob, std::string* out_public_key_data); bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); Loading @@ -96,8 +98,8 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( const std::string& image_path, const std::string& partition_name, const std::string& expected_public_key_blob, bool allow_verification_error, bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result); bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result); // Loads the top-level vbmeta and all its chained vbmeta images. // The actual device path is constructed at runtime by: Loading fs_mgr/libfs_avb/fs_avb.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -409,7 +409,8 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */, expected_key_blob, allow_verification_error, rollback_protection, false /* not is_chained_vbmeta */, &verification_disabled, nullptr /* out_verify_result */); false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, nullptr /* out_verify_result */); if (!vbmeta) { LERROR << "Failed to load vbmeta: " << fstab_entry->blk_device; Loading fs_mgr/libfs_avb/tests/avb_util_test.cpp +114 −65 Original line number Diff line number Diff line Loading @@ -391,13 +391,36 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignature) { "hashtree", signing_key, "SHA256_RSA4096", 10 /* rollback_index */); auto expected_public_key = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key)); auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, nullptr /* out_public_key_data */)); // Converts the expected key into an 'unexpected' key. expected_public_key[10] ^= 0x80; expected_public_key_blob[10] ^= 0x80; EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, expected_public_key)); VerifyVBMetaSignature(vbmeta, expected_public_key_blob, nullptr /* out_public_key_data */)); } TEST_F(AvbUtilTest, VerifyVBMetaSignatureOutputPublicKeyData) { const size_t image_size = 10 * 1024 * 1024; const size_t partition_size = 15 * 1024 * 1024; auto signing_key = data_dir_.Append("testkey_rsa4096.pem"); auto vbmeta = GenerateImageAndExtractVBMetaData("system", image_size, partition_size, "hashtree", signing_key, "SHA256_RSA4096", 10 /* rollback_index */); std::string out_public_key_data; auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data)); EXPECT_EQ(out_public_key_data, expected_public_key_blob); // Converts the expected key into an 'unexpected' key. expected_public_key_blob[10] ^= 0x80; EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data)); EXPECT_NE(out_public_key_data, expected_public_key_blob); } bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result, Loading @@ -410,7 +433,8 @@ bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result, for (int n = 0; n <= kNumCheckIntervals; n++) { size_t o = std::min(length * n / kNumCheckIntervals, length - 1) + offset; d[o] ^= 0x80; VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key */); VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_key_data */); d[o] ^= 0x80; if (result != expected_result) { return false; Loading Loading @@ -456,7 +480,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureNotSigned) { "system", image_size, partition_size, "hashtree", {} /* avb_signing_key */, "" /* avb_algorithm */, 10 /* rollback_index */); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, "")); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_key_data */)); } TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) { Loading @@ -468,7 +494,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) { VBMetaData invalid_vbmeta((const uint8_t*)vbmeta_buffer.data(), vbmeta_buffer.size(), "invalid_vbmeta"); EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, "")); EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_Key_data */)); } bool AvbUtilTest::CompareVBMeta(const base::FilePath& avb_image_path, Loading Loading @@ -538,11 +566,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithoutFooter) { ASSERT_TRUE(fd > 0); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "vbmeta", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "vbmeta", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_TRUE(vbmeta != nullptr); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Checkes the returned vbmeta content is the same as that extracted via avbtool. vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */); EXPECT_TRUE(CompareVBMeta(vbmeta_path, *vbmeta)); Loading @@ -562,11 +594,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithFooter) { ASSERT_TRUE(fd > 0); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_TRUE(vbmeta != nullptr); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Checkes the returned vbmeta content is the same as that extracted via avbtool. EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); } Loading Loading @@ -618,11 +654,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { EXPECT_TRUE(footer != nullptr); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Modifies hash and signature, checks there is verification error. auto header = vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */); size_t header_block_offset = 0; Loading @@ -637,7 +677,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { ASSERT_TRUE(hash_modified_fd > 0); // Should return ErrorVerification. vbmeta = VerifyVBMetaData(hash_modified_fd, "system", "" /*expected_public_key_blob */, &verify_result); nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -652,7 +692,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { ASSERT_TRUE(aux_modified_fd > 0); // Should return ErrorVerification. vbmeta = VerifyVBMetaData(aux_modified_fd, "system", "" /*expected_public_key_blob */, &verify_result); nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -662,7 +702,8 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { android::base::unique_fd ok_fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC)); ASSERT_TRUE(ok_fd > 0); // Should return ResultOK.. vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, &verify_result); vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); Loading Loading @@ -851,22 +892,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPath) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); bool verification_disabled; VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, &verification_disabled, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); EXPECT_EQ(false, verification_disabled); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); Loading @@ -885,11 +926,8 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); // Modifies the auxiliary data of system_other.img auto fd = OpenUniqueReadFd(system_path); Loading @@ -912,14 +950,16 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Allow verification error. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -936,14 +976,16 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Allow verification error. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); } Loading @@ -959,24 +1001,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa2048_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa2048.pem")); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string unexpected_key_blob_2048; EXPECT_TRUE(base::ReadFileToString(rsa2048_public_key, &unexpected_key_blob_2048)); std::string unexpected_key_blob_2048 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa2048.pem")); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); // Uses the correct expected public key. VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(verify_result, VBMetaVerifyResult::kSuccess); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); EXPECT_EQ("system_other", vbmeta->partition()); Loading @@ -986,15 +1026,21 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", unexpected_key_blob_2048, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Checks out_public_key_data is still loaded properly, if the error is due // to an unexpected public key instead of vbmeta image verification error. EXPECT_EQ(expected_key_blob_4096, out_public_key_data); // Uses the wrong expected public key with allow_verification_error set to true. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", unexpected_key_blob_2048, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(verify_result, VBMetaVerifyResult::kErrorVerification); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); Loading Loading @@ -1023,10 +1069,12 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) { SetVBMetaFlags(system_path, AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); bool verification_disabled; VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -1042,7 +1090,8 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); EXPECT_EQ(nullptr, vbmeta); } Loading Loading
fs_mgr/libfs_avb/avb_util.cpp +22 −11 Original line number Diff line number Diff line Loading @@ -361,13 +361,21 @@ bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& e } VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob) { const std::string& expected_public_key_blob, std::string* out_public_key_data) { const uint8_t* pk_data; size_t pk_len; ::AvbVBMetaVerifyResult vbmeta_ret; vbmeta_ret = avb_vbmeta_image_verify(vbmeta.data(), vbmeta.size(), &pk_data, &pk_len); if (out_public_key_data != nullptr) { out_public_key_data->clear(); if (pk_len > 0) { out_public_key_data->append(reinterpret_cast<const char*>(pk_data), pk_len); } } switch (vbmeta_ret) { case AVB_VBMETA_VERIFY_RESULT_OK: if (pk_data == nullptr || pk_len <= 0) { Loading Loading @@ -406,6 +414,7 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name, const std::string& expected_public_key_blob, std::string* out_public_key_data, VBMetaVerifyResult* out_verify_result) { uint64_t vbmeta_offset = 0; uint64_t vbmeta_size = VBMetaData::kMaxVBMetaSize; Loading Loading @@ -434,7 +443,8 @@ std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partitio return nullptr; } auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob); auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob, out_public_key_data); if (out_verify_result != nullptr) *out_verify_result = verify_result; if (verify_result == VBMetaVerifyResult::kSuccess || Loading Loading @@ -496,8 +506,8 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( const std::string& image_path, const std::string& partition_name, const std::string& expected_public_key_blob, bool allow_verification_error, bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) { bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) { // Ensures the device path (might be a symlink created by init) is ready to access. if (!WaitForFile(image_path, 1s)) { PERROR << "No such path: " << image_path; Loading @@ -511,8 +521,8 @@ std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( } VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, partition_name, expected_public_key_blob, &verify_result); std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, partition_name, expected_public_key_blob, out_public_key_data, &verify_result); if (!vbmeta) { LERROR << partition_name << ": Failed to load vbmeta, result: " << verify_result; return nullptr; Loading Loading @@ -569,9 +579,10 @@ VBMetaVerifyResult LoadAndVerifyVbmetaByPartition( bool verification_disabled = false; VBMetaVerifyResult verify_result; auto vbmeta = LoadAndVerifyVbmetaByPath( image_path, partition_name, expected_public_key_blob, allow_verification_error, rollback_protection, is_chained_vbmeta, &verification_disabled, &verify_result); auto vbmeta = LoadAndVerifyVbmetaByPath(image_path, partition_name, expected_public_key_blob, allow_verification_error, rollback_protection, is_chained_vbmeta, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); if (!vbmeta) { return VBMetaVerifyResult::kError; Loading
fs_mgr/libfs_avb/avb_util.h +7 −5 Original line number Diff line number Diff line Loading @@ -79,10 +79,12 @@ std::unique_ptr<AvbFooter> GetAvbFooter(int fd); std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name, const std::string& expected_public_key_blob, std::string* out_public_key_data, VBMetaVerifyResult* out_verify_result); VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta, const std::string& expected_public_key_blob); const std::string& expected_public_key_blob, std::string* out_public_key_data); bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob); Loading @@ -96,8 +98,8 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath( const std::string& image_path, const std::string& partition_name, const std::string& expected_public_key_blob, bool allow_verification_error, bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result); bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data, bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result); // Loads the top-level vbmeta and all its chained vbmeta images. // The actual device path is constructed at runtime by: Loading
fs_mgr/libfs_avb/fs_avb.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -409,7 +409,8 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */, expected_key_blob, allow_verification_error, rollback_protection, false /* not is_chained_vbmeta */, &verification_disabled, nullptr /* out_verify_result */); false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, nullptr /* out_verify_result */); if (!vbmeta) { LERROR << "Failed to load vbmeta: " << fstab_entry->blk_device; Loading
fs_mgr/libfs_avb/tests/avb_util_test.cpp +114 −65 Original line number Diff line number Diff line Loading @@ -391,13 +391,36 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignature) { "hashtree", signing_key, "SHA256_RSA4096", 10 /* rollback_index */); auto expected_public_key = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key)); auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, nullptr /* out_public_key_data */)); // Converts the expected key into an 'unexpected' key. expected_public_key[10] ^= 0x80; expected_public_key_blob[10] ^= 0x80; EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, expected_public_key)); VerifyVBMetaSignature(vbmeta, expected_public_key_blob, nullptr /* out_public_key_data */)); } TEST_F(AvbUtilTest, VerifyVBMetaSignatureOutputPublicKeyData) { const size_t image_size = 10 * 1024 * 1024; const size_t partition_size = 15 * 1024 * 1024; auto signing_key = data_dir_.Append("testkey_rsa4096.pem"); auto vbmeta = GenerateImageAndExtractVBMetaData("system", image_size, partition_size, "hashtree", signing_key, "SHA256_RSA4096", 10 /* rollback_index */); std::string out_public_key_data; auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key); EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data)); EXPECT_EQ(out_public_key_data, expected_public_key_blob); // Converts the expected key into an 'unexpected' key. expected_public_key_blob[10] ^= 0x80; EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data)); EXPECT_NE(out_public_key_data, expected_public_key_blob); } bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result, Loading @@ -410,7 +433,8 @@ bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result, for (int n = 0; n <= kNumCheckIntervals; n++) { size_t o = std::min(length * n / kNumCheckIntervals, length - 1) + offset; d[o] ^= 0x80; VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key */); VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_key_data */); d[o] ^= 0x80; if (result != expected_result) { return false; Loading Loading @@ -456,7 +480,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureNotSigned) { "system", image_size, partition_size, "hashtree", {} /* avb_signing_key */, "" /* avb_algorithm */, 10 /* rollback_index */); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, "")); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_key_data */)); } TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) { Loading @@ -468,7 +494,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) { VBMetaData invalid_vbmeta((const uint8_t*)vbmeta_buffer.data(), vbmeta_buffer.size(), "invalid_vbmeta"); EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, "")); EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, "" /* expected_public_key_blob */, nullptr /* out_public_Key_data */)); } bool AvbUtilTest::CompareVBMeta(const base::FilePath& avb_image_path, Loading Loading @@ -538,11 +566,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithoutFooter) { ASSERT_TRUE(fd > 0); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "vbmeta", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "vbmeta", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_TRUE(vbmeta != nullptr); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Checkes the returned vbmeta content is the same as that extracted via avbtool. vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */); EXPECT_TRUE(CompareVBMeta(vbmeta_path, *vbmeta)); Loading @@ -562,11 +594,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithFooter) { ASSERT_TRUE(fd > 0); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_TRUE(vbmeta != nullptr); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Checkes the returned vbmeta content is the same as that extracted via avbtool. EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); } Loading Loading @@ -618,11 +654,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { EXPECT_TRUE(footer != nullptr); VBMetaVerifyResult verify_result; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result); std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData( fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem")); EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data); // Modifies hash and signature, checks there is verification error. auto header = vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */); size_t header_block_offset = 0; Loading @@ -637,7 +677,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { ASSERT_TRUE(hash_modified_fd > 0); // Should return ErrorVerification. vbmeta = VerifyVBMetaData(hash_modified_fd, "system", "" /*expected_public_key_blob */, &verify_result); nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -652,7 +692,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { ASSERT_TRUE(aux_modified_fd > 0); // Should return ErrorVerification. vbmeta = VerifyVBMetaData(aux_modified_fd, "system", "" /*expected_public_key_blob */, &verify_result); nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -662,7 +702,8 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) { android::base::unique_fd ok_fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC)); ASSERT_TRUE(ok_fd > 0); // Should return ResultOK.. vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, &verify_result); vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, nullptr /* out_public_key_data */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta)); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); Loading Loading @@ -851,22 +892,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPath) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); bool verification_disabled; VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, &verification_disabled, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result); EXPECT_EQ(false, verification_disabled); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); Loading @@ -885,11 +926,8 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); // Modifies the auxiliary data of system_other.img auto fd = OpenUniqueReadFd(system_path); Loading @@ -912,14 +950,16 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Allow verification error. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -936,14 +976,16 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Allow verification error. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); } Loading @@ -959,24 +1001,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) { 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d", "--internal_release_string \"unit test\""); base::FilePath rsa2048_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa2048.pem")); base::FilePath rsa4096_public_key = ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem")); std::string expected_key_blob_4096; EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096)); std::string unexpected_key_blob_2048; EXPECT_TRUE(base::ReadFileToString(rsa2048_public_key, &unexpected_key_blob_2048)); std::string unexpected_key_blob_2048 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa2048.pem")); std::string expected_key_blob_4096 = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem")); // Uses the correct expected public key. VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(verify_result, VBMetaVerifyResult::kSuccess); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); EXPECT_EQ("system_other", vbmeta->partition()); Loading @@ -986,15 +1026,21 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", unexpected_key_blob_2048, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_EQ(nullptr, vbmeta); // Checks out_public_key_data is still loaded properly, if the error is due // to an unexpected public key instead of vbmeta image verification error. EXPECT_EQ(expected_key_blob_4096, out_public_key_data); // Uses the wrong expected public key with allow_verification_error set to true. vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", unexpected_key_blob_2048, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result); false /* is_chained_vbmeta */, &out_public_key_data, nullptr /* verification_disabled */, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(expected_key_blob_4096, out_public_key_data); EXPECT_EQ(verify_result, VBMetaVerifyResult::kErrorVerification); EXPECT_EQ(2112UL, vbmeta->size()); EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path()); Loading Loading @@ -1023,10 +1069,12 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) { SetVBMetaFlags(system_path, AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); bool verification_disabled; VBMetaVerifyResult verify_result; std::string out_public_key_data; std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, true /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); EXPECT_NE(nullptr, vbmeta); EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result); Loading @@ -1042,7 +1090,8 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) { vbmeta = LoadAndVerifyVbmetaByPath( system_path.value(), "system_other", expected_key_blob_4096, false /* allow_verification_error */, false /* rollback_protection */, false /* is_chained_vbmeta */, &verification_disabled, &verify_result); false /* is_chained_vbmeta */, nullptr /* out_public_key_data */, &verification_disabled, &verify_result); EXPECT_EQ(nullptr, vbmeta); } Loading
