summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2024-04-22 11:41:00 +0300
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2024-05-01 08:38:29 +0300
commit566f067349a8f6136cf62d907019efdf1e250ce5 (patch)
tree7d5ab6ecdfed4757638c97aa46bbf1a3aea1a505 /test
parent84aab11d3503a555ca6349da76efa4f4aedfc136 (diff)
downloadu-boot-566f067349a8f6136cf62d907019efdf1e250ce5.tar.xz
efi_loader: improve error handling in try_load_entry()
The image is not unloaded if a security violation occurs. If efi_set_load_options() fails, we do not free the memory allocated for the optional data. We do not unload the image. * Unload the image if a security violation occurs. * Free load_options if efi_set_load_options() fails. * Unload the image if efi_set_load_options() fails. Fixes: 53f6a5aa8626 ("efi_loader: Replace config option for initrd loading") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Diffstat (limited to 'test')
-rw-r--r--test/py/tests/test_efi_secboot/test_signed.py28
-rw-r--r--test/py/tests/test_efi_secboot/test_signed_intca.py10
-rw-r--r--test/py/tests/test_efi_secboot/test_unsigned.py6
3 files changed, 22 insertions, 22 deletions
diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py
index 2f862a259a..5000a4ab7b 100644
--- a/test/py/tests/test_efi_secboot/test_signed.py
+++ b/test/py/tests/test_efi_secboot/test_signed.py
@@ -62,13 +62,13 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert('\'HELLO1\' failed' in ''.join(output))
- assert('efi_start_image() returned: 26' in ''.join(output))
+ assert('efi_bootmgr_load() returned: 26' in ''.join(output))
output = u_boot_console.run_command_list([
'efidebug boot add -b 2 HELLO2 host 0:1 /helloworld.efi -s ""',
'efidebug boot order 2',
'efidebug test bootmgr'])
assert '\'HELLO2\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, authenticated by db
@@ -80,7 +80,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 2',
'efidebug test bootmgr'])
assert '\'HELLO2\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot order 1',
'bootefi bootmgr'])
@@ -108,7 +108,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, rejected by dbx even if db allows
@@ -120,7 +120,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
def test_efi_signed_image_auth4(self, u_boot_console, efi_boot_env):
"""
@@ -146,7 +146,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
def test_efi_signed_image_auth5(self, u_boot_console, efi_boot_env):
"""
@@ -196,7 +196,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 5d'):
# Test Case 5d, rejected if both of signatures are revoked
@@ -208,7 +208,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
# Try rejection in reverse order.
u_boot_console.restart_uboot()
@@ -233,7 +233,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
def test_efi_signed_image_auth6(self, u_boot_console, efi_boot_env):
"""
@@ -268,7 +268,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 6c'):
# Test Case 6c, rejected by image's digest in dbx
@@ -282,7 +282,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
def test_efi_signed_image_auth7(self, u_boot_console, efi_boot_env):
"""
@@ -310,7 +310,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
# sha512 of an x509 cert in dbx
u_boot_console.restart_uboot()
@@ -333,7 +333,7 @@ class TestEfiSignedImage(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
def test_efi_signed_image_auth8(self, u_boot_console, efi_boot_env):
"""
@@ -368,4 +368,4 @@ class TestEfiSignedImage(object):
'efidebug test bootmgr'])
assert(not 'hELLO, world!' in ''.join(output))
assert('\'HELLO1\' failed' in ''.join(output))
- assert('efi_start_image() returned: 26' in ''.join(output))
+ assert('efi_bootmgr_load() returned: 26' in ''.join(output))
diff --git a/test/py/tests/test_efi_secboot/test_signed_intca.py b/test/py/tests/test_efi_secboot/test_signed_intca.py
index 8d9a5f3e7f..cf906205bc 100644
--- a/test/py/tests/test_efi_secboot/test_signed_intca.py
+++ b/test/py/tests/test_efi_secboot/test_signed_intca.py
@@ -43,7 +43,7 @@ class TestEfiSignedImageIntca(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO_a\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 1b'):
# Test Case 1b, signed and authenticated by root CA
@@ -74,7 +74,7 @@ class TestEfiSignedImageIntca(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, signed and authenticated by root CA
@@ -84,7 +84,7 @@ class TestEfiSignedImageIntca(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 2c'):
# Test Case 2c, signed and authenticated by root CA
@@ -122,7 +122,7 @@ class TestEfiSignedImageIntca(object):
assert 'Hello, world!' in ''.join(output)
# Or,
# assert '\'HELLO_abc\' failed' in ''.join(output)
- # assert 'efi_start_image() returned: 26' in ''.join(output)
+ # assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, revoked by root CA in dbx
@@ -132,4 +132,4 @@ class TestEfiSignedImageIntca(object):
'efidebug boot order 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py
index 7c078f220d..b4320ae405 100644
--- a/test/py/tests/test_efi_secboot/test_unsigned.py
+++ b/test/py/tests/test_efi_secboot/test_unsigned.py
@@ -42,7 +42,7 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'efidebug boot order 1',
'efidebug test bootmgr'])
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
assert 'Hello, world!' not in ''.join(output)
def test_efi_unsigned_image_auth2(self, u_boot_console, efi_boot_env):
@@ -95,7 +95,7 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'efidebug boot order 1',
'efidebug test bootmgr'])
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
assert 'Hello, world!' not in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
@@ -113,5 +113,5 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'efidebug boot order 1',
'efidebug test bootmgr'])
- assert 'efi_start_image() returned: 26' in ''.join(output)
+ assert 'efi_bootmgr_load() returned: 26' in ''.join(output)
assert 'Hello, world!' not in ''.join(output)