def test_ram_signed_otp(data_dir: str, image_file_name: str, ram_addr: int) -> None:
"""Create signed load-to-RAM image with keys stored in OTP
:param data_dir: absolute path with data files
:param image_file_name: name of the input image file (including extension)
:param ram_addr: address in RAM, where the image should be located
"""
# read unsigned image (must be built without boot header)
path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name)
unsigned_img = load_binary(path)
keystore = KeyStore(KeySourceType.OTP)
cert_block, priv_key_pem_data = create_cert_block(data_dir)
mbi = MasterBootImage(app=unsigned_img,
image_type=MasterBootImageType.SIGNED_RAM_IMAGE,
load_addr=ram_addr,
key_store=keystore,
hmac_key=MASTER_KEY,
trust_zone=TrustZone.disabled(),
cert_block=cert_block,
priv_key_pem_data=priv_key_pem_data)
out_image_file_name = image_file_name.replace('_unsigned.bin', '_signed_otp.bin')
write_image(data_dir, out_image_file_name, mbi.export())
def test_ram_encrypted_keystore(data_dir: str, image_file_name: str, ram_addr: int) -> None:
"""Test encrypted load-to-RAM image with key stored in key-store
:param data_dir: absolute path with data files
:param image_file_name: name of the input image file (including extension)
:param ram_addr: address in RAM, where the image should be located
"""
path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name)
org_data = load_binary(path)
# load keystore with HMAC user key
key_store = get_keystore(data_dir)
cert_block, priv_key_pem_data = create_cert_block(data_dir)
with open(os.path.join(data_dir, KEYSTORE_SUBDIR, 'userkey.txt'), 'r') as f:
hmac_user_key = f.readline()
mbi = MasterBootImage(app=org_data,
image_type=MasterBootImageType.ENCRYPTED_RAM_IMAGE,
load_addr=ram_addr,
trust_zone=TrustZone.disabled(),
cert_block=cert_block,
priv_key_pem_data=priv_key_pem_data,
hmac_key=hmac_user_key,
key_store=key_store,
ctr_init_vector=ENCR_CTR_IV)
out_image_file_name = image_file_name.replace('_unsigned.bin', '_encr_keystore.bin')
write_image(data_dir, out_image_file_name, mbi.export())
def _compare_image(mbi: MasterBootImage, data_dir: str, expected_mbi_filename: str) -> bool:
"""Compare generated image with expected image
:param mbi: master boot image instance configured to generate image data
:param expected_mbi_filename: file name of expected image
:return: True if data are same; False otherwise
"""
generated_image = mbi.export()
with open(os.path.join(data_dir, expected_mbi_filename), "rb") as f:
expected_data = f.read()
if generated_image != expected_data:
with open(os.path.join(data_dir, expected_mbi_filename + ".created"), "wb") as f:
f.write(generated_image)
return False
assert mbi.export() == expected_data # check additional call still generates the same data
return True
def test_encrypted_random_ctr_single_certificate_no_tz(data_dir):
"""Test encrypted image with random counter init vector"""
with open(os.path.join(data_dir, 'testfffffff.bin'), "rb") as f:
org_data = f.read()
user_key = 'E39FD7AB61AE6DDDA37158A0FC3008C6D61100A03C7516EA1BE55A39F546BAD5'
key_store = KeyStore(KeySourceType.KEYSTORE, None)
cert_block = certificate_block(data_dir, ['selfsign_2048_v3.der.crt'])
priv_key_pem_data = _load_private_key(data_dir, 'selfsign_privatekey_rsa2048.pem')
mbi = MasterBootImage(app=org_data, image_type=MasterBootImageType.ENCRYPTED_RAM_IMAGE, load_addr=0x12345678,
trust_zone=TrustZone.disabled(),
cert_block=cert_block, priv_key_pem_data=priv_key_pem_data,
hmac_key=user_key, key_store=key_store)
assert mbi.export()
assert mbi.info()
def test_xip_crc(data_dir: str, image_file_name: str) -> None:
""" Create image with CRC
:param data_dir: absolute path with data files
:param image_file_name: name of the input image file (including extension)
"""
assert image_file_name.endswith('_unsigned.bin')
path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name)
unsigned_image = load_binary(path)
mbi = MasterBootImage(app=unsigned_image,
load_addr=0x8001000,
image_type=MasterBootImageType.CRC_XIP_IMAGE)
out_image_file_name = image_file_name.replace('_unsigned.bin', '_crc.bin')
write_image(data_dir, out_image_file_name, mbi.export())
def test_ram_crc(data_dir: str, image_file_name: str, ram_addr: int) -> None:
""" Create image with CRC
:param data_dir: absolute path with data files
:param image_file_name: name of the input image file (including extension)
:param ram_addr: address in RAM, where the image should be located
"""
assert image_file_name.endswith('_unsigned.bin')
path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name)
unsigned_image = load_binary(path)
mbi = MasterBootImage(app=unsigned_image,
load_addr=ram_addr,
image_type=MasterBootImageType.CRC_RAM_IMAGE)
out_image_file_name = image_file_name.replace('_unsigned.bin', '_crc.bin')
write_image(data_dir, out_image_file_name, mbi.export())
def test_xip_signed(data_dir: str, image_file_name: str) -> None:
"""Create signed XIP image
:param data_dir: absolute path with data files
:param image_file_name: name of the input image file (including extension)
"""
# read unsigned image (must be built without boot header)
path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name)
unsigned_img = load_binary(path)
cert_block, priv_key_pem_data = create_cert_block(data_dir)
mbi = MasterBootImage(app=unsigned_img,
image_type=MasterBootImageType.SIGNED_XIP_IMAGE,
load_addr=0x8001000,
cert_block=cert_block,
priv_key_pem_data=priv_key_pem_data)
out_image_file_name = image_file_name.replace('_unsigned.bin', '_signed.bin')
write_image(data_dir, out_image_file_name, mbi.export())
