platform_test_vts-testcase_security/avb, branch android11-dev Unnamed repository; edit this file 'description' to name the repository. add boot test to vts_security_avb_test 2020-05-18T19:35:58+00:00 Steve Muckle smuckle@google.com 2020-05-14T03:36:41+00:00 f2484949cef8325b1e04b9df3cf7741d70b0321d The boot test verifies the integrity of the Generic Kernel Image (GKI). Bug: 148800209 Test: atest AvbTest#Boot Change-Id: Icb6a5b02e268c05495aebaac0e67dffe2b8b48c7 Merged-In: Icb6a5b02e268c05495aebaac0e67dffe2b8b48c7 
The boot test verifies the integrity of the Generic Kernel Image (GKI).

Bug: 148800209
Test: atest AvbTest#Boot
Change-Id: Icb6a5b02e268c05495aebaac0e67dffe2b8b48c7
Merged-In: Icb6a5b02e268c05495aebaac0e67dffe2b8b48c7
Rename vts-core to vts 2020-04-06T21:14:58+00:00 Dan Shi dshi@google.com 2020-04-06T21:14:52+00:00 ad39bff1ae03d1a8cf17d8971ab92b09c0e037ec Bug: 151896491 Test: presubmit check Exempt-From-Owner-Approval: This CL renames suite name vts-core to vts. It won't change test logic or behavior. Change-Id: Ie62133c87f78a9bd8a21e7d7ce3abaaca39824ee 
Bug: 151896491
Test: presubmit check
Exempt-From-Owner-Approval: This CL renames suite name vts-core to vts.
It won't change test logic or behavior.

Change-Id: Ie62133c87f78a9bd8a21e7d7ce3abaaca39824ee
Support using different GSI keys for verification 2020-03-06T04:24:22+00:00 Bowgo Tsai bowgotsai@google.com 2020-03-05T06:08:25+00:00 a3377efbc1f2ddff765f5223b45b60dc6f9c5ac8 The GSI images might be signed by any of the three GSI keys. Allowing all of them for verification as they're all official keys. With this, we don't have to require using VTS package from a specific branch. Bug: 149806657 Test: vts-tradefed run vts -m VtsSecurityAvb Change-Id: I22aee50f0efb4bd38e49f2d1813e6128fb60b035 Merged-In: I22aee50f0efb4bd38e49f2d1813e6128fb60b035 (cherry picked from commit 668f52c000954da5833ef05310b127b0ec1c659f) 
The GSI images might be signed by any of the three GSI keys.
Allowing all of them for verification as they're all official
keys. With this, we don't have to require using VTS package
from a specific branch.

Bug: 149806657
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: I22aee50f0efb4bd38e49f2d1813e6128fb60b035
Merged-In: I22aee50f0efb4bd38e49f2d1813e6128fb60b035
(cherry picked from commit 668f52c000954da5833ef05310b127b0ec1c659f)
Use R GSI key to test AVB 2019-10-16T06:29:05+00:00 Hsin-Yi Chen hsinyichen@google.com 2019-10-16T06:27:12+00:00 e1026ca7472b0a81ebb42c2a11752d38ee9f09e0 Bug: 142679990 Test: vts-tradefed run vts -m VtsSecurityAvb Change-Id: Icc4ba1913ff87bddca9f9bc576b1294f15a40870 
Bug: 142679990
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: Icc4ba1913ff87bddca9f9bc576b1294f15a40870
Merge "Use libcrypto_static instead of libcrypto" 2019-09-26T14:32:33+00:00 Colin Cross ccross@android.com 2019-09-26T14:32:33+00:00 b2e9d8db8fe6240987f01c3b9d1c4e292634957f 






[vts-core] Exempt-From-Owner-Approval: Add vts_security_avb_test to vts-core
2019-09-25T04:54:36+00:00

nelsonli
nelsonli@google.com

2019-09-11T03:45:04+00:00

0297c3fb0d5d16e0821f03c6abfd45ffa609ade0

Add vts_security_avb_test to vts-core suite and test it by using GTest.

Bug: 132702215
Test: $atest vts_security_avb_test
Change-Id: I1138d64610e5d99a2fc24aa44fba983b83a5537b





Add vts_security_avb_test to vts-core suite and test it by using GTest.

Bug: 132702215
Test: $atest vts_security_avb_test
Change-Id: I1138d64610e5d99a2fc24aa44fba983b83a5537b







Use libcrypto_static instead of libcrypto
2019-09-18T18:12:51+00:00

Colin Cross
ccross@android.com

2019-09-18T18:12:51+00:00

92a3e13b4ea389feb50f01e25fdfefb40e038bc6

Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.

Bug: 141248879
Test: m checkbuild
Change-Id: Id9a173438740b47d2ac2ce9c4c32b7e291a7a58d





Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.

Bug: 141248879
Test: m checkbuild
Change-Id: Id9a173438740b47d2ac2ce9c4c32b7e291a7a58d







Only run VtsSecurityAvb for new launched devices
2019-05-09T11:21:04+00:00

Bowgo Tsai
bowgotsai@google.com

2019-05-09T08:13:23+00:00

d1001270368640e71920f81c5dbd742cc755b9ea

VtsSecurityAvb checks a release-signed GSI is used during VTS.

New launched devices might use either Dynamic System Update (DSU)
or adding avb_keys=/avb/q-gsi.avbpubkey for the /system entry in
the fstab file to boot a signed GSI.

To prevent additional efforts for upgrading devices, we only enforce
signed GSI for new launched devices. Upgrading devices still can use
the previous steps to boot an unsigned userdebug GSI.

Bug: 132044902
Test: run vts-security --module VtsSecurityAvb will bypass on upgrading
      devices.

Change-Id: I913ff4a4b625dcd3b29e5b164522171397235fb5





VtsSecurityAvb checks a release-signed GSI is used during VTS.

New launched devices might use either Dynamic System Update (DSU)
or adding avb_keys=/avb/q-gsi.avbpubkey for the /system entry in
the fstab file to boot a signed GSI.

To prevent additional efforts for upgrading devices, we only enforce
signed GSI for new launched devices. Upgrading devices still can use
the previous steps to boot an unsigned userdebug GSI.

Bug: 132044902
Test: run vts-security --module VtsSecurityAvb will bypass on upgrading
      devices.

Change-Id: I913ff4a4b625dcd3b29e5b164522171397235fb5







Add SystemDescriptor test to VtsSecurityAvb
2019-04-15T04:02:21+00:00

Hsin-Yi Chen
hsinyichen@google.com

2019-04-12T05:57:05+00:00

d6378b241ab28baca04690cbded4ab3de0aa0a7c

The test case compares device mapper table with system hashtree
descriptor. It ensures that verified boot for GSI is enabled.

Bug: 65470881
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: Ibd6dfab828d9eb24f7e9ed1ae91003e04e63a132





The test case compares device mapper table with system hashtree
descriptor. It ensures that verified boot for GSI is enabled.

Bug: 65470881
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: Ibd6dfab828d9eb24f7e9ed1ae91003e04e63a132







Verify system with GSI key
2019-04-12T05:54:22+00:00

Hsin-Yi Chen
hsinyichen@google.com

2019-04-03T11:04:31+00:00

60b1a954910244b420684ad4b5415ba555374032

This commit adds VtsSecurityAvb to compliance plan. Before VTS runs the
module, it pushes Q GSI key to the device. The module then uses the key
to verify the system's hashtree.

Bug: 65470881
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: I93f1653c41ef7f3558c57f2a79176cfee432a126





This commit adds VtsSecurityAvb to compliance plan. Before VTS runs the
module, it pushes Q GSI key to the device. The module then uses the key
to verify the system's hashtree.

Bug: 65470881
Test: vts-tradefed run vts -m VtsSecurityAvb
Change-Id: I93f1653c41ef7f3558c57f2a79176cfee432a126