Launching via skapi: This testapp is published with CID 0x00020000. 1) chain naming: the cert chains have correct signatures but the names do not match the expected for a cmd signer and ticket signer. Strategy is to use the regular cert.sys, but just have a BbTicket signed by the CP chain and a BbContentMetaData signed by a XS chain. Both these cases should fail. The fact that this test app itself has launched signifies that launch would succeed if there were no errors injected. In the cases below, the published app is just this testapp republished. Since it won't succeed this is fine, and is in line with the strategy statement that all would succeed if these errors were not injected. The signer is specified by the -S arg to pubrom. a) publish CID 0x00020001 with cmd signed by ticket chain b) publish CID 0x00020002 with ticket signed by cmd chain The testapp then attempts to launch both these and we should see failure. NOTE: the "attempt to launch" only uses skLaunchSetup(). So, and accidental failure won't actually cause an app launch. 2) bad cert sigs: the only error is that a cert in the chain has a bad sig. The testapp itself, as published (CID 0x00020000), is the target. The testapp will read cert.sys, alter a sig, then write cert.sys back (the good cert.sys should be copied somewhere so it may be restored after the test). The following signatures will have a byte altered (each is altered, the failure on launch is verified, then fixed before the next case is treated): a) XS cert b) XSCA cert c) CP cert d) CPCA cert 3) bad ticket sigs: the ticket and cmd sigs are altered as in "2)". This requires reading ticket.sys and altering, as was previously done for cert.sys, but for the cmd and ticket sigs on CID 0x00020000. (though in this case the ticket.sys doesn't actually need to be re-written since libultra/bb/sa doesn't read the tickets as it does for certs) 4) ticket bbid mismatch: have makefile require BBCERT define. use bbcert with arg that will perform a bbid++ on the cert and write back out. Use this modified cert to publish the testapp with CID 0x00020003. Insure 0x00020003 fails to launch. 5) bad app hash: makefile generates rom2 with 0x00020004 which is same as test rom but targetted to a load address that doesn't cause overwrite of test app on launch. the rom2 app has been tested to launch successfully by test if no error in injected. the test reads alters a bit before attempting to launch to test hash. in this case the skLaunchSetup() succeeds, but the skLaunch() call should fail. A bit is changed in the first 4K (first byte) and the test insures the app failed accordingly (if it launches, that's pretty obvious, and should be interpretted as an error). the test is repeated for a byte past the first 4K (byte at 16KB into app). TO RUN: o insure BBCERT environment variable is set to file with bb cert for ticketing. o make o load ticket.sys, cert.sys, and all generated app files (00020000.app, 00020001.app, 00020002.app, 00020003.app, 00020004.app) to bb. o launch 00020000.app and insure all tests pass. o SK must be built using local PKI. in bbapps/sk: make SK_ROOT_LOCAL=1 o SYSAPP should be number "1)" from below (sysapp.aes/tik built by the publish script). o currently have NOT run on system requiring version 1 of CPRL. the publish script would need to be modified to enable this, and a suitable crl.sys generated. ------------------------------------------------------------------ Sysapp Launch: the following are generated. 1) sysapp.tik/sysapp.aes: insure packaging works. launch with this and insure success. 2) sysapp_xs.tik/sysapp_xs.aes: cmdh in sysapp ticket bundle signed by ticket server (instead of content publisher). insure sysapp fails to boot. 3) sysapp_sig.tik/sysapp_sig.aes: cmdh signature has error injected. insure failure. 4) sysapp_hash.tik/sysapp_hash.aes: hash error over sysapp rom, generated by appending a few bytes to the end of the sysapp rom prior to publishing. NOTE: test "2)" insures the function verifyCertChain is called within the SK. since app-centric launch tests already tested errors in the cert sigs themselves, this is not retested for the sysapp case. TO RUN: assuming the make has already been done for the regular app load test case, the sysapps must each be loaded from steps above (1-4), and the indicated behavior verified.
Name |
Last commit
|
History
|
Last Update |
---|---|---|
.. | ||
CVS | ||
GNUmakefile | ||
README | ||
launch.c | ||
launch.h | ||
publish | ||
spec | ||
spec2 |