From 1e797f28fe725edcce8b65ae71ccf18da3db0d07 Mon Sep 17 00:00:00 2001 From: Mateusz Maciejewski Date: Fri, 31 Oct 2025 11:55:19 +0100 Subject: [PATCH] dasharo-security/201-verified-boot.md: VBO001-VBO005 removed. Signed-off-by: Mateusz Maciejewski --- .../dasharo-security/201-verified-boot.md | 200 ------------------ 1 file changed, 200 deletions(-) diff --git a/docs/unified-test-documentation/dasharo-security/201-verified-boot.md b/docs/unified-test-documentation/dasharo-security/201-verified-boot.md index e2f5f45da0..cefe982b0f 100644 --- a/docs/unified-test-documentation/dasharo-security/201-verified-boot.md +++ b/docs/unified-test-documentation/dasharo-security/201-verified-boot.md @@ -13,206 +13,6 @@ 1. Proceed with the [Generic test setup: OS post installation steps](../generic-test-setup.md#post-installation). -## VBO001.001 Generating keys for Verified Boot - -**Test description** - -This test aims to verify whether there is a possibility to generate vboot keys -for signing the firmware. - -**Test configuration data** - -1. `FIRMWARE` = Dasharo -1. `OPERATING_SYSTEM` = Ubuntu - -**Test setup** - -1. Proceed with the - [Test cases common documentation](#test-cases-common-documentation) section. - -**Test steps** - -1. Power on the DUT. -1. Boot into the system. -1. Log into the system by using the proper login and password. -1. Based on the dedicated documentation - [generate the keys](../../guides/vboot-signing.md#generating-keys). -1. Check if the keys, after finishing the generating process, are available in - the `keys` subdirectory. - -**Expected result** - -The `keys` location should contain the generated keys. - -## VBO002.001 Signing image without rebuild - -**Test description** - -This test aims to verify whether there is a possibility to sign the firmware -image with generated keys without rebuilding. - -**Test configuration data** - -1. `FIRMWARE` = Dasharo -1. `OPERATING_SYSTEM` = Ubuntu - -**Test setup** - -1. Proceed with the - [Test cases common documentation](#test-cases-common-documentation) section. - -**Test steps** - -1. Power on the DUT. -1. Boot into the system. -1. Log into the system by using the proper login and password. -1. Localize the keys, which were generated in the `VBO001.001` test case. -1. Based on the - [dedicated documentation](../../guides/vboot-signing.md#signing-image-without-rebuilding) - sign the firmware image with the keys without rebuilding. -1. Note the result. - -**Expected result** - -The output of the last command should contain information that resigning -procedure was successful. - -Example output: - -```bash -... -INFO: sign_bios_at_end: BIOS image does not have FW_MAIN_B. Signing only FW_MAIN_A - - import root_key from /.../keys/root_key.vbpubk: success - - import recovery_key from /.../keys/recovery_key.vbpubk: success -successfully saved new image to: /.../protectli_vault_cml_v1.0.16_resigned.rom -The /.../protectli_vault_cml_v1.0.16.rom was resigned and saved as: /.../protectli_vault_cml_v1.0.16_resigned.rom -``` - -## VBO003.001 Flashing device with the signed firmware - -**Test description** - -This test aims to verify whether there is a possibility to flash the locally -signed firmware to the DUT. - -**Test configuration data** - -1. `FIRMWARE` = Dasharo -1. `OPERATING_SYSTEM` = Ubuntu - -**Test setup** - -1. Proceed with the - [Test cases common documentation](#test-cases-common-documentation) section. - -**Test steps** - -1. Power on the DUT. -1. Boot into the system. -1. Log into the system by using the proper login and password. -1. Localize the firmware, which was signed in the `VBO002.001` test case. -1. Flash the firmware by using the internal programmer and `flashrom` tool. If - DUT is already flashed with the Dasharo firmware, the following command - should be used: - - ```bash - flashrom -p internal -w [path-to-binary] --fmap -i RW_SECTION_A - ``` - - Otherwise, the following command should be used: - - ```bash - flashrom -p internal -w [path-to-binary] --ifd -i bios - ``` - -1. Reboot the DUT. and note the results. - -**Expected result** - -The DUT reboots properly without issues related to firmware signing. - -## VBO004.001 Adding keys and building image - -**Test description** - -This test aims to verify whether there is a possibility to build firmware -on the local machine, based on `Build manual` procedure dedicated to the -platform and sign it with the locally generated keys. - -**Test configuration data** - -1. `FIRMWARE` = Dasharo -1. `OPERATING_SYSTEM` = Ubuntu - -**Test setup** - -1. Proceed with the - [Test cases common documentation](#test-cases-common-documentation) section. -1. Make yourself familiar with Building manual procedure dedicated for - the relevant platform: - * [NovaCustom laptops](../../unified/novacustom/building-manual.md) - -**Test steps** - -1. Power on the DUT. -1. Boot into the system. -1. Log into the system by using the proper login and password. -1. Localize the keys, which were generated in the `VBO001.001` test case. -1. Based on the - [dedicated documentation](../../guides/vboot-signing.md#adding-keys-to-the-coreboot-config) - add locally generated keys to the coreboot config. -1. Based on the dedicated documentation build firmware. -1. Check if the binary file, after finishing the building process, is available - in the `build` subdirectory. - -**Expected result** - -The `build` location should contain the binary file, which size is equal to the -flash chip size. - -## VBO005.001 Flashing device with built firmware - -**Test description** - -This test aims to verify it is possible to flash and boot DUT with signed -firmware image. - -**Test configuration data** - -1. `FIRMWARE` = Dasharo -1. `OPERATING_SYSTEM` = Ubuntu - -**Test setup** - -1. Proceed with the - [Test cases common documentation](#test-cases-common-documentation) section. - -**Test steps** - -1. Power on the DUT. -1. Boot into the system. -1. Log into the system by using the proper login and password. -1. Localize the firmware, which was built in the `VBO004.001` test case. -1. Flash the firmware by using the internal programmer and `flashrom` tool. If - DUT is already flashed with the Dasharo firmware, the following command - should be used: - - ```bash - flashrom -p internal -w [path-to-binary] --fmap -i RW_SECTION_A - ``` - - Otherwise, the following command should be used: - - ```bash - flashrom -p internal -w [path-to-binary] --ifd -i bios - ``` - -1. Reboot the DUT. and note the results. - -**Expected result** - -The DUT reboots properly without issues related to firmware signing. - ## VBO006.001 Verified boot support (firmware) **Test description**