Skip to content

dasharo-security/201-verified-boot.md: VBO001-VBO005 removed. #1178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
macpijan merged 1 commit into from
Oct 31, 2025
Merged

dasharo-security/201-verified-boot.md: VBO001-VBO005 removed. #1178

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
200 changes: 0 additions & 200 deletions docs/unified-test-documentation/dasharo-security/201-verified-boot.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,206 +13,6 @@
1. Proceed with the
[Generic test setup: OS post installation steps](../generic-test-setup.md#post-installation).

## VBO001.001 Generating keys for Verified Boot

**Test description**

This test aims to verify whether there is a possibility to generate vboot keys
for signing the firmware.

**Test configuration data**

1. `FIRMWARE` = Dasharo
1. `OPERATING_SYSTEM` = Ubuntu

**Test setup**

1. Proceed with the
[Test cases common documentation](#test-cases-common-documentation) section.

**Test steps**

1. Power on the DUT.
1. Boot into the system.
1. Log into the system by using the proper login and password.
1. Based on the dedicated documentation
[generate the keys](../../guides/vboot-signing.md#generating-keys).
1. Check if the keys, after finishing the generating process, are available in
the `keys` subdirectory.

**Expected result**

The `keys` location should contain the generated keys.

## VBO002.001 Signing image without rebuild

**Test description**

This test aims to verify whether there is a possibility to sign the firmware
image with generated keys without rebuilding.

**Test configuration data**

1. `FIRMWARE` = Dasharo
1. `OPERATING_SYSTEM` = Ubuntu

**Test setup**

1. Proceed with the
[Test cases common documentation](#test-cases-common-documentation) section.

**Test steps**

1. Power on the DUT.
1. Boot into the system.
1. Log into the system by using the proper login and password.
1. Localize the keys, which were generated in the `VBO001.001` test case.
1. Based on the
[dedicated documentation](../../guides/vboot-signing.md#signing-image-without-rebuilding)
sign the firmware image with the keys without rebuilding.
1. Note the result.

**Expected result**

The output of the last command should contain information that resigning
procedure was successful.

Example output:

```bash
...
INFO: sign_bios_at_end: BIOS image does not have FW_MAIN_B. Signing only FW_MAIN_A
- import root_key from /.../keys/root_key.vbpubk: success
- import recovery_key from /.../keys/recovery_key.vbpubk: success
successfully saved new image to: /.../protectli_vault_cml_v1.0.16_resigned.rom
The /.../protectli_vault_cml_v1.0.16.rom was resigned and saved as: /.../protectli_vault_cml_v1.0.16_resigned.rom
```

## VBO003.001 Flashing device with the signed firmware

**Test description**

This test aims to verify whether there is a possibility to flash the locally
signed firmware to the DUT.

**Test configuration data**

1. `FIRMWARE` = Dasharo
1. `OPERATING_SYSTEM` = Ubuntu

**Test setup**

1. Proceed with the
[Test cases common documentation](#test-cases-common-documentation) section.

**Test steps**

1. Power on the DUT.
1. Boot into the system.
1. Log into the system by using the proper login and password.
1. Localize the firmware, which was signed in the `VBO002.001` test case.
1. Flash the firmware by using the internal programmer and `flashrom` tool. If
DUT is already flashed with the Dasharo firmware, the following command
should be used:

```bash
flashrom -p internal -w [path-to-binary] --fmap -i RW_SECTION_A
```

Otherwise, the following command should be used:

```bash
flashrom -p internal -w [path-to-binary] --ifd -i bios
```

1. Reboot the DUT. and note the results.

**Expected result**

The DUT reboots properly without issues related to firmware signing.

## VBO004.001 Adding keys and building image

**Test description**

This test aims to verify whether there is a possibility to build firmware
on the local machine, based on `Build manual` procedure dedicated to the
platform and sign it with the locally generated keys.

**Test configuration data**

1. `FIRMWARE` = Dasharo
1. `OPERATING_SYSTEM` = Ubuntu

**Test setup**

1. Proceed with the
[Test cases common documentation](#test-cases-common-documentation) section.
1. Make yourself familiar with Building manual procedure dedicated for
the relevant platform:
* [NovaCustom laptops](../../unified/novacustom/building-manual.md)

**Test steps**

1. Power on the DUT.
1. Boot into the system.
1. Log into the system by using the proper login and password.
1. Localize the keys, which were generated in the `VBO001.001` test case.
1. Based on the
[dedicated documentation](../../guides/vboot-signing.md#adding-keys-to-the-coreboot-config)
add locally generated keys to the coreboot config.
1. Based on the dedicated documentation build firmware.
1. Check if the binary file, after finishing the building process, is available
in the `build` subdirectory.

**Expected result**

The `build` location should contain the binary file, which size is equal to the
flash chip size.

## VBO005.001 Flashing device with built firmware

**Test description**

This test aims to verify it is possible to flash and boot DUT with signed
firmware image.

**Test configuration data**

1. `FIRMWARE` = Dasharo
1. `OPERATING_SYSTEM` = Ubuntu

**Test setup**

1. Proceed with the
[Test cases common documentation](#test-cases-common-documentation) section.

**Test steps**

1. Power on the DUT.
1. Boot into the system.
1. Log into the system by using the proper login and password.
1. Localize the firmware, which was built in the `VBO004.001` test case.
1. Flash the firmware by using the internal programmer and `flashrom` tool. If
DUT is already flashed with the Dasharo firmware, the following command
should be used:

```bash
flashrom -p internal -w [path-to-binary] --fmap -i RW_SECTION_A
```

Otherwise, the following command should be used:

```bash
flashrom -p internal -w [path-to-binary] --ifd -i bios
```

1. Reboot the DUT. and note the results.

**Expected result**

The DUT reboots properly without issues related to firmware signing.

## VBO006.001 Verified boot support (firmware)

**Test description**
Expand Down