tests/test_measured_boot.py
| 1 | """Tests for MeasuredBoot.""" |
| 2 | |
| 3 | from __future__ import annotations |
| 4 | |
| 5 | from pqc_bootloader.measured_boot import BootStage, MeasuredBoot |
| 6 | |
| 7 | |
| 8 | def test_extend_updates_pcr_value_deterministically() -> None: |
| 9 | a = MeasuredBoot() |
| 10 | b = MeasuredBoot() |
| 11 | a.extend(BootStage.BOOTLOADER, b"bootloader-bytes") |
| 12 | b.extend(BootStage.BOOTLOADER, b"bootloader-bytes") |
| 13 | assert a.pcr_value == b.pcr_value |
| 14 | assert a.pcr_value != "0" * 64 |
| 15 | assert len(a.measurements) == 1 |
| 16 | assert a.measurements[0].stage == BootStage.BOOTLOADER |
| 17 | |
| 18 | |
| 19 | def test_same_measurements_produce_same_pcr() -> None: |
| 20 | a = MeasuredBoot() |
| 21 | b = MeasuredBoot() |
| 22 | stages = [ |
| 23 | (BootStage.BOOTLOADER, b"boot"), |
| 24 | (BootStage.KERNEL, b"kernel"), |
| 25 | (BootStage.INITRD, b"initrd"), |
| 26 | (BootStage.USERSPACE, b"user"), |
| 27 | ] |
| 28 | for stage, content in stages: |
| 29 | a.extend(stage, content) |
| 30 | b.extend(stage, content) |
| 31 | assert a.pcr_value == b.pcr_value |
| 32 | |
| 33 | |
| 34 | def test_different_order_produces_different_pcr() -> None: |
| 35 | a = MeasuredBoot() |
| 36 | b = MeasuredBoot() |
| 37 | a.extend(BootStage.BOOTLOADER, b"boot") |
| 38 | a.extend(BootStage.KERNEL, b"kernel") |
| 39 | b.extend(BootStage.KERNEL, b"kernel") |
| 40 | b.extend(BootStage.BOOTLOADER, b"boot") |
| 41 | assert a.pcr_value != b.pcr_value |
| 42 | |
| 43 | |
| 44 | def test_reset_clears_state() -> None: |
| 45 | m = MeasuredBoot() |
| 46 | m.extend(BootStage.BOOTLOADER, b"boot") |
| 47 | m.extend(BootStage.KERNEL, b"kernel") |
| 48 | assert m.pcr_value != "0" * 64 |
| 49 | assert len(m.measurements) == 2 |
| 50 | m.reset() |
| 51 | assert m.pcr_value == "0" * 64 |
| 52 | assert m.measurements == [] |
| 53 | |