Skip to content

TESTING.md

Latest commit

 

History

History
306 lines (211 loc) · 6.17 KB

TESTING.md

File metadata and controls

306 lines (211 loc) · 6.17 KB

Testing Guide

This document provides comprehensive testing procedures for the Secure Boot system using Kali Linux in VirtualBox.

VirtualBox Setup for Kali Linux

Step 1: Create Virtual Machine

  1. Download Kali Linux ISO from kali.org
  2. Create new VM in VirtualBox:
    • Name: Kali-SecureBoot-Test
    • Type: Linux
    • Version: Debian (64-bit)
    • Memory: 4096 MB (minimum 2048 MB)
    • Hard Disk: 40 GB dynamically allocated

Step 2: VM Settings

System:
  - Enable EFI (for realistic secure boot testing)
  - Processors: 2 or more

Storage:
  - IDE: Kali Linux ISO

Network:
  - Attached to: NAT (for internet access)

Step 3: Post-Installation

# Update system
sudo apt update && sudo apt upgrade -y

# Install build dependencies
sudo apt install -y build-essential libssl-dev git

# Copy project files to ~/SecBootKIVS

Quick Test Commands

cd ~/SecBootKIVS

# Build and run all tests
make all
make test

# Run interactive demo
make demo

# Run attack simulation
make attack

# Generate HTML report
make report

# Run benchmarks
make benchmark

# Start recovery mode
make recovery

Test Procedures

Test 1: Build Verification

make clean
make all

Expected: BUILD SUCCESSFUL message, binaries in bin/

Test 2: Key Generation

make genkeys

Expected: Keys created in keys/ directory

Test 3: Kernel Signing & Verification

# Create and sign test kernel
dd if=/dev/urandom of=test_kernel.bin bs=1024 count=256
./bin/kernel_signer sign test_kernel.bin keys/private_key.pem test_kernel.sig

# Verify it
./bin/boot_verifier test_kernel.bin test_kernel.sig keys/public_key.pem --verbose

Expected: BOOT AUTHORIZED

Test 4: Tamper Detection

# Tamper with kernel
cp test_kernel.bin test_tampered.bin
echo "MALICIOUS" >> test_tampered.bin

# Try to verify
./bin/boot_verifier test_tampered.bin test_kernel.sig keys/public_key.pem

Expected: BOOT DENIED - Tampering detected

Test 5: Automated Test Suite

make test

Expected Output:

TEST GROUP: Key Generation
  [PASS] Generate key pair

TEST GROUP: Kernel Signing
  [PASS] Sign valid kernel
  [PASS] Reject invalid key path
  [PASS] Reject non-existent kernel

TEST GROUP: Signature Verification
  [PASS] Verify valid signature
  [PASS] Detect tampered kernel
  [PASS] Reject wrong public key
  [PASS] Reject missing signature

TEST GROUP: Integrity Checks
  [PASS] Reject empty kernel
  [PASS] Suspicious content check

TEST GROUP: Hash Computation
  [PASS] Compute kernel hash
  [PASS] Hash consistency check

Total tests: 12
Passed:      12
Failed:      0

ALL TESTS PASSED!

Test 6: Attack Simulation

make attack

Simulates 6 attack types:

  1. Single byte modification
  2. Rootkit code injection
  3. Complete kernel replacement (bootkit)
  4. Fake signature bypass
  5. Wrong signing key
  6. Missing signature

Expected: All attacks BLOCKED

Test 7: Performance Benchmarks

make benchmark

Expected Output:

┌──────────────┬──────────┬──────────┬──────────┬──────────┐
│ Size (KB)    │ Hash(ms) │ Sign(ms) │ Verify   │ Total    │
├──────────────┼──────────┼──────────┼──────────┼──────────┤
│ 64           │ 2        │ 12       │ 1        │ 15       │
│ 128          │ 3        │ 12       │ 1        │ 16       │
│ 256          │ 4        │ 13       │ 1        │ 18       │
│ 512          │ 5        │ 14       │ 2        │ 21       │
│ 1024         │ 8        │ 15       │ 2        │ 25       │
│ 2048         │ 14       │ 16       │ 2        │ 32       │
└──────────────┴──────────┴──────────┴──────────┴──────────┘

Results saved to reports/benchmark_results.csv

Test 8: HTML Report Generation

make report

Expected: Report generated at reports/test_report.html

Open in browser to view professional test results.

Test 9: Recovery Mode

make recovery

Interactive menu with options:

  1. View verification failure details
  2. Re-sign kernel
  3. Generate new key pair
  4. Check key revocation status
  5. View security logs
  6. Restore from backup (simulation)
  7. Boot anyway (UNSAFE - simulation)
  8. Shutdown system

Test Results Summary

Test Description Expected Result Status
1 Build system Compiles successfully
2 Key generation Creates valid key pair
3 Signing/Verification Boot authorized
4 Tamper detection Boot denied
5 Automated test suite 12/12 tests pass
6 Attack simulation 6/6 attacks blocked
7 Performance benchmarks Results generated
8 HTML report Report created
9 Recovery mode Menu displayed

Mark ⬜ as ✅ (pass) or ❌ (fail) when running tests

Troubleshooting

OpenSSL not found

sudo apt install libssl-dev

Permission denied on scripts

chmod +x scripts/*.sh tests/*.sh

Verification always fails

Check matching key pairs:

openssl rsa -in keys/private_key.pem -pubout 2>/dev/null | diff - keys/public_key.pem

Security Testing with Kali Tools

Rootkit Detection

sudo apt install chkrootkit rkhunter
sudo chkrootkit
sudo rkhunter --check

These complement our boot-time verification by checking the running system.

Files Generated During Testing

File Description
logs/secure_boot.log Security event log
logs/demo.log Demo session log
reports/test_report.html HTML test results
reports/benchmark_results.csv Performance data
keys/revoked_keys.csv Revoked key list