diff options
| author | Tom Rini <trini@konsulko.com> | 2020-07-05 18:13:12 -0400 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-07-05 18:13:12 -0400 |
| commit | 621e09cb3bf7e6d4fce9dd5e6de97e057adebc3a (patch) | |
| tree | c2fcb855263939c0cf2a19d7c192fb9a74679d3b /test/py/tests/test_efi_secboot/test_authvar.py | |
| parent | df3d0a3f95dd9109b889c5411204f133451b7a7e (diff) | |
| parent | 93f6201af71d9a0a521c99212e6066778270a357 (diff) | |
Merge tag 'efi-2020-10-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for efi-2020-10-rc1
This series comprises error corrections for the UEFI subsystem:
* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec
The boot manager uses log functions instead of printf() and debug().
The UEFI intialization state is exported.
Diffstat (limited to 'test/py/tests/test_efi_secboot/test_authvar.py')
| -rw-r--r-- | test/py/tests/test_efi_secboot/test_authvar.py | 91 |
1 files changed, 45 insertions, 46 deletions
diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py index 9912694a3e3..148aa3123e4 100644 --- a/test/py/tests/test_efi_secboot/test_authvar.py +++ b/test/py/tests/test_efi_secboot/test_authvar.py @@ -9,7 +9,6 @@ This test verifies variable authentication """ import pytest -import re from defs import * @pytest.mark.boardspec('sandbox') @@ -40,7 +39,7 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize PK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 1c'): # Test Case 1c, install PK @@ -48,7 +47,7 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(re.search('PK:', ''.join(output))) + assert('PK:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -62,25 +61,25 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 1e'): # Test Case 1e, install KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize KEK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'printenv -e -n KEK']) - assert(re.search('KEK:', ''.join(output))) + assert('KEK:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -91,14 +90,14 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -107,16 +106,16 @@ class TestEfiAuthVar(object): with u_boot_console.log.section('Test Case 1g'): # Test Case 1g, install dbx output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + 'fatload host 0:1 4000000 dbx.auth', + 'setenv -e -nv -bs -rt -i 4000000,$filesize dbx']) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', - 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + 'fatload host 0:1 4000000 dbx.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx']) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('dbx:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -133,26 +132,26 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 2c'): # Test Case 2c, update with correct signature @@ -160,8 +159,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth3(self, u_boot_console, efi_boot_env): """ @@ -174,26 +173,26 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -a -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 3c'): # Test Case 3c, update with correct signature @@ -201,8 +200,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth4(self, u_boot_console, efi_boot_env): """ @@ -215,28 +214,28 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) with u_boot_console.log.section('Test Case 4b'): # Test Case 4b, update without correct signature/data output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt -at db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth5(self, u_boot_console, efi_boot_env): """ @@ -249,21 +248,21 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('PK:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('PK:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK_null.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('PK:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('PK:' in ''.join(output)) with u_boot_console.log.section('Test Case 5b'): # Test Case 5b, Uninstall PK with correct signature @@ -271,8 +270,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK_null.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('\"PK\" not defined', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('\"PK\" not defined' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') |