diff options
| author | Simon Glass <sjg@chromium.org> | 2021-01-06 21:35:17 -0700 |
|---|---|---|
| committer | Simon Glass <sjg@chromium.org> | 2021-01-30 14:25:41 -0700 |
| commit | 5af9ebc4bcbcca91b21257c18cb94c78e7356980 (patch) | |
| tree | 517a599dd61cef56a2249c3eae4074239c59b9f0 /tools/binman/ftest.py | |
| parent | 939d1062d05fb4990ca7898613bcc753574f7c56 (diff) | |
binman: Allow vblock to include devicetree blobs
At present if a devicetree blob is included in a vblock it does not deal
with updates. This is because the vblock is created once at the start and
does not have a method to update itself later, after all the entry
contents are finalised.
Fix this by adjusting how the vblock is created.
Also simplify Image.ProcessEntryContents() since it effectively duplicates
the code in Section.ProcessContents().
Signed-off-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'tools/binman/ftest.py')
| -rw-r--r-- | tools/binman/ftest.py | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 8b928eb406d..7f7827b6a7d 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -1638,15 +1638,37 @@ class TestFunctional(unittest.TestCase): str(e.exception)) def _HandleVblockCommand(self, pipe_list): - """Fake calls to the futility utility""" + """Fake calls to the futility utility + + The expected pipe is: + + [('futility', 'vbutil_firmware', '--vblock', + 'vblock.vblock', '--keyblock', 'devkeys/firmware.keyblock', + '--signprivate', 'devkeys/firmware_data_key.vbprivk', + '--version', '1', '--fv', 'input.vblock', '--kernelkey', + 'devkeys/kernel_subkey.vbpubk', '--flags', '1')] + + This writes to the output file (here, 'vblock.vblock'). If + self._hash_data is False, it writes VBLOCK_DATA, else it writes a hash + of the input data (here, 'input.vblock'). + """ if pipe_list[0][0] == 'futility': fname = pipe_list[0][3] with open(fname, 'wb') as fd: - fd.write(VBLOCK_DATA) + if self._hash_data: + infile = pipe_list[0][11] + m = hashlib.sha256() + data = tools.ReadFile(infile) + m.update(data) + fd.write(m.digest()) + else: + fd.write(VBLOCK_DATA) + return command.CommandResult() def testVblock(self): """Test for the Chromium OS Verified Boot Block""" + self._hash_data = False command.test_result = self._HandleVblockCommand entry_args = { 'keydir': 'devkeys', @@ -1677,6 +1699,29 @@ class TestFunctional(unittest.TestCase): self.assertIn("Node '/binman/vblock': Cannot find entry for node " "'other'", str(e.exception)) + def testVblockContent(self): + """Test that the vblock signs the right data""" + self._hash_data = True + command.test_result = self._HandleVblockCommand + entry_args = { + 'keydir': 'devkeys', + } + data = self._DoReadFileDtb( + '189_vblock_content.dts', use_real_dtb=True, update_dtb=True, + entry_args=entry_args)[0] + hashlen = 32 # SHA256 hash is 32 bytes + self.assertEqual(U_BOOT_DATA, data[:len(U_BOOT_DATA)]) + hashval = data[-hashlen:] + dtb = data[len(U_BOOT_DATA):-hashlen] + + expected_data = U_BOOT_DATA + dtb + + # The hashval should be a hash of the dtb + m = hashlib.sha256() + m.update(expected_data) + expected_hashval = m.digest() + self.assertEqual(expected_hashval, hashval) + def testTpl(self): """Test that an image with TPL and its device tree can be created""" # ELF file with a '__bss_size' symbol |