diff options
Diffstat (limited to 'test/py/tests/test_fit_auto_signed.py')
| -rw-r--r-- | test/py/tests/test_fit_auto_signed.py | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/test/py/tests/test_fit_auto_signed.py b/test/py/tests/test_fit_auto_signed.py index cdfd341c6f5..0b5dbd5401c 100644 --- a/test/py/tests/test_fit_auto_signed.py +++ b/test/py/tests/test_fit_auto_signed.py @@ -117,6 +117,23 @@ class SignedFitHelper(object): algo = self.__fdt_get_string(f'{node}/signature', 'algo') assert algo == sign_algo + "\n", "Missing expected signature algo!" + def check_fit_loadables(self, present): + """Test that loadables contains both kernel and TFA BL31 entries. + + Each configuration must have a loadables property which lists both + kernel-1 and tfa-bl31-1 strings in the string list. + """ + if present: + assert "/images/tfa-bl31-1" in self.images_nodes + else: + assert "/images/tfa-bl31-1" not in self.images_nodes + for node in self.confgs_nodes: + loadables = self.__fdt_get_string(f'{node}', 'loadables') + assert "kernel-1" in loadables + if present: + assert "tfa-bl31-1" in loadables + else: + assert "tfa-bl31-1" not in loadables @pytest.mark.buildconfigspec('fit_signature') @pytest.mark.requiredtool('fdtget') @@ -139,6 +156,7 @@ def test_fit_auto_signed(ubman): kernel_file = f'{tempdir}/vmlinuz' dt1_file = f'{tempdir}/dt-1.dtb' dt2_file = f'{tempdir}/dt-2.dtb' + tfa_file = f'{tempdir}/tfa-bl31.bin' key_name = 'sign-key' sign_algo = 'sha256,rsa4096' key_file = f'{tempdir}/{key_name}.key' @@ -154,6 +172,9 @@ def test_fit_auto_signed(ubman): with open(dt2_file, 'wb') as fd: fd.write(os.urandom(256)) + with open(tfa_file, 'wb') as fd: + fd.write(os.urandom(256)) + # Create 4096 RSA key and write to file to be read by mkimage key = RSA.generate(bits=4096) verifier = pkcs1_15.new(key) @@ -173,6 +194,8 @@ def test_fit_auto_signed(ubman): fit.check_fit_crc32_images() + fit.check_fit_loadables(present=False) + # 2 - Create auto FIT with signed images, and verify it utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + s_args + " " + fit_file) @@ -183,6 +206,8 @@ def test_fit_auto_signed(ubman): fit.check_fit_signed_images(key_name, sign_algo, verifier) + fit.check_fit_loadables(present=False) + # 3 - Create auto FIT with signed configs and hashed images, and verify it utils.run_and_log(ubman, mkimage + ' -fauto-conf' + b_args + s_args + " " + fit_file) @@ -192,3 +217,45 @@ def test_fit_auto_signed(ubman): raise ValueError('FIT-3 has no "/image" nor "/configuration" nodes') fit.check_fit_signed_confgs(key_name, sign_algo) + + fit.check_fit_loadables(present=False) + + # Run the same tests as 1/2/3 above, but this time with TFA BL31 + # options -y tfa-bl31.bin -Y 0x12340000 to cover both mkimage with + # and without TFA BL31 use cases. + b_args = " -d" + kernel_file + " -b" + dt1_file + " -b" + dt2_file + " -y" + tfa_file + " -Y 0x12340000" + + # 4 - Create auto FIT with images crc32 checksum, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + " " + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-4 has no "/image" nor "/configuration" nodes') + + fit.check_fit_crc32_images() + + fit.check_fit_loadables(present=True) + + # 5 - Create auto FIT with signed images, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + s_args + " " + + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-5 has no "/image" nor "/configuration" nodes') + + fit.check_fit_signed_images(key_name, sign_algo, verifier) + + fit.check_fit_loadables(present=True) + + # 6 - Create auto FIT with signed configs and hashed images, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto-conf' + b_args + s_args + " " + + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-6 has no "/image" nor "/configuration" nodes') + + fit.check_fit_signed_confgs(key_name, sign_algo) + + fit.check_fit_loadables(present=True) |