diff options
Diffstat (limited to 'test/py')
| -rw-r--r-- | test/py/tests/test_efi_capsule/capsule_common.py | 4 | ||||
| -rw-r--r-- | test/py/tests/test_efi_capsule/conftest.py | 3 | ||||
| -rw-r--r-- | test/py/tests/test_fit_auto_signed.py | 67 |
3 files changed, 71 insertions, 3 deletions
diff --git a/test/py/tests/test_efi_capsule/capsule_common.py b/test/py/tests/test_efi_capsule/capsule_common.py index 04dabc176c4..8aaddfc19d6 100644 --- a/test/py/tests/test_efi_capsule/capsule_common.py +++ b/test/py/tests/test_efi_capsule/capsule_common.py @@ -42,7 +42,7 @@ def init_content(ubman, target, filename, expected): 'sf probe 0:0', f'fatload host 0:1 4000000 {CAPSULE_DATA_DIR}/{filename}', f'sf write 4000000 {target} 10', - 'sf read 5000000 100000 10', + f'sf read 5000000 {target} 10', 'md.b 5000000 10']) assert expected in ''.join(output) @@ -137,6 +137,8 @@ def do_reboot_dtb_specified(u_boot_config, ubman, dtb_filename): dtb_filename -- DTB file name. """ mnt_point = u_boot_config.persistent_data_dir + '/scratch' + old_dtb = ubman.config.dtb ubman.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + f'/{dtb_filename}' ubman.restart_uboot() + ubman.config.dtb = old_dtb diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 961d2e0b3c1..ad0cda59ebf 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -44,8 +44,6 @@ def efi_capsule_data(request, ubman): % (key_dir, data_dir), shell=True) check_call('cp %s/capsule_pub_key_good.crt %s/SIGNER.crt' % (key_dir, data_dir), shell=True) - check_call('cp %s/capsule_pub_esl_good.esl %s/SIGNER.esl' - % (key_dir, data_dir), shell=True) check_call('cp %s/capsule_priv_key_bad.key %s/SIGNER2.key' % (key_dir, data_dir), shell=True) @@ -103,6 +101,7 @@ def efi_capsule_data(request, ubman): pytest.skip('Setup failed: %s' % exception.cmd) return else: + ubman.restart_uboot() yield image_path finally: call('rm -rf %s' % mnt_point, shell=True) diff --git a/test/py/tests/test_fit_auto_signed.py b/test/py/tests/test_fit_auto_signed.py index cdfd341c6f5..0b5dbd5401c 100644 --- a/test/py/tests/test_fit_auto_signed.py +++ b/test/py/tests/test_fit_auto_signed.py @@ -117,6 +117,23 @@ class SignedFitHelper(object): algo = self.__fdt_get_string(f'{node}/signature', 'algo') assert algo == sign_algo + "\n", "Missing expected signature algo!" + def check_fit_loadables(self, present): + """Test that loadables contains both kernel and TFA BL31 entries. + + Each configuration must have a loadables property which lists both + kernel-1 and tfa-bl31-1 strings in the string list. + """ + if present: + assert "/images/tfa-bl31-1" in self.images_nodes + else: + assert "/images/tfa-bl31-1" not in self.images_nodes + for node in self.confgs_nodes: + loadables = self.__fdt_get_string(f'{node}', 'loadables') + assert "kernel-1" in loadables + if present: + assert "tfa-bl31-1" in loadables + else: + assert "tfa-bl31-1" not in loadables @pytest.mark.buildconfigspec('fit_signature') @pytest.mark.requiredtool('fdtget') @@ -139,6 +156,7 @@ def test_fit_auto_signed(ubman): kernel_file = f'{tempdir}/vmlinuz' dt1_file = f'{tempdir}/dt-1.dtb' dt2_file = f'{tempdir}/dt-2.dtb' + tfa_file = f'{tempdir}/tfa-bl31.bin' key_name = 'sign-key' sign_algo = 'sha256,rsa4096' key_file = f'{tempdir}/{key_name}.key' @@ -154,6 +172,9 @@ def test_fit_auto_signed(ubman): with open(dt2_file, 'wb') as fd: fd.write(os.urandom(256)) + with open(tfa_file, 'wb') as fd: + fd.write(os.urandom(256)) + # Create 4096 RSA key and write to file to be read by mkimage key = RSA.generate(bits=4096) verifier = pkcs1_15.new(key) @@ -173,6 +194,8 @@ def test_fit_auto_signed(ubman): fit.check_fit_crc32_images() + fit.check_fit_loadables(present=False) + # 2 - Create auto FIT with signed images, and verify it utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + s_args + " " + fit_file) @@ -183,6 +206,8 @@ def test_fit_auto_signed(ubman): fit.check_fit_signed_images(key_name, sign_algo, verifier) + fit.check_fit_loadables(present=False) + # 3 - Create auto FIT with signed configs and hashed images, and verify it utils.run_and_log(ubman, mkimage + ' -fauto-conf' + b_args + s_args + " " + fit_file) @@ -192,3 +217,45 @@ def test_fit_auto_signed(ubman): raise ValueError('FIT-3 has no "/image" nor "/configuration" nodes') fit.check_fit_signed_confgs(key_name, sign_algo) + + fit.check_fit_loadables(present=False) + + # Run the same tests as 1/2/3 above, but this time with TFA BL31 + # options -y tfa-bl31.bin -Y 0x12340000 to cover both mkimage with + # and without TFA BL31 use cases. + b_args = " -d" + kernel_file + " -b" + dt1_file + " -b" + dt2_file + " -y" + tfa_file + " -Y 0x12340000" + + # 4 - Create auto FIT with images crc32 checksum, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + " " + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-4 has no "/image" nor "/configuration" nodes') + + fit.check_fit_crc32_images() + + fit.check_fit_loadables(present=True) + + # 5 - Create auto FIT with signed images, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + s_args + " " + + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-5 has no "/image" nor "/configuration" nodes') + + fit.check_fit_signed_images(key_name, sign_algo, verifier) + + fit.check_fit_loadables(present=True) + + # 6 - Create auto FIT with signed configs and hashed images, and verify it + utils.run_and_log(ubman, mkimage + ' -fauto-conf' + b_args + s_args + " " + + fit_file) + + fit = SignedFitHelper(ubman, fit_file) + if fit.build_nodes_sets() == 0: + raise ValueError('FIT-6 has no "/image" nor "/configuration" nodes') + + fit.check_fit_signed_confgs(key_name, sign_algo) + + fit.check_fit_loadables(present=True) |