summaryrefslogtreecommitdiff
path: root/test/py
diff options
context:
space:
mode:
Diffstat (limited to 'test/py')
-rw-r--r--test/py/conftest.py2
-rw-r--r--test/py/tests/test_efi_secboot/conftest.py30
-rw-r--r--test/py/tests/test_efi_secboot/test_authvar.py8
-rw-r--r--test/py/tests/test_efi_secboot/test_signed.py4
-rw-r--r--test/py/tests/test_efi_secboot/test_unsigned.py6
-rw-r--r--test/py/tests/test_ut.py17
-rw-r--r--test/py/tests/test_vboot.py52
7 files changed, 65 insertions, 54 deletions
diff --git a/test/py/conftest.py b/test/py/conftest.py
index e3392ff6bc4..30920474b36 100644
--- a/test/py/conftest.py
+++ b/test/py/conftest.py
@@ -156,7 +156,7 @@ def pytest_configure(config):
o_opt = ''
cmds = (
['make', o_opt, '-s', board_type + '_defconfig'],
- ['make', o_opt, '-s', '-j8'],
+ ['make', o_opt, '-s', '-j{}'.format(os.cpu_count())],
)
name = 'make'
diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py
index e542fef6e81..5d99b8b7189 100644
--- a/test/py/tests/test_efi_secboot/conftest.py
+++ b/test/py/tests/test_efi_secboot/conftest.py
@@ -43,7 +43,8 @@ def efi_boot_env(request, u_boot_config):
HELLO_PATH = u_boot_config.build_dir + '/lib/efi_loader/helloworld.efi'
try:
- non_root = tool_is_in_path('udisksctl')
+ mnt_point = u_boot_config.persistent_data_dir + '/mnt_efisecure'
+ check_call('mkdir -p {}'.format(mnt_point), shell=True)
# create a disk/partition
check_call('dd if=/dev/zero of=%s bs=1MiB count=%d'
@@ -57,25 +58,11 @@ def efi_boot_env(request, u_boot_config):
check_call('dd if=%s.tmp of=%s bs=1MiB seek=1 count=%d conv=notrunc'
% (image_path, image_path, 1), shell=True)
check_call('rm %s.tmp' % image_path, shell=True)
- if non_root:
- out_data = check_output('udisksctl loop-setup -f %s -o %d'
- % (image_path, 1048576), shell=True).decode()
- m = re.search('(?<= as )(.*)\.', out_data)
- loop_dev = m.group(1)
- # print 'loop device is: %s' % loop_dev
- out_data = check_output('udisksctl info -b %s'
- % loop_dev, shell=True).decode()
- m = re.search('MountPoints:[ \t]+(.*)', out_data)
- mnt_point = m.group(1)
- else:
- loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"'
+ loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"'
% (part_size, image_path), shell=True).decode()
- mnt_point = '/mnt'
- check_output('sudo mount -t %s -o umask=000 %s %s'
+ check_output('sudo mount -t %s -o umask=000 %s %s'
% (fs_type, loop_dev, mnt_point), shell=True)
- # print 'mount point is: %s' % mnt_point
-
# suffix
# *.key: RSA private key in PEM
# *.crt: X509 certificate (self-signed) in PEM
@@ -134,13 +121,8 @@ def efi_boot_env(request, u_boot_config):
% (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH),
shell=True)
- if non_root:
- check_call('udisksctl unmount -b %s' % loop_dev, shell=True)
- # not needed
- # check_call('udisksctl loop-delete -b %s' % loop_dev, shell=True)
- else:
- check_call('sudo umount %s' % loop_dev, shell=True)
- check_call('sudo losetup -d %s' % loop_dev, shell=True)
+ check_call('sudo umount %s' % loop_dev, shell=True)
+ check_call('sudo losetup -d %s' % loop_dev, shell=True)
except CalledProcessError as e:
pytest.skip('Setup failed: %s' % e.cmd)
diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py
index 55dcaa95f1e..9912694a3e3 100644
--- a/test/py/tests/test_efi_secboot/test_authvar.py
+++ b/test/py/tests/test_efi_secboot/test_authvar.py
@@ -133,7 +133,7 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 db.auth',
@@ -174,7 +174,7 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 db.auth',
@@ -215,7 +215,7 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 db.auth',
@@ -249,7 +249,7 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 db.auth',
diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py
index 584282b338b..fc722ab506c 100644
--- a/test/py/tests/test_efi_secboot/test_signed.py
+++ b/test/py/tests/test_efi_secboot/test_signed.py
@@ -29,7 +29,7 @@ class TestEfiSignedImage(object):
# Test Case 1a, run signed image if no db/dbx
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
- 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""',
+ 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""; echo',
'efidebug boot next 1',
'bootefi bootmgr'])
assert(re.search('Hello, world!', ''.join(output)))
@@ -81,7 +81,7 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py
index 22d849afb89..a4af845c514 100644
--- a/test/py/tests/test_efi_secboot/test_unsigned.py
+++ b/test/py/tests/test_efi_secboot/test_unsigned.py
@@ -30,7 +30,7 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK; echo',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
assert(not re.search('Failed to set EFI variable', ''.join(output)))
@@ -58,7 +58,7 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
@@ -82,7 +82,7 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx; echo',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
diff --git a/test/py/tests/test_ut.py b/test/py/tests/test_ut.py
index 6c7b8dd2b30..01c2b3ffa12 100644
--- a/test/py/tests/test_ut.py
+++ b/test/py/tests/test_ut.py
@@ -22,7 +22,22 @@ def test_ut_dm_init(u_boot_console):
fh.write(data)
def test_ut(u_boot_console, ut_subtest):
- """Execute a "ut" subtest."""
+ """Execute a "ut" subtest.
+
+ The subtests are collected in function generate_ut_subtest() from linker
+ generated lists by applying a regular expression to the lines of file
+ u-boot.sym. The list entries are created using the C macro UNIT_TEST().
+
+ Strict naming conventions have to be followed to match the regular
+ expression. Use UNIT_TEST(foo_test_bar, _flags, foo_test) for a test bar in
+ test suite foo that can be executed via command 'ut foo bar' and is
+ implemented in C function foo_test_bar().
+
+ Args:
+ u_boot_console (ConsoleBase): U-Boot console
+ ut_subtest (str): test to be executed via command ut, e.g 'foo bar' to
+ execute command 'ut foo bar'
+ """
output = u_boot_console.run_command('ut ' + ut_subtest)
assert output.endswith('Failures: 0')
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index e67f2b3d0f6..6b998cfd70e 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -30,11 +30,16 @@ import u_boot_utils as util
import vboot_forge
TESTDATA = [
- ['sha1', '', False],
- ['sha1', '-pss', False],
- ['sha256', '', False],
- ['sha256', '-pss', False],
- ['sha256', '-pss', True],
+ ['sha1', '', None, False],
+ ['sha1', '', '-E -p 0x10000', False],
+ ['sha1', '-pss', None, False],
+ ['sha1', '-pss', '-E -p 0x10000', False],
+ ['sha256', '', None, False],
+ ['sha256', '', '-E -p 0x10000', False],
+ ['sha256', '-pss', None, False],
+ ['sha256', '-pss', '-E -p 0x10000', False],
+ ['sha256', '-pss', None, True],
+ ['sha256', '-pss', '-E -p 0x10000', True],
]
@pytest.mark.boardspec('sandbox')
@@ -43,8 +48,8 @@ TESTDATA = [
@pytest.mark.requiredtool('fdtget')
@pytest.mark.requiredtool('fdtput')
@pytest.mark.requiredtool('openssl')
-@pytest.mark.parametrize("sha_algo,padding,required", TESTDATA)
-def test_vboot(u_boot_console, sha_algo, padding, required):
+@pytest.mark.parametrize("sha_algo,padding,sign_options,required", TESTDATA)
+def test_vboot(u_boot_console, sha_algo, padding, sign_options, required):
"""Test verified boot signing with mkimage and verification with 'bootm'.
This works using sandbox only as it needs to update the device tree used
@@ -104,7 +109,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
util.run_and_log(cons, [mkimage, '-D', dtc_args, '-f',
'%s%s' % (datadir, its), fit])
- def sign_fit(sha_algo):
+ def sign_fit(sha_algo, options):
"""Sign the FIT
Signs the FIT and writes the signature into it. It also writes the
@@ -113,10 +118,13 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
Args:
sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
use.
+ options: Options to provide to mkimage.
"""
+ args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit]
+ if options:
+ args += options.split(' ')
cons.log.action('%s: Sign images' % sha_algo)
- util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
- '-r', fit])
+ util.run_and_log(cons, args)
def replace_fit_totalsize(size):
"""Replace FIT header's totalsize with something greater.
@@ -154,7 +162,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key '
'-out %s%s.crt' % (tmpdir, name, tmpdir, name))
- def test_with_algo(sha_algo, padding):
+ def test_with_algo(sha_algo, padding, sign_options):
"""Test verified boot with the given hash algorithm.
This is the main part of the test code. The same procedure is followed
@@ -163,6 +171,9 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
Args:
sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
use.
+ padding: Either '' or '-pss', to select the padding to use for the
+ rsa signature algorithm.
+ sign_options: Options to mkimage when signing a fit image.
"""
# Compile our device tree files for kernel and U-Boot. These are
# regenerated here since mkimage will modify them (by adding a
@@ -176,7 +187,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
run_bootm(sha_algo, 'unsigned images', 'dev-', True)
# Sign images with our dev keys
- sign_fit(sha_algo)
+ sign_fit(sha_algo, sign_options)
run_bootm(sha_algo, 'signed images', 'dev+', True)
# Create a fresh .dtb without the public keys
@@ -187,7 +198,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
# Sign images with our dev keys
- sign_fit(sha_algo)
+ sign_fit(sha_algo, sign_options)
run_bootm(sha_algo, 'signed config', 'dev+', True)
cons.log.action('%s: Check signed config on the host' % sha_algo)
@@ -209,7 +220,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
# Create a new properly signed fit and replace header bytes
make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
- sign_fit(sha_algo)
+ sign_fit(sha_algo, sign_options)
bcfg = u_boot_console.config.buildconfig
max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
existing_size = replace_fit_totalsize(max_size + 1)
@@ -240,7 +251,7 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
cons, [fit_check_sign, '-f', fit, '-k', dtb],
1, 'Failed to verify required signature')
- def test_required_key(sha_algo, padding):
+ def test_required_key(sha_algo, padding, sign_options):
"""Test verified boot with the given hash algorithm.
This function tests if U-Boot rejects an image when a required key isn't
@@ -248,6 +259,9 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
Args:
sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use
+ padding: Either '' or '-pss', to select the padding to use for the
+ rsa signature algorithm.
+ sign_options: Options to mkimage when signing a fit image.
"""
# Compile our device tree files for kernel and U-Boot. These are
# regenerated here since mkimage will modify them (by adding a
@@ -260,12 +274,12 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
# Build the FIT with prod key (keys required) and sign it. This puts the
# signature into sandbox-u-boot.dtb, marked 'required'
make_fit('sign-configs-%s%s-prod.its' % (sha_algo, padding))
- sign_fit(sha_algo)
+ sign_fit(sha_algo, sign_options)
# Build the FIT with dev key (keys NOT required). This adds the
# signature into sandbox-u-boot.dtb, NOT marked 'required'.
make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
- sign_fit(sha_algo)
+ sign_fit(sha_algo, sign_options)
# So now sandbox-u-boot.dtb two signatures, for the prod and dev keys.
# Only the prod key is set as 'required'. But FIT we just built has
@@ -297,9 +311,9 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
old_dtb = cons.config.dtb
cons.config.dtb = dtb
if required:
- test_required_key(sha_algo, padding)
+ test_required_key(sha_algo, padding, sign_options)
else:
- test_with_algo(sha_algo, padding)
+ test_with_algo(sha_algo, padding, sign_options)
finally:
# Go back to the original U-Boot with the correct dtb.
cons.config.dtb = old_dtb
generated by cgit v1.2.3 (git 2.0.4) at 2025-10-12 14:33:42 +0000