summaryrefslogtreecommitdiff
path: root/tools/binman/ftest.py
diff options
context:
space:
mode:
Diffstat (limited to 'tools/binman/ftest.py')
-rw-r--r--tools/binman/ftest.py249
1 files changed, 248 insertions, 1 deletions
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 1cfa349d38e..8e419645a6d 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -48,6 +48,7 @@ U_BOOT_VPL_DATA = b'vpl76543210fedcbazywxyz_'
BLOB_DATA = b'89'
ME_DATA = b'0abcd'
VGA_DATA = b'vga'
+EFI_CAPSULE_DATA = b'efi'
U_BOOT_DTB_DATA = b'udtb'
U_BOOT_SPL_DTB_DATA = b'spldtb'
U_BOOT_TPL_DTB_DATA = b'tpldtb'
@@ -119,6 +120,11 @@ COMP_BINTOOLS = ['bzip2', 'gzip', 'lz4', 'lzma_alone', 'lzop', 'xz', 'zstd']
TEE_ADDR = 0x5678
+# Firmware Management Protocol(FMP) GUID
+FW_MGMT_GUID = 'edd5cb6d2de8444cbda17194199ad92a'
+# Image GUID specified in the DTS
+CAPSULE_IMAGE_GUID = '52cfd7092007104791d108469b7fe9c8'
+
class TestFunctional(unittest.TestCase):
"""Functional tests for binman
@@ -215,6 +221,7 @@ class TestFunctional(unittest.TestCase):
TestFunctional._MakeInputFile('scp.bin', SCP_DATA)
TestFunctional._MakeInputFile('rockchip-tpl.bin', ROCKCHIP_TPL_DATA)
TestFunctional._MakeInputFile('ti_unsecure.bin', TI_UNSECURE_DATA)
+ TestFunctional._MakeInputFile('capsule_input.bin', EFI_CAPSULE_DATA)
# Add a few .dtb files for testing
TestFunctional._MakeInputFile('%s/test-fdt1.dtb' % TEST_FDT_SUBDIR,
@@ -3806,6 +3813,7 @@ class TestFunctional(unittest.TestCase):
allow_missing=True)
self.assertEqual(103, ret)
err = stderr.getvalue()
+ self.assertIn('(missing-file)', err)
self.assertRegex(err, "Image 'image'.*missing.*: blob-ext")
self.assertIn('Some images are invalid', err)
@@ -3816,6 +3824,7 @@ class TestFunctional(unittest.TestCase):
allow_missing=True, ignore_missing=True)
self.assertEqual(0, ret)
err = stderr.getvalue()
+ self.assertIn('(missing-file)', err)
self.assertRegex(err, "Image 'image'.*missing.*: blob-ext")
self.assertIn('Some images are invalid', err)
@@ -6358,6 +6367,13 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
fdt_util.fdt32_to_cpu(node.props['entry'].value))
self.assertEqual(U_BOOT_DATA, node.props['data'].bytes)
+ with test_util.capture_sys_output() as (stdout, stderr):
+ self.checkFitTee('264_tee_os_opt_fit.dts', '')
+ err = stderr.getvalue()
+ self.assertRegex(
+ err,
+ "Image '.*' is missing optional external blobs but is still functional: tee-os")
+
def testFitTeeOsOptionalFitBad(self):
"""Test an image with a FIT with an optional OP-TEE binary"""
with self.assertRaises(ValueError) as exc:
@@ -6390,7 +6406,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
err = stderr.getvalue()
self.assertRegex(
err,
- "Image '.*' is missing external blobs but is still functional: missing")
+ "Image '.*' is missing optional external blobs but is still functional: missing")
def testSectionInner(self):
"""Test an inner section with a size"""
@@ -6853,6 +6869,22 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
second = U_BOOT_DATA + b'#' + VGA_DATA + U_BOOT_DTB_DATA
self.assertEqual(U_BOOT_IMG_DATA + first + second, data)
+ dtb_fname1 = tools.get_output_filename('u-boot.dtb.tmpl1')
+ self.assertTrue(os.path.exists(dtb_fname1))
+ dtb = fdt.Fdt.FromData(tools.read_file(dtb_fname1))
+ dtb.Scan()
+ node1 = dtb.GetNode('/binman/template')
+ self.assertTrue(node1)
+ vga = dtb.GetNode('/binman/first/intel-vga')
+ self.assertTrue(vga)
+
+ dtb_fname2 = tools.get_output_filename('u-boot.dtb.tmpl2')
+ self.assertTrue(os.path.exists(dtb_fname2))
+ dtb2 = fdt.Fdt.FromData(tools.read_file(dtb_fname2))
+ dtb2.Scan()
+ node2 = dtb2.GetNode('/binman/template')
+ self.assertFalse(node2)
+
def testTemplateBlobMulti(self):
"""Test using a template with 'multiple-images' enabled"""
TestFunctional._MakeInputFile('my-blob.bin', b'blob')
@@ -6944,6 +6976,33 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
# Move to next
spl_data = content[:0x18]
+ def testTemplatePhandle(self):
+ """Test using a template in a node containing a phandle"""
+ entry_args = {
+ 'atf-bl31-path': 'bl31.elf',
+ }
+ data = self._DoReadFileDtb('309_template_phandle.dts',
+ entry_args=entry_args)
+ fname = tools.get_output_filename('image.bin')
+ out = tools.run('dumpimage', '-l', fname)
+
+ # We should see the FIT description and one for each of the two images
+ lines = out.splitlines()
+ descs = [line.split()[-1] for line in lines if 'escription' in line]
+ self.assertEqual(['test-desc', 'atf', 'fdt'], descs)
+
+ def testTemplatePhandleDup(self):
+ """Test using a template in a node containing a phandle"""
+ entry_args = {
+ 'atf-bl31-path': 'bl31.elf',
+ }
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFileDtb('310_template_phandle_dup.dts',
+ entry_args=entry_args)
+ self.assertIn(
+ 'Duplicate phandle 1 in nodes /binman/image/fit/images/atf/atf-bl31 and /binman/image-2/fit/images/atf/atf-bl31',
+ str(e.exception))
+
def testTIBoardConfig(self):
"""Test that a schema validated board config file can be generated"""
data = self._DoReadFile('293_ti_board_cfg.dts')
@@ -7087,5 +7146,193 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self.assertEqual(fdt_util.GetString(key_node, "key-name-hint"),
"key")
+ def testXilinxBootgenSigning(self):
+ """Test xilinx-bootgen etype"""
+ bootgen = bintool.Bintool.create('bootgen')
+ self._CheckBintool(bootgen)
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ self._DoReadFileRealDtb('307_xilinx_bootgen_sign.dts')
+ image_fname = tools.get_output_filename('image.bin')
+
+ # Read partition header table and check if authentication is enabled
+ bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+ "-read", image_fname, "pht").splitlines()
+ attributes = {"authentication": None,
+ "core": None,
+ "encryption": None}
+
+ for l in bootgen_out:
+ for a in attributes.keys():
+ if a in l:
+ m = re.match(fr".*{a} \[([^]]+)\]", l)
+ attributes[a] = m.group(1)
+
+ self.assertTrue(attributes['authentication'] == "rsa")
+ self.assertTrue(attributes['core'] == "a53-0")
+ self.assertTrue(attributes['encryption'] == "no")
+
+ def testXilinxBootgenSigningEncryption(self):
+ """Test xilinx-bootgen etype"""
+ bootgen = bintool.Bintool.create('bootgen')
+ self._CheckBintool(bootgen)
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ self._DoReadFileRealDtb('308_xilinx_bootgen_sign_enc.dts')
+ image_fname = tools.get_output_filename('image.bin')
+
+ # Read boot header in order to verify encryption source and
+ # encryption parameter
+ bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+ "-read", image_fname, "bh").splitlines()
+ attributes = {"auth_only":
+ {"re": r".*auth_only \[([^]]+)\]", "value": None},
+ "encryption_keystore":
+ {"re": r" *encryption_keystore \(0x28\) : (.*)",
+ "value": None},
+ }
+
+ for l in bootgen_out:
+ for a in attributes.keys():
+ if a in l:
+ m = re.match(attributes[a]['re'], l)
+ attributes[a] = m.group(1)
+
+ # Check if fsbl-attribute is set correctly
+ self.assertTrue(attributes['auth_only'] == "true")
+ # Check if key is stored in efuse
+ self.assertTrue(attributes['encryption_keystore'] == "0xa5c3c5a3")
+
+ def testXilinxBootgenMissing(self):
+ """Test that binman still produces an image if bootgen is missing"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ with test_util.capture_sys_output() as (_, stderr):
+ self._DoTestFile('307_xilinx_bootgen_sign.dts',
+ force_missing_bintools='bootgen')
+ err = stderr.getvalue()
+ self.assertRegex(err,
+ "Image 'image'.*missing bintools.*: bootgen")
+
+ def _CheckCapsule(self, data, signed_capsule=False, version_check=False,
+ capoemflags=False):
+ fmp_signature = "4d535331" # 'M', 'S', 'S', '1'
+ fmp_size = "10"
+ fmp_fw_version = "02"
+ oemflag = "0080"
+
+ payload_data = EFI_CAPSULE_DATA
+
+ # TODO - Currently, these offsets for capsule fields are hardcoded.
+ # There are plans to add support to the mkeficapsule tool to dump
+ # the capsule contents which can then be used for capsule
+ # verification.
+
+ # Firmware Management Protocol(FMP) GUID - offset(0 - 32)
+ self.assertEqual(FW_MGMT_GUID, data.hex()[:32])
+ # Image GUID - offset(96 - 128)
+ self.assertEqual(CAPSULE_IMAGE_GUID, data.hex()[96:128])
+
+ if capoemflags:
+ # OEM Flags - offset(40 - 44)
+ self.assertEqual(oemflag, data.hex()[40:44])
+ if signed_capsule and version_check:
+ # FMP header signature - offset(4770 - 4778)
+ self.assertEqual(fmp_signature, data.hex()[4770:4778])
+ # FMP header size - offset(4778 - 4780)
+ self.assertEqual(fmp_size, data.hex()[4778:4780])
+ # firmware version - offset(4786 - 4788)
+ self.assertEqual(fmp_fw_version, data.hex()[4786:4788])
+ # payload offset signed capsule(4802 - 4808)
+ self.assertEqual(payload_data.hex(), data.hex()[4802:4808])
+ elif signed_capsule:
+ # payload offset signed capsule(4770 - 4776)
+ self.assertEqual(payload_data.hex(), data.hex()[4770:4776])
+ elif version_check:
+ # FMP header signature - offset(184 - 192)
+ self.assertEqual(fmp_signature, data.hex()[184:192])
+ # FMP header size - offset(192 - 194)
+ self.assertEqual(fmp_size, data.hex()[192:194])
+ # firmware version - offset(200 - 202)
+ self.assertEqual(fmp_fw_version, data.hex()[200:202])
+ # payload offset for non-signed capsule with version header(216 - 222)
+ self.assertEqual(payload_data.hex(), data.hex()[216:222])
+ else:
+ # payload offset for non-signed capsule with no version header(184 - 190)
+ self.assertEqual(payload_data.hex(), data.hex()[184:190])
+
+ def testCapsuleGen(self):
+ """Test generation of EFI capsule"""
+ data = self._DoReadFile('311_capsule.dts')
+
+ self._CheckCapsule(data)
+
+ def testSignedCapsuleGen(self):
+ """Test generation of EFI capsule"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("key.key", data)
+ data = tools.read_file(self.TestFile("key.pem"))
+ self._MakeInputFile("key.crt", data)
+
+ data = self._DoReadFile('312_capsule_signed.dts')
+
+ self._CheckCapsule(data, signed_capsule=True)
+
+ def testCapsuleGenVersionSupport(self):
+ """Test generation of EFI capsule with version support"""
+ data = self._DoReadFile('313_capsule_version.dts')
+
+ self._CheckCapsule(data, version_check=True)
+
+ def testCapsuleGenSignedVer(self):
+ """Test generation of signed EFI capsule with version information"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("key.key", data)
+ data = tools.read_file(self.TestFile("key.pem"))
+ self._MakeInputFile("key.crt", data)
+
+ data = self._DoReadFile('314_capsule_signed_ver.dts')
+
+ self._CheckCapsule(data, signed_capsule=True, version_check=True)
+
+ def testCapsuleGenCapOemFlags(self):
+ """Test generation of EFI capsule with OEM Flags set"""
+ data = self._DoReadFile('315_capsule_oemflags.dts')
+
+ self._CheckCapsule(data, capoemflags=True)
+
+ def testCapsuleGenKeyMissing(self):
+ """Test that binman errors out on missing key"""
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFile('316_capsule_missing_key.dts')
+
+ self.assertIn("Both private key and public key certificate need to be provided",
+ str(e.exception))
+
+ def testCapsuleGenIndexMissing(self):
+ """Test that binman errors out on missing image index"""
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFile('317_capsule_missing_index.dts')
+
+ self.assertIn("entry is missing properties: image-index",
+ str(e.exception))
+
+ def testCapsuleGenGuidMissing(self):
+ """Test that binman errors out on missing image GUID"""
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFile('318_capsule_missing_guid.dts')
+
+ self.assertIn("entry is missing properties: image-guid",
+ str(e.exception))
+
if __name__ == "__main__":
unittest.main()