[U-Boot] [PATCH v1 00/11] import x509/pkcs7 parsers from linux

Tom Rini trini at konsulko.com
Fri Oct 18 12:35:23 UTC 2019


On Fri, Oct 18, 2019 at 05:36:28PM +0900, AKASHI Takahiro wrote:
> Hi Tom,
> 
> On Thu, Oct 17, 2019 at 11:23:21AM -0400, Tom Rini wrote:
> > On Tue, Oct 15, 2019 at 06:25:19PM +0900, AKASHI Takahiro wrote:
> > > On Tue, Oct 15, 2019 at 07:33:18AM +0200, Heinrich Schuchardt wrote:
> > > > On 10/15/19 5:18 AM, AKASHI Takahiro wrote:
> > > > >On Sat, Oct 12, 2019 at 03:02:09PM +0200, Heinrich Schuchardt wrote:
> > > > >>On 10/11/19 9:55 AM, AKASHI Takahiro wrote:
> > > > >>>I hope this patch set will be reviewed promptly as I'm aiming to
> > > > >>>push my "UEFI secure boot" patch for v2020.01.
> > > > >>>
> > > > >>
> > > > >>How can I make all of these new files being built to check for build
> > > > >>warnings?
> > > > >
> > > > >As always in my case of UEFI secure boot, they have gone through build and
> > > > >run/tests as part of UEFI secure boot. This is also true for RSA
> > > > >extension as UEFI secure boot is the only user of those features.
> > > > 
> > > > Did you run them through Travis?
> > > 
> > > As far as this patch set is concerned, no configuration enables
> > > any of kconfig options listed below and running Travis doesn't make sense.
> > 
> > That's a problem that needs to be fixed.  I am not OK with the idea of
> > adding a new feature that will not be put through our CI and so when
> > things break it (which will happen, inadvertently) it won't be caught
> > until much later.  Figuring out how to extend our CI to test this is a
> > must.  Thanks!
> 
> I added a simple *unit* test under "test/lib."
> As I said before, however, no existing configuration enables either
>    CONFIG_X509_CERTIFICATE_PARSER, nor
>    CONFIG_PKCS7_MESSAGE_PARSER
> 
> and the related code won't be built or exercised in any way.
> So I made a small trick to Kconfig:
> 
> === 8< ===
> config UT_LIB
>         bool "Unit tests for library functions"
>         depends on UNIT_TEST
>         default y
>         help
>           Enables the 'ut lib' command which tests library functions like
>           memcat(), memcyp(), memmove().
> 
> if UT_LIB
> 
> config UT_LIB_ASN1
>         bool "Unit test for asn1 compiler and decoder function"
>         default y
>         imply ASYMMETRIC_KEY_TYPE
>         imply ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>         imply X509_CERTIFICATE_PARSER
>         imply PKCS7_MESSAGE_PARSER
>         imply RSA_PUBLIC_KEY_PARSER
>         help
>           Enables a test which exercises asn1 compiler and decoder function
>           via various parsers.
> 
> endif
> === >8 ===
> 
> So as long as UT_LIB is enabled and run by one of Travis CI test cases,
> a new test for ASN1 will also be exercised.
> (I don't know which one will invoke "ut" command.)
> 
> Do you agree to this approach?

I think you're going to need to get a bit more familiar with some
aspects of testing and building.  Today, CONFIG_UNIT_TEST is enabled for
sandbox.  And we want as much as possible enabled on sandbox as that's
also where coverity scan is performed.  So that will get us part of the
way forward here longer term.  I think however you're going to also need
to enable some tests on the QEMU platforms so that we can have all of
this new secure boot code put through CI there.  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20191018/69c91ac0/attachment.sig>


More information about the U-Boot mailing list