[PATCH 2/2] test_vboot.py: include test of fdt_add_pubkey tool
Roman Kopytin
Roman.Kopytin at kaspersky.com
Thu Nov 11 09:15:12 CET 2021
Signed-off-by: Roman Kopytin <Roman.Kopytin at kaspersky.com>
Cc: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
---
test/py/tests/test_vboot.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index 095e00cce3..0e9b158e00 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -232,6 +232,13 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb])
+ # Create a fresh .dtb without the public keys
+ dtc('sandbox-u-boot.dts')
+ # Then add the dev key via the fdt_add_pubkey tool
+ util.run_and_log(cons, [fdt_add_pubkey, '-a', '%s,rsa2048' % sha_algo,
+ '-k', tmpdir, '-n', 'dev', '-r', 'conf', dtb])
+ util.run_and_log(cons, [fit_check_sign, '-f', fit, '-k', dtb])
+
if full_test:
# Make sure that U-Boot checks that the config is in the list of
# hashed nodes. If it isn't, a security bypass is possible.
@@ -373,6 +380,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
fit = '%stest.fit' % tmpdir
mkimage = cons.config.build_dir + '/tools/mkimage'
fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
+ fdt_add_pubkey = cons.config.build_dir + '/tools/fdt_add_pubkey'
dtc_args = '-I dts -O dtb -i %s' % tmpdir
dtb = '%ssandbox-u-boot.dtb' % tmpdir
sig_node = '/configurations/conf-1/signature'
--
2.25.1
More information about the U-Boot
mailing list