[RFC PATCH 2/2] test/py: efi_secboot: adjust secure boot tests to code changes

Ilias Apalodimas ilias.apalodimas at linaro.org
Fri Feb 4 08:32:02 CET 2022


The previous patch is changing U-Boot's behavior wrt certificate based
binary authentication.  Specifically an image who's digest of a
certificate is found in dbx is now rejected.  Fix the test accordingly

Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
---
 test/py/tests/test_efi_secboot/test_signed.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py
index 0aee34479f55..7f5ec78261da 100644
--- a/test/py/tests/test_efi_secboot/test_signed.py
+++ b/test/py/tests/test_efi_secboot/test_signed.py
@@ -186,7 +186,7 @@ class TestEfiSignedImage(object):
             assert 'Hello, world!' in ''.join(output)
 
         with u_boot_console.log.section('Test Case 5c'):
-            # Test Case 5c, not rejected if one of signatures (digest of
+            # Test Case 5c, rejected if one of signatures (digest of
             # certificate) is revoked
             output = u_boot_console.run_command_list([
                 'fatload host 0:1 4000000 dbx_hash.auth',
@@ -195,7 +195,8 @@ class TestEfiSignedImage(object):
             output = u_boot_console.run_command_list([
                 'efidebug boot next 1',
                 'efidebug test bootmgr'])
-            assert 'Hello, world!' in ''.join(output)
+            assert '\'HELLO\' failed' in ''.join(output)
+            assert 'efi_start_image() returned: 26' in ''.join(output)
 
         with u_boot_console.log.section('Test Case 5d'):
             # Test Case 5d, rejected if both of signatures are revoked
-- 
2.32.0



More information about the U-Boot mailing list