[PATCH v11 5/9] test/py: efi_capsule: add image authentication test

Heinrich Schuchardt xypron.glpk at gmx.de
Wed Feb 16 09:40:57 CET 2022


On 2/14/22 01:43, AKASHI Takahiro wrote:
> Heinrich,
>
> On Fri, Feb 11, 2022 at 08:25:15PM +0100, Heinrich Schuchardt wrote:
>> On 2/9/22 11:10, AKASHI Takahiro wrote:
>>> Add a couple of test cases against capsule image authentication
>>> for capsule-on-disk, where only a signed capsule file with the verified
>>> signature will be applied to the system.
>>>
>>> Due to the difficulty of embedding a public key (esl file) in U-Boot
>>> binary during pytest setup time, all the keys/certificates are pre-created.
>>>
>>> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
>>> Reviewed-by: Simon Glass <sjg at chromium.org>
>>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>>
>> The test is not executed on Gitlab:
>>
>> test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py sss
>>
>> SKIPPED [3] /builds/u-boot/custodians/u-boot-efi/test/py/conftest.py:490:
>> .config feature "efi_capsule_authenticate" not enabled
>>
>> Please, provide a defconfig with CONFIG_EFI_CAPSULE_AUTHENTICATE=y in a
>> follow-up patch.
>
> This is somehow intentional.
> I don't remember quite well, but when I tried to add another defconfig file
> for sandbox to initiate some test in the past, you or Simon (sorry if I
> remember incorrectly here) opposed it.
>
> Please also note that adding CONFIG_EFI_CAPSULE_AUTHENTICATE to
> sandbox_defconfig doesn't make sense as it makes non-signed capsule
> tests (test_capsule_firmware.py) meaningless.

This function really should be tested in Gitlab. How about adding the
setting to sandbox_spl_defconfig?

You will have to change test/run line 31 for the test to be run on
sandbox_spl.

Best regards

Heinrich

>
> -Takahiro Akashi


More information about the U-Boot mailing list