[PATCH v5 4/4] test/py: efi_capsule: test for FMP versioning
Masahisa Kojima
masahisa.kojima at linaro.org
Mon Apr 10 11:07:32 CEST 2023
This test covers FMP versioning for both raw and FIT image,
and both signed and non-signed capsule update.
Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
---
Changes in v5:
- get aligned to the device tree based versioning
Newly created in v4
test/py/tests/test_efi_capsule/conftest.py | 73 +++++++
.../test_capsule_firmware_fit.py | 187 ++++++++++++++++
.../test_capsule_firmware_raw.py | 201 ++++++++++++++++++
.../test_capsule_firmware_signed_fit.py | 165 ++++++++++++++
.../test_capsule_firmware_signed_raw.py | 169 +++++++++++++++
test/py/tests/test_efi_capsule/version.dts | 27 +++
6 files changed, 822 insertions(+)
create mode 100644 test/py/tests/test_efi_capsule/version.dts
diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
index 4879f2b5c2..9655e5ec1f 100644
--- a/test/py/tests/test_efi_capsule/conftest.py
+++ b/test/py/tests/test_efi_capsule/conftest.py
@@ -70,6 +70,23 @@ def efi_capsule_data(request, u_boot_config):
'-out SIGNER2.crt -nodes -days 365'
% data_dir, shell=True)
+ # Update dtb adding version information
+ check_call('cd %s; '
+ 'cp %s/test/py/tests/test_efi_capsule/version.dts .'
+ % (data_dir, u_boot_config.source_dir), shell=True)
+ if capsule_auth_enabled:
+ check_call('cd %s; '
+ 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
+ 'fdtoverlay -i test_sig.dtb '
+ '-o test_ver.dtb version.dtbo'
+ % (data_dir), shell=True)
+ else:
+ check_call('cd %s; '
+ 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
+ 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
+ '-o test_ver.dtb version.dtbo'
+ % (data_dir, u_boot_config.build_dir), shell=True)
+
# Create capsule files
# two regions: one for u-boot.bin and the other for u-boot.env
check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
@@ -95,6 +112,26 @@ def efi_capsule_data(request, u_boot_config):
check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
(data_dir, u_boot_config.build_dir),
shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
+ '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
+ check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
+ (data_dir, u_boot_config.build_dir),
+ shell=True)
if capsule_auth_enabled:
# raw firmware signed with proper key
@@ -131,6 +168,42 @@ def efi_capsule_data(request, u_boot_config):
'uboot_bin_env.itb Test14'
% (data_dir, u_boot_config.build_dir),
shell=True)
+ # raw firmware signed with proper key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 5 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test111'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # raw firmware signed with *mal* key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 2 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
+ 'u-boot.bin.new Test112'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # FIT firmware signed with proper key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 5 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
+ 'uboot_bin_env.itb Test113'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
+ # FIT firmware signed with *mal* key with version information
+ check_call('cd %s; '
+ '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
+ '--fw-version 2 '
+ '--private-key SIGNER.key --certificate SIGNER.crt '
+ '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
+ 'uboot_bin_env.itb Test114'
+ % (data_dir, u_boot_config.build_dir),
+ shell=True)
# Create a disk image with EFI system partition
check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
index d28b53a1a1..e774a06d10 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
@@ -189,3 +189,190 @@ class TestEfiCapsuleFirmwareFit(object):
assert 'u-boot-env:Old' in ''.join(output)
else:
assert 'u-boot-env:New' in ''.join(output)
+
+ def test_efi_capsule_fw3(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 3 - Update U-Boot and U-Boot environment on SPI Flash with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 3-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 150000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test104' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test104 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test104' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 3-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test104' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test104' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ if capsule_auth:
+ assert 'u-boot:Old' in ''.join(output)
+ else:
+ assert 'u-boot:New' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf read 4000000 150000 10',
+ 'md.b 4000000 10'])
+ if capsule_auth:
+ assert 'u-boot-env:Old' in ''.join(output)
+ else:
+ assert 'u-boot-env:New' in ''.join(output)
+
+ def test_efi_capsule_fw4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 4 - Update U-Boot and U-Boot environment on SPI Flash with version information
+ but fw_version is lower than lowest_supported_version
+ No update should happen
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 150000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test105' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test105 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test105' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test105' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test105' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ # make sure capsule update failed
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:Old' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf read 4000000 150000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot-env:Old' in ''.join(output)
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
index 92bfb14932..bd6419bcc3 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
@@ -292,3 +292,204 @@ class TestEfiCapsuleFirmwareRaw:
assert 'u-boot-env:Old' in ''.join(output)
else:
assert 'u-boot-env:New' in ''.join(output)
+
+ def test_efi_capsule_fw4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 4
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ 0x150000-0x200000: U-Boot environment (but dummy)
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 150000 10',
+ 'sf read 5000000 150000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place the capsule files
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test101' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test101 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test101' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test102' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test102 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test102' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test101' in ''.join(output)
+ assert 'Test102' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test101' not in ''.join(output)
+ assert 'Test102' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
+ assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
+ assert 'ESRT: fw_version=10' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ if capsule_auth:
+ assert 'u-boot:Old' in ''.join(output)
+ else:
+ assert 'u-boot:New' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 150000 10',
+ 'md.b 4000000 10'])
+
+ if capsule_auth:
+ assert 'u-boot-env:Old' in ''.join(output)
+ else:
+ assert 'u-boot-env:New' in ''.join(output)
+
+ def test_efi_capsule_fw5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """ Test Case 5
+ Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
+ but fw_version is lower than lowest_supported_version
+ No update should happen
+ 0x100000-0x150000: U-Boot binary (but dummy)
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize contents
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place the capsule files
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test103' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test103 $filesize' % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test103' in ''.join(output)
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ capsule_auth = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_authenticate')
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot(expect_reset = capsule_early)
+
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test103' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test103' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+
+ # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
+ assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
+ assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
+ assert 'ESRT: fw_version=10' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
+
+ # make sure capsule update failed
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:Old' in ''.join(output)
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
index 8c2d616fd0..4696ad962a 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
@@ -257,3 +257,168 @@ class TestEfiCapsuleFirmwareSignedFit(object):
'sf read 4000000 100000 10',
'md.b 4000000 10'])
assert 'u-boot:Old' in ''.join(output)
+
+ def test_efi_capsule_auth4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 4 - Update U-Boot on SPI Flash, FIT image format
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is properly signed with version information,
+ the authentication should pass and the firmware be updated.
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize content
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old'
+ % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test113' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test113 $filesize'
+ % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test113' in ''.join(output)
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot()
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test113' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test113' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:New' in ''.join(output)
+
+ def test_efi_capsule_auth5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 5 - Update U-Boot on SPI Flash, FIT image format
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is signed but fw_version is lower than lowest
+ supported version, the authentication should fail and the firmware
+ not be updated.
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize content
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old'
+ % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test114' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test114 $filesize'
+ % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test114' in ''.join(output)
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot()
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test114' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test114' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:Old' in ''.join(output)
diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
index 2bbaa9cc55..98ce9c9afd 100644
--- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
+++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
@@ -254,3 +254,172 @@ class TestEfiCapsuleFirmwareSignedRaw(object):
'sf read 4000000 100000 10',
'md.b 4000000 10'])
assert 'u-boot:Old' in ''.join(output)
+
+ def test_efi_capsule_auth4(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is properly signed, the authentication
+ should pass and the firmware be updated.
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 4-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+
+ output = u_boot_console.run_command('efidebug capsule esrt')
+
+
+
+ # initialize content
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old'
+ % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test111' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test111 $filesize'
+ % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test111' in ''.join(output)
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot()
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 4-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test111' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test111' not in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:New' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ def test_efi_capsule_auth5(
+ self, u_boot_config, u_boot_console, efi_capsule_data):
+ """
+ Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information
+ 0x100000-0x150000: U-Boot binary (but dummy)
+
+ If the capsule is signed but fw_version is lower than lowest
+ supported version, the authentication should fail and the firmware
+ not be updated.
+ """
+ disk_img = efi_capsule_data
+ with u_boot_console.log.section('Test Case 5-a, before reboot'):
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'printenv -e PlatformLangCodes', # workaround for terminal size determination
+ 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi',
+ 'efidebug boot order 1',
+ 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'env save'])
+
+ # initialize content
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'fatload host 0:1 4000000 %s/u-boot.bin.old'
+ % CAPSULE_DATA_DIR,
+ 'sf write 4000000 100000 10',
+ 'sf read 5000000 100000 10',
+ 'md.b 5000000 10'])
+ assert 'Old' in ''.join(output)
+
+ # place a capsule file
+ output = u_boot_console.run_command_list([
+ 'fatload host 0:1 4000000 %s/Test112' % CAPSULE_DATA_DIR,
+ 'fatwrite host 0:1 4000000 %s/Test112 $filesize'
+ % CAPSULE_INSTALL_DIR,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test112' in ''.join(output)
+
+ # reboot
+ mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
+ u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \
+ + '/test_ver.dtb'
+ u_boot_console.restart_uboot()
+
+ capsule_early = u_boot_config.buildconfig.get(
+ 'config_efi_capsule_on_disk_early')
+ with u_boot_console.log.section('Test Case 5-b, after reboot'):
+ if not capsule_early:
+ # make sure that dfu_alt_info exists even persistent variables
+ # are not available.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info '
+ '"sf 0:0=u-boot-bin raw 0x100000 '
+ '0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test112' in ''.join(output)
+
+ # need to run uefi command to initiate capsule handling
+ output = u_boot_console.run_command(
+ 'env print -e Capsule0000', wait_for_reboot = True)
+
+ output = u_boot_console.run_command_list([
+ 'host bind 0 %s' % disk_img,
+ 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR])
+ assert 'Test112' not in ''.join(output)
+
+ # make sure the dfu_alt_info exists because it is required for making ESRT.
+ output = u_boot_console.run_command_list([
+ 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"',
+ 'efidebug capsule esrt'])
+ assert 'ESRT: fw_version=5' in ''.join(output)
+ assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
+
+ output = u_boot_console.run_command_list([
+ 'sf probe 0:0',
+ 'sf read 4000000 100000 10',
+ 'md.b 4000000 10'])
+ assert 'u-boot:Old' in ''.join(output)
diff --git a/test/py/tests/test_efi_capsule/version.dts b/test/py/tests/test_efi_capsule/version.dts
new file mode 100644
index 0000000000..0e544524e3
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/version.dts
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+/plugin/;
+
+&{/} {
+ firmware-version {
+ image1 {
+ lowest-supported-version = <3>;
+ fw-version = <5>;
+ image-index = <1>;
+ image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
+ };
+ image2 {
+ lowest-supported-version = <7>;
+ fw-version = <10>;
+ image-index = <2>;
+ image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
+ };
+ image3 {
+ lowest-supported-version = <3>;
+ fw-version = <5>;
+ image-index = <1>;
+ image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
+ };
+ };
+};
--
2.17.1
More information about the U-Boot
mailing list