[PATCH v4 2/3] binman: ftest: Add test for xilinx-bootgen etype
lukas.funke-oss at weidmueller.com
lukas.funke-oss at weidmueller.com
Thu Aug 3 17:22:14 CEST 2023
From: Lukas Funke <lukas.funke at weidmueller.com>
Add test for the 'xilinx-bootgen' etype
Signed-off-by: Lukas Funke <lukas.funke at weidmueller.com>
Reviewed-by: Simon Glass <sjg at chromium.org>
---
Changes in v4:
- Add test to check for missing bootgen tool
Changes in v3:
- Improved test coverage for xilinx-fsbl-auth etype
Changes in v2:
- Fixed typo in dts name
tools/binman/ftest.py | 75 +++++++++++++++++++
tools/binman/test/307_xilinx_bootgen_sign.dts | 22 ++++++
.../test/308_xilinx_bootgen_sign_enc.dts | 24 ++++++
3 files changed, 121 insertions(+)
create mode 100644 tools/binman/test/307_xilinx_bootgen_sign.dts
create mode 100644 tools/binman/test/308_xilinx_bootgen_sign_enc.dts
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 36428ec343..2d541c32b9 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -7139,5 +7139,80 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self.assertEqual(fdt_util.GetString(key_node, "key-name-hint"),
"key")
+ def testXilinxBootgenSigning(self):
+ """Test xilinx-bootgen etype"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ self._DoReadFileRealDtb('307_xilinx_bootgen_sign.dts')
+ image_fname = tools.get_output_filename('image.bin')
+ bootgen = bintool.Bintool.create('bootgen')
+
+ # Read partition header table and check if authentication is enabled
+ bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+ "-read", image_fname, "pht").splitlines()
+ attributes = {"authentication": None,
+ "core": None,
+ "encryption": None}
+
+ for l in bootgen_out:
+ for a in attributes.keys():
+ if a in l:
+ m = re.match(fr".*{a} \[([^]]+)\]", l)
+ attributes[a] = m.group(1)
+
+ self.assertTrue(attributes['authentication'] == "rsa")
+ self.assertTrue(attributes['core'] == "a53-0")
+ self.assertTrue(attributes['encryption'] == "no")
+
+ def testXilinxBootgenSigningEncryption(self):
+ """Test xilinx-bootgen etype"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ self._DoReadFileRealDtb('308_xilinx_bootgen_sign_enc.dts')
+ image_fname = tools.get_output_filename('image.bin')
+ bootgen = bintool.Bintool.create('bootgen')
+
+ # Read boot header in order to verify encryption source and
+ # encryption parameter
+ bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+ "-read", image_fname, "bh").splitlines()
+ attributes = {"auth_only":
+ {"re": r".*auth_only \[([^]]+)\]", "value": None},
+ "encryption_keystore":
+ {"re": r" *encryption_keystore \(0x28\) : (.*)",
+ "value": None},
+ }
+
+ for l in bootgen_out:
+ for a in attributes.keys():
+ if a in l:
+ m = re.match(attributes[a]['re'], l)
+ attributes[a] = m.group(1)
+
+ # Check if fsbl-attribute is set correctly
+ self.assertTrue(attributes['auth_only'] == "true")
+ # Check if key is stored in efuse
+ self.assertTrue(attributes['encryption_keystore'] == "0xa5c3c5a3")
+
+ def testXilinxBootgenMissing(self):
+ """Test that binman still produces an image if ifwitool is missing"""
+ data = tools.read_file(self.TestFile("key.key"))
+ self._MakeInputFile("psk.pem", data)
+ self._MakeInputFile("ssk.pem", data)
+ self._SetupPmuFwlElf()
+ self._SetupSplElf()
+ with test_util.capture_sys_output() as (_, stderr):
+ self._DoTestFile('307_xilinx_bootgen_sign.dts',
+ force_missing_bintools='bootgen')
+ err = stderr.getvalue()
+ self.assertRegex(err,
+ "Image 'image'.*missing bintools.*: bootgen")
+
if __name__ == "__main__":
unittest.main()
diff --git a/tools/binman/test/307_xilinx_bootgen_sign.dts b/tools/binman/test/307_xilinx_bootgen_sign.dts
new file mode 100644
index 0000000000..02acf8652a
--- /dev/null
+++ b/tools/binman/test/307_xilinx_bootgen_sign.dts
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ xilinx-bootgen {
+ auth-params = "ppk_select=0", "spk_id=0x00000000";
+ pmufw-filename = "pmu-firmware.elf";
+ psk-key-name-hint = "psk";
+ ssk-key-name-hint = "ssk";
+
+ u-boot-spl-nodtb {
+ };
+ u-boot-spl-dtb {
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts b/tools/binman/test/308_xilinx_bootgen_sign_enc.dts
new file mode 100644
index 0000000000..5d7ce4c1f5
--- /dev/null
+++ b/tools/binman/test/308_xilinx_bootgen_sign_enc.dts
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ xilinx-bootgen {
+ auth-params = "ppk_select=0", "spk_id=0x00000000";
+ fsbl-config = "auth_only";
+ keysrc-enc = "efuse_red_key";
+ pmufw-filename = "pmu-firmware.elf";
+ psk-key-name-hint = "psk";
+ ssk-key-name-hint = "ssk";
+
+ u-boot-spl-nodtb {
+ };
+ u-boot-spl-dtb {
+ };
+ };
+ };
+};
--
2.30.2
More information about the U-Boot
mailing list