[PATCH v3 10/11] sandbox: capsule: Add a config file for generating capsules

Sughosh Ganu sughosh.ganu at linaro.org
Tue Jul 11 09:18:23 CEST 2023 

hi Simon,

On Tue, 11 Jul 2023 at 03:08, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Sughosh,
>
> On Sun, 9 Jul 2023 at 07:34, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > Support has been added to the mkeficapsule tool to generate capsules
> > by parsing the capsule parameters through a config file. Add a config
> > file for generating capsules. These capsules will be used for testing
> > the capsule update feature on sandbox platform.
> >
> > Enable generation of capsules through the config file on the sandbox
> > variant.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > Changes since V2:
> > * New patch to add the capsule generation config file for sandbox.
> >
> >  .azure-pipelines.yml                          |  1 +
> >  .gitlab-ci.yml                                |  1 +
> >  configs/sandbox_defconfig                     |  2 +
> >  test/py/conftest.py                           |  5 ++
> >  .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
> >  5 files changed, 84 insertions(+)
> >  create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> >
> > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> > index 75075bbd07..cc196bf98c 100644
> > --- a/.azure-pipelines.yml
> > +++ b/.azure-pipelines.yml
> > @@ -403,6 +403,7 @@ stages:
> >            echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> >            echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> >            echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> >            if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> > index 577eebd678..614bf61962 100644
> > --- a/.gitlab-ci.yml
> > +++ b/.gitlab-ci.yml
> > @@ -42,6 +42,7 @@ stages:
> >      - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> >      - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> >      - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> >      - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> > index d8a2386bb0..0f4c59e1a8 100644
> > --- a/configs/sandbox_defconfig
> > +++ b/configs/sandbox_defconfig
> > @@ -340,6 +340,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
> >  CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> >  CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> >  CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> > +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> > +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
> >  CONFIG_EFI_SECURE_BOOT=y
> >  CONFIG_TEST_FDTDEC=y
> >  CONFIG_UNIT_TEST=y
> > diff --git a/test/py/conftest.py b/test/py/conftest.py
> > index 661ed74fae..f32ab1a70c 100644
> > --- a/test/py/conftest.py
> > +++ b/test/py/conftest.py
> > @@ -161,6 +161,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
> >             )
> >      run_command(name, cmd, source_dir)
> >
> > +    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
> > +    name = 'cp'
> > +    cmd = ( ' cp %s %s' % (capsule_cfg_file, capsule_sig_dir))
>
> I forgot to mention this before, but you should use f strings:
>
> cmd = f'cp {capsule_cfg_file} ...'

Will do.

>
> Please check the other files too, as it is a pain to clean it up
> later. You can run 'pylint' on your source to check it.

Do the pylint checks not run as part of CI? I did not get any pylint
errors in my CI run. Nonetheless, I will run the pylint tests in my
workspace. Thanks.

-sughosh


>
> > +    run_command(name, cmd, source_dir)
> > +
> >      gen_capsule_payloads(capsule_sig_dir)
> >
> >  def run_build(config, source_dir, build_dir, board_type, log):
> > diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> > new file mode 100644
> > index 0000000000..4e5065d538
> > --- /dev/null
> > +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> > @@ -0,0 +1,75 @@
> > +{
> > +       image-index: 1
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test01
> > +}
> > +{
> > +       image-index: 2
> > +       image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> > +       payload: /tmp/capsules/u-boot.env.new
> > +       capsule: /tmp/capsules/Test02
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test03
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test04
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test05
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test05
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER.key
> > +       pub-key-cert: /tmp/capsules/SIGNER.crt
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test11
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER2.key
> > +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test12
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER.key
> > +       pub-key-cert: /tmp/capsules/SIGNER.crt
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test13
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER2.key
> > +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test14
> > +}
> > --
> > 2.34.1
> >
>
> Regards,
> Simon

More information about the U-Boot mailing list