[PATCH v4 11/12] sandbox: capsule: Add a config file for generating capsules

Sughosh Ganu sughosh.ganu at linaro.org
Sat Jul 15 15:45:32 CEST 2023 

Support has been added to the mkeficapsule tool to generate capsules
by parsing the capsule parameters through a config file. Add a config
file for generating capsules. These capsules will be used for testing
the capsule update feature on sandbox platform.

Enable generation of capsules through the config file on the sandbox
variant.

Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
---
Changes since V3:
* Use fstrings for format specifiers.
* Add entries for generating capsules with version parameter.

 .azure-pipelines.yml                          |   2 +
 .gitlab-ci.yml                                |   2 +
 configs/sandbox_defconfig                     |   2 +
 test/py/conftest.py                           |   5 +
 .../test_efi_capsule/sandbox_capsule_cfg.txt  | 162 ++++++++++++++++++
 5 files changed, 173 insertions(+)
 create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt

diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
index d732ba443d..240ee4f692 100644
--- a/.azure-pipelines.yml
+++ b/.azure-pipelines.yml
@@ -403,6 +403,7 @@ stages:
           echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
           echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
           echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
           if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
               openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
               openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
@@ -600,6 +601,7 @@ stages:
                   echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
                   echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
                   echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+                  cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
 
                   openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
                   openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aec6ffaf1c..42456e5f3f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,6 +42,7 @@ stages:
     - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
     - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
     - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
     - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
@@ -148,6 +149,7 @@ build all other platforms:
         echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
         echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
         echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+        cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
 
         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 560f3317d9..f3c09f845a 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
 CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
 CONFIG_EFI_CAPSULE_AUTHENTICATE=y
 CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
+CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
+CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
 CONFIG_EFI_SECURE_BOOT=y
 CONFIG_TEST_FDTDEC=y
 CONFIG_UNIT_TEST=y
diff --git a/test/py/conftest.py b/test/py/conftest.py
index 1092cb713b..20b8dc1913 100644
--- a/test/py/conftest.py
+++ b/test/py/conftest.py
@@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
             f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' )
     run_command(name, cmd, source_dir)
 
+    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
+    name = 'cp'
+    cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' )
+    run_command(name, cmd, source_dir)
+
     gen_capsule_payloads(capsule_sig_dir)
 
 def run_build(config, source_dir, build_dir, board_type, log):
diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
new file mode 100644
index 0000000000..82d538dfb5
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
@@ -0,0 +1,162 @@
+{
+	image-index: 1
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test01
+}
+{
+	image-index: 2
+	image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
+	payload: /tmp/capsules/u-boot.env.new
+	capsule: /tmp/capsules/Test02
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test03
+
+}
+{
+	image-index: 1
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test04
+
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test05
+
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test05
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test11
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER2.key
+	pub-key-cert: /tmp/capsules/SIGNER2.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test12
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test13
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER2.key
+	pub-key-cert: /tmp/capsules/SIGNER2.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test14
+}
+{
+	image-index: 1
+	fw-version: 5
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test101
+}
+{
+	image-index: 2
+	fw-version: 10
+	image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
+	payload: /tmp/capsules/u-boot.env.new
+	capsule: /tmp/capsules/Test102
+}
+{
+	image-index: 1
+	fw-version: 2
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test103
+
+}
+{
+	image-index: 1
+	fw-version: 5
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test104
+}
+{
+	image-index: 1
+	fw-version: 2
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test105
+
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	fw-version: 5
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test111
+}
+{
+	image-index: 2
+	monotonic-count: 1
+	fw-version: 10
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
+	payload: /tmp/capsules/u-boot.env.new
+	capsule: /tmp/capsules/Test112
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	fw-version: 2
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test113
+}
+{
+	image-index: 1
+	fw-version: 5
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test114
+}
+{
+	image-index: 1
+	fw-version: 2
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test115
+}
-- 
2.34.1

More information about the U-Boot mailing list