[PATCH v4 11/12] sandbox: capsule: Add a config file for generating capsules
Simon Glass
sjg at chromium.org
Sun Jul 16 01:40:42 CEST 2023
Hi,
On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> Support has been added to the mkeficapsule tool to generate capsules
> by parsing the capsule parameters through a config file. Add a config
> file for generating capsules. These capsules will be used for testing
> the capsule update feature on sandbox platform.
>
> Enable generation of capsules through the config file on the sandbox
> variant.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> ---
> Changes since V3:
> * Use fstrings for format specifiers.
> * Add entries for generating capsules with version parameter.
>
> .azure-pipelines.yml | 2 +
> .gitlab-ci.yml | 2 +
> configs/sandbox_defconfig | 2 +
> test/py/conftest.py | 5 +
> .../test_efi_capsule/sandbox_capsule_cfg.txt | 162 ++++++++++++++++++
> 5 files changed, 173 insertions(+)
> create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
>
> diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> index d732ba443d..240ee4f692 100644
> --- a/.azure-pipelines.yml
> +++ b/.azure-pipelines.yml
> @@ -403,6 +403,7 @@ stages:
> echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> @@ -600,6 +601,7 @@ stages:
> echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
>
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index aec6ffaf1c..42456e5f3f 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -42,6 +42,7 @@ stages:
> - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> + - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> @@ -148,6 +149,7 @@ build all other platforms:
> echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
>
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> index 560f3317d9..f3c09f845a 100644
> --- a/configs/sandbox_defconfig
> +++ b/configs/sandbox_defconfig
> @@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
> CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
> CONFIG_EFI_SECURE_BOOT=y
> CONFIG_TEST_FDTDEC=y
> CONFIG_UNIT_TEST=y
> diff --git a/test/py/conftest.py b/test/py/conftest.py
> index 1092cb713b..20b8dc1913 100644
> --- a/test/py/conftest.py
> +++ b/test/py/conftest.py
> @@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
> f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' )
> run_command(name, cmd, source_dir)
>
> + capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
You can use cons.config.build_dir as your working directory.
> + name = 'cp'
> + cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' )
> + run_command(name, cmd, source_dir)
> +
> gen_capsule_payloads(capsule_sig_dir)
>
> def run_build(config, source_dir, build_dir, board_type, log):
> diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> new file mode 100644
> index 0000000000..82d538dfb5
> --- /dev/null
> +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> @@ -0,0 +1,162 @@
> +{
> + image-index: 1
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
What are these? Can you at least given them a name and a description?
We don't want to have GUIDs in the source code open-coded like this as
they have no useful meaning.
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test01
> +}
> +{
> + image-index: 2
> + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> + payload: /tmp/capsules/u-boot.env.new
> + capsule: /tmp/capsules/Test02
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test03
> +
> +}
> +{
> + image-index: 1
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test04
> +
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test05
> +
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test05
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test11
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER2.key
> + pub-key-cert: /tmp/capsules/SIGNER2.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test12
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test13
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER2.key
> + pub-key-cert: /tmp/capsules/SIGNER2.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test14
> +}
> +{
> + image-index: 1
> + fw-version: 5
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test101
> +}
> +{
> + image-index: 2
> + fw-version: 10
> + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> + payload: /tmp/capsules/u-boot.env.new
> + capsule: /tmp/capsules/Test102
> +}
> +{
> + image-index: 1
> + fw-version: 2
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test103
> +
> +}
> +{
> + image-index: 1
> + fw-version: 5
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test104
> +}
> +{
> + image-index: 1
> + fw-version: 2
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test105
> +
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + fw-version: 5
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test111
> +}
> +{
> + image-index: 2
> + monotonic-count: 1
> + fw-version: 10
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> + payload: /tmp/capsules/u-boot.env.new
> + capsule: /tmp/capsules/Test112
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + fw-version: 2
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test113
> +}
> +{
> + image-index: 1
> + fw-version: 5
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test114
> +}
> +{
> + image-index: 1
> + fw-version: 2
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test115
> +}
> --
> 2.34.1
>
Regards,
Simon
More information about the U-Boot
mailing list