[PATCH v5 06/12] Dockerfile: capsule: Setup the files needed for capsule update testing

Sughosh Ganu sughosh.ganu at linaro.org
Tue Jul 25 10:57:19 CEST 2023

Support has being added through earlier commits to build capsules
and embed the public key needed for capsule authentication as part of
u-boot build.

>From the testing point-of-view, this means the input files needed for
generating the above have to be setup before invoking the build. Set
this up in the CI configuration docker file for testing the capsule
update feature.

Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
Changes since V4:
* New patch which moves the setting up of the files needed for testing
  the EFI capsule update feature to the Dockerfile.

Note: Earlier, this setup was being done in the azure and gitlab yaml
files. Now that this has been moved to the Dockerfile, this will
require generating a new container image and referencing that image in
the yaml files for the CI to work when these patches get applied.

 tools/docker/Dockerfile | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
index 3d2b64a355..294a0b0a53 100644
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -206,6 +206,18 @@ RUN mkdir -p /opt/nokia && \
 	cp /tmp/qemu-linaro/arm-softmmu/qemu-system-arm /opt/nokia && \
 	rm -rf /tmp/qemu-linaro
+# Set up capsule files for UEFI capsule update testing
+RUN mkdir -p /tmp/capsules && \
+    cd /tmp/capsules/ && \
+    echo -n "u-boot:Old" > u-boot.bin.old && \
+    echo -n "u-boot:New" > u-boot.bin.new && \
+    echo -n "u-boot-env:Old" > u-boot.env.old && \
+    echo -n "u-boot-env:New" > u-boot.env.new && \
+    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365 && \
+    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER2.key -out SIGNER2.crt -nodes -days 365 && \
+    cert-to-efi-sig-list SIGNER.crt SIGNER.esl && \
+    chmod -R uog+rw /tmp/capsules/
 # Build genimage (required by some targets to generate disk images)
 RUN wget -O - https://github.com/pengutronix/genimage/releases/download/v14/genimage-14.tar.xz | tar -C /tmp -xJ && \
 	cd /tmp/genimage-14 && \

More information about the U-Boot mailing list