[PATCH 6/7] test: efi_capsule: Test capsule generation from config file
Simon Glass
sjg at chromium.org
Thu Jun 15 11:14:33 CEST 2023
Hi Sughosh,
On Tue, 13 Jun 2023 at 11:39, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
> Support has been added to generate capsules through parameters
> specified in the config file. To bring this under the testing ambit,
> make changes in the EFI capsule test logic to generate the capsule
> files by parsing the config file, when the path to the config file is
> specified.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> ---
> configs/sandbox_defconfig | 1 +
> test/py/tests/test_efi_capsule/conftest.py | 106 +++++++++++-------
> .../test_efi_capsule/sandbox_capsule_cfg.txt | 75 +++++++++++++
> 3 files changed, 139 insertions(+), 43 deletions(-)
> create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
>
> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> index d8a2386bb0..ba26816898 100644
> --- a/configs/sandbox_defconfig
> +++ b/configs/sandbox_defconfig
> @@ -340,6 +340,7 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
> CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> CONFIG_EFI_SECURE_BOOT=y
> CONFIG_TEST_FDTDEC=y
> CONFIG_UNIT_TEST=y
> diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
> index 4269c41a74..4eb54c1a61 100644
> --- a/test/py/tests/test_efi_capsule/conftest.py
> +++ b/test/py/tests/test_efi_capsule/conftest.py
> @@ -42,21 +42,6 @@ def efi_capsule_data(request, u_boot_config):
> check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
> (data_dir, u_boot_config.build_dir),
> shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
> - check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
> - (data_dir, u_boot_config.build_dir),
> - shell=True)
>
> capsule_auth_enabled = u_boot_config.buildconfig.get(
> 'config_efi_capsule_authenticate')
> @@ -66,40 +51,75 @@ def efi_capsule_data(request, u_boot_config):
> check_call('cp %s/arch/sandbox/dts/test.dtb %s/test_sig.dtb' %
> (u_boot_config.build_dir, data_dir), shell=True)
>
> - # raw firmware signed with proper key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test11'
> - % (data_dir, u_boot_config.build_dir),
> + cfg_file = u_boot_config.buildconfig.get(
> + 'config_efi_capsule_cfg_file')[1:-1]
> + if cfg_file:
> + capsules_path_dir = '/tmp/capsules/'
> + check_call('mkdir -p %s ;'
> + 'cp -a %s/* %s/' % (capsules_path_dir, data_dir, capsules_path_dir),
> shell=True)
> - # raw firmware signed with *mal* key
> - check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER2.key '
> - '--certificate SIGNER2.crt '
> - '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> - 'u-boot.bin.new Test12'
> - % (data_dir, u_boot_config.build_dir),
> + check_call(' cp %s/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt %s'
> + % (u_boot_config.source_dir, capsules_path_dir),
> shell=True)
> - # FIT firmware signed with proper key
> check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER.key --certificate SIGNER.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test13'
> - % (data_dir, u_boot_config.build_dir),
> + 'make capsule O=%s' % (u_boot_config.source_dir, u_boot_config.build_dir),
> shell=True)
> - # FIT firmware signed with *mal* key
> check_call('cd %s; '
> - '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> - '--private-key SIGNER2.key '
> - '--certificate SIGNER2.crt '
> - '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> - 'uboot_bin_env.itb Test14'
> - % (data_dir, u_boot_config.build_dir),
> + 'mv Test* %s'
> + % (capsules_path_dir, data_dir), shell=True)
> + check_call('rm -rf %s' % capsules_path_dir, shell=True)
> + else:
> + check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
> + (data_dir, u_boot_config.build_dir),
> + shell=True)
> + check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
> + (data_dir, u_boot_config.build_dir),
> shell=True)
> + check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
> + (data_dir, u_boot_config.build_dir),
> + shell=True)
> + check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
> + (data_dir, u_boot_config.build_dir),
> + shell=True)
> + check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
> + (data_dir, u_boot_config.build_dir),
> + shell=True)
> +
> + if capsule_auth_enabled:
> + # raw firmware signed with proper key
> + check_call('cd %s; '
> + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> + '--private-key SIGNER.key --certificate SIGNER.crt '
> + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> + 'u-boot.bin.new Test11'
> + % (data_dir, u_boot_config.build_dir),
> + shell=True)
> + # raw firmware signed with *mal* key
> + check_call('cd %s; '
> + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> + '--private-key SIGNER2.key '
> + '--certificate SIGNER2.crt '
> + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
> + 'u-boot.bin.new Test12'
> + % (data_dir, u_boot_config.build_dir),
> + shell=True)
> + # FIT firmware signed with proper key
> + check_call('cd %s; '
> + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> + '--private-key SIGNER.key --certificate SIGNER.crt '
> + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> + 'uboot_bin_env.itb Test13'
> + % (data_dir, u_boot_config.build_dir),
> + shell=True)
> + # FIT firmware signed with *mal* key
> + check_call('cd %s; '
> + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
> + '--private-key SIGNER2.key '
> + '--certificate SIGNER2.crt '
> + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
> + 'uboot_bin_env.itb Test14'
> + % (data_dir, u_boot_config.build_dir),
> + shell=True)
>
> # Create a disk image with EFI system partition
> check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
> diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> new file mode 100644
> index 0000000000..4e5065d538
> --- /dev/null
> +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> @@ -0,0 +1,75 @@
> +{
> + image-index: 1
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test01
> +}
> +{
> + image-index: 2
> + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> + payload: /tmp/capsules/u-boot.env.new
> + capsule: /tmp/capsules/Test02
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test03
> +
> +}
> +{
> + image-index: 1
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test04
> +
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test05
> +
> +}
> +{
> + image-index: 1
> + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test05
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test11
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER2.key
> + pub-key-cert: /tmp/capsules/SIGNER2.crt
> + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> + payload: /tmp/capsules/u-boot.bin.new
> + capsule: /tmp/capsules/Test12
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER.key
> + pub-key-cert: /tmp/capsules/SIGNER.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test13
> +}
> +{
> + image-index: 1
> + monotonic-count: 1
> + private-key: /tmp/capsules/SIGNER2.key
> + pub-key-cert: /tmp/capsules/SIGNER2.crt
> + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> + payload: /tmp/capsules/uboot_bin_env.itb
> + capsule: /tmp/capsules/Test14
> +}
> --
> 2.34.1
>
These tests should really be in binman.
Regards,
Simon
More information about the U-Boot
mailing list