[PATCH v6 4/4] test: cmd: fdt: fix chosen test for DM_RNG

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Jun 18 18:56:42 CEST 2024 


Am 18. Juni 2024 18:45:53 MESZ schrieb Tim Harvey <tharvey at gateworks.com>:
>On Tue, Jun 18, 2024 at 8:48 AM Tim Harvey <tharvey at gateworks.com> wrote:
>>
>> On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>> >
>> > On 17.06.24 21:14, Tim Harvey wrote:
>> > > Now that kaslr-seed is automatically added to the chosen node if DM_RNG
>> > > is enabled, adjust the test to expect this.
>> >
>> > We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node
>> > is passed to EFI binaries.
>> >
>> > The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
>> >
>>
>> Hi Heinrich,
>>
>> I see you sent a patch for that but I'm not understanding how that
>> fits into the ut framework.
>>
>> > We need as similar check for CONFIG_MEASURED_BOOT=y.
>>
>> Can you explain more please?

The idea of measured boot is that you check if the hash has the same value every time you boot. If you measure the device-tree and it contains a random value, you get a random hash.

Best regards

Heinrich

>>
>> Does this explain the CI failures I see here:
>> https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=logs&j=6ebe5bb0-481f-5026-b4e6-2d4192a94e80&t=66c5926e-2461-580f-927d-c0d0a6120549&l=539
>> https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=logs&j=a1270dec-081b-5c65-5cd5-5e915a842596&t=69f6cf72-86f3-551a-807d-f28f62a1426f&l=541
>>
>> I'm still trying to make sense of those.
>>
>> In order to test this locally I built for sandbox64_defconfig and ran
>> "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
>>
>
>I believe I understand the Azure pipeline failures now. I don't see
>exactly where they pick a defconfig but the failed test cases are
>under 'test.py for sandbox sandbox' and 'test.py for sandbox
>sandbox_clang' which I've come to understand means they use
>'sandbox_defconfig' which defines CONFIG_MEASURED_BOOT where
>sandbox64_defconfig which I tested does not.
>
>So I need to update the test to:
>+       if (IS_ENABLED(CONFIG_DM_RNG) &&
>+           !IS_ENABLED(CONFIG_MEASURED_BOOT) &&
>+           !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))
>+               ut_assert_nextlinen("\tkaslr-seed = ");
>
>I've issued a PR for v7 to test via CI and will submit if all is well.
>
>Best Regards,
>
>Tim
>
>> Best regards,
>>
>> Tim
>>
>> >
>> > Best regards
>> >
>> > Heinrich
>> >
>> > >
>> > > Signed-off-by: Tim Harvey <tharvey at gateworks.com>
>> > > Cc: Michal Simek <michal.simek at amd.com>
>> > > Cc: Andy Yan <andy.yan at rock-chips.com>
>> > > Cc: Akash Gajjar <gajjar04akash at gmail.com>
>> > > Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>> > > Cc: Simon Glass <sjg at chromium.org>
>> > > Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
>> > > Cc: Patrice Chotard <patrice.chotard at foss.st.com>
>> > > Cc: Devarsh Thakkar <devarsht at ti.com>
>> > > Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> > > Cc: Hugo Villeneuve <hvilleneuve at dimonoff.com>
>> > > Cc: Marek Vasut <marex at denx.de>
>> > > Cc: Tom Rini <trini at konsulko.com>
>> > > Cc: Chris Morgan <macromorgan at hotmail.com>
>> > > ---
>> > > v6: new patch
>> > > ---
>> > >   test/cmd/fdt.c | 4 ++++
>> > >   1 file changed, 4 insertions(+)
>> > >
>> > > diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c
>> > > index 547085521758..537d8a338bbf 100644
>> > > --- a/test/cmd/fdt.c
>> > > +++ b/test/cmd/fdt.c
>> > > @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts)
>> > >       ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */
>> > >       if (env_bootargs)
>> > >               ut_assert_nextline("\tbootargs = \"%s\";", env_bootargs);
>> > > +     if (CONFIG_IS_ENABLED(DM_RNG))
>> > > +             ut_assert_nextlinen("\tkaslr-seed = ");
>> > >       ut_assert_nextline("};");
>> > >       ut_assertok(ut_check_console_end(uts));
>> > >
>> > > @@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts)
>> > >       ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */
>> > >       if (env_bootargs)
>> > >               ut_assert_nextline("\tbootargs = \"%s\";", env_bootargs);
>> > > +     if (CONFIG_IS_ENABLED(DM_RNG))
>> > > +             ut_assert_nextlinen("\tkaslr-seed = ");
>> > >       ut_assert_nextline("};");
>> > >       ut_assertok(ut_check_console_end(uts));
>> > >
>> >

More information about the U-Boot mailing list