[PATCH v2 6/6] binman: Authenticate the image when testing the preload signature
Simon Glass
sjg at chromium.org
Wed Mar 5 15:16:45 CET 2025
Hi Paul,
On Mon, 24 Feb 2025 at 14:21, Paul HENRYS
<paul.henrys_ext at softathome.com> wrote:
>
> Use preload_check_sign to authenticate the generated image when testing the
> preload signature in testPreLoad().
>
> Signed-off-by: Paul HENRYS <paul.henrys_ext at softathome.com>
> ---
> tools/binman/ftest.py | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
> index a553ca9e564..8cf867fd3fe 100644
> --- a/tools/binman/ftest.py
> +++ b/tools/binman/ftest.py
> @@ -762,6 +762,16 @@ class TestFunctional(unittest.TestCase):
> return False
> return True
>
> + def _CheckPreload(self, image, key, algo="sha256,rsa2048",
> + padding="pkcs-1.5"):
> + try:
> + tools.run('preload_check_sign', '-k', key, '-a', algo, '-p',
> + padding, '-f', image)
This should be handled as a bintool - see testXilinxBootgenSigning()
for an example.
> + except:
> + self.fail('Expected image signed with a pre-load')
> + return False
> + return True
> +
> def testRun(self):
> """Test a basic run with valid args"""
> result = self._RunBinman('-h')
> @@ -5781,9 +5791,14 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
> data = self._DoReadFileDtb(
> '230_pre_load.dts', entry_args=entry_args,
> extra_indirs=[os.path.join(self._binman_dir, 'test')])[0]
> +
> + image_fname = tools.get_output_filename('image.bin')
> + is_signed = self._CheckPreload(image_fname, self.TestFile("dev.key"))
> +
> self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
> self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
> self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])
> + self.assertEqual(is_signed, True)
>
> def testPreLoadNoKey(self):
> """Test an image with a pre-load heade0r with missing key"""
> --
> 2.43.0
>
Regards,
Simon
More information about the U-Boot
mailing list