[PATCH v2 1/2] test/py: fit: Deduplicate the test

Quentin Schulz quentin.schulz at cherry.de
Tue Nov 25 11:50:19 CET 2025 

Hi Marek,

On 11/24/25 8:40 PM, Marek Vasut wrote:
[...]
> ---
>   test/py/tests/test_fit_auto_signed.py | 98 +++++++++++----------------
>   1 file changed, 39 insertions(+), 59 deletions(-)
> 
> diff --git a/test/py/tests/test_fit_auto_signed.py b/test/py/tests/test_fit_auto_signed.py
> index 0b5dbd5401c..3895e7d9369 100644
> --- a/test/py/tests/test_fit_auto_signed.py
> +++ b/test/py/tests/test_fit_auto_signed.py
> @@ -138,6 +138,29 @@ class SignedFitHelper(object):
>   @pytest.mark.buildconfigspec('fit_signature')
>   @pytest.mark.requiredtool('fdtget')
>   def test_fit_auto_signed(ubman):
> +    def generate_and_check_fit_image(cmd, crc=False, simgs=False, scfgs=False, bl31present=False, key_name="", sign_algo="", verifier=""):

I would have grouped variables for the same "theme" together, e.g. 
simgs, scfgs with key_name, sign_algo and verifier for example. But 
that's fine as is.

> +        """Generate fitImage and test for expected entries.
> +
> +        Generate a fitImage and test whether suitable entries are part of
> +        the generated fitImage. Test whether checksums and signatures are
> +        part of the generated fitImage.

Would be nice to have documentation on what the parameters represent and 
what this returns/raises. Not a blocker though, I see we already don't 
do it for other functions.

> +        """
> +        mkimage = ubman.config.build_dir + '/tools/mkimage'
> +        utils.run_and_log(ubman, mkimage + cmd)
> +
> +        fit = SignedFitHelper(ubman, fit_file)
> +        if fit.build_nodes_sets() == 0:
> +            raise ValueError('FIT-1 has no "/image" nor "/configuration" nodes')
> +

Only downside is that this exception will be raised with the same string 
for all callers. We call it multiple times in the same test so it might 
be difficult to identify which one actually failed. We could try..except 
the exception, use the content of the exception with

try:
   generate_and_check_fit_image(...)
except Exception as e:
   pytest.fail(f'FIT-X failed: {str(e)}')

maybe? (NOT TESTED!)

> +        if crc:
> +            fit.check_fit_crc32_images()
> +        if simgs:
> +            fit.check_fit_signed_images(key_name, sign_algo, verifier)
> +        if scfgs:
> +            fit.check_fit_signed_confgs(key_name, sign_algo)

This is a typo.... that already exists in the code (confgs instead of 
configs), so "fine".

Mmmm, we should also verify the signature of the configs, but it's a 
TODO in fit.check_fit_signed_confgs(). Maybe someone will implement 
that. I think it would be valuable as I would expect most should be 
using conf signature instead of image signature for added security 
(though I haven't found articles about that but I'm sure this has been 
raised a few times already).

Checked the diff and it looks okay so:

Reviewed-by: Quentin Schulz <quentin.schulz at cherry.de>

Thanks!
Quentin

More information about the U-Boot mailing list