[PATCH v2 4/4] binman: Use bintool wrappers for PKCS#11 tools in tests

Simon Glass sjg at chromium.org
Tue May 5 20:12:55 CEST 2026 

The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...)
directly (and the equivalent for pkcs11-tool and p11-kit), even though
the test setup has already constructed the corresponding Bintool
instances. As Quentin Schulz observed on v1, the bintool wrapper for
these tools is currently used only as an "is this installed?" probe.

Route the eight remaining call sites in ftest.py through
<bintool>.run_cmd(...), which the Bintool base class already provides.
The change is test-side only; no production binman code calls these
tools.

Suggested-by: Quentin Schulz <quentin.schulz at cherry.de>
Signed-off-by: Simon Glass <sjg at chromium.org>
---

Changes in v2:
- New patch in v2 (per Quentin's review): replace tools.run() of
  softhsm2-util, pkcs11-tool and p11-kit in ftest.py with the
  Bintool.run_cmd() wrapper that already exists

 tools/binman/ftest.py | 46 +++++++++++++++++++++----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index ca5149ee654..273d0ff0379 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -7560,7 +7560,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         self._CheckBintool(p11_kit)
 
         p11_kit_config = configparser.ConfigParser()
-        out = tools.run('p11-kit', 'print-config')
+        out = p11_kit.run_cmd('print-config')
         p11_kit_config.read_string(out)
         softhsm2_lib = p11_kit_config.get('softhsm2', 'module',
                                            fallback=None)
@@ -7569,16 +7569,16 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf,
                                        'PKCS11_MODULE_PATH': softhsm2_lib}):
-                tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                          'U-Boot token', '--pin', '1111', '--so-pin',
-                          '222222')
-                tools.run('pkcs11-tool', '--module', softhsm2_lib,
-                          '--write-object', cert_file, '--pin', '1111',
-                          '--type', 'cert', '--id', '999999', '--label',
-                          'test_cert', '--login')
-                tools.run('softhsm2-util', '--import', private_key, '--token',
-                          'U-Boot token', '--label', 'test_key', '--id', '999999',
-                          '--pin', '1111')
+                softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                      'U-Boot token', '--pin', '1111',
+                                      '--so-pin', '222222')
+                pkcs11_tool.run_cmd('--module', softhsm2_lib,
+                                    '--write-object', cert_file, '--pin', '1111',
+                                    '--type', 'cert', '--id', '999999', '--label',
+                                    'test_cert', '--login')
+                softhsm2_util.run_cmd('--import', private_key, '--token',
+                                      'U-Boot token', '--label', 'test_key',
+                                      '--id', '999999', '--pin', '1111')
                 data = self._DoReadFile('capsule/signed_pkcs11.dts')
 
         self._CheckCapsule(data, signed_capsule=True)
@@ -8230,12 +8230,12 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
 
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf}):
-            tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                      'U-Boot token', '--pin', '1111', '--so-pin',
-                      '222222')
-            tools.run('softhsm2-util', '--import', private_key, '--token',
-                      'U-Boot token', '--label', 'test_key', '--id', '999999',
-                      '--pin', '1111')
+            softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                  'U-Boot token', '--pin', '1111',
+                                  '--so-pin', '222222')
+            softhsm2_util.run_cmd('--import', private_key, '--token',
+                                  'U-Boot token', '--label', 'test_key',
+                                  '--id', '999999', '--pin', '1111')
 
         # Make sure the private key can only be accessed through the engine
         os.remove(private_key)
@@ -8305,12 +8305,12 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
 
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf}):
-            tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                      'U-Boot prod token', '--pin', '1234', '--so-pin',
-                      '222222')
-            tools.run('softhsm2-util', '--import', private_key, '--token',
-                      'U-Boot prod token', '--label', 'prod', '--id', '999999',
-                      '--pin', '1234')
+            softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                  'U-Boot prod token', '--pin', '1234',
+                                  '--so-pin', '222222')
+            softhsm2_util.run_cmd('--import', private_key, '--token',
+                                  'U-Boot prod token', '--label', 'prod',
+                                  '--id', '999999', '--pin', '1234')
 
         # Make sure the private key can only be accessed through the engine
         os.remove(private_key)
-- 
2.43.0

More information about the U-Boot mailing list