[PATCH v4 6/6] test: vboot: add iminfo checks for config signature verification

Ludwig Nussel ludwig.nussel at siemens.com
Wed May 13 16:08:16 CEST 2026 

Co-authored-by: Copilot <223556219+Copilot at users.noreply.github.com>

Signed-off-by: Ludwig Nussel <ludwig.nussel at siemens.com>
---

Changes in v4:
- test iminfo in test_vboot

 test/py/tests/test_vboot.py | 47 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index f7156943c24..8a298a31fdb 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -231,6 +231,34 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,
         ubman.log.action('%s: Sign images' % sha_algo)
         utils.run_and_log(ubman, args)
 
+    def run_iminfo(sha_algo, test_type, expect_string, succeeds, fit=None):
+        """Run an 'iminfo' command in U-Boot.
+
+        This always starts a fresh U-Boot instance since the device tree may
+        contain a new public key.
+
+        Args:
+            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
+                    use.
+            test_type: A string identifying the test type.
+            expect_string: A string which is expected in the output.
+            succeeds: A boolean that is True if iminfo should succeed and
+                    False if failure is expected.
+            fit: FIT filename to load and verify
+        """
+        if not fit:
+            fit = '%stest.fit' % tmpdir
+        ubman.restart_uboot()
+        with ubman.log.section('iminfo %s %s' % (sha_algo, test_type)):
+            output = ubman.run_command_list(
+                ['host load hostfs - 100 %s' % fit,
+                 'iminfo 100'])
+        assert expect_string in ''.join(output)
+        if succeeds:
+            assert 'FAIL' not in ''.join(output)
+        else:
+            assert 'FAIL' in ''.join(output)
+
     def replace_fit_totalsize(size):
         """Replace FIT header's totalsize with something greater.
 
@@ -326,9 +354,11 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,
         make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)
         if require_config_sigs:
             # DTB has no /signature node; FIT_REQUIRE_CONFIG_SIGS makes this
-            # fail-closed, so U-Boot must reject the unsigned config FIT.
+            # fail-closed, so both bootm and iminfo must reject the unsigned FIT.
             run_bootm(sha_algo, 'unsigned config',
                       'No signature node found', False)
+            run_iminfo(sha_algo, 'unsigned config', 'No signature node found',
+                       False)
         else:
             # No required keys in the DTB, so an unsigned config FIT is fine.
             run_bootm(sha_algo, 'unsigned config',
@@ -348,6 +378,8 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,
         if require_config_sigs:
             run_bootm(sha_algo, 'signed config, no DTB keys',
                       'No signature node found', False)
+            run_iminfo(sha_algo, 'signed config, no DTB keys',
+                       'No signature node found', False)
         else:
             run_bootm(sha_algo, 'signed config, no DTB keys',
                       '%s+ OK' % ('sha256' if algo_arg else sha_algo), True)
@@ -425,6 +457,10 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,
         run_bootm(sha_algo, 'signed config', 'dev+', True)
         ubman.log.action('%s: Check default FIT header totalsize' % sha_algo)
 
+        # Test that iminfo also verifies configuration signatures
+        run_iminfo(sha_algo, 'signed config',
+                   'Checking configuration signatures', True)
+
         # Increment the first byte of the signature, which should cause failure
         sig = utils.run_and_log(ubman, 'fdtget -t bx %s %s value' %
                                 (fit, sig_node))
@@ -438,6 +474,15 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,
         run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash',
                   False)
 
+        # Test that iminfo also detects the corrupted signature.
+        # Skip for external-data FIT (-E): fdtput rewrites only the FDT
+        # portion of the file, truncating the appended image data, so
+        # fit_all_image_verify() would fail on a missing-data hash error
+        # before fit_all_configurations_verify() is ever reached.
+        if '-E' not in (sign_options or ''):
+            run_iminfo(sha_algo, 'corrupted config',
+                       'Checking configuration signatures', False)
+
         ubman.log.action('%s: Check bad config on the host' % sha_algo)
         utils.run_and_log_expect_exception(
             ubman, [fit_check_sign, '-f', fit, '-k', dtb],
-- 
2.43.0

More information about the U-Boot mailing list