[PATCH v6 15/15] test: py: vboot: add test for global signature with ecdsa
Raymond Mao
raymondmaoca at gmail.com
Mon May 25 17:47:17 CEST 2026
Hi Philippe,
On Mon, May 25, 2026 at 9:52 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> As now u-boot supports pre-load header with ecdsa, we
> add some tests to vboot with ecdsa pre-load header.
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> v3:
> - initial version
> v4:
> - no change
> v5:
> - no change
> v6:
> - no change
>
> test/py/tests/test_vboot.py | 3 +++
> .../tests/vboot/sandbox-binman-ecdsa256.dts | 24 +++++++++++++++++
> .../tests/vboot/sandbox-binman-ecdsa384.dts | 24 +++++++++++++++++
> .../tests/vboot/sandbox-binman-ecdsa521.dts | 24 +++++++++++++++++
> .../vboot/sandbox-u-boot-global-ecdsa256.dts | 27 +++++++++++++++++++
> .../vboot/sandbox-u-boot-global-ecdsa384.dts | 27 +++++++++++++++++++
> .../vboot/sandbox-u-boot-global-ecdsa521.dts | 27 +++++++++++++++++++
> 7 files changed, 156 insertions(+)
> create mode 100644 test/py/tests/vboot/sandbox-binman-ecdsa256.dts
> create mode 100644 test/py/tests/vboot/sandbox-binman-ecdsa384.dts
> create mode 100644 test/py/tests/vboot/sandbox-binman-ecdsa521.dts
> create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-ecdsa256.dts
> create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-ecdsa384.dts
> create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-ecdsa521.dts
>
Looks good to me. Thanks!
Reviewed-by: Raymond Mao <raymondmaoca at gmail.com>
> diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
> index 22865f653c5..e0366e06ddb 100644
> --- a/test/py/tests/test_vboot.py
> +++ b/test/py/tests/test_vboot.py
> @@ -102,6 +102,9 @@ TESTDATA_IN = [
> ['algo-arg', 'algo-arg', '', '', '-o sha256,rsa2048', False, False, True, False],
> ['sha256-global-sign', 'sha256', '-rsa2048', '', '', False, False, False, True],
> ['sha256-global-sign-pss', 'sha256', '-rsa2048', '-pss', '', False, False, False, True],
> + ['sha256-global-sign-ecdsa256', 'sha256', '-ecdsa256', '', '', False, False, False, True],
> + ['sha256-global-sign-ecdsa384', 'sha256', '-ecdsa384', '', '', False, False, False, True],
> + ['sha256-global-sign-ecdsa521', 'sha256', '-ecdsa521', '', '', False, False, False, True],
> ]
>
> # Mark all but the first test as slow, so they are not run with '-k not slow'
> diff --git a/test/py/tests/vboot/sandbox-binman-ecdsa256.dts b/test/py/tests/vboot/sandbox-binman-ecdsa256.dts
> new file mode 100644
> index 00000000000..0e84b81078b
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-binman-ecdsa256.dts
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + #address-cells = <1>;
> + #size-cells = <1>;
> +
> + binman {
> + filename = "sandbox.img";
> +
> + pre-load {
> + content = <&image>;
> + algo-name = "sha256,ecdsa256";
> + key-name = "dev.pem";
> + header-size = <4096>;
> + version = <1>;
> + };
> +
> + image: blob-ext {
> + filename = "test.fit";
> + };
> + };
> +};
> diff --git a/test/py/tests/vboot/sandbox-binman-ecdsa384.dts b/test/py/tests/vboot/sandbox-binman-ecdsa384.dts
> new file mode 100644
> index 00000000000..56faf67fe57
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-binman-ecdsa384.dts
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + #address-cells = <1>;
> + #size-cells = <1>;
> +
> + binman {
> + filename = "sandbox.img";
> +
> + pre-load {
> + content = <&image>;
> + algo-name = "sha256,ecdsa384";
> + key-name = "dev.pem";
> + header-size = <4096>;
> + version = <1>;
> + };
> +
> + image: blob-ext {
> + filename = "test.fit";
> + };
> + };
> +};
> diff --git a/test/py/tests/vboot/sandbox-binman-ecdsa521.dts b/test/py/tests/vboot/sandbox-binman-ecdsa521.dts
> new file mode 100644
> index 00000000000..8e2fc3de31d
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-binman-ecdsa521.dts
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + #address-cells = <1>;
> + #size-cells = <1>;
> +
> + binman {
> + filename = "sandbox.img";
> +
> + pre-load {
> + content = <&image>;
> + algo-name = "sha256,ecdsa521";
> + key-name = "dev.pem";
> + header-size = <4096>;
> + version = <1>;
> + };
> +
> + image: blob-ext {
> + filename = "test.fit";
> + };
> + };
> +};
> diff --git a/test/py/tests/vboot/sandbox-u-boot-global-ecdsa256.dts b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa256.dts
> new file mode 100644
> index 00000000000..f15ada3987c
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa256.dts
> @@ -0,0 +1,27 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + model = "Sandbox Verified Boot Test";
> + compatible = "sandbox";
> +
> + binman {
> + };
> +
> + reset at 0 {
> + compatible = "sandbox,reset";
> + };
> +
> + image {
> + pre-load {
> + sig {
> + algo-name = "sha256,ecdsa256";
> + signature-size = <64>;
> + mandatory = "yes";
> +
> + key-name = "dev";
> + };
> + };
> + };
> +};
> diff --git a/test/py/tests/vboot/sandbox-u-boot-global-ecdsa384.dts b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa384.dts
> new file mode 100644
> index 00000000000..24540ace249
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa384.dts
> @@ -0,0 +1,27 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + model = "Sandbox Verified Boot Test";
> + compatible = "sandbox";
> +
> + binman {
> + };
> +
> + reset at 0 {
> + compatible = "sandbox,reset";
> + };
> +
> + image {
> + pre-load {
> + sig {
> + algo-name = "sha256,ecdsa384";
> + signature-size = <96>;
> + mandatory = "yes";
> +
> + key-name = "dev";
> + };
> + };
> + };
> +};
> diff --git a/test/py/tests/vboot/sandbox-u-boot-global-ecdsa521.dts b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa521.dts
> new file mode 100644
> index 00000000000..72fa3b2c790
> --- /dev/null
> +++ b/test/py/tests/vboot/sandbox-u-boot-global-ecdsa521.dts
> @@ -0,0 +1,27 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +/dts-v1/;
> +
> +/ {
> + model = "Sandbox Verified Boot Test";
> + compatible = "sandbox";
> +
> + binman {
> + };
> +
> + reset at 0 {
> + compatible = "sandbox,reset";
> + };
> +
> + image {
> + pre-load {
> + sig {
> + algo-name = "sha256,ecdsa521";
> + signature-size = <132>;
> + mandatory = "yes";
> +
> + key-name = "dev";
> + };
> + };
> + };
> +};
> --
> 2.43.0
>
More information about the U-Boot
mailing list