From 72e1fcacff273f1aa5faa02a75ab5a737f6c698f Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 15 Aug 2020 23:10:22 +0200 Subject: [PATCH 01/11] efi_loader: document parameters of do_bootefi_exec() Add the missing description of the load_options parameter. Signed-off-by: Heinrich Schuchardt --- cmd/bootefi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index fbfed54e857..06563d28ca9 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -304,7 +304,11 @@ efi_status_t efi_install_fdt(void *fdt) /** * do_bootefi_exec() - execute EFI binary * + * The image indicated by @handle is started. When it returns the allocated + * memory for the @load_options is freed. + * * @handle: handle of loaded image + * @load_options: load options * Return: status code * * Load the EFI binary into a newly assigned memory unwinding the relocation From dd12c6a4463ff62271a783772b92571dab3b56fb Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 15 Aug 2020 23:09:35 +0200 Subject: [PATCH 02/11] efi_loader: remove empty comment line Remove a line leading to a warning in make htmldocs. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/efi_variable.h b/include/efi_variable.h index 60491cb6402..4704a3c16e6 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -274,7 +274,6 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_na * @data: buffer to which the variable value is copied * @timep: authentication time (seconds since start of epoch) * Return: status code - */ efi_status_t __efi_runtime efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, From ebcbfc7d6de20b094090da3aa3b944cfd8103baa Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 16 Aug 2020 12:27:19 +0200 Subject: [PATCH 03/11] doc: update UEFI documentation * UEFI variables can be persisted * describe that the sequence of files loaded before bootefi matters Signed-off-by: Heinrich Schuchardt --- doc/uefi/uefi.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst index a72e729cc82..728f7bf4e0a 100644 --- a/doc/uefi/uefi.rst +++ b/doc/uefi/uefi.rst @@ -59,6 +59,10 @@ Below you find the output of an example session starting GRUB:: 120832 bytes read in 7 ms (16.5 MiB/s) => bootefi ${kernel_addr_r} ${fdt_addr_r} +The bootefi command uses the device, the file name, and the file size +(environment variable 'filesize') of the most recently loaded file when setting +up the binary for execution. So the UEFI binary should be loaded last. + The environment variable 'bootargs' is passed as load options in the UEFI system table. The Linux kernel EFI stub uses the load options as command line arguments. @@ -217,13 +221,13 @@ which has to be enabled via CONFIG_SUPPORT_EMMC_RPMB=y. Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~ -The UEFI specification foresees to define boot entries and boot sequence via UEFI -variables. Booting according to these variables is possible via:: +The UEFI specification foresees to define boot entries and boot sequence via +UEFI variables. Booting according to these variables is possible via:: bootefi bootmgr [fdt address] -As of U-Boot v2018.03 UEFI variables are not persisted and cannot be set at -runtime. +As of U-Boot v2020.10 UEFI variables cannot be set at runtime. The U-Boot +command 'efidebug' can be used to set the variables. Executing the built in hello world application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From f03a879d67261b587a88e8e475596c1bbe7e6111 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 22 Aug 2020 08:29:53 +0200 Subject: [PATCH 04/11] efi_loader: ResetSystem() should not hang If ResetSystem() is not implemented at runtime, it should return instead of hanging in an endless loop. This allows the operating system to reset the system by other means as Linux does. It also matches what EDK II suggests in comments for functions ResetShutdown() and ResetWarm() in OvmfPkg/Library/ResetSystemLib/ResetSystemLib.c. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_runtime.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c index 78fd8014d90..dea2b4e5eea 100644 --- a/lib/efi_loader/efi_runtime.c +++ b/lib/efi_loader/efi_runtime.c @@ -365,7 +365,9 @@ out: * efi_reset_system() - reset system * * This function implements the ResetSystem() runtime service after - * SetVirtualAddressMap() is called. It only executes an endless loop. + * SetVirtualAddressMap() is called. As this placeholder cannot reset the + * system it simply return to the caller. + * * Boards may override the helpers below to implement reset functionality. * * See the Unified Extensible Firmware Interface (UEFI) specification for @@ -381,8 +383,7 @@ void __weak __efi_runtime EFIAPI efi_reset_system( efi_status_t reset_status, unsigned long data_size, void *reset_data) { - /* Nothing we can do */ - while (1) { } + return; } /** From c06867d7f8f64606a16ce45e8ac07fdc3ace4f13 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 20 Aug 2020 12:16:54 +0200 Subject: [PATCH 05/11] efi_selftest: add a test for ResetSystem() The unit test will reset the system by calling the ResetSystem() runtime service before or after ExitBootServices() according to the users choice by setting environment variable efi_selftest to: * 'reset system' or * 'reset system runtime'. Signed-off-by: Heinrich Schuchardt --- lib/efi_selftest/Makefile | 1 + lib/efi_selftest/efi_selftest_reset.c | 58 +++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 lib/efi_selftest/efi_selftest_reset.c diff --git a/lib/efi_selftest/Makefile b/lib/efi_selftest/Makefile index 45ce6859b86..85fe8e1216a 100644 --- a/lib/efi_selftest/Makefile +++ b/lib/efi_selftest/Makefile @@ -31,6 +31,7 @@ efi_selftest_mem.o \ efi_selftest_memory.o \ efi_selftest_open_protocol.o \ efi_selftest_register_notify.o \ +efi_selftest_reset.o \ efi_selftest_set_virtual_address_map.o \ efi_selftest_textinput.o \ efi_selftest_textinputex.o \ diff --git a/lib/efi_selftest/efi_selftest_reset.c b/lib/efi_selftest/efi_selftest_reset.c new file mode 100644 index 00000000000..8b6ac24cb15 --- /dev/null +++ b/lib/efi_selftest/efi_selftest_reset.c @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * efi_selftest_reset + * + * Copyright (c) 2020 Heinrich Schuchardt + * + * This test checks the following service at boot time or runtime: + * ResetSystem() + */ + +#include + +static struct efi_runtime_services *runtime; + +/* + * Setup unit test. + * + * @handle: handle of the loaded image + * @systable: system table + * @return: EFI_ST_SUCCESS for success + */ +static int setup(const efi_handle_t handle, + const struct efi_system_table *systable) +{ + runtime = systable->runtime; + return EFI_ST_SUCCESS; +} + +/* + * Execute unit test. + * + * @return: EFI_ST_SUCCESS for success + */ +static int execute(void) +{ + u16 reset_data[] = L"Reset by selftest"; + + runtime->reset_system(EFI_RESET_COLD, EFI_SUCCESS, + sizeof(reset_data), reset_data); + efi_st_error("Reset failed.\n"); + return EFI_ST_FAILURE; +} + +EFI_UNIT_TEST(reset) = { + .name = "reset system", + .phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT, + .setup = setup, + .execute = execute, + .on_request = true, +}; + +EFI_UNIT_TEST(resetrt) = { + .name = "reset system runtime", + .phase = EFI_SETUP_BEFORE_BOOTTIME_EXIT, + .setup = setup, + .execute = execute, + .on_request = true, +}; From fa63753f86ccf912d2553934ee6aec787030fa8a Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 22 Aug 2020 09:14:56 +0200 Subject: [PATCH 06/11] efi_selftest: substitute ResetSystem() by do_reset() If ResetSystem() is not implemented at runtime, call do_reset() after test completion. Signed-off-by: Heinrich Schuchardt --- lib/efi_selftest/efi_selftest.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c index 5b01610eca1..6eec8ae2a7c 100644 --- a/lib/efi_selftest/efi_selftest.c +++ b/lib/efi_selftest/efi_selftest.c @@ -5,6 +5,7 @@ * Copyright (c) 2017 Heinrich Schuchardt */ +#include #include #include @@ -309,8 +310,13 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle, /* Reset system */ efi_st_printf("Preparing for reset. Press any key...\n"); efi_st_get_key(); - runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY, - sizeof(reset_message), reset_message); + + if (IS_ENABLED(CONFIG_EFI_HAVE_RUNTIME_RESET)) + runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY, + sizeof(reset_message), reset_message); + else + do_reset(NULL, 0, 0, NULL); + efi_st_printf("\n"); efi_st_error("Reset failed\n"); From ed0b10722c880d82e5da2a357122f5ae0e53d4db Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 23 Aug 2020 09:54:44 +0200 Subject: [PATCH 07/11] include: kernel.h: define SSIZE_MAX Define SSIZE_MAX, the largest value fitting into a variable of type ssize_t. Signed-off-by: Heinrich Schuchardt --- include/linux/kernel.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/kernel.h b/include/linux/kernel.h index b88c2100659..3e71d61074b 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -19,6 +19,9 @@ #ifndef SIZE_MAX #define SIZE_MAX (~(size_t)0) #endif +#ifndef SSIZE_MAX +#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) +#endif #define U8_MAX ((u8)~0U) #define S8_MAX ((s8)(U8_MAX>>1)) From 5cad4a30932a31f1646510d35af7e9e36f71708a Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 23 Aug 2020 10:49:46 +0200 Subject: [PATCH 08/11] efi_loader: efi_dp_check_length() We need to check that device paths provided via UEFI variables are not malformed. Provide function efi_dp_check_length() to check if a device path has an end node within a given number of bytes. Signed-off-by: Heinrich Schuchardt --- include/efi_loader.h | 2 ++ lib/efi_loader/efi_device_path.c | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/include/efi_loader.h b/include/efi_loader.h index 50a17a33ca4..0baa1d2324c 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -631,6 +631,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, const char *path, struct efi_device_path **device, struct efi_device_path **file); +ssize_t efi_dp_check_length(const struct efi_device_path *dp, + const size_t maxlen); #define EFI_DP_TYPE(_dp, _type, _subtype) \ (((_dp)->type == DEVICE_PATH_TYPE_##_type) && \ diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 7ae14f34239..8a5c13c4241 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -1127,3 +1127,36 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, return EFI_SUCCESS; } + +/** + * efi_dp_check_length() - check length of a device path + * + * @dp: pointer to device path + * @maxlen: maximum length of the device path + * Return: + * * length of the device path if it is less or equal @maxlen + * * -1 if the device path is longer then @maxlen + * * -1 if a device path node has a length of less than 4 + * * -EINVAL if maxlen exceeds SSIZE_MAX + */ +ssize_t efi_dp_check_length(const struct efi_device_path *dp, + const size_t maxlen) +{ + ssize_t ret = 0; + u16 len; + + if (maxlen > SSIZE_MAX) + return -EINVAL; + for (;;) { + len = dp->length; + if (len < 4) + return -1; + ret += len; + if (ret > maxlen) + return -1; + if (dp->type == DEVICE_PATH_TYPE_END && + dp->sub_type == DEVICE_PATH_SUB_TYPE_END) + return ret; + dp = (const struct efi_device_path *)((const u8 *)dp + len); + } +} From 5bba77e48be801176a55223b1f76bc44e8e1b3cb Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 23 Aug 2020 10:53:50 +0200 Subject: [PATCH 09/11] test: unit test for efi_dp_check_length() Provide a unit test for function efi_dp_check_length(). Signed-off-by: Heinrich Schuchardt --- test/lib/Makefile | 1 + test/lib/efi_device_path.c | 50 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 test/lib/efi_device_path.c diff --git a/test/lib/Makefile b/test/lib/Makefile index b6a0a208c5e..ada62fe46b7 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -3,6 +3,7 @@ # (C) Copyright 2018 # Mario Six, Guntermann & Drunck GmbH, mario.six@gdsys.cc obj-y += cmd_ut_lib.o +obj-$(CONFIG_EFI_LOADER) += efi_device_path.o obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o obj-y += hexdump.o obj-y += lmb.o diff --git a/test/lib/efi_device_path.c b/test/lib/efi_device_path.c new file mode 100644 index 00000000000..24e2f23c5af --- /dev/null +++ b/test/lib/efi_device_path.c @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Test device path functions + * + * Copyright (c) 2020 Heinrich Schuchardt + */ + +#include +#include +#include +#include +#include + +static int lib_test_efi_dp_check_length(struct unit_test_state *uts) +{ + /* end of device path */ + u8 d1[] __aligned(2) = { + 0x7f, 0xff, 0x04, 0x00 }; + /* device path node with length less then 4 */ + u8 d2[] __aligned(2) = { + 0x01, 0x02, 0x02, 0x00, 0x04, 0x00, 0x7f, 0xff, 0x04, 0x00 }; + /* well formed device path */ + u8 d3[] __aligned(2) = { + 0x03, 0x02, 0x08, 0x00, 0x01, 0x00, 0x01, 0x00, + 0x7f, 0xff, 0x04, 0x00 }; + + struct efi_device_path *p1 = (struct efi_device_path *)d1; + struct efi_device_path *p2 = (struct efi_device_path *)d2; + struct efi_device_path *p3 = (struct efi_device_path *)d3; + + ut_asserteq((ssize_t)-EINVAL, efi_dp_check_length(p1, SIZE_MAX)); + ut_asserteq((ssize_t)sizeof(d1), efi_dp_check_length(p1, sizeof(d1))); + ut_asserteq((ssize_t)sizeof(d1), + efi_dp_check_length(p1, sizeof(d1) + 4)); + ut_asserteq((ssize_t)-1, efi_dp_check_length(p1, sizeof(d1) - 1)); + + ut_asserteq((ssize_t)-1, efi_dp_check_length(p2, sizeof(d2))); + + ut_asserteq((ssize_t)-1, efi_dp_check_length(p3, sizeof(d3) - 1)); + ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, sizeof(d3))); + ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, SSIZE_MAX)); + ut_asserteq((ssize_t)-EINVAL, + efi_dp_check_length(p3, (size_t)SSIZE_MAX + 1)); + ut_asserteq((ssize_t)sizeof(d3), + efi_dp_check_length(p3, sizeof(d3) + 4)); + + return 0; +} + +LIB_TEST(lib_test_efi_dp_check_length, 0); From 15d8f008dc577bbef6ad98494c28553558941420 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 23 Aug 2020 10:59:17 +0200 Subject: [PATCH 10/11] efi_loader: validate device path length in boot manager Bootxxxx variables are provided by the user and therefore cannot be trusted. We have to validate them before usage. A device path provided by a Bootxxxx variable must have an end node within the indicated device path length. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_bootmgr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index 1e06e609639..61dc72a23da 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data, if (*size < len) return EFI_INVALID_PARAMETER; lo->file_path = (struct efi_device_path *)data; - /* - * TODO: validate device path. There should be an end node within - * the indicated file_path_length. - */ + if (efi_dp_check_length(lo->file_path, len) < 0) + return EFI_INVALID_PARAMETER; data += len; *size -= len; From 2b3fbcb59f4174e455a6285eaddf1426ed3e76c5 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 24 Aug 2020 08:27:49 +0200 Subject: [PATCH 11/11] efi_loader: use ':' as separator for setenv -i setenv -e -i
, can be used to set a UEFI variable from memory. For separating an address and a size we use ':' in most commands. Let's do the same for setenv -e -i. Signed-off-by: Heinrich Schuchardt --- cmd/nvedit_efi.c | 2 +- doc/uefi/uefi.rst | 6 +- .../py/tests/test_efi_secboot/test_authvar.py | 60 +++++++++---------- test/py/tests/test_efi_secboot/test_signed.py | 46 +++++++------- .../test_efi_secboot/test_signed_intca.py | 24 ++++---- .../tests/test_efi_secboot/test_unsigned.py | 18 +++--- 6 files changed, 78 insertions(+), 78 deletions(-) diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c index 8e31f43e1f9..094c0e80987 100644 --- a/cmd/nvedit_efi.c +++ b/cmd/nvedit_efi.c @@ -473,7 +473,7 @@ int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc, argc--; argv++; addr = simple_strtoul(argv[0], &ep, 16); - if (*ep != ',') + if (*ep != ':') return CMD_RET_USAGE; /* 0 should be allowed for delete */ diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst index 728f7bf4e0a..07eb3f01b4e 100644 --- a/doc/uefi/uefi.rst +++ b/doc/uefi/uefi.rst @@ -173,11 +173,11 @@ Sign an image with one of the keys in "db" on your host Now in U-Boot install the keys on your board:: fatload mmc 0:1 PK.auth - setenv -e -nv -bs -rt -at -i ,$filesize PK + setenv -e -nv -bs -rt -at -i :$filesize PK fatload mmc 0:1 KEK.auth - setenv -e -nv -bs -rt -at -i ,$filesize KEK + setenv -e -nv -bs -rt -at -i :$filesize KEK fatload mmc 0:1 db.auth - setenv -e -nv -bs -rt -at -i ,$filesize db + setenv -e -nv -bs -rt -at -i :$filesize db Set up boot parameters on your board:: diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py index d0c6b9035b1..f99b8270a64 100644 --- a/test/py/tests/test_efi_secboot/test_authvar.py +++ b/test/py/tests/test_efi_secboot/test_authvar.py @@ -38,14 +38,14 @@ class TestEfiAuthVar(object): # Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 1c'): # Test Case 1c, install PK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'printenv -e -n PK']) assert 'PK:' in ''.join(output) @@ -60,24 +60,24 @@ class TestEfiAuthVar(object): # Test Case 1d, db/dbx without KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 1e'): # Test Case 1e, install KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize KEK']) + 'setenv -e -nv -bs -rt -i 4000000:$filesize KEK']) assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'printenv -e -n KEK']) assert 'KEK:' in ''.join(output) @@ -89,12 +89,12 @@ class TestEfiAuthVar(object): # Test Case 1f, install db output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) @@ -107,12 +107,12 @@ class TestEfiAuthVar(object): # Test Case 1g, install dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'dbx:' in ''.join(output) @@ -132,32 +132,32 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 2c'): # Test Case 2c, update with correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) @@ -173,32 +173,32 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', - 'setenv -e -nv -bs -rt -a -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -a -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', - 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db']) assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 3c'): # Test Case 3c, update with correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', - 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) @@ -214,11 +214,11 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'db:' in ''.join(output) @@ -248,18 +248,18 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'printenv -e -n PK']) assert 'Failed to set EFI variable' not in ''.join(output) assert 'PK:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK_null.esl', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'printenv -e -n PK']) assert 'Failed to set EFI variable' in ''.join(output) assert 'PK:' in ''.join(output) @@ -268,7 +268,7 @@ class TestEfiAuthVar(object): # Test Case 5b, Uninstall PK with correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK_null.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', 'printenv -e -n PK']) assert 'Failed to set EFI variable' not in ''.join(output) assert '\"PK\" not defined' in ''.join(output) diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index 1443ba7b62b..863685e215b 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -53,9 +53,9 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""', @@ -74,7 +74,7 @@ class TestEfiSignedImage(object): # Test Case 2b, authenticated by db output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 2', @@ -97,11 +97,11 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', @@ -114,7 +114,7 @@ class TestEfiSignedImage(object): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', @@ -133,13 +133,13 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 dbx_hash.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', @@ -162,11 +162,11 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""', @@ -178,7 +178,7 @@ class TestEfiSignedImage(object): # Test Case 5b, authenticated if both signatures are verified output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', - 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', @@ -190,7 +190,7 @@ class TestEfiSignedImage(object): # certificate) is revoked output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_hash.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', @@ -201,7 +201,7 @@ class TestEfiSignedImage(object): # Test Case 5d, rejected if both of signatures are revoked output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_hash1.auth', - 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', @@ -220,11 +220,11 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_hello_signed.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', @@ -236,7 +236,7 @@ class TestEfiSignedImage(object): # Test Case 6b, rejected by TEST_db certificate in dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', @@ -248,9 +248,9 @@ class TestEfiSignedImage(object): # Test Case 6c, rejected by image's digest in dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 dbx_hello_signed.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', diff --git a/test/py/tests/test_efi_secboot/test_signed_intca.py b/test/py/tests/test_efi_secboot/test_signed_intca.py index 1e5f4d04b3c..70d6be00e8a 100644 --- a/test/py/tests/test_efi_secboot/test_signed_intca.py +++ b/test/py/tests/test_efi_secboot/test_signed_intca.py @@ -31,11 +31,11 @@ class TestEfiSignedImageIntca(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_c.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -64,9 +64,9 @@ class TestEfiSignedImageIntca(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -80,7 +80,7 @@ class TestEfiSignedImageIntca(object): # Test Case 2b, signed and authenticated by root CA output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db_b.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'efidebug boot next 1', 'efidebug test bootmgr']) assert '\'HELLO_abc\' failed' in ''.join(output) @@ -90,7 +90,7 @@ class TestEfiSignedImageIntca(object): # Test Case 2c, signed and authenticated by root CA output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db_c.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'efidebug boot next 1', 'efidebug test bootmgr']) assert 'Hello, world!' in ''.join(output) @@ -106,13 +106,13 @@ class TestEfiSignedImageIntca(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 dbx_b.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'fatload host 0:1 4000000 db_c.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -128,7 +128,7 @@ class TestEfiSignedImageIntca(object): # Test Case 3b, revoked by root CA in dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_c.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'efidebug boot next 1', 'efidebug test bootmgr']) assert '\'HELLO_abc\' failed' in ''.join(output) diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py index c4c3f4c2023..56f56e19eb8 100644 --- a/test/py/tests/test_efi_secboot/test_unsigned.py +++ b/test/py/tests/test_efi_secboot/test_unsigned.py @@ -29,9 +29,9 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -56,11 +56,11 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -80,11 +80,11 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx', 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK', 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ @@ -102,7 +102,7 @@ class TestEfiUnsignedImage(object): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db']) assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([