Changes for complying to EFI spec §3.5.1.1
'Removable Media Boot Behavior'.
Boot variables can be automatically generated during a removable
media is probed. At the same time, unused boot variables will be
detected and removed.
Please note that currently the function 'efi_disk_remove' has no
ability to distinguish below two scenarios
a) Unplugging of a removable media under U-Boot
b) U-Boot exiting and booting an OS
Thus currently the boot variables management is not added into
'efi_disk_remove' to avoid boot options being added/erased
repeatedly under scenario b) during power cycles
See TODO comments under function 'efi_disk_remove' for more details
The original efi_secboot tests expect that BootOrder EFI variable
is not defined. With this commit, the BootOrder EFI variable is
automatically added when the disk is detected. The original
efi_secboot tests end up with unexpected failure.
The efi_secboot tests need to be modified to explicitly set
the BootOrder EFI variable.
squashfs and erofs ls tests are also affected by this modification,
need to clear the previous state before squashfs ls test starts.
Co-developed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The primary motivation for having a sandbox without LTO build in CI is
to ensure that we don't have that option break. We now have the ability
to run tests of specific options being enabled/disabled, so drop the
parts of CI that build and test that configuration specifically and add
a build test instead. We still test that "NO_LTO=1" rather than editing
the config file works via the ftrace tests.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that everything is working, add a test to make sure that this
builds correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmU7j50ACgkQgS8AYozs
+qIh8w/+O4UjT0sG1NLwmyV7U1Ypk+EyYaE6wmSWzpsJLfH/YvtObBJOYRuXxRVh
J9lkgCsw8Ct1ZNCrp8iVO+Dz1DtV8+QvTecrUHZqcOhTYDaqxXnlvEH2/EUhgo5T
9a/ZaDtOP1mKz754C4G6G363+iRCvbcqDECeKg9VYxfWCo1cINOmqyQCqlGxFT+h
PKiB5VzUpN/K/yiie+Hr42/+6XaykAUjUvEWeyKOsRmYY4lNiK22vG/puE42bFTh
catXwTE2a7x+yzPKkdhR0UGvDUlIKET2kF6mi+pYN2h/cSUxWTzbP/OxcU9yJOnm
qJiRZ+Woez1I7ul6ln4ci2kiWc3CTYFXfctwrBJPuJ/EO+2EEb3oHqG2S3Fc9VBZ
N17flHW7XZHEQbNexlUhk9cRpCwRuSA5OJXwW+IZIuydgNeo3xF0iYvipbjkEGgW
BBkt8PH+ivTLjEz6Gcmquvo1fHGJLHRIPg7DNb0phGHviuC0zlDJ7N5DZk0CpkiT
36siV9xK4X6qvWkOTa6Ldw60e4tN9nv3VG30uXtPHi3XdOkKfNkyIuqO/5BkkQPt
6yEc9IYXYoWNKDVUGme5+xszZp1sSvqltajG9VVNupt958dFyOSgS5aNa6B4UsWX
3XfndP1/s2bezUHoQx5zjraapKVrqBFLkGeTlCDUD+mEgP440G8=
=gvDs
-----END PGP SIGNATURE-----
Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm
bootX measurements and measurement API moved to u-boot core:
Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.
The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.
With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.
I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions. Eddie tested the bootX part.
Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.
There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.
Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.
Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree. The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless. The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.
Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case. I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
commit 789ed27842 ("test/py: replace 'tpm2 init, startup, selftest' sequences")
changed some of the tpm2 init sequences to 'tpm2 autostart' instead of
calling 'tpm init', 'tpm startup TPM2_SU_CLEAR', 'tpm2 self_test full'.
The autostart command calls the afforementioned sequence and on top of
that deals with the 'tpm2 init' return codes if the tpm is already
started. Since we initialize the tpm from various subsystems now,
replace the last remaining instances of 'tpm2 init' with 'tpm2
autostart'. Since the latter calls 'tpm2 init' anyway we will still be
implicitly testing the validity of that command
It's worth noting that since 'tpm2 autostart' performs the startup and
self tests sequences of the tpm we could drop
'test_tpm2_sandbox_self_test_full' and 'test_tpm2_startup, but let's
keep the since they test tpm commands and options
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false positive.
So let's switch over to a PCR which is more suitable and is defined for
OS use. It's worth noting that we are using PCR10 here, since PCR9 is
used internally by U-Boot if we choose to measure the loaded DTB
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current code allows up to 3 MBR partitions without extended one.
If more than 3 partitions are required, then extended partition(s)
must be used.
This commit allows up to 4 primary MBR partitions without the
need for extended partition.
Add mbr test unit. In order to run the test manually, mmc6.img file
of size 12 MiB or greater is required in the same directory as u-boot.
Test also runs automatically via ./test/py/test.py tool.
Running mbr test is only supported in sandbox mode.
Signed-off-by: Alex Gendin <agendin@matrox.com>
[ And due to some further changes for testing ]
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test for the SPI load method. This one is pretty straightforward. We
can't enable FIT_EXTERNAL with LOAD_FIT_FULL because spl_spi_load_image
doesn't know the total image size and has to guess from fdt_totalsize. This
doesn't include external data, so loading it will fail.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
clk:
- remove additional compatible strings for Versal NET
net:
- zynq_gem: Fix clock calculation for MDC for higher frequencies
pinctrl:
- core: Extend pinmux status buffere size
- zynqmp driver: Show also tristate configuration
test:
- add test case for pxe get
Xilinx:
- describe SelectMAP boot mode
Zynq:
- Fix nand description in DT
ZynqMP:
- DTS sync patches with kernel and also W=1 related fixes
- Add support for KD240, zcu670, e-a2197 with x-prc cards, SC revB/C with i2c
description for other SC based boards
- k24 psu_init cleanup
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZSjvwAAKCRDKSWXLKUoM
IR34AJ92oum3pJXKxKREEZh0dCfDvJlE/wCggyzxI2T5liJfRG5jzlUuDjiLLU0=
=u1bz
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2024.01-rc1-v3' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2024.01-rc1 v3
clk:
- remove additional compatible strings for Versal NET
net:
- zynq_gem: Fix clock calculation for MDC for higher frequencies
pinctrl:
- core: Extend pinmux status buffere size
- zynqmp driver: Show also tristate configuration
test:
- add test case for pxe get
Xilinx:
- describe SelectMAP boot mode
Zynq:
- Fix nand description in DT
ZynqMP:
- DTS sync patches with kernel and also W=1 related fixes
- Add support for KD240, zcu670, e-a2197 with x-prc cards, SC revB/C with i2c
description for other SC based boards
- k24 psu_init cleanup
Execute "time <sleep cmd>", and validate that it gives the approximately
the correct amount of command execution time.
Signed-off-by: Love Kumar <love.kumar@amd.com>
U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Adds a command called "gpt transpose" which will swap the order two
partition table entries in the GPT partition table (but leaves them
pointing to the same locations on disk).
This can be useful for swapping bootloaders in systems that use an A/B
partitioning scheme where the bootrom is hard coded to look for the
bootloader in a specific index in the GPT partition table.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Sets the bootable flag when constructing the partition string from the
current partition configuration. This ensures that when the partitions
are written back (for example, when renaming a partition), the flag is
preserved.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
If CONFIG_PARTITION_TYPE_GUID is enabled, the type GUID will be
preserved when writing out the partition string. It was already
respected when writing out partitions; this ensures that if you capture
the current partition layout and write it back (such as when renaming),
the type GUIDs are preserved.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Adds a command that can be used to modify the GPT partition table to
indicate which partitions should have the bootable flag set
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Adds an additional variable called gpt_partition_bootable that indicates
if the given partition is bootable or not.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the initcall list consists of a list of function pointers. Over
time the initcall lists will likely change to mostly emitting events,
since most of the calls are board- or arch-specific.
As a first step, allow an initcall to be an event type instead of a
function pointer. Add the required macro and update initcall_run_list() to
emit an event in that case, or ignore it if events are not enabled.
The bottom 8 bits of the function pointer are used to hold the event type,
with the rest being all ones. This should avoid any collision, since
initcalls should not be above 0xffffff00 in memory.
Convert misc_init_f over to use this mechanism.
Add comments to the initcall header file while we are here. Also fix up
the trace test to handle the change.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current event spy is always passed the event context and the event.
The context is always NULL for a static spy. The event is not often used.
Introduce a 'simple' spy which takes no arguments. This allows us to drop
the adaptation code that many of these spy records use.
Update the event script to find these in the image.
Signed-off-by: Simon Glass <sjg@chromium.org>
The public key EFI Signature List(ESL) needed for capsule
authentication is now embedded into the platform's DTB as part of the
build. Remove the superfluous logic from the test setup.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When running the trace test on the sandbox platform, the current size
of 16MiB is no longer large enough for capturing the entire trace
history, and results in truncation. Use a size of 32MiB for the trace
buffer on the sandbox platform while running the trace test.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Support has been added for generating the EFI capsules through
binman. Make changes in the EFI capsule update testing feature to
generate capsules through binman.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The ChromiumOS bootmeth has no tests at present. Before adding more
features. add a basic test.
This creates a disk which can be scanned by the bootmeth, so make sure
things work. It is quite rudimentary, since the kernel is faked, the root
disk is missing and there is no cmdline stored.
Enable the bootmeth for snow so it can build the unit test.
Signed-off-by: Simon Glass <sjg@chromium.org>
These are currently created in the source directory, which is not ideal.
Move them to the persistent-data directory instead. Update the test so
skip validating the filename, since it now includes a full path.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tidy up this tool a little:
- define which arguments are needed
- split the enum values out into a header file
- warn if no enum values are found
- display the dtc error if something goes wrong
- avoid a Python traceback on error
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for semihosting testing reading and writing a file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
pytest 7.3.2 treats the function name 'setup' as a fixture [1].
This leads to errors like:
TypeError: setup() missing 2 required positional arguments:
'disk_img' and 'osindications'
Rename setup() to capsule_setup().
[1] How to run tests written for nose
https://docs.pytest.org/en/7.3.x/how-to/nose.html
Fixes: 482ef90aeb ("test: efi_capsule: refactor efi_capsule test")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If test_cat and test_xxd cannot create the required file, the test will
be skipped, but this would result in an exception being raised in the
finally block because the file didn't exist to be cleaned up. This
caused the test to be marked as failed instead of skipped.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Docs describe 'make clean' to delete most generated files, 'make
mrproper' to delete current configuration and all generated files. This
test tries to assert it.
Idea is to search remaining files by patterns in copies of the initial
out-of-source build, which has two advantages:
- looking in an out-of-source build dir allows to tell generated source
code from committed source code
- copying is fast (compared to rebuilding each time) which allows to do
a "world clean"
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On arm64 the its we use to generate the test FIT image has
arch = "arm";
We should use "arm64" here which is mapped to IH_ARCH_ARM64 via
uimage_arch[].
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copy pasting the commands needed to start a TPM consisting
of:
- tpm init
- tpm startup TPM2_SU_CLEAR
- tpm2 self_test full
use the newly added 'autostart' which does the same thing and simplify
our python scripts
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This test covers the FMP versioning for both raw and FIT image,
and both signed and non-signed capsule update.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current efi capsule python tests have much code duplication.
This commit creates the common function
in test/py/tests/test_efi_capsule/capsule_common.py,
aim to reduce the code size and improve maintainability.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Test the IPv6 network discovery feature if indicated by boardenv file.
Signed-off-by: Ehsan Mohandesi <emohandesi@linux.microsoft.com>
Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Requires proper environment with DHCP6 server provisioned.
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
- Various typo fixes, pass -Werror to host tools builds, bdi cleanups,
fix hush and local variables, a FSL PCI fix and correct some python in
one of the tests.
This function uses the same base name as all the others in this file, so
it is not easy to run just that one test. Add a _base suffix so that it
can be run on its own.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add a test for the hush shell variable assignment and clear.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sometimes when doing tests on real hardware we sometimes run in to the
case where some of these mounts haven't been fully flushed. Using the
--lazy option with umount will allow us to continue while letting the OS
handle flushing the data out still.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We cannot use old_dtb in the finally block if it has not been assigned
before the try block.
test/py/tests/test_efi_fit.py:458:30:
E0601: Using variable 'old_dtb' before assignment (used-before-assignment)
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fix pylint warnings like:
* Class inherits from object
* Missing module description
* Missing class description
* First line of comment blank
* Superfluous imports
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
test_abootimg is extended to include the testing of boot images
version 4. For this, boot.img and vendor_boot.img have been
generated using mkbootimg tool with setting the header
version to 4.
This tests:
- Getting the header version using abootimg
- Extracting the load address of the dtb
- Extracting the dtb start address in RAM
Running test:
$ ./test/py/test.py --bd sandbox --build -k test_abootimg
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
In order to better make use of pip caches, and also for better overall
consistency, we should use the same versions of packages in each of our
python requirements files. Update pytest to use the newer versions of
packages we use in sphinx builds.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present this inadvertently relies on having a symlink to the correct
file from the current directory. Use the correct path to fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test_fdt_add_pubkey test which provides simple functionality test
which contains such steps:
create DTB and FIT files
add keys with fdt_add_pubkey to DTB
sign FIT image
check with fit_check_sign that keys properly added to DTB file
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Ensure that a freshly written fat file with a lower case filename which
fits into the upper case 8.3 short filename is not mangeled with a tilde
and number.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
This allows tests to run in parallel and speeds up some tests markedly,
particularly with binman. Add it to the requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
We expect the profile and bootstage to agree on timing, but when
running on slow machines there can be a larger descrepency. Increase the
tolerance to fix this.
Fixes: 9cea4797ae ("trace: Add a test")
Signed-off-by: Simon Glass <sjg@chromium.org>
Test that:
- sandbox shows a warning when an unmigrated DT is used
- sandbox fails to run when migration is turned off
- sandbox_spl fails to build when migration is turned off
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a test which runs sandbox, collects a trace and makes sure it can
be processed by trace-cmd. This should ensure that this feature continues
to work as U-Boot and trace-cmd evolve.
Signed-off-by: Simon Glass <sjg@chromium.org>
Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.
Summary:
-f auto => FIT with crc32 images
-f auto -g ... -o ... => FIT with signed images
-f auto-conf -g ... -o ... => FIT with sha1 images and signed confs
Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.
mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
-e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
-k /folder/with/key-files -g keyname -o sha256,rsa4096 \
-K u-boot.dtb -r kernel.itb
Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.
mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
-g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb
Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If a disk has a bootable partition we are expected to use it to locate the
boot files. Add a function to find it.
To test this, update mmc1 to have two paritions, fixing up other tests
accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add sandbox test for the gpt partition type command, the test uses the
persistent data test_gpt_disk_image.bin to check that the first
partition type GUID that identifies the type of the partition has the
"Linux filesystem data" type ( 0FC63DAF-8483-4772-8E79-3D69D8477DE4 ).
Signed-off-by: Enric Balletbo i Serra <eballetbo@redhat.com>
Add a test which checks that two operating systems can be displayed in a
menu, allowing one to be selected.
Enable a few things on snow so that the unit tests build.
Signed-off-by: Simon Glass <sjg@chromium.org>
The mmc command is useful for testing mmc disk images in sandbox, so
enable it. We also need to enable legacy images so that we can run tests
which use them.
Disable it for a few avb tests since MMC is not implemented there yet.
Signed-off-by: Simon Glass <sjg@chromium.org>
Checks that `make u-boot-initial-env` creates the text file
u-boot-initial-env and checks that it at least contains
`board=<something>`.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a basic test for FIT image handling by the source command.
It's a python test becase we need to run mkimage.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that we are enforcing dwarf-4 to be used we will have the full file
paths present.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
eficonfig_select_file_handler() is commonly used to select the
file. eficonfig_display_select_file_option() adds an additional
menu to clear the selected file.
eficonfig_display_select_file_option() is not always necessary
for the file selection process, so it must be outside of
eficonfig_select_file_handler().
This commit also renames the following functions to avoid confusion.
eficonfig_select_file_handler() -> eficonfig_process_select_file()
eficonfig_select_file() -> eficonfig_show_file_selection()
eficonfig_display_select_file_option() -> eficonfig_process_show_file_option()
Finally, test_eficonfig.py need to be updated to get aligned with
the above modification.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Update the sandbox implementation to use UCLASS_HOST and adjust all
the pieces to continue to work:
- Update the 'host' command to use the new API
- Replace various uses of UCLASS_ROOT with UCLASS_HOST
- Disable test_eficonfig since it doesn't work (this should have a unit
test to allow this to be debugged)
- Update the blk test to use the new API
- Drop the old header file
Unfortunately it does not seem to be possible to split this change up
further.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tidy this up so that pylint is happy. Use hex for the 1MB size and make
sure it is not a floating-point value.
Add a little main program to allow the code to be tried out, since at
present is only called from a long-running test.
Signed-off-by: Simon Glass <sjg@chromium.org>
'cert-to-efi-hash-list -t 0' does not work as expected, it produces
indeterminate timestamp.
$ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-113-0 00:00:255
If we need the CRL revoked for all the time, just don't specify
'-t' option.
$ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-0-0 00:00:00
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use a manual test for the VBE test, so we can make the pytest and the
C unit test work together properly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The vbe_fixup file handles device tree fixups, but these are called OS
requests in VBE. Rename the file to reflect its wider purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we normally write tests either in Python or in C. But most
Python tests end up doing a lot of checks which would be better done in C.
Checks done in C are orders of magnitude faster and it is possible to get
full access to U-Boot's internal workings, rather than just relying on
the command line.
The model is to have a Python test set up some things and then use C code
(in a unit test) to check that they were done correctly. But we don't want
those checks to happen as part of normal test running, since each C unit
tests is dependent on the associate Python tests, so cannot run without
it.
To acheive this, add a new UT_TESTF_MANUAL flag to use with the C 'check'
tests, so that they can be skipped by default when the 'ut' command is
used. Require that tests have a name ending with '_norun', so that pytest
knows to skip them.
Signed-off-by: Simon Glass <sjg@chromium.org>
This path does not seem to be present in clang-14 for some reason. Relax
the regular expression so that the test works, at least for non-LTO.
Signed-off-by: Simon Glass <sjg@chromium.org>
The version used on Ubuntu 2022.04 produces a number of warnings:
/usr/lib/python3/dist-packages/pkg_resources/__init__.py:116:
PkgResourcesDeprecationWarning: 1.16.0-unknown is an invalid version
and will not be supported in a future release
Same with: 0.1.43ubuntu1 11.4.1ubuntu1 2.22.1ubuntu1 1.1build1
According to [1] this is a bug in setuptools. Employ the workaround for
now.
[1] https://askubuntu.com/questions/1406952/what-is-the-meaning-of-this-
pkgresourcesdeprecationwarning-warning-from-pipenv
Signed-off-by: Simon Glass <sjg@chromium.org>
When a FIT includes some OS requests, U-Boot should process these and add
the requested info to corresponding subnodes of the /chosen node. Add a
pytest for this, which sets up the FIT, runs bootm and then uses a C
unit test to check that everything looks OK.
The test needs to run on sandbox_flattree since we don't support
device tree fixups on sandbox (live tree) yet. So enable BOOTMETH_VBE and
disable bootflow_system(), since EFI is not supported on
sandbox_flattree.
Add a link to the initial documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
As a starting point, add support for providing random data, if requested
by the OS. Also add ASLR, as a placeholder for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
(fixed up to use uclass_first_device_err() instead)
To avoid duplicating code, create a new fit_util module which provides
various utility functions for FIT. Move this code out from the existing
test_fit.py and refactor it with addition parameters.
Fix up pylint warnings in the conversion.
This involves no functional change.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add xxd command to print file content as hexdump to standard out
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Roger Knecht <rknecht@pm.me>
Add a simple uclass test for SCSI. It reads the partition table from a
disk image and checks that it looks correct.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for the eficonfig command.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present when -n is used, all workers try to build U-Boot at once.
Add a lock to ensure that only one of them builds, with the others using
the build that is produced.
The lock file is removed on startup.
Signed-off-by: Simon Glass <sjg@chromium.org>
This assumes that the GPIO starts as 0 but it does not if
test_gpio_input() ran first and test_gpio_exit_statuses() was skipped.
This can happen when running tests in parallel.
Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
This test seems to interfere with the other test in this file. Mark it
single-threaded to avoid any problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present test_pinmux_status() assumes that test_pinmux_dev() has run
beforehand. Drop this assumption so we can run the tests in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
- We now have a new enough sbsigntools in the distro, stop building.
- Use the 20220801 tag for Jammy.
- Move to pygit2 1.9.2 (current version) as the old one doesn't build on
"Jammy".
- Add the working directory to the list of safe directories for git.
- Move to pytest 6.2.5 to address other issues.
- This move exposed a number of minor issues in the existing scripts we
used within CI to perform the jobs themselves. The most notable changes
here involve using 'set +e / set -e' to enforce when we should or should
not make non-zero buildman status be a fatal error.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for VBE simple, which permits firmware update of a single
image stored in MMC or another block device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is a confusing array of functions that handle the
device tree fix-ups needed for booting an OS. We should be able to switch
to using events to clean this up.
As a first step, create a new event type and call it from the standard
place.
Note that this event uses the ofnode interface only, since this can
support live tree which is more efficient when making lots of updates.
Signed-off-by: Simon Glass <sjg@chromium.org>
The macros in this file are a little confusing and we currently have no
tests to check that they work as expected.
Add some tests which check the macros in C code. Add a few tests which
check that the build errors are generated correctly too, using buildman's
-a option.
Signed-off-by: Simon Glass <sjg@chromium.org>
The UEFI console initialisation has been modified by commit 68edbed454
("efi_loader: initialize console size late"). A corresponding workaround is
now necessary for the automated tests, as added to some of the tests
already by commit e05bd68ed5 ("test: work around for EFI terminal size
probing").
Add the same workaround to the UEFI authenticated capsules tests to repair
them.
This can be tested with sandbox_defconfig, sandbox64_defconfig or
sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
* Use spaces not tabs
* Limit lines to 100 spaces
* Remove an unused import
* Sort imports correctly
* Add a module description
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The stack protector test intentionally overflows a buffer in order to
corrupt the stack canary so that it can test that the corruption is
detected as expected. However, this is incompatible with ASAN, which
detects the buffer overflow and interrupts the test, so disable the test
for such configurations.
Signed-off-by: Andrew Scull <ascull@google.com>
When the UEFI sub-system is initialized it sends an escape sequence to the
serial console to determine the terminal size. This stops the
run_command_list() function of the console emulation from recognizing the
U-Boot command line prompt.
Add a 'print -e' command as first command in the command list to work
around this issue.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add support for the authentication of UEFI capsules containing FIT images.
The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.
The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.
This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair the python tests for authenticated EFI capsules, which can be run
with sandbox_defconfig plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
- Account for the reset changes done by commit 3e6f810006 ("efi_loader:
test/py: Reset system after capsule update on disk").
- Fix the capsule GUID typo introduced by commit 2e9c3c6965 ("test:
capsule: Modify the capsule tests to use GUID values for sandbox").
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Changing the console timeout to 500 ms without restoring the original value
leads to failures in other tests. As the console timeout change is not
necessary for the text input protocol tests remove it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the bootmenu unit test the console timeout is set to 500 ms.
Other tests rely on the original timeout. Ensure that the original value
is restored.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Testing with mksquasshfs 4.5.1 results in an error
ValueError: could not convert string to float: '4.5.1'
Version 4.10 would be considered to be lower than 4.4.
Fixes: 04c9813e95 ("test/py: rewrite common tools for SquashFS tests")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reset the console timeout value as some tests may change its default
value during the execution.
This fixes the random case timeout issue seen in the U-Boot CI.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJ3Z5kACgkQxIHbvCwF
GsRXYA/+KxXQaYm++hkoc+WVyU7CnqQrb6pFkT60taGuqkTORwyPk+faWGZpeewf
JuTJ5GssVjS1Vo+rU1zpPJxHLlGz9JGx3txiGadHHnsKVDeQdN6vB2Jb2uIp6xMN
Z0LmFroTrNrUO6ymxqm0mi6rc/BV7iBNoR1TWxDOk+l68O3mpgJPnxnG0mxncThN
qxas2pVxlt1B60ri3KRdpR9Li2KF36apVsw5J+Pqrrv4MiEAC8Fr/l5TRMiHJoSr
/C1j704epoGqQMdpX+xLSykEhpZQ0RkVAUf3hcINPJxYYHRvQ4Qwk17yzqOlX8TV
EOWob0v9Tr/wkFDFFBOdTl1ByVixENU/Sk/2F1olN+9nlMLlTrmaDTuNXh6Fv81q
587fZ5bNI56PYmGWRS+p4YvQhKlZxVcpUiKVzopApPx+i0J101TlKs7OenLNKWnC
LaWkcly1QH5yaJwTI8qZOnA8tLAfkzPjODQfpnCvsiB7w26ZFBjuaLDgtzkSmLAN
07zHsrygesblmG3EfM7dJlIMNXYNWapZW+7BiTgH/f7KIqocjZt6qGY7sroHk1RY
NJWwLCzv5TqoxL+HumDFmCRZbfBJbBeiEKs5x4EfrOeSHrXcuR4QJB0ScDlUtT5l
eNp0Sn4lK5EhgXSeraiBkQVmca0rvCGEwbR4bV0832wZL2lqBqk=
=Kdu1
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-07-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-07-rc3-2
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx. Update the sandbox selftests
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With sandbox, U-Boot can be run without a device tree (i.e. no -d or -T
parameter). In this case an empty device tree is created for convenience.
With a recent change this causes an error due to the missing '/binman'
node.
Add this node to avoid the problem, as well as a test that U-Boot can
be run without a device tree.
Fixes: 059df5624b ("arch: Kconfig: imply BINMAN for SANDBOX")
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/11
Signed-off-by: Simon Glass <sjg@chromium.org>
This is useful sometimes when running a specific test. Add support for it
in the existing restart_uboot_with_flags() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
To make user aware of the menu entry selection, menu always
appears regardless of the number of entry.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Adjust test/py/tests/test_bootmenu.py
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We need to create a disk image with a partition table and a DOS-format
filesystem containing a few files. Provide a fallback binary for CI since
it does not seem able to detect the loopback partitions.
Add this to a dm_init test so that it happens when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
As explained in commit 4af2a33ee5 ("cmd: gpio: Make `gpio input`
return pin value again") the `gpio input` is used in scripts to obtain
the value of a pin, despite the fact that CMD_RET_FAILURE is
indistinguishable from a valid pin value.
To be able to detect failures and properly use the value of a GPIO in
scripts we introduce the `gpio read` command that sets the variable
`name` to the value of the pin. Return code of the `gpio read` command
can be used to check for CMD_RET_SUCCESS or CMD_RET_FAILURE.
CONFIG_CMD_GPIO_READ is used to enable the `gpio read` command.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
The current UEFI capsule updation code uses two GUID values, one for
FIT images, and one for raw images across platforms. This logic is
being changed to have GUID values per image, per platform. Change the
tests for the capsule update code to reflect this change. The GUID
values now used are the ones specific to the sandbox platform -- one
for the u-boot image, and another for the u-boot environment image.
Install the FMP instance for raw images on the sandbox variant for
testing the capsule update code. Install the FMP instance for the FIT
images on the sandbox64 and sandbox_flattree variant for testing
capsule update for FIT images. This is being done by splitting the
capsule update script for FIT and raw images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
At present the tests assume that gawk is being used. Adjust the tests so
that the names are inserted in alphabetical order, so that awk is happy.
Also use PROCINFO to make gawk output in alphabetical order. This is not
ideal, since it changes the env-car ordering from what the user provided,
but it may be acceptable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/10
To be able to use the tool binman on sandbox,
the config SANDBOX should imply BINMAN.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
* Use f'' strings instead of .format().
* Correct sequence of imports.
* Remove a superfluous import.
* Add missing documentation.
* Replace yield by return.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a unit test for
* efidebug boot add
* efidebug boot order
* bootefi bootmgr
* initrd via EFI_LOAD_FILE2_PROTOCOL
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
For debugging and dicoverability it is useful to be able to see a list of
each event spy in a U-Boot ELF file. Add a script which shows this, along
with the event type and the source location. This makes events a little
easier to use than weak functions, for example.
Add a basic sandbox test as well. We could provide a test for other
boards, but for now, few use events.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix pylint errors in all test.
This requires adding a get_spawn() method to the ConsoleBase base, so that
its subclass is happy.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;
In all cases that a capsule is identified for processing the system is
restarted after capsule processing is completed.
This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add expected_reset optional argument to ConsoleBase::ensure_spawned(),
ConsoleBase::restart_uboot() and ConsoleSandbox::restart_uboot_with_flags()
so that it can handle a reset while the 1st boot process after main
boot logo before prompt correctly.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add wait_for_reboot optional argument to ConsoleBase::run_command()
so that it can handle an expected reset by command execution.
This is useful if a command will reset the sandbox while testing
such commands, e.g. run_command("reset", wait_for_reboot = True)
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIGtKEACgkQxIHbvCwF
GsSWlg//Vr61dpbpPVuczl18OtojpUzMg8bwqc4tJQRQrOGMGjmPqrGZJCm1pmMH
Q5ZD4QCAdycbRqAqcpdX9FXHmD5R0HvGmhlC9TnXxo4nKaOcphMMC3PFjBQZlhPJ
KPc7jjoIcycz+fRqbd4CGRFXNGJAecK++4uM6v6WCNF3Dq16r0ws1aUTG7YPlaJF
JNo3/4eEQpRsplNXpJsqVPQhbfLuaiCOJc8VUWYNylRdhBC7Dx8yI7m1FHOSBbKb
Pk4tbysEhowcSc2Duc9muxkaVAkSy/mIHj1I8Z2VzpzH8zXcaiHMjROqMGOE+vwx
raDzJI0ZcEV/MEbm/QLCALlCKqN3d1NRmZLAvXPYN4+ioA8lzPAEnqEywXRPY/Yk
KnkDWaF1KEKzDaY52oqkh2LkasY9wzluvb1sm+oW9bh/kn4wKLr0Z1oSl92/vvci
S/ztLqxhqlXpWx0NzOFnNvUUkEl0VN6IM/+Bsg5AoO7mdWe7MC3iSPOU1Ge5wRU9
R9BLaTrr61/+soc2jrJL5PQr3Rqtyo1qLpIusMFT88jeFp0b8AIUL2AUlJsAUXYg
a2NV7qGUsZN/Ur488N1t7DixTkjGdStHKRk06bSTPrOpfA2oembdA2/H/HECoJMP
JzdwMeZM0qcxFGTbC7c3yO3cTVVYPyIDGh1YEBYjCzfL6AuR2uU=
=AAdJ
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
The previous patch is changing U-Boot's behavior wrt certificate based
binary authentication. Specifically an image who's digest of a
certificate is found in dbx is now rejected. Fix the test accordingly
and add another one testing signatures in reverse order
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Before the capsule authentication is supported, this test script works
correctly, but with the feature enabled, most tests will fail due to
unsigned capsules.
So check the results depending on CAPSULE_AUTHENTICATE or not.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This test scenario tests a new feature of mkeficapsule, "--guid" option,
which allows us to specify FMP driver's guid explicitly at the command
line.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the syntax of mkeficapsule was changed in the previous commit,
we need to modify command line arguments in a pytest script.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a couple of test cases against capsule image authentication
for capsule-on-disk, where only a signed capsule file with the verified
signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot
binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.
Add test case in vboot for sha384 with rsa3072 algorithm testing.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* assert does not need parentheses
* add module docstring
* fix misspelled constant True
* limit lines to 100 characters
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This test checks for output specific to the sandbox blk device
"sandbox_host_blk", mark it as sandbox specific.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
With TPM emulation enabled in u-boot-test-hooks we should also provide the
tpm2 command used for the test/py/tests/test_tpm2.py test.
One of the Python TPMv2 tests expects sandbox specific values. So disable
it on other platforms.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
At present an Exception is raised if a command fails. This is a very broad
class and makes it difficult for callers to catch the error without also
catching other things, like programming bugs.
Change it to ValueError to make this easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the collection function used by pytest is quite strict on the
naming of the functions it detects. In particular it requires the name of
the test to be repeated in the function name.
This is not enforced anywhere else, but instead the tests are silently
omitted from the pytest run. This affects a few dozen tests.
The rule does not seem to have any particular purpose. Relax it, so that
all tests that use the UNIT_TEST() macro will run, regardless of the name
of the test function.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running a program on the host, allow input to be passed in as stdin.
This is needed for running sfdisk, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
* there is no os.path.unlink() method
* don't inherit from object
* add module docstring
* move imports to the top
* avoid unused variable
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* don't inherit from object
* imports should be on the top level
* avoid unused variable names
* avoid unnecessary else after raise
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present U-Boot environment variables, and thus scripts, are defined
by CONFIG_EXTRA_ENV_SETTINGS. It is painful to add large amounts of text
to this file and dealing with quoting and newlines is harder than it
should be. It would be better if we could just type the script into a
text file and have it included by U-Boot.
Add a feature that brings in a .env file associated with the board
config, if present. To use it, create a file in a board/<vendor>
directory, typically called <board>.env and controlled by the
CONFIG_ENV_SOURCE_FILE option.
The environment variables should be of the form "var=value". Values can
extend to multiple lines. See the README under 'Environment Variables:'
for more information and an example.
In many cases environment variables need access to the U-Boot CONFIG
variables to select different options. Enable this so that the environment
scripts can be as useful as the ones currently in the board config files.
This uses the C preprocessor, means that comments can be included in the
environment using /* ... */
Also support += to allow variables to be appended to. This is needed when
using the preprocessor.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Tested-by: Marek Behún <marek.behun@nic.cz>
When a test hands on a real board there is no way on the console to obtain
any information about why it hung.
With sandbox we can actually find out that it died and get a signal or
exit code. Add this to make it easier to figure out what happened.
So instead of:
test/py/u_boot_spawn.py:171: in expect
c = os.read(self.fd, 1024).decode(errors='replace')
E OSError: [Errno 5] Input/output error
We get:
test/py/u_boot_spawn.py:171: in expect
c = os.read(self.fd, 1024).decode(errors='replace')
E ValueError: U-Boot exited with signal 11 (Signals.SIGSEGV)
Signed-off-by: Simon Glass <sjg@chromium.org>
This produces a lot of code output which is not very helpful and is quite
annoying to wade through. Use the short format by default.
Signed-off-by: Simon Glass <sjg@chromium.org>
- Disable bi_boot_params for STM32 MCU and MPU boards
- Update stm32-usbphyc node management
- Convert CONFIG_STM32_FLASH to Kconfig for STM32 MCU boards
- Convert some USB config flags to Kconfig for various boards
- Convert CONFIG_BOOTCOMMAND flag to Kconfig for STM32 F429 board
- Remove specific CONFIG_STV0991 flags
- Remove unused CONFIG_USER_LOWLEVEL_INIT flag
- Add ofdata_to_platdata() callback for stm32_spi driver
- Update for stm32f7_i2c driver
- Remove gpio_hog_probe_all() from STM32 MP1 board
- Fix bind command
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEXyrViUccKBz9c35Jysd4L3sz/6YFAmFlgsIcHHBhdHJpY2Uu
Y2hvdGFyZEBmb3NzLnN0LmNvbQAKCRDKx3gvezP/plnND/4q9HSlvddybIPjBHlW
rXz1ISwj8JZPp7R4MJcB4RiHofYZzjTXx3dDYUif6oQMpCDp64KPfcUDW0kaq8U7
ZFwJvt59boV1XWlonIXMb3gAkY6gFa5PnYAE/YXEqKvPPvUb7FkT7BWxm4LxCGsj
mEmboR8u87s6e4ZP03HJsSVa5FnNwJUZU8b+58Vxp10YC0PPf7kpmgCucDhrghvY
TORlk259KUFoZXz4J4My0VzDdxE05gDqq1m6Xw1CzqcUbGysMvjNEHlxGdYbWD/U
maamP19DUmKUREmpj3kO/JZvacLJlQP/mdGJ0OWKNbIr/3ha4dYagxDoRodEVo0m
DYaaVPGvG24G78d5meB2q9wT0aGdTyaqm+XRBQMvMN2LlaGmu9duA1t6yBuyMcFk
BeA7d0eHMo1ezD9FFZMxwIOAWhJlcYQEAMFhUwkR1B322w0NU4nbl9KRCGuGV2Zp
ZFQV4BoMvb0NwAdo66xwZ+gSq4Wp1y46VM6x2Mw52v2F4p3teeAqR906TdQVYO8+
hlYChO9+qK4JO7LPX/5wQ4FIzcq1HnTzTpuOSf28hsemiPMu0OkAQv1J7DohNZix
wELBA+ZIjGXksmDTPjpXg5CSvVALa/l2G816hp7/XTJ1XRBSz/pzjhp5rwm42zmw
x7EPnwzpAlQCSqTQ0sgO+fgoRA==
=S4kl
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20211012' of https://source.denx.de/u-boot/custodians/u-boot-stm
- Disable ATAGS for STM32 MCU and MPU boards
- Disable bi_boot_params for STM32 MCU and MPU boards
- Update stm32-usbphyc node management
- Convert CONFIG_STM32_FLASH to Kconfig for STM32 MCU boards
- Convert some USB config flags to Kconfig for various boards
- Convert CONFIG_BOOTCOMMAND flag to Kconfig for STM32 F429 board
- Remove specific CONFIG_STV0991 flags
- Remove unused CONFIG_USER_LOWLEVEL_INIT flag
- Add ofdata_to_platdata() callback for stm32_spi driver
- Update for stm32f7_i2c driver
- Remove gpio_hog_probe_all() from STM32 MP1 board
- Fix bind command
Signed-off-by: Tom Rini <trini@konsulko.com>
These tests currently run in a particular sequence, with some of them
depending on the actions of earlier tests.
Add a check for sandbox and reset to a known state at the start of each
test, so that all tests can run in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
The -z tests don't really need to be part of the main set. Separate them
out so we can drop the test setup/cleans functions and thus run all tests
in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Target code and mkimage share the same hashing infrastructure. If one
is wrong, it's very likely that both are wrong in the same way. Thus
testing won't catch hash regressions. This already happened in
commit 92055e138f ("image: Drop if/elseif hash selection in
calculate_hash()"). None of the tests caught that CRC32 was broken.
Instead of testing hash_calculate() against itself, create a FIT with
containing a kernel with pre-calculated hashes. Then check the hashes
produced against the known good hashes.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tpm test cases relies on tpm device setup. Provide an environment
variable "env__tpm_device_test_skip = True" to skip the test case
if tpm device is not present.
Only needed will have to add variable to the py-test framework.
Test runs successfully even this variable is absent.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some builds of squashfs-tools append version string with "-git" or
similar. The float() conversion will fail in this case.
Improve the code to only convert to float() the string before the '-'
character.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
After the commit c70f44817d ("efi_loader: simplify 'printenv -e'"),
"-all" option is no longer necessary.
Just remove them in the test script.
Fixes: c70f44817d ("efi_loader: simplify 'printenv -e'")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update the result of do_status and always returns a CMD_RET_ value
(-ENOSYS was a possible result of show_pinmux).
This patch also adds pincontrol name in error messages (dev->name)
and treats correctly the status sub command when pin-controller device is
not selected.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add more details to test cases by comparing each expected line with the
command's output. Add new test cases:
- sqfsls at an empty directory
- sqfsls at a sub-directory
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
