subject:"\[PATCH v6 14\/16\] test\: py\: vboot\: add test for global image signature"

Re: [PATCH v6 14/16] test: py: vboot: add test for global image signature

2022-03-02 Thread Simon Glass

Hi Philippe,

On Fri, 25 Feb 2022 at 07:58, Philippe Reynes
 wrote:
>
> Adds test units for the pre-load header signature.
>
> Signed-off-by: Philippe Reynes 
> ---
>  test/py/tests/test_vboot.py   | 125 +++---
>  test/py/tests/vboot/sandbox-binman-pss.dts|  25 
>  test/py/tests/vboot/sandbox-binman.dts|  24 
>  .../tests/vboot/sandbox-u-boot-global-pss.dts |  28 
>  test/py/tests/vboot/sandbox-u-boot-global.dts |  27 
>  test/py/tests/vboot/simple-images.its |  36 +
>  6 files changed, 249 insertions(+), 16 deletions(-)
>  create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts
>  create mode 100644 test/py/tests/vboot/sandbox-binman.dts
>  create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts
>  create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts
>  create mode 100644 test/py/tests/vboot/simple-images.its
>
> diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
> index ac8ed9f114..a4a2bb2955 100644
> --- a/test/py/tests/test_vboot.py
> +++ b/test/py/tests/test_vboot.py
> @@ -35,19 +35,21 @@ import vboot_evil

please add to the comment at the top of the file since you have added a new way

>  # Only run the full suite on a few combinations, since it doesn't add any 
> more
>  # test coverage.
>  TESTDATA = [
> -['sha1-basic', 'sha1', '', None, False, True, False],
> -['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False],
> -['sha1-pss', 'sha1', '-pss', None, False, False, False],
> -['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False],
> -['sha256-basic', 'sha256', '', None, False, False, False],
> -['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False],
> -['sha256-pss', 'sha256', '-pss', None, False, False, False],
> -['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, 
> False],
> -['sha256-pss-required', 'sha256', '-pss', None, True, False, False],
> -['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, 
> True, False],
> -['sha384-basic', 'sha384', '', None, False, False, False],
> -['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False],
> -['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True],
> +['sha1-basic', 'sha1', '', None, False, True, False, False],
> +['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False, False],
> +['sha1-pss', 'sha1', '-pss', None, False, False, False, False],
> +['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False, 
> False],
> +['sha256-basic', 'sha256', '', None, False, False, False, False],
> +['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False, 
> False],
> +['sha256-pss', 'sha256', '-pss', None, False, False, False, False],
> +['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, 
> False, False],
> +['sha256-pss-required', 'sha256', '-pss', None, True, False, False, 
> False],
> +['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, 
> True, False, False],
> +['sha384-basic', 'sha384', '', None, False, False, False, False],
> +['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False, 
> False],
> +['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, 
> False],
> +['sha256-global-sign', 'sha256', '', '', False, False, False, True],
> +['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, 
> True],
>  ]
>
>  @pytest.mark.boardspec('sandbox')
> @@ -56,10 +58,10 @@ TESTDATA = [
>  @pytest.mark.requiredtool('fdtget')
>  @pytest.mark.requiredtool('fdtput')
>  @pytest.mark.requiredtool('openssl')
> -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg",
> +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign",
>   TESTDATA)
>  def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, 
> required,
> -   full_test, algo_arg):
> +   full_test, algo_arg, global_sign):
>  """Test verified boot signing with mkimage and verification with 'bootm'.
>
>  This works using sandbox only as it needs to update the device tree used
> @@ -81,6 +83,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, 
> sign_options, required,
>  util.run_and_log(cons, 'dtc %s %s%s -O dtb '
>   '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
>
> +def dtc_options(dts, options):
> +"""Run the device tree compiler to compile a .dts file
> +
> +The output file will be the same as the input file but with a .dtb
> +extension.
> +
> +Args:
> +dts: Device tree file to compile.
> +options: Options provided to the compiler.
> +"""
> +dtb = dts.replace('.dts', '.dtb')
> +util.run_and_log(cons, 'dtc %s %s%s -O

[PATCH v6 14/16] test: py: vboot: add test for global image signature

2022-02-25 Thread Philippe Reynes

Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes 
---
 test/py/tests/test_vboot.py   | 125 +++---
 test/py/tests/vboot/sandbox-binman-pss.dts|  25 
 test/py/tests/vboot/sandbox-binman.dts|  24 
 .../tests/vboot/sandbox-u-boot-global-pss.dts |  28 
 test/py/tests/vboot/sandbox-u-boot-global.dts |  27 
 test/py/tests/vboot/simple-images.its |  36 +
 6 files changed, 249 insertions(+), 16 deletions(-)
 create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts
 create mode 100644 test/py/tests/vboot/sandbox-binman.dts
 create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts
 create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts
 create mode 100644 test/py/tests/vboot/simple-images.its

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index ac8ed9f114..a4a2bb2955 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -35,19 +35,21 @@ import vboot_evil
 # Only run the full suite on a few combinations, since it doesn't add any more
 # test coverage.
 TESTDATA = [
-['sha1-basic', 'sha1', '', None, False, True, False],
-['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False],
-['sha1-pss', 'sha1', '-pss', None, False, False, False],
-['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False],
-['sha256-basic', 'sha256', '', None, False, False, False],
-['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False],
-['sha256-pss', 'sha256', '-pss', None, False, False, False],
-['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False],
-['sha256-pss-required', 'sha256', '-pss', None, True, False, False],
-['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True, 
False],
-['sha384-basic', 'sha384', '', None, False, False, False],
-['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False],
-['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True],
+['sha1-basic', 'sha1', '', None, False, True, False, False],
+['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False, False],
+['sha1-pss', 'sha1', '-pss', None, False, False, False, False],
+['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False, 
False],
+['sha256-basic', 'sha256', '', None, False, False, False, False],
+['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False, False],
+['sha256-pss', 'sha256', '-pss', None, False, False, False, False],
+['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False, 
False],
+['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False],
+['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True, 
False, False],
+['sha384-basic', 'sha384', '', None, False, False, False, False],
+['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False, False],
+['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, 
False],
+['sha256-global-sign', 'sha256', '', '', False, False, False, True],
+['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, 
True],
 ]
 
 @pytest.mark.boardspec('sandbox')
@@ -56,10 +58,10 @@ TESTDATA = [
 @pytest.mark.requiredtool('fdtget')
 @pytest.mark.requiredtool('fdtput')
 @pytest.mark.requiredtool('openssl')
-@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg",
+@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign",
  TESTDATA)
 def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
-   full_test, algo_arg):
+   full_test, algo_arg, global_sign):
 """Test verified boot signing with mkimage and verification with 'bootm'.
 
 This works using sandbox only as it needs to update the device tree used
@@ -81,6 +83,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, 
sign_options, required,
 util.run_and_log(cons, 'dtc %s %s%s -O dtb '
  '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
 
+def dtc_options(dts, options):
+"""Run the device tree compiler to compile a .dts file
+
+The output file will be the same as the input file but with a .dtb
+extension.
+
+Args:
+dts: Device tree file to compile.
+options: Options provided to the compiler.
+"""
+dtb = dts.replace('.dts', '.dtb')
+util.run_and_log(cons, 'dtc %s %s%s -O dtb '
+ '-o %s%s %s' % (dtc_args, datadir, dts, tmpdir, dtb, 
options))
+
+def run_binman(dtb):
+"""Run binman to build an image
+
+Args:
+dtb: Device tree file used as input file.
+"""
+util.run_and_log(cons, [binman, 'build', '-d', "%s/%s" % (tmpdir,dtb),
+

Re: [PATCH v6 14/16] test: py: vboot: add test for global image signature

[PATCH v6 14/16] test: py: vboot: add test for global image signature

2 matches

Site Navigation

Mail list logo

Footer information