Re: [PATCH v6 14/16] test: py: vboot: add test for global image signature
Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes wrote: > > Adds test units for the pre-load header signature. > > Signed-off-by: Philippe Reynes > --- > test/py/tests/test_vboot.py | 125 +++--- > test/py/tests/vboot/sandbox-binman-pss.dts| 25 > test/py/tests/vboot/sandbox-binman.dts| 24 > .../tests/vboot/sandbox-u-boot-global-pss.dts | 28 > test/py/tests/vboot/sandbox-u-boot-global.dts | 27 > test/py/tests/vboot/simple-images.its | 36 + > 6 files changed, 249 insertions(+), 16 deletions(-) > create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts > create mode 100644 test/py/tests/vboot/sandbox-binman.dts > create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts > create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts > create mode 100644 test/py/tests/vboot/simple-images.its > > diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py > index ac8ed9f114..a4a2bb2955 100644 > --- a/test/py/tests/test_vboot.py > +++ b/test/py/tests/test_vboot.py > @@ -35,19 +35,21 @@ import vboot_evil please add to the comment at the top of the file since you have added a new way > # Only run the full suite on a few combinations, since it doesn't add any > more > # test coverage. > TESTDATA = [ > -['sha1-basic', 'sha1', '', None, False, True, False], > -['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False], > -['sha1-pss', 'sha1', '-pss', None, False, False, False], > -['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False], > -['sha256-basic', 'sha256', '', None, False, False, False], > -['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False], > -['sha256-pss', 'sha256', '-pss', None, False, False, False], > -['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, > False], > -['sha256-pss-required', 'sha256', '-pss', None, True, False, False], > -['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, > True, False], > -['sha384-basic', 'sha384', '', None, False, False, False], > -['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False], > -['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True], > +['sha1-basic', 'sha1', '', None, False, True, False, False], > +['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False, False], > +['sha1-pss', 'sha1', '-pss', None, False, False, False, False], > +['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False, > False], > +['sha256-basic', 'sha256', '', None, False, False, False, False], > +['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False, > False], > +['sha256-pss', 'sha256', '-pss', None, False, False, False, False], > +['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, > False, False], > +['sha256-pss-required', 'sha256', '-pss', None, True, False, False, > False], > +['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, > True, False, False], > +['sha384-basic', 'sha384', '', None, False, False, False, False], > +['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False, > False], > +['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, > False], > +['sha256-global-sign', 'sha256', '', '', False, False, False, True], > +['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, > True], > ] > > @pytest.mark.boardspec('sandbox') > @@ -56,10 +58,10 @@ TESTDATA = [ > @pytest.mark.requiredtool('fdtget') > @pytest.mark.requiredtool('fdtput') > @pytest.mark.requiredtool('openssl') > -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg", > +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign", > TESTDATA) > def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, > required, > - full_test, algo_arg): > + full_test, algo_arg, global_sign): > """Test verified boot signing with mkimage and verification with 'bootm'. > > This works using sandbox only as it needs to update the device tree used > @@ -81,6 +83,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, > sign_options, required, > util.run_and_log(cons, 'dtc %s %s%s -O dtb ' > '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) > > +def dtc_options(dts, options): > +"""Run the device tree compiler to compile a .dts file > + > +The output file will be the same as the input file but with a .dtb > +extension. > + > +Args: > +dts: Device tree file to compile. > +options: Options provided to the compiler. > +""" > +dtb = dts.replace('.dts', '.dtb') > +util.run_and_log(cons, 'dtc %s %s%s -O
[PATCH v6 14/16] test: py: vboot: add test for global image signature
Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes --- test/py/tests/test_vboot.py | 125 +++--- test/py/tests/vboot/sandbox-binman-pss.dts| 25 test/py/tests/vboot/sandbox-binman.dts| 24 .../tests/vboot/sandbox-u-boot-global-pss.dts | 28 test/py/tests/vboot/sandbox-u-boot-global.dts | 27 test/py/tests/vboot/simple-images.its | 36 + 6 files changed, 249 insertions(+), 16 deletions(-) create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts create mode 100644 test/py/tests/vboot/sandbox-binman.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts create mode 100644 test/py/tests/vboot/simple-images.its diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index ac8ed9f114..a4a2bb2955 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -35,19 +35,21 @@ import vboot_evil # Only run the full suite on a few combinations, since it doesn't add any more # test coverage. TESTDATA = [ -['sha1-basic', 'sha1', '', None, False, True, False], -['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False], -['sha1-pss', 'sha1', '-pss', None, False, False, False], -['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False], -['sha256-basic', 'sha256', '', None, False, False, False], -['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False], -['sha256-pss', 'sha256', '-pss', None, False, False, False], -['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False], -['sha256-pss-required', 'sha256', '-pss', None, True, False, False], -['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True, False], -['sha384-basic', 'sha384', '', None, False, False, False], -['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False], -['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True], +['sha1-basic', 'sha1', '', None, False, True, False, False], +['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False, False], +['sha1-pss', 'sha1', '-pss', None, False, False, False, False], +['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False, False], +['sha256-basic', 'sha256', '', None, False, False, False, False], +['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False, False], +['sha256-pss', 'sha256', '-pss', None, False, False, False, False], +['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False, False], +['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False], +['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True, False, False], +['sha384-basic', 'sha384', '', None, False, False, False, False], +['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False, False], +['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, False], +['sha256-global-sign', 'sha256', '', '', False, False, False, True], +['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, True], ] @pytest.mark.boardspec('sandbox') @@ -56,10 +58,10 @@ TESTDATA = [ @pytest.mark.requiredtool('fdtget') @pytest.mark.requiredtool('fdtput') @pytest.mark.requiredtool('openssl') -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg", +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign", TESTDATA) def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, - full_test, algo_arg): + full_test, algo_arg, global_sign): """Test verified boot signing with mkimage and verification with 'bootm'. This works using sandbox only as it needs to update the device tree used @@ -81,6 +83,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, util.run_and_log(cons, 'dtc %s %s%s -O dtb ' '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) +def dtc_options(dts, options): +"""Run the device tree compiler to compile a .dts file + +The output file will be the same as the input file but with a .dtb +extension. + +Args: +dts: Device tree file to compile. +options: Options provided to the compiler. +""" +dtb = dts.replace('.dts', '.dtb') +util.run_and_log(cons, 'dtc %s %s%s -O dtb ' + '-o %s%s %s' % (dtc_args, datadir, dts, tmpdir, dtb, options)) + +def run_binman(dtb): +"""Run binman to build an image + +Args: +dtb: Device tree file used as input file. +""" +util.run_and_log(cons, [binman, 'build', '-d', "%s/%s" % (tmpdir,dtb), +