Adds test units for the pre-load header signature.
Signed-off-by: Philippe Reynes
---
test/py/tests/test_vboot.py | 148 --
test/py/tests/vboot/sandbox-binman-pss.dts| 25 +++
test/py/tests/vboot/sandbox-binman.dts| 24 +++
.../tests/vboot/sandbox-u-boot-global-pss.dts | 28
test/py/tests/vboot/sandbox-u-boot-global.dts | 27
test/py/tests/vboot/simple-images.its | 36 +
6 files changed, 272 insertions(+), 16 deletions(-)
create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts
create mode 100644 test/py/tests/vboot/sandbox-binman.dts
create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts
create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts
create mode 100644 test/py/tests/vboot/simple-images.its
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index ac8ed9f114..040147d88b 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -21,6 +21,14 @@ For configuration verification:
- Corrupt the signature
- Check that image verification no-longer works
+For pre-load header verification:
+- Create FIT image with a pre-load header
+- Check that signature verification succeeds
+- Corrupt the FIT image
+- Check that signature verification fails
+- Launch an FIT image without a pre-load header
+- Check that image verification fails
+
Tests run with both SHA1 and SHA256 hashing.
"""
@@ -35,19 +43,21 @@ import vboot_evil
# Only run the full suite on a few combinations, since it doesn't add any more
# test coverage.
TESTDATA = [
-['sha1-basic', 'sha1', '', None, False, True, False],
-['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False],
-['sha1-pss', 'sha1', '-pss', None, False, False, False],
-['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False],
-['sha256-basic', 'sha256', '', None, False, False, False],
-['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False],
-['sha256-pss', 'sha256', '-pss', None, False, False, False],
-['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False],
-['sha256-pss-required', 'sha256', '-pss', None, True, False, False],
-['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True,
False],
-['sha384-basic', 'sha384', '', None, False, False, False],
-['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False],
-['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True],
+['sha1-basic', 'sha1', '', None, False, True, False, False],
+['sha1-pad', 'sha1', '', '-E -p 0x1', False, False, False, False],
+['sha1-pss', 'sha1', '-pss', None, False, False, False, False],
+['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x1', False, False, False,
False],
+['sha256-basic', 'sha256', '', None, False, False, False, False],
+['sha256-pad', 'sha256', '', '-E -p 0x1', False, False, False, False],
+['sha256-pss', 'sha256', '-pss', None, False, False, False, False],
+['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x1', False, False, False,
False],
+['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False],
+['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x1', True, True,
False, False],
+['sha384-basic', 'sha384', '', None, False, False, False, False],
+['sha384-pad', 'sha384', '', '-E -p 0x1', False, False, False, False],
+['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True,
False],
+['sha256-global-sign', 'sha256', '', '', False, False, False, True],
+['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False,
True],
]
@pytest.mark.boardspec('sandbox')
@@ -56,10 +66,10 @@ TESTDATA = [
@pytest.mark.requiredtool('fdtget')
@pytest.mark.requiredtool('fdtput')
@pytest.mark.requiredtool('openssl')
-@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg",
+@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign",
TESTDATA)
def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
- full_test, algo_arg):
+ full_test, algo_arg, global_sign):
"""Test verified boot signing with mkimage and verification with 'bootm'.
This works using sandbox only as it needs to update the device tree used
@@ -81,6 +91,33 @@ def test_vboot(u_boot_console, name, sha_algo, padding,
sign_options, required,
util.run_and_log(cons, 'dtc %s %s%s -O dtb '
'-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb))
+def dtc_options(dts, options):
+"""Run the device tree compiler to compile a .dts file
+
+The output file will be the same as the input file but with a .dtb
+extension.
+
+Args:
+dts: Device tree file to compile.
+options: Options provided to the