Hi Daniel, On 2026-05-07T16:40:15, Daniel Golle <[email protected]> wrote: > test: py: add mkimage dm-verity round-trip test > > Add test/py/tests/test_fit_verity.py with two tests. > > Both tests are skipped if veritysetup is not installed on the host. > > Signed-off-by: Daniel Golle <[email protected]> > > test/py/tests/test_fit_verity.py | 145 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 145 insertions(+)
Reviewed-by: Simon Glass <[email protected]> A few improvements below > diff --git a/test/py/tests/test_fit_verity.py > b/test/py/tests/test_fit_verity.py > @@ -0,0 +1,145 @@ > + # Without -E, mkimage should fail for dm-verity images > + dtc_args = f'-I dts -O dtb -i {tempdir}' > + with pytest.raises(Exception): > + utils.run_and_log(ubman, > + [mkimage, '-D', dtc_args, '-f', its_file, > fit_file]) pytest.raises(Exception) is too broad - it will swallow any failure (FileNotFoundError, an mkimage segfault, etc.) and the test will appear to pass. Please use utils.run_and_log_expect_exception() with the specific retcode and a fragment of the expected diagnostic ('dm-verity requires external data') so we verify mkimage rejected the image for the right reason. > diff --git a/test/py/tests/test_fit_verity.py > b/test/py/tests/test_fit_verity.py > @@ -0,0 +1,145 @@ > + dm-verity { > + algo = 'sha256'; > + data-block-size = <4096>; > + hash-block-size = <4096>; > + }; Since v3 extends the block-count overflow check to cover hash-block-size < data-block-size, and patch 5 calls out that hash-start-block only equals num-data-blocks when the two sizes are equal, how about a second positive case with mismatched sizes (e.g. data 4096, hash 1024) so hash-start-block != num-data-blocks is actually exercised. > diff --git a/test/py/tests/test_fit_verity.py > b/test/py/tests/test_fit_verity.py > @@ -0,0 +1,145 @@ > + # Build the FIT with external data (required for dm-verity) > + dtc_args = f'-I dts -O dtb -i {tempdir}' > + utils.run_and_log(ubman, > + [mkimage, '-E', '-D', dtc_args, '-f', its_file, > fit_file]) The test confirms mkimage writes back the four computed properties, but never that the digest is correct for the data, so a regression that produced a stable but wrong digest would still pass. Can you run 'veritysetup verify' against the external data and assert the digests match? Regards, Simon
