hi Simon,
On Sun, 16 Jul 2023 at 05:12, Simon Glass sjg@chromium.org wrote:
Hi,
On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu sughosh.ganu@linaro.org wrote:
Support has been added to the mkeficapsule tool to generate capsules by parsing the capsule parameters through a config file. Add a config file for generating capsules. These capsules will be used for testing the capsule update feature on sandbox platform.
Enable generation of capsules through the config file on the sandbox variant.
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
Changes since V3:
- Use fstrings for format specifiers.
- Add entries for generating capsules with version parameter.
.azure-pipelines.yml | 2 + .gitlab-ci.yml | 2 + configs/sandbox_defconfig | 2 + test/py/conftest.py | 5 + .../test_efi_capsule/sandbox_capsule_cfg.txt | 162 ++++++++++++++++++ 5 files changed, 173 insertions(+) create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index d732ba443d..240ee4f692 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -403,6 +403,7 @@ stages: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;@@ -600,6 +601,7 @@ stages: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aec6ffaf1c..42456e5f3f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,6 +42,7 @@ stages: - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
- cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
- if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
@@ -148,6 +149,7 @@ build all other platforms: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 560f3317d9..f3c09f845a 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl" +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt" +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y diff --git a/test/py/conftest.py b/test/py/conftest.py index 1092cb713b..20b8dc1913 100644 --- a/test/py/conftest.py +++ b/test/py/conftest.py @@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log): f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) run_command(name, cmd, source_dir)
- capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
You can use cons.config.build_dir as your working directory.
Sorry, I did not get this comment. This file is in the source directory, and does not get reflected in the build_dir. Which is why this needs to be copied to a known location(/tmp/capsules/).
- name = 'cp'
- cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' )
- run_command(name, cmd, source_dir)
- gen_capsule_payloads(capsule_sig_dir)
def run_build(config, source_dir, build_dir, board_type, log): diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt new file mode 100644 index 0000000000..82d538dfb5 --- /dev/null +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt @@ -0,0 +1,162 @@ +{
image-index: 1image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8What are these? Can you at least given them a name and a description? We don't want to have GUIDs in the source code open-coded like this as they have no useful meaning.
I will add a comment against the GUID values.
-sughosh
payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test01+} +{
image-index: 2image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0payload: /tmp/capsules/u-boot.env.newcapsule: /tmp/capsules/Test02+} +{
image-index: 1image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test03+} +{
image-index: 1image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test04+} +{
image-index: 1image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test05+} +{
image-index: 1image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test05+} +{
image-index: 1monotonic-count: 1private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test11+} +{
image-index: 1monotonic-count: 1private-key: /tmp/capsules/SIGNER2.keypub-key-cert: /tmp/capsules/SIGNER2.crtimage-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test12+} +{
image-index: 1monotonic-count: 1private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test13+} +{
image-index: 1monotonic-count: 1private-key: /tmp/capsules/SIGNER2.keypub-key-cert: /tmp/capsules/SIGNER2.crtimage-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test14+} +{
image-index: 1fw-version: 5image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test101+} +{
image-index: 2fw-version: 10image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0payload: /tmp/capsules/u-boot.env.newcapsule: /tmp/capsules/Test102+} +{
image-index: 1fw-version: 2image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test103+} +{
image-index: 1fw-version: 5image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test104+} +{
image-index: 1fw-version: 2image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test105+} +{
image-index: 1monotonic-count: 1fw-version: 5private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test111+} +{
image-index: 2monotonic-count: 1fw-version: 10private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0payload: /tmp/capsules/u-boot.env.newcapsule: /tmp/capsules/Test112+} +{
image-index: 1monotonic-count: 1fw-version: 2private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8payload: /tmp/capsules/u-boot.bin.newcapsule: /tmp/capsules/Test113+} +{
image-index: 1fw-version: 5monotonic-count: 1private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test114+} +{
image-index: 1fw-version: 2monotonic-count: 1private-key: /tmp/capsules/SIGNER.keypub-key-cert: /tmp/capsules/SIGNER.crtimage-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937payload: /tmp/capsules/uboot_bin_env.itbcapsule: /tmp/capsules/Test115+}
2.34.1
Regards, Simon