Hi Takahiro,
On Wed, 3 Nov 2021 at 20:04, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Tue, Nov 02, 2021 at 08:58:15AM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 28 Oct 2021 at 23:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Thu, Oct 28, 2021 at 09:17:49PM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
Add a couple of test cases against capsule image authentication for capsule-on-disk, where only a signed capsule file with the verified signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
.../py/tests/test_efi_capsule/capsule_defs.py | 5 + test/py/tests/test_efi_capsule/conftest.py | 35 ++- test/py/tests/test_efi_capsule/signature.dts | 10 + .../test_capsule_firmware_signed.py | 233 ++++++++++++++++++ 4 files changed, 280 insertions(+), 3 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py index 4fd6353c2040..aa9bf5eee3aa 100644 --- a/test/py/tests/test_efi_capsule/capsule_defs.py +++ b/test/py/tests/test_efi_capsule/capsule_defs.py @@ -3,3 +3,8 @@ # Directories CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule'
+# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and +# you need build a newer version on your own. +# The path must terminate with '/'. +EFITOOLS_PATH = '' diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 6ad5608cd71c..b0e84dec4931 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -10,13 +10,13 @@ import pytest from capsule_defs import *
# -# Fixture for UEFI secure boot test +# Fixture for UEFI capsule test #
@pytest.fixture(scope='session') def efi_capsule_data(request, u_boot_config):
- """Set up a file system to be used in UEFI capsule test.
"""Set up a file system to be used in UEFI capsule and
authentication test.Args: request: Pytest request object.
@@ -40,6 +40,26 @@ def efi_capsule_data(request, u_boot_config): check_call('mkdir -p %s' % data_dir, shell=True) check_call('mkdir -p %s' % install_dir, shell=True)
capsule_auth_enabled = u_boot_config.buildconfig.get('config_efi_capsule_authenticate')if capsule_auth_enabled:# Create private key (SIGNER.key) and certificate (SIGNER.crt)check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365'% data_dir, shell=True)run_and_log()?
I have always used this style of coding in this file as well as other my pytests in test/py/tests (filesystem and secure boot).
So, at least in this patch, I don't want to have mixed styles.
I don't mind about the style.
Does the command appear in the test log?
I don't think so as it is invoked in conftest.py. If the command fails, the tests will skip, and if it generates a improper signature, the tests will fail.
Well that is what I am getting at. Can you check?
The test log is supposed to show everything that happened. It does that with other tests and I worry that using this function to run things will mean that no one will be able to debug your test in CI.
Regards, Simon