Hi Simon,
On Wed, Nov 20, 2024 at 05:40:42AM -0700, Simon Glass wrote:
WARNING: This email originated from outside of GE HealthCare. Please validate the sender's email address before clicking on links or attachments as they may not be safe.
Hi Brian,
On Mon, 4 Nov 2024 at 01:33, Brian Ruley brian.ruley@gehealthcare.com wrote:
On Wed, Oct 30, 2024 at 09:23:46AM -0300, Fabio Estevam wrote:
WARNING: This email originated from outside of GE HealthCare. Please validate the sender's email address before clicking on links or attachments as they may not be safe.
Hi Brian,
On Wed, Oct 30, 2024 at 5:08???AM Brian Ruley brian.ruley@gehealthcare.com wrote:
Add coverage for IMX8M code siging. Create PKI tree and other assets required by `cst' using `hab4_pki_tree.sh' script and `srktool' in `cst_3.4.1' [1].
[1] https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW
Signed-off-by: Brian Ruley brian.ruley@gehealthcare.com
Changes for v4:
- Rebased on master: 340_nxp_imx8mcst.dts -> 343_nxp_imx8mcst.dts 341_nxp_imx8mcst_fast_auth.dts -> 344_nxp_imx8mcst_fast_auth.dts
Here is the result when I tried applying and testing this:
$ git am ~/Downloads/v4-1-2-binman-nxp_imx8mcst-read-certificates-from-input-path.patch Applying: binman: nxp_imx8mcst: read certificates from input path Applying: binman: expand test coverage to nxp_imx8mcst .git/rebase-apply/patch:206: trailing whitespace. X509v3 Basic Constraints: .git/rebase-apply/patch:208: trailing whitespace. Netscape Comment: .git/rebase-apply/patch:210: trailing whitespace. X509v3 Subject Key Identifier: .git/rebase-apply/patch:212: trailing whitespace. X509v3 Authority Key Identifier: .git/rebase-apply/patch:333: trailing whitespace. X509v3 Basic Constraints: warning: squelched 7 whitespace errors warning: 12 lines add whitespace errors.
$ ./tools/binman/binman test testNxpImx8mCstFastAuth ======================== Running binman tests ======================== E ====================================================================== ERROR: testNxpImx8mCstFastAuth (binman.ftest.TestFunctional) Test that binman can sign an iMX8M image using fast authentication
ValueError: Error -11 running 'cst -i /tmp/binman.tf697xr9/nxp.csf-config-txt.nxp-imx8mcst -o /tmp/binman.tf697xr9/nxp.csf-output-blob.nxp-imx8mcst':
Ran 1 test in 1.318s
FAILED (errors=1)
Any ideas?
Hi Fabio,
Strange, but I don't have a clue. I was able to find the bit of Python where things go wrong in my reply to Simon:
Odd, -11 means that is the resouce is temporarily unavailable, no? I don't see how that could be caused by my changes. I managed to trace it to line 367 in `tools/u_boot_pylib/tools.py`, which takes us to the run_pipe() function in `tools/u_boot_pylib/commands.py`, where we wait on a pipe:
108: result.return_code = last_pipe.wait()
I also described the environment I was running:
I've compiled the NXP Code Signing tool myself from version 3.4.1 and added that to path. The system I'm running on is:
cat /etc/fedora-release && uname -msrv Fedora release 40 (Forty) Linux 6.10.12-200.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Sep 30 21:38:25 UTC 2024 x86_64
Also, prior to running any tests, I've built the `tools-only_defconfig`. I admit that I find the test suites sightly confusing, so I might have missed something.
I can try to run it in different environment to see if I can reproduce the issue.
I believe this is something wrong with the tool. This is on Ubuntu 22.04:
$ binman test -X testNxpImx8mCst ======================== Running binman tests ======================== Preserving output dir: /tmp/binman.imy5s98_ Preserving input dir: /tmp/binmant.izmi883v E ====================================================================== ERROR: binman.ftest.TestFunctional.testNxpImx8mCst (subunit.RemotedTestCase) binman.ftest.TestFunctional.testNxpImx8mCst
testtools.testresult.real._StringException: Traceback (most recent call last): ValueError: Error -11 running 'cst -i /tmp/binman.imy5s98_/nxp.csf-config-txt.nxp-imx8mcst -o /tmp/binman.imy5s98_/nxp.csf-output-blob.nxp-imx8mcst':
Ran 1 test in 0.157s
FAILED (errors=1)
$ cst -i /tmp/binman.imy5s98_/nxp.csf-config-txt.nxp-imx8mcst -o /tmp/binman.imy5s98_/nxp.csf-output-blob.nxp-imx8mcst Install SRK Install CSFK Segmentation fault
So the tool is segfaulting, for some reason.
Yes, I've noticed that too.
I'd suggest compiling the tool yourself, you can get it from:
https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW
or:
https://gitlab.apertis.org/pkg/imx-code-signing-tool/
or use the .deb package from Debian unstable:
https://packages.debian.org/unstable/imx-code-signing-tool
Pick your poison :)
Best regards, Brian