On 2/14/22 01:43, AKASHI Takahiro wrote:
Heinrich,
On Fri, Feb 11, 2022 at 08:25:15PM +0100, Heinrich Schuchardt wrote:
On 2/9/22 11:10, AKASHI Takahiro wrote:
Add a couple of test cases against capsule image authentication for capsule-on-disk, where only a signed capsule file with the verified signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org Reviewed-by: Simon Glass sjg@chromium.org Acked-by: Ilias Apalodimas ilias.apalodimas@linaro.org
The test is not executed on Gitlab:
test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py sss
SKIPPED [3] /builds/u-boot/custodians/u-boot-efi/test/py/conftest.py:490: .config feature "efi_capsule_authenticate" not enabled
Please, provide a defconfig with CONFIG_EFI_CAPSULE_AUTHENTICATE=y in a follow-up patch.
This is somehow intentional. I don't remember quite well, but when I tried to add another defconfig file for sandbox to initiate some test in the past, you or Simon (sorry if I remember incorrectly here) opposed it.
Please also note that adding CONFIG_EFI_CAPSULE_AUTHENTICATE to sandbox_defconfig doesn't make sense as it makes non-signed capsule tests (test_capsule_firmware.py) meaningless.
This function really should be tested in Gitlab. How about adding the setting to sandbox_spl_defconfig?
You will have to change test/run line 31 for the test to be run on sandbox_spl.
Best regards
Heinrich
-Takahiro Akashi