Hi Simon,
Sorry for the late response, we had some recent network changes, so it seems that my replies were not relayed correctly.
On Tue, Oct 15, 2024 at 12:06:55AM -0600, Simon Glass wrote:
Hi Brian,
On Thu, 10 Oct 2024 at 05:25, Brian Ruley brian.ruley@gehealthcare.com wrote:
Add coverage for IMX8M code siging. Create PKI tree and other assets required by `cst' using `hab4_pki_tree.sh' script and `srktool' in `cst_3.4.1' [1].
[1] https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW
Signed-off-by: Brian Ruley brian.ruley@gehealthcare.com
Changes for v2:
- Added missing *.pem files
- Rebased on top of "[PATCH v4 2/2] binman: add fast authentication method for i.MX8M signing"
- Included a test for fast authentication
Thanks for doing this! When I run it I get:
No problem, we made an implicit deal that you get some test coverage and I get my feature :)
inman test testNxpImx8mCstFastAuth ======================== Running binman tests ======================== E ====================================================================== ERROR: binman.ftest.TestFunctional.testNxpImx8mCstFastAuth (subunit.RemotedTestCase) binman.ftest.TestFunctional.testNxpImx8mCstFastAuth
testtools.testresult.real._StringException: Traceback (most recent call last): ValueError: Error -11 running 'cst -i /tmp/binman.lk6cfgwh/nxp.csf-config-txt.nxp-imx8mcst -o /tmp/binman.lk6cfgwh/nxp.csf-output-blob.nxp-imx8mcst':
Ran 1 test in 0.198s
FAILED (errors=1)
Odd, -11 means that is the resouce is temporarily unavailable, no? I don't see how that could be caused by my changes. I managed to trace it to line 367 in `tools/u_boot_pylib/tools.py`, which takes us to the run_pipe() function in `tools/u_boot_pylib/commands.py`, where we wait on a pipe:
108: result.return_code = last_pipe.wait()
For me, at least, everything works fine:
./tools/binman/binman test testNxpImx8mCst ======================== Running binman tests ======================== . ---------------------------------------------------------------------- Ran 1 test in 0.318s
OK
./tools/binman/binman test testNxpImx8mCstFastAuth ======================== Running binman tests ======================== . ---------------------------------------------------------------------- Ran 1 test in 0.333s
OK
I've compiled the NXP Code Signing tool myself from version 3.4.1 and added that to path. The system I'm running on is:
cat /etc/fedora-release && uname -msrv Fedora release 40 (Forty) Linux 6.10.12-200.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Sep 30 21:38:25 UTC 2024 x86_64
Also, prior to running any tests, I've built the `tools-only_defconfig`. I admit that I find the test suites sightly confusing, so I might have missed something.
Another test fails too. Do you know why I see this and you don't?
No clue. All I know is that the CST might work better if re-compiled. Why would other tests be impacted I'm unsure -- what's the other test?
Oh, and I noticed that the first dts file had some missing path prefix, so I'll send an updated version to fix that.
Best, Brian