On Wed, Nov 03, 2021 at 08:49:04PM -0600, Simon Glass wrote:
Hi Takahiro,
On Wed, 3 Nov 2021 at 20:04, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Tue, Nov 02, 2021 at 08:58:15AM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 28 Oct 2021 at 23:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Thu, Oct 28, 2021 at 09:17:49PM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
Add a couple of test cases against capsule image authentication for capsule-on-disk, where only a signed capsule file with the verified signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
.../py/tests/test_efi_capsule/capsule_defs.py | 5 + test/py/tests/test_efi_capsule/conftest.py | 35 ++- test/py/tests/test_efi_capsule/signature.dts | 10 + .../test_capsule_firmware_signed.py | 233 ++++++++++++++++++ 4 files changed, 280 insertions(+), 3 deletions(-) create mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py index 4fd6353c2040..aa9bf5eee3aa 100644 --- a/test/py/tests/test_efi_capsule/capsule_defs.py +++ b/test/py/tests/test_efi_capsule/capsule_defs.py @@ -3,3 +3,8 @@ # Directories CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule'
+# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and +# you need build a newer version on your own. +# The path must terminate with '/'. +EFITOOLS_PATH = '' diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 6ad5608cd71c..b0e84dec4931 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -10,13 +10,13 @@ import pytest from capsule_defs import *
# -# Fixture for UEFI secure boot test +# Fixture for UEFI capsule test #
@pytest.fixture(scope='session') def efi_capsule_data(request, u_boot_config):
- """Set up a file system to be used in UEFI capsule test.
"""Set up a file system to be used in UEFI capsule and
authentication test.Args: request: Pytest request object.
@@ -40,6 +40,26 @@ def efi_capsule_data(request, u_boot_config): check_call('mkdir -p %s' % data_dir, shell=True) check_call('mkdir -p %s' % install_dir, shell=True)
capsule_auth_enabled = u_boot_config.buildconfig.get('config_efi_capsule_authenticate')if capsule_auth_enabled:# Create private key (SIGNER.key) and certificate (SIGNER.crt)check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365'% data_dir, shell=True)run_and_log()?
I have always used this style of coding in this file as well as other my pytests in test/py/tests (filesystem and secure boot).
So, at least in this patch, I don't want to have mixed styles.
I don't mind about the style.
Does the command appear in the test log?
I don't think so as it is invoked in conftest.py. If the command fails, the tests will skip, and if it generates a improper signature, the tests will fail.
Well that is what I am getting at. Can you check?
Yes.
The test log is supposed to show everything that happened. It does that with other tests
It does? (I don't think so.)
and I worry that using this function to run things will mean that no one will be able to debug your test in CI.
What is missing in general is that confest.py doesn't generate line-by-line trace logs if needed. It's not my test specific.
-Takahiro Akashi
Regards, Simon