On Thu, Nov 04, 2021 at 08:02:37PM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 4 Nov 2021 at 19:21, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Wed, Nov 03, 2021 at 08:49:04PM -0600, Simon Glass wrote:
Hi Takahiro,
On Wed, 3 Nov 2021 at 20:04, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Tue, Nov 02, 2021 at 08:58:15AM -0600, Simon Glass wrote:
Hi Takahiro,
On Thu, 28 Oct 2021 at 23:25, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
On Thu, Oct 28, 2021 at 09:17:49PM -0600, Simon Glass wrote: > Hi Takahiro, > > On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro > takahiro.akashi@linaro.org wrote: > > > > Add a couple of test cases against capsule image authentication > > for capsule-on-disk, where only a signed capsule file with the verified > > signature will be applied to the system. > > > > Due to the difficulty of embedding a public key (esl file) in U-Boot > > binary during pytest setup time, all the keys/certificates are pre-created. > > > > Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org > > --- > > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > > test/py/tests/test_efi_capsule/conftest.py | 35 ++- > > test/py/tests/test_efi_capsule/signature.dts | 10 + > > .../test_capsule_firmware_signed.py | 233 ++++++++++++++++++ > > 4 files changed, 280 insertions(+), 3 deletions(-) > > create mode 100644 test/py/tests/test_efi_capsule/signature.dts > > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > > > diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py > > index 4fd6353c2040..aa9bf5eee3aa 100644 > > --- a/test/py/tests/test_efi_capsule/capsule_defs.py > > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py > > @@ -3,3 +3,8 @@ > > # Directories > > CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' > > CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule' > > + > > +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and > > +# you need build a newer version on your own. > > +# The path must terminate with '/'. > > +EFITOOLS_PATH = '' > > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py > > index 6ad5608cd71c..b0e84dec4931 100644 > > --- a/test/py/tests/test_efi_capsule/conftest.py > > +++ b/test/py/tests/test_efi_capsule/conftest.py > > @@ -10,13 +10,13 @@ import pytest > > from capsule_defs import * > > > > # > > -# Fixture for UEFI secure boot test > > +# Fixture for UEFI capsule test > > # > > > > - > > @pytest.fixture(scope='session') > > def efi_capsule_data(request, u_boot_config): > > - """Set up a file system to be used in UEFI capsule test. > > + """Set up a file system to be used in UEFI capsule and > > + authentication test. > > > > Args: > > request: Pytest request object. > > @@ -40,6 +40,26 @@ def efi_capsule_data(request, u_boot_config): > > check_call('mkdir -p %s' % data_dir, shell=True) > > check_call('mkdir -p %s' % install_dir, shell=True) > > > > + capsule_auth_enabled = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_authenticate') > > + if capsule_auth_enabled: > > + # Create private key (SIGNER.key) and certificate (SIGNER.crt) > > + check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365' > > + % data_dir, shell=True) > > run_and_log()?
I have always used this style of coding in this file as well as other my pytests in test/py/tests (filesystem and secure boot).
So, at least in this patch, I don't want to have mixed styles.
I don't mind about the style.
Does the command appear in the test log?
I don't think so as it is invoked in conftest.py. If the command fails, the tests will skip, and if it generates a improper signature, the tests will fail.
Well that is what I am getting at. Can you check?
Yes.
The test log is supposed to show everything that happened. It does that with other tests
It does? (I don't think so.)
and I worry that using this function to run things will mean that no one will be able to debug your test in CI.
What is missing in general is that confest.py doesn't generate line-by-line trace logs if needed. It's not my test specific.
Can you try checking test-log.html ?
Here is an example with a vboot test. See the lines with 'openssl' and 'dtc' ? That is what I am talking about.
Do you see this output with the command you are using?
No. In your case, openssl and dtc are called in a test function, while my tool is invoked as part of fixture in confest.py.
What I requested is that command executions in fixtures be logged as well.
-Takahiro Akashi
[-] Section: test_vboot[sha1-basic-sha1--None-False-True] TIME: NOW: 2021/11/04 19:52:55.916263
TIME: SINCE-PREV: 0:00:00.429408
TIME: SINCE-START: 0:00:00.429408
[-] Section: test_vboot[sha1-basic-sha1--None-False-True]/Starting U-Boot TIME: NOW: 2021/11/04 19:52:55.916582
TIME: SINCE-PREV: 0:00:00.000319
TIME: SINCE-START: 0:00:00.429727
[-] Stream: console Creating new bloblist size 400 at c000 sandbox_serial serial: pinctrl_select_state_full: uclass_get_device_by_phandle_id: err=-19
U-Boot 2021.10-00200-g458c5ec2f57-dirty (Nov 04 2021 - 19:52:48 -0600)
Model: sandbox DRAM: 128 MiB Core: 246 devices, 88 uclasses, devicetree: board WDT: Not starting gpio-wdt WDT: Not starting wdt@0 MMC: mmc2: 2 (SD), mmc1: 1 (SD), mmc0: 0 (SD) Loading Environment from nowhere... OK In: cros-ec-keyb Out: vidconsole Err: vidconsole Model: sandbox SCSI: Net: eth0: eth@10002000, eth5: eth@10003000, eth3: sbe5, eth6: eth@10004000, eth4: dsa-test-eth, eth2: lan0, eth7: lan1 Hit any key to stop autoboot: 2 %08%08%08 0 => TIME: NOW: 2021/11/04 19:52:56.023596
TIME: SINCE-PREV: 0:00:00.107014
TIME: SINCE-START: 0:00:00.536741
TIME: SINCE-SECTION: 0:00:00.107114
[-] Stream: openssl +openssl genpkey -algorithm RSA -out /tmp/b/sandbox/sha1-basic/dev.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 ...................+++++ ...............+++++
TIME: NOW: 2021/11/04 19:52:56.067325
TIME: SINCE-PREV: 0:00:00.043729
TIME: SINCE-START: 0:00:00.580470
[-] Stream: openssl +openssl req -batch -new -x509 -key /tmp/b/sandbox/sha1-basic/dev.key -out /tmp/b/sandbox/sha1-basic/dev.crt
TIME: NOW: 2021/11/04 19:52:56.077671
TIME: SINCE-PREV: 0:00:00.010346
TIME: SINCE-START: 0:00:00.590816
[-] Stream: openssl +openssl genpkey -algorithm RSA -out /tmp/b/sandbox/sha1-basic/prod.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 ...........................+++++ ............+++++
TIME: NOW: 2021/11/04 19:52:56.127578
TIME: SINCE-PREV: 0:00:00.049907
TIME: SINCE-START: 0:00:00.640723
[-] Stream: openssl +openssl req -batch -new -x509 -key /tmp/b/sandbox/sha1-basic/prod.key -out /tmp/b/sandbox/sha1-basic/prod.crt
TIME: NOW: 2021/11/04 19:52:56.136682
TIME: SINCE-PREV: 0:00:00.009104
TIME: SINCE-START: 0:00:00.649827
[-] Stream: dtc +dtc -I dts -O dtb -i /tmp/b/sandbox/sha1-basic/ /scratch/sglass/cosarm/src/third_party/u-boot/files/test/py/tests/vboot/sandbox-kernel.dts -O dtb -o /tmp/b/sandbox/sha1-basic/sandbox-kernel.dtb
TIME: NOW: 2021/11/04 19:52:56.142636
TIME: SINCE-PREV: 0:00:00.005954
TIME: SINCE-START: 0:00:00.655781
[-] Stream: dtc +dtc -I dts -O dtb -i /tmp/b/sandbox/sha1-basic/ /scratch/sglass/cosarm/src/third_party/u-boot/files/test/py/tests/vboot/sandbox-u-boot.dts -O dtb -o /tmp/b/sandbox/sha1-basic/sandbox-u-boot.dtb /scratch/sglass/cosarm/src/third_party/u-boot/files/test/py/tests/vboot/sandbox-u-boot.dts:7.10-9.4: Warning (unit_address_vs_reg): /reset@0: node has a unit name, but no reg or ranges property
TIME: NOW: 2021/11/04 19:52:56.147797
Regards, Simon