Up to now the EFI capsule Python tests were always skipped. The reason is
that mkimage fails with:
uboot_bin_env.its:13.21-23.5: Warning (unit_address_vs_reg):
/images/u-boot-bin@100000: node has a unit name, but no reg property
uboot_bin_env.its:24.21-34.5: Warning (unit_address_vs_reg):
/images/u-boot-env@150000: node has a unit name, but no reg property
If a unit in a device-tree has an address, a reg property must be provided.
But adding a reg property is not the solution here.
Since 2017 unit addresses are disallowed for FIT,
cf. common/image-fit.c:1624.
So remove the unit addresses in uboot_bin_env.its.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Add tests to check that these two attacks are mitigated by recent patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Add a library which performs two different attacks on a FIT.
Signed-off-by: Julien Lenoir <julien.lenoir@intel.com>
Signed-off-by: Bruce Monroe <bruce.monroe@intel.com>
Signed-off-by: Arie Haenel <arie.haenel@intel.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.
Disallow use of nodes with unit addresses.
Update the forge test also, since it uses @ addresses.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
As noted in comments, yield_fixture has been deprecated for longer than
our minimum required version of pytest. Newer versions of pytest cause
this to be a louder warning, and as the migration is trivial, perform it
now.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add test for dropped trace before log_init, displayed by debug uart.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The spl-test4 node deliberately has an invalid compatible string. This
causes a warning from dtoc and the check it does is not really necessary.
Drop it, to avoid the warning and associated confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Test that an exception SIGILL is answered by a reset on the sandbox if
CONFIG_SANDBOX_CRASH_RESET=y or by exiting to the OS otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a raw image capsule,
CONFIG_EFI_CAPSULE_RAW.
To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.
To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
It is the 'poweroff' and not the 'reset' command that should shut down the
sandbox.
Adjust the unit test accordingly
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
When rebasing this series I had to renumber all my log tests because
someone made another log test in the meantime. This involved updaing a
number in several places (C and python), and it wasn't checked by the
compiler. So I though "how hard could it be to just rewrite in C?" And
though it wasn't hard, it *was* tedious. Tests are numbered the same as
before to allow for easier review.
A note that if a test fails, everything after it will probably also fail.
This is because that test won't clean up its filters. There's no easy way
to do the cleanup, except perhaps removing all filters in a wrapper
function.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
At present an integer is converted to bytes incorrectly. The whole 32-bit
integer is inserted as the first element of the byte array, and the other
three bytes are skipped. This was not noticed because the unit test did
not check it, and the functional test was checking for wrong values.
Update the code to handle this as a special case. Add one more test to
cover all code paths.
Signed-off-by: Simon Glass <sjg@chromium.org>
do_save() function defined in fs.c also supports FAT file system
re-use the same for fatwrite command.
Also fix the FAT test script to match the expected output.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
To make the button command useful in a shell script it should return the
status of the button:
* 0 (true) - pressed, on
* 1 (false) - not pressed, off
The button command takes only one argument. Correct maxargs.
Adjust the Python unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
Using different strings for the device tree node labels and the label
property of buttons sharpens the button label unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
Add PStore command to sandbox and sandbox64 defconfigs.
Add test checking:
- 'pstore display' of all records
- 'pstore display' only the 2nd dump record
- 'pstore save' of all records
Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
[trini: Adjust to always load files from source directory]
Signed-off-by: Tom Rini <trini@konsulko.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Heiko Schocher <hs@denx.de>
This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.
This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.
Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present all log devices are enabled by default. Add a function to allow
devices to be disabled or enabled at runtime.
Signed-off-by: Simon Glass <sjg@chromium.org>
This extends the pinctrl-sandbox driver to support pin muxing, and adds a
test for that behaviour. The test is done in C and not python (like the
existing tests for the pinctrl uclass) because it needs to call
pinctrl_select_state. Another option could be to add a command that
invokes pinctrl_select_state and then test everything in
test/py/tests/test_pinmux.py.
The pinctrl-sandbox driver now mimics the way that many pinmux devices
work. There are two groups of pins which are muxed together, as well as
four pins which are muxed individually. I have tried to test all normal
paths. However, very few error cases are explicitly checked for.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When more nodes are added for a uclass the index might go into two or
more digits. This means that there are less spaces printed because they
are used up by the extra digits. Update the regular expression to allow
variable-length spacing between the class name and and index.
This was discovered when adding a simple_bus node in test.dts made
test_bind_unbind_with_uclass() fail because the index went up to 10.
Signed-off-by: Pratyush Yadav <p.yadav@ti.com>
The environment variable test uses function validate_empty() to check that
a variable is not defined. If the hush parser is not enabled, we cannot
refer to a variable by $var_name but only by ${var_name}.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Stephen Warren <swarren@nvidia.com>
Improve SquashFS tests architecture. Add 'Compression' class. LZO
algorithm may crash if the file is fragmented, so the fragments are
disabled when testing LZO.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.
For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
As bind-test is now binded at sandbox startup and no more by
test_bind.py, bind-test nodes are not located at the end of
"dm tree" output, but can be located everywhere in the tree, so
bind-test output could either be:
simple_bus 0 [ ] generic_simple_bus |-- bind-test
phy 0 [ ] phy_sandbox | |-- bind-test-child1
simple_bus 1 [ ] generic_simple_bus | `-- bind-test-child2
or:
simple_bus 5 [ ] generic_simple_bus `-- bind-test
phy 2 [ ] phy_sandbox |-- bind-test-child1
simple_bus 6 [ ] generic_simple_bus `-- bind-test-child2
in_tree() function need to be updated to take care of that change.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Usage of lists_bind_fdt() in bind command imposes to add
a compatible string for bind-test node.
Others impacts are:
- bind-test node is binded at sandbox start, so no need to bind it
in test_bind_unbind_with_node() test.
- As explained just above, after sandbox start, now a phy exist.
In test/dm/phy.c, it was verified that a third phy didn't exist,
now we must verified that a fourth phy doesn't exist.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use "cons.config.build_dir" instead of writing to the source directory
(read-only). This will fix the test failures in Azure.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
On some devices the environment variable serial# cannot be overwritten.
Set the variable only if it is not set.
For our unit test it is sufficient to test if any value for serial-number
is set.
Fixes: 8a5cdf601f ("test: efi_selftest: Do not force serial# setting")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The hush parser not enabled for some boards, e.g.
sipeed_maix_bitm_defconfig.
With CONFIG_HUSH_PARSER=n a double quotation mark is not interpreted as the
beginning of a string. Use a single quotation mark instead.
Furthermore without the hush parser variables have to be referenced as
${varname}. Add the missing braces.
Reported-by: Sean Anderson <seanga2@gmail.com>
Fixes: 8b86c609b8 ("test/py: add test of basic shell functionality")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Modify various test/py filesystem creation routines to support systems
that don't implement the metadata_csum ext4 feature.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add Python scripts to test 'ls' and 'load' commands. The scripts
generate a SquashFS image and clean the directory after the assertions,
or if an exception is raised.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Add basic test to persistent environment in ext4:
save and load in host ext4 file 'uboot.env'.
On first execution an empty EXT4 file system is created in
persistent data dir: env.ext4.img.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
As part of the EFI self test we set and check the serial# variable.
However, we should not be forcing this setting. In the case where we
are allowed to change the variable it will change, and we will pass the
test. In the case where we cannot change it, force may or may not be
allowed, depending on further environment restrictions. Drop the -f
flag here as we do not need it.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
In our tests we should use the customized prompt for testing.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>
Add a pytest for testing the env info sub-command:
test_env_info: test command with several option that
can be executed on real hardware device without assumption
test_env_info_sandbox: test the result on sandbox
with a known ENV configuration: ready & default & persistent
The quiet option '-q' is used for support in shell test;
for example:
if env info -p -d -q; then env save; fi
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Stephen Warren <swarren@nvidia.com>
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>