On arm64 the its we use to generate the test FIT image has
arch = "arm";
We should use "arm64" here which is mapped to IH_ARCH_ARM64 via
uimage_arch[].
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copy pasting the commands needed to start a TPM consisting
of:
- tpm init
- tpm startup TPM2_SU_CLEAR
- tpm2 self_test full
use the newly added 'autostart' which does the same thing and simplify
our python scripts
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This test covers the FMP versioning for both raw and FIT image,
and both signed and non-signed capsule update.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current efi capsule python tests have much code duplication.
This commit creates the common function
in test/py/tests/test_efi_capsule/capsule_common.py,
aim to reduce the code size and improve maintainability.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Test the IPv6 network discovery feature if indicated by boardenv file.
Signed-off-by: Ehsan Mohandesi <emohandesi@linux.microsoft.com>
Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Requires proper environment with DHCP6 server provisioned.
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
- Various typo fixes, pass -Werror to host tools builds, bdi cleanups,
fix hush and local variables, a FSL PCI fix and correct some python in
one of the tests.
This function uses the same base name as all the others in this file, so
it is not easy to run just that one test. Add a _base suffix so that it
can be run on its own.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add a test for the hush shell variable assignment and clear.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sometimes when doing tests on real hardware we sometimes run in to the
case where some of these mounts haven't been fully flushed. Using the
--lazy option with umount will allow us to continue while letting the OS
handle flushing the data out still.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We cannot use old_dtb in the finally block if it has not been assigned
before the try block.
test/py/tests/test_efi_fit.py:458:30:
E0601: Using variable 'old_dtb' before assignment (used-before-assignment)
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Fix pylint warnings like:
* Class inherits from object
* Missing module description
* Missing class description
* First line of comment blank
* Superfluous imports
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
test_abootimg is extended to include the testing of boot images
version 4. For this, boot.img and vendor_boot.img have been
generated using mkbootimg tool with setting the header
version to 4.
This tests:
- Getting the header version using abootimg
- Extracting the load address of the dtb
- Extracting the dtb start address in RAM
Running test:
$ ./test/py/test.py --bd sandbox --build -k test_abootimg
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
At present this inadvertently relies on having a symlink to the correct
file from the current directory. Use the correct path to fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test_fdt_add_pubkey test which provides simple functionality test
which contains such steps:
create DTB and FIT files
add keys with fdt_add_pubkey to DTB
sign FIT image
check with fit_check_sign that keys properly added to DTB file
Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Ensure that a freshly written fat file with a lower case filename which
fits into the upper case 8.3 short filename is not mangeled with a tilde
and number.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
We expect the profile and bootstage to agree on timing, but when
running on slow machines there can be a larger descrepency. Increase the
tolerance to fix this.
Fixes: 9cea4797ae ("trace: Add a test")
Signed-off-by: Simon Glass <sjg@chromium.org>
Test that:
- sandbox shows a warning when an unmigrated DT is used
- sandbox fails to run when migration is turned off
- sandbox_spl fails to build when migration is turned off
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a test which runs sandbox, collects a trace and makes sure it can
be processed by trace-cmd. This should ensure that this feature continues
to work as U-Boot and trace-cmd evolve.
Signed-off-by: Simon Glass <sjg@chromium.org>
Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.
Summary:
-f auto => FIT with crc32 images
-f auto -g ... -o ... => FIT with signed images
-f auto-conf -g ... -o ... => FIT with sha1 images and signed confs
Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.
mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
-e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
-k /folder/with/key-files -g keyname -o sha256,rsa4096 \
-K u-boot.dtb -r kernel.itb
Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.
mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
-g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb
Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If a disk has a bootable partition we are expected to use it to locate the
boot files. Add a function to find it.
To test this, update mmc1 to have two paritions, fixing up other tests
accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add sandbox test for the gpt partition type command, the test uses the
persistent data test_gpt_disk_image.bin to check that the first
partition type GUID that identifies the type of the partition has the
"Linux filesystem data" type ( 0FC63DAF-8483-4772-8E79-3D69D8477DE4 ).
Signed-off-by: Enric Balletbo i Serra <eballetbo@redhat.com>
Add a test which checks that two operating systems can be displayed in a
menu, allowing one to be selected.
Enable a few things on snow so that the unit tests build.
Signed-off-by: Simon Glass <sjg@chromium.org>
The mmc command is useful for testing mmc disk images in sandbox, so
enable it. We also need to enable legacy images so that we can run tests
which use them.
Disable it for a few avb tests since MMC is not implemented there yet.
Signed-off-by: Simon Glass <sjg@chromium.org>
Checks that `make u-boot-initial-env` creates the text file
u-boot-initial-env and checks that it at least contains
`board=<something>`.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds a basic test for FIT image handling by the source command.
It's a python test becase we need to run mkimage.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that we are enforcing dwarf-4 to be used we will have the full file
paths present.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
eficonfig_select_file_handler() is commonly used to select the
file. eficonfig_display_select_file_option() adds an additional
menu to clear the selected file.
eficonfig_display_select_file_option() is not always necessary
for the file selection process, so it must be outside of
eficonfig_select_file_handler().
This commit also renames the following functions to avoid confusion.
eficonfig_select_file_handler() -> eficonfig_process_select_file()
eficonfig_select_file() -> eficonfig_show_file_selection()
eficonfig_display_select_file_option() -> eficonfig_process_show_file_option()
Finally, test_eficonfig.py need to be updated to get aligned with
the above modification.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Update the sandbox implementation to use UCLASS_HOST and adjust all
the pieces to continue to work:
- Update the 'host' command to use the new API
- Replace various uses of UCLASS_ROOT with UCLASS_HOST
- Disable test_eficonfig since it doesn't work (this should have a unit
test to allow this to be debugged)
- Update the blk test to use the new API
- Drop the old header file
Unfortunately it does not seem to be possible to split this change up
further.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tidy this up so that pylint is happy. Use hex for the 1MB size and make
sure it is not a floating-point value.
Add a little main program to allow the code to be tried out, since at
present is only called from a long-running test.
Signed-off-by: Simon Glass <sjg@chromium.org>
'cert-to-efi-hash-list -t 0' does not work as expected, it produces
indeterminate timestamp.
$ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-113-0 00:00:255
If we need the CRL revoked for all the time, just don't specify
'-t' option.
$ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-0-0 00:00:00
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use a manual test for the VBE test, so we can make the pytest and the
C unit test work together properly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The vbe_fixup file handles device tree fixups, but these are called OS
requests in VBE. Rename the file to reflect its wider purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
This path does not seem to be present in clang-14 for some reason. Relax
the regular expression so that the test works, at least for non-LTO.
Signed-off-by: Simon Glass <sjg@chromium.org>
