The UEFI console initialisation has been modified by commit 68edbed454
("efi_loader: initialize console size late"). A corresponding workaround is
now necessary for the automated tests, as added to some of the tests
already by commit e05bd68ed5 ("test: work around for EFI terminal size
probing").
Add the same workaround to the UEFI authenticated capsules tests to repair
them.
This can be tested with sandbox_defconfig, sandbox64_defconfig or
sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
* Use spaces not tabs
* Limit lines to 100 spaces
* Remove an unused import
* Sort imports correctly
* Add a module description
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The stack protector test intentionally overflows a buffer in order to
corrupt the stack canary so that it can test that the corruption is
detected as expected. However, this is incompatible with ASAN, which
detects the buffer overflow and interrupts the test, so disable the test
for such configurations.
Signed-off-by: Andrew Scull <ascull@google.com>
When the UEFI sub-system is initialized it sends an escape sequence to the
serial console to determine the terminal size. This stops the
run_command_list() function of the console emulation from recognizing the
U-Boot command line prompt.
Add a 'print -e' command as first command in the command list to work
around this issue.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add support for the authentication of UEFI capsules containing FIT images.
The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.
The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.
This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair the python tests for authenticated EFI capsules, which can be run
with sandbox_defconfig plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
- Account for the reset changes done by commit 3e6f810006 ("efi_loader:
test/py: Reset system after capsule update on disk").
- Fix the capsule GUID typo introduced by commit 2e9c3c6965 ("test:
capsule: Modify the capsule tests to use GUID values for sandbox").
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Changing the console timeout to 500 ms without restoring the original value
leads to failures in other tests. As the console timeout change is not
necessary for the text input protocol tests remove it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the bootmenu unit test the console timeout is set to 500 ms.
Other tests rely on the original timeout. Ensure that the original value
is restored.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Testing with mksquasshfs 4.5.1 results in an error
ValueError: could not convert string to float: '4.5.1'
Version 4.10 would be considered to be lower than 4.4.
Fixes: 04c9813e95 ("test/py: rewrite common tools for SquashFS tests")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reset the console timeout value as some tests may change its default
value during the execution.
This fixes the random case timeout issue seen in the U-Boot CI.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJ3Z5kACgkQxIHbvCwF
GsRXYA/+KxXQaYm++hkoc+WVyU7CnqQrb6pFkT60taGuqkTORwyPk+faWGZpeewf
JuTJ5GssVjS1Vo+rU1zpPJxHLlGz9JGx3txiGadHHnsKVDeQdN6vB2Jb2uIp6xMN
Z0LmFroTrNrUO6ymxqm0mi6rc/BV7iBNoR1TWxDOk+l68O3mpgJPnxnG0mxncThN
qxas2pVxlt1B60ri3KRdpR9Li2KF36apVsw5J+Pqrrv4MiEAC8Fr/l5TRMiHJoSr
/C1j704epoGqQMdpX+xLSykEhpZQ0RkVAUf3hcINPJxYYHRvQ4Qwk17yzqOlX8TV
EOWob0v9Tr/wkFDFFBOdTl1ByVixENU/Sk/2F1olN+9nlMLlTrmaDTuNXh6Fv81q
587fZ5bNI56PYmGWRS+p4YvQhKlZxVcpUiKVzopApPx+i0J101TlKs7OenLNKWnC
LaWkcly1QH5yaJwTI8qZOnA8tLAfkzPjODQfpnCvsiB7w26ZFBjuaLDgtzkSmLAN
07zHsrygesblmG3EfM7dJlIMNXYNWapZW+7BiTgH/f7KIqocjZt6qGY7sroHk1RY
NJWwLCzv5TqoxL+HumDFmCRZbfBJbBeiEKs5x4EfrOeSHrXcuR4QJB0ScDlUtT5l
eNp0Sn4lK5EhgXSeraiBkQVmca0rvCGEwbR4bV0832wZL2lqBqk=
=Kdu1
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-07-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-07-rc3-2
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx. Update the sandbox selftests
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With sandbox, U-Boot can be run without a device tree (i.e. no -d or -T
parameter). In this case an empty device tree is created for convenience.
With a recent change this causes an error due to the missing '/binman'
node.
Add this node to avoid the problem, as well as a test that U-Boot can
be run without a device tree.
Fixes: 059df5624b ("arch: Kconfig: imply BINMAN for SANDBOX")
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/11
Signed-off-by: Simon Glass <sjg@chromium.org>
This is useful sometimes when running a specific test. Add support for it
in the existing restart_uboot_with_flags() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
To make user aware of the menu entry selection, menu always
appears regardless of the number of entry.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Adjust test/py/tests/test_bootmenu.py
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We need to create a disk image with a partition table and a DOS-format
filesystem containing a few files. Provide a fallback binary for CI since
it does not seem able to detect the loopback partitions.
Add this to a dm_init test so that it happens when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
As explained in commit 4af2a33ee5 ("cmd: gpio: Make `gpio input`
return pin value again") the `gpio input` is used in scripts to obtain
the value of a pin, despite the fact that CMD_RET_FAILURE is
indistinguishable from a valid pin value.
To be able to detect failures and properly use the value of a GPIO in
scripts we introduce the `gpio read` command that sets the variable
`name` to the value of the pin. Return code of the `gpio read` command
can be used to check for CMD_RET_SUCCESS or CMD_RET_FAILURE.
CONFIG_CMD_GPIO_READ is used to enable the `gpio read` command.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
The current UEFI capsule updation code uses two GUID values, one for
FIT images, and one for raw images across platforms. This logic is
being changed to have GUID values per image, per platform. Change the
tests for the capsule update code to reflect this change. The GUID
values now used are the ones specific to the sandbox platform -- one
for the u-boot image, and another for the u-boot environment image.
Install the FMP instance for raw images on the sandbox variant for
testing the capsule update code. Install the FMP instance for the FIT
images on the sandbox64 and sandbox_flattree variant for testing
capsule update for FIT images. This is being done by splitting the
capsule update script for FIT and raw images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
At present the tests assume that gawk is being used. Adjust the tests so
that the names are inserted in alphabetical order, so that awk is happy.
Also use PROCINFO to make gawk output in alphabetical order. This is not
ideal, since it changes the env-car ordering from what the user provided,
but it may be acceptable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/10
To be able to use the tool binman on sandbox,
the config SANDBOX should imply BINMAN.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
* Use f'' strings instead of .format().
* Correct sequence of imports.
* Remove a superfluous import.
* Add missing documentation.
* Replace yield by return.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a unit test for
* efidebug boot add
* efidebug boot order
* bootefi bootmgr
* initrd via EFI_LOAD_FILE2_PROTOCOL
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
For debugging and dicoverability it is useful to be able to see a list of
each event spy in a U-Boot ELF file. Add a script which shows this, along
with the event type and the source location. This makes events a little
easier to use than weak functions, for example.
Add a basic sandbox test as well. We could provide a test for other
boards, but for now, few use events.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix pylint errors in all test.
This requires adding a get_spawn() method to the ConsoleBase base, so that
its subclass is happy.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;
In all cases that a capsule is identified for processing the system is
restarted after capsule processing is completed.
This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add expected_reset optional argument to ConsoleBase::ensure_spawned(),
ConsoleBase::restart_uboot() and ConsoleSandbox::restart_uboot_with_flags()
so that it can handle a reset while the 1st boot process after main
boot logo before prompt correctly.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add wait_for_reboot optional argument to ConsoleBase::run_command()
so that it can handle an expected reset by command execution.
This is useful if a command will reset the sandbox while testing
such commands, e.g. run_command("reset", wait_for_reboot = True)
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIGtKEACgkQxIHbvCwF
GsSWlg//Vr61dpbpPVuczl18OtojpUzMg8bwqc4tJQRQrOGMGjmPqrGZJCm1pmMH
Q5ZD4QCAdycbRqAqcpdX9FXHmD5R0HvGmhlC9TnXxo4nKaOcphMMC3PFjBQZlhPJ
KPc7jjoIcycz+fRqbd4CGRFXNGJAecK++4uM6v6WCNF3Dq16r0ws1aUTG7YPlaJF
JNo3/4eEQpRsplNXpJsqVPQhbfLuaiCOJc8VUWYNylRdhBC7Dx8yI7m1FHOSBbKb
Pk4tbysEhowcSc2Duc9muxkaVAkSy/mIHj1I8Z2VzpzH8zXcaiHMjROqMGOE+vwx
raDzJI0ZcEV/MEbm/QLCALlCKqN3d1NRmZLAvXPYN4+ioA8lzPAEnqEywXRPY/Yk
KnkDWaF1KEKzDaY52oqkh2LkasY9wzluvb1sm+oW9bh/kn4wKLr0Z1oSl92/vvci
S/ztLqxhqlXpWx0NzOFnNvUUkEl0VN6IM/+Bsg5AoO7mdWe7MC3iSPOU1Ge5wRU9
R9BLaTrr61/+soc2jrJL5PQr3Rqtyo1qLpIusMFT88jeFp0b8AIUL2AUlJsAUXYg
a2NV7qGUsZN/Ur488N1t7DixTkjGdStHKRk06bSTPrOpfA2oembdA2/H/HECoJMP
JzdwMeZM0qcxFGTbC7c3yO3cTVVYPyIDGh1YEBYjCzfL6AuR2uU=
=AAdJ
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
The previous patch is changing U-Boot's behavior wrt certificate based
binary authentication. Specifically an image who's digest of a
certificate is found in dbx is now rejected. Fix the test accordingly
and add another one testing signatures in reverse order
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Before the capsule authentication is supported, this test script works
correctly, but with the feature enabled, most tests will fail due to
unsigned capsules.
So check the results depending on CAPSULE_AUTHENTICATE or not.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This test scenario tests a new feature of mkeficapsule, "--guid" option,
which allows us to specify FMP driver's guid explicitly at the command
line.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the syntax of mkeficapsule was changed in the previous commit,
we need to modify command line arguments in a pytest script.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a couple of test cases against capsule image authentication
for capsule-on-disk, where only a signed capsule file with the verified
signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot
binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.
Add test case in vboot for sha384 with rsa3072 algorithm testing.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* assert does not need parentheses
* add module docstring
* fix misspelled constant True
* limit lines to 100 characters
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This test checks for output specific to the sandbox blk device
"sandbox_host_blk", mark it as sandbox specific.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
With TPM emulation enabled in u-boot-test-hooks we should also provide the
tpm2 command used for the test/py/tests/test_tpm2.py test.
One of the Python TPMv2 tests expects sandbox specific values. So disable
it on other platforms.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
At present an Exception is raised if a command fails. This is a very broad
class and makes it difficult for callers to catch the error without also
catching other things, like programming bugs.
Change it to ValueError to make this easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the collection function used by pytest is quite strict on the
naming of the functions it detects. In particular it requires the name of
the test to be repeated in the function name.
This is not enforced anywhere else, but instead the tests are silently
omitted from the pytest run. This affects a few dozen tests.
The rule does not seem to have any particular purpose. Relax it, so that
all tests that use the UNIT_TEST() macro will run, regardless of the name
of the test function.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running a program on the host, allow input to be passed in as stdin.
This is needed for running sfdisk, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
* there is no os.path.unlink() method
* don't inherit from object
* add module docstring
* move imports to the top
* avoid unused variable
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* don't inherit from object
* imports should be on the top level
* avoid unused variable names
* avoid unnecessary else after raise
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present U-Boot environment variables, and thus scripts, are defined
by CONFIG_EXTRA_ENV_SETTINGS. It is painful to add large amounts of text
to this file and dealing with quoting and newlines is harder than it
should be. It would be better if we could just type the script into a
text file and have it included by U-Boot.
Add a feature that brings in a .env file associated with the board
config, if present. To use it, create a file in a board/<vendor>
directory, typically called <board>.env and controlled by the
CONFIG_ENV_SOURCE_FILE option.
The environment variables should be of the form "var=value". Values can
extend to multiple lines. See the README under 'Environment Variables:'
for more information and an example.
In many cases environment variables need access to the U-Boot CONFIG
variables to select different options. Enable this so that the environment
scripts can be as useful as the ones currently in the board config files.
This uses the C preprocessor, means that comments can be included in the
environment using /* ... */
Also support += to allow variables to be appended to. This is needed when
using the preprocessor.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Tested-by: Marek Behún <marek.behun@nic.cz>
When a test hands on a real board there is no way on the console to obtain
any information about why it hung.
With sandbox we can actually find out that it died and get a signal or
exit code. Add this to make it easier to figure out what happened.
So instead of:
test/py/u_boot_spawn.py:171: in expect
c = os.read(self.fd, 1024).decode(errors='replace')
E OSError: [Errno 5] Input/output error
We get:
test/py/u_boot_spawn.py:171: in expect
c = os.read(self.fd, 1024).decode(errors='replace')
E ValueError: U-Boot exited with signal 11 (Signals.SIGSEGV)
Signed-off-by: Simon Glass <sjg@chromium.org>
This produces a lot of code output which is not very helpful and is quite
annoying to wade through. Use the short format by default.
Signed-off-by: Simon Glass <sjg@chromium.org>
- Disable bi_boot_params for STM32 MCU and MPU boards
- Update stm32-usbphyc node management
- Convert CONFIG_STM32_FLASH to Kconfig for STM32 MCU boards
- Convert some USB config flags to Kconfig for various boards
- Convert CONFIG_BOOTCOMMAND flag to Kconfig for STM32 F429 board
- Remove specific CONFIG_STV0991 flags
- Remove unused CONFIG_USER_LOWLEVEL_INIT flag
- Add ofdata_to_platdata() callback for stm32_spi driver
- Update for stm32f7_i2c driver
- Remove gpio_hog_probe_all() from STM32 MP1 board
- Fix bind command
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEXyrViUccKBz9c35Jysd4L3sz/6YFAmFlgsIcHHBhdHJpY2Uu
Y2hvdGFyZEBmb3NzLnN0LmNvbQAKCRDKx3gvezP/plnND/4q9HSlvddybIPjBHlW
rXz1ISwj8JZPp7R4MJcB4RiHofYZzjTXx3dDYUif6oQMpCDp64KPfcUDW0kaq8U7
ZFwJvt59boV1XWlonIXMb3gAkY6gFa5PnYAE/YXEqKvPPvUb7FkT7BWxm4LxCGsj
mEmboR8u87s6e4ZP03HJsSVa5FnNwJUZU8b+58Vxp10YC0PPf7kpmgCucDhrghvY
TORlk259KUFoZXz4J4My0VzDdxE05gDqq1m6Xw1CzqcUbGysMvjNEHlxGdYbWD/U
maamP19DUmKUREmpj3kO/JZvacLJlQP/mdGJ0OWKNbIr/3ha4dYagxDoRodEVo0m
DYaaVPGvG24G78d5meB2q9wT0aGdTyaqm+XRBQMvMN2LlaGmu9duA1t6yBuyMcFk
BeA7d0eHMo1ezD9FFZMxwIOAWhJlcYQEAMFhUwkR1B322w0NU4nbl9KRCGuGV2Zp
ZFQV4BoMvb0NwAdo66xwZ+gSq4Wp1y46VM6x2Mw52v2F4p3teeAqR906TdQVYO8+
hlYChO9+qK4JO7LPX/5wQ4FIzcq1HnTzTpuOSf28hsemiPMu0OkAQv1J7DohNZix
wELBA+ZIjGXksmDTPjpXg5CSvVALa/l2G816hp7/XTJ1XRBSz/pzjhp5rwm42zmw
x7EPnwzpAlQCSqTQ0sgO+fgoRA==
=S4kl
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20211012' of https://source.denx.de/u-boot/custodians/u-boot-stm
- Disable ATAGS for STM32 MCU and MPU boards
- Disable bi_boot_params for STM32 MCU and MPU boards
- Update stm32-usbphyc node management
- Convert CONFIG_STM32_FLASH to Kconfig for STM32 MCU boards
- Convert some USB config flags to Kconfig for various boards
- Convert CONFIG_BOOTCOMMAND flag to Kconfig for STM32 F429 board
- Remove specific CONFIG_STV0991 flags
- Remove unused CONFIG_USER_LOWLEVEL_INIT flag
- Add ofdata_to_platdata() callback for stm32_spi driver
- Update for stm32f7_i2c driver
- Remove gpio_hog_probe_all() from STM32 MP1 board
- Fix bind command
Signed-off-by: Tom Rini <trini@konsulko.com>
These tests currently run in a particular sequence, with some of them
depending on the actions of earlier tests.
Add a check for sandbox and reset to a known state at the start of each
test, so that all tests can run in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
The -z tests don't really need to be part of the main set. Separate them
out so we can drop the test setup/cleans functions and thus run all tests
in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Target code and mkimage share the same hashing infrastructure. If one
is wrong, it's very likely that both are wrong in the same way. Thus
testing won't catch hash regressions. This already happened in
commit 92055e138f ("image: Drop if/elseif hash selection in
calculate_hash()"). None of the tests caught that CRC32 was broken.
Instead of testing hash_calculate() against itself, create a FIT with
containing a kernel with pre-calculated hashes. Then check the hashes
produced against the known good hashes.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tpm test cases relies on tpm device setup. Provide an environment
variable "env__tpm_device_test_skip = True" to skip the test case
if tpm device is not present.
Only needed will have to add variable to the py-test framework.
Test runs successfully even this variable is absent.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some builds of squashfs-tools append version string with "-git" or
similar. The float() conversion will fail in this case.
Improve the code to only convert to float() the string before the '-'
character.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
After the commit c70f44817d ("efi_loader: simplify 'printenv -e'"),
"-all" option is no longer necessary.
Just remove them in the test script.
Fixes: c70f44817d ("efi_loader: simplify 'printenv -e'")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update the result of do_status and always returns a CMD_RET_ value
(-ENOSYS was a possible result of show_pinmux).
This patch also adds pincontrol name in error messages (dev->name)
and treats correctly the status sub command when pin-controller device is
not selected.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add more details to test cases by comparing each expected line with the
command's output. Add new test cases:
- sqfsls at an empty directory
- sqfsls at a sub-directory
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
The previous strategy to know if a file was correctly loaded was to
check for how many bytes were read and compare it against the file's
original size. Since this is not a good solution, replace it by
comparing the checksum of the loaded bytes against the original file's
checksum. Add more test cases: files at a sub-directory and non-existent
file.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
Remove the previous OOP approach, which was confusing and incomplete.
Add more test cases by making SquashFS images with various options,
concerning file fragmentation and its compression. Add comments to
properly document the code.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
Some filesystem tests are failing when their image is prepared with
guestmount, but succeeding if loop mounts are used instead. The reason
seems to be a race condition the guestmount(1) manual page explains:
When guestunmount(1)/fusermount(1) exits, guestmount may still be
running and cleaning up the mountpoint. The disk image will not be
fully finalized.
This means that scripts like the following have a nasty race condition:
guestmount -a disk.img -i /mnt
# copy things into /mnt
guestunmount /mnt
# immediately try to use 'disk.img' ** UNSAFE **
The solution is to use the --pid-file option to write the guestmount
PID to a file, then after guestunmount spin waiting for this PID to
exit.
The Python standard library has an os.waitpid() function for waiting a
child to terminate, but it cannot wait on non-child processes. Implement
a utility function that can do this by polling the process repeatedly
for a given duration, optionally killing the process if it won't
terminate on its own. Apply the suggested solution with this utility
function, which makes the failing tests succeed again.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If guestmount isn't available on the system, filesystem test setup falls
back to using loop mounts to prepare its disk images. If guestmount is
available but fails to work, the tests are immediately skipped. Instead
of giving up on a guestmount failure, try using loop mounts as an
attempt to keep tests running.
Also stop checking if guestmount is in PATH, as trying to run a missing
guestmount can now follow the same failure codepath and fall back to
loop mounts anyway.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
On some distributions the mkfs is under /sbin and /sbin is not set
for mere users. Include /sbin to the PATH when creating file system,
so that users won't get a scary traceback from Python.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Commit 1ba21bb06b ("test: Don't unmount not (yet) mounted system")
fixes an issue in the filesystem tests where the test setup may fail
to mount an image and still attempt to unmount it. However, the commit
unintentionally breaks the test setups in two ways.
The newly created unmounted filesystem images are being immediately
deleted due to some cleanup steps being misplaced into finally blocks,
which makes them always run instead of only on failures. The mount calls
always fail since the images never exist, causing the tests to be always
skipped. This patch moves these cleanup calls into the except blocks to
fix this and makes the tests run again.
There are also unmount calls misplaced into finally blocks, making them
run after the tests instead of before the tests. These unmount calls
make the filesystem image file consistent with the changes made to it as
part of the test setup, and this misplacement is making a number of
tests fail unexpectedly.
The unmount calls must be run before the tests use the image, meaning
before the yield call and not in the finally block. They must also be
run as a cleanup step when the filesystem setup fails, so they can't be
placed as the final call in the try blocks since they would be skipped
on such failures. For these reasons, this patch places the unmount calls
both in the except blocks and the else blocks of the final setup step.
This makes the unexpectedly failing tests to succeed again.
Furthermore, this isolates the mount calls to their own try-except
statement to avoid reintroducing the original issue of unmounting a
not-mounted image while fixing the unmount misplacement.
After these fixes, running "make tests" with guestmount available results
in two test failures not related to the mentioned commit. If the
guestmount executables are unavailable, the mounts fallback to using
sudo and result in no failures.
Fixes: 1ba21bb06b ("test: Don't unmount not (yet) mounted system")
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Improve the regular expression that matches unittest symbols in
u-boot.sym.
Currently we do not enforce no prefix in symbol string, but with the
soon to come change in linker lists declaring lists and entries with the
__ADDRESSABLE macro (because of LTO), the symbol file will contain for
every symbol of the form
_u_boot_list_2_ut_X_2_Y
also symbol
__UNIQUE_ID___addressable__u_boot_list_2_ut_X_2_YN,
(where N at the end is some number).
In order to avoid matching these additional symbols, ensure that the
character before "_u_boot_list_2_ut" is not a symbol name character.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit extends the sandbox to implement a dummy
extension_board_scan() function and enables the extension command in
the sandbox configuration. It then adds a test that checks the proper
functionality of the extension command by applying two Device Tree
overlays to the sandbox Device Tree.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[trini: Limit to running on sandbox]
Signed-off-by: Tom Rini <trini@konsulko.com>
Bump our py version to 1.10.0 to address CVE-2020-29651.
Reported-by: GitHub dependabot
Reported-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
commit cbea241e935e("efidebug: add multiple device path instances on Boot####")
slightly tweaked the efidebug syntax adding -b, -i and -s for the boot
image, initrd and optional data.
The pytests using this command were adapted as well. However I completely
missed the last "" argument, which at the time indicated the optional data
and needed conversion as well. This patch is adding the missing -s flag
and the tests are back to normal.
Fixes: cbea241e935e("efidebug: add multiple device path instances on Boot####")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Originally, the ECDSA code path used 'keydir' as the key filename.
mkimage has since been updated to include a new 'keyfile' argument.
Use the new argument for passing in the key.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a test to make sure that the ECDSA signatures generated by
mkimage can be verified successfully. pyCryptodomex was chosen as the
crypto library because it integrates much better with python code.
Using openssl would have been unnecessarily painful.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We wish to use pycryptodomex to verify code paths involving ECDSA
signatures. Add it to requirements.txt so that they get picked up
automatically .gitlab and .azure tasks
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
