As a starting point, add support for providing random data, if requested
by the OS. Also add ASLR, as a placeholder for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
(fixed up to use uclass_first_device_err() instead)
To avoid duplicating code, create a new fit_util module which provides
various utility functions for FIT. Move this code out from the existing
test_fit.py and refactor it with addition parameters.
Fix up pylint warnings in the conversion.
This involves no functional change.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add xxd command to print file content as hexdump to standard out
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Roger Knecht <rknecht@pm.me>
Add a simple uclass test for SCSI. It reads the partition table from a
disk image and checks that it looks correct.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for the eficonfig command.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This assumes that the GPIO starts as 0 but it does not if
test_gpio_input() ran first and test_gpio_exit_statuses() was skipped.
This can happen when running tests in parallel.
Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
This test seems to interfere with the other test in this file. Mark it
single-threaded to avoid any problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present test_pinmux_status() assumes that test_pinmux_dev() has run
beforehand. Drop this assumption so we can run the tests in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for VBE simple, which permits firmware update of a single
image stored in MMC or another block device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is a confusing array of functions that handle the
device tree fix-ups needed for booting an OS. We should be able to switch
to using events to clean this up.
As a first step, create a new event type and call it from the standard
place.
Note that this event uses the ofnode interface only, since this can
support live tree which is more efficient when making lots of updates.
Signed-off-by: Simon Glass <sjg@chromium.org>
The macros in this file are a little confusing and we currently have no
tests to check that they work as expected.
Add some tests which check the macros in C code. Add a few tests which
check that the build errors are generated correctly too, using buildman's
-a option.
Signed-off-by: Simon Glass <sjg@chromium.org>
The UEFI console initialisation has been modified by commit 68edbed454
("efi_loader: initialize console size late"). A corresponding workaround is
now necessary for the automated tests, as added to some of the tests
already by commit e05bd68ed5 ("test: work around for EFI terminal size
probing").
Add the same workaround to the UEFI authenticated capsules tests to repair
them.
This can be tested with sandbox_defconfig, sandbox64_defconfig or
sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
* Use spaces not tabs
* Limit lines to 100 spaces
* Remove an unused import
* Sort imports correctly
* Add a module description
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The stack protector test intentionally overflows a buffer in order to
corrupt the stack canary so that it can test that the corruption is
detected as expected. However, this is incompatible with ASAN, which
detects the buffer overflow and interrupts the test, so disable the test
for such configurations.
Signed-off-by: Andrew Scull <ascull@google.com>
When the UEFI sub-system is initialized it sends an escape sequence to the
serial console to determine the terminal size. This stops the
run_command_list() function of the console emulation from recognizing the
U-Boot command line prompt.
Add a 'print -e' command as first command in the command list to work
around this issue.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add support for the authentication of UEFI capsules containing FIT images.
The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.
The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.
This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair the python tests for authenticated EFI capsules, which can be run
with sandbox_defconfig plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
- Account for the reset changes done by commit 3e6f810006 ("efi_loader:
test/py: Reset system after capsule update on disk").
- Fix the capsule GUID typo introduced by commit 2e9c3c6965 ("test:
capsule: Modify the capsule tests to use GUID values for sandbox").
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Changing the console timeout to 500 ms without restoring the original value
leads to failures in other tests. As the console timeout change is not
necessary for the text input protocol tests remove it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the bootmenu unit test the console timeout is set to 500 ms.
Other tests rely on the original timeout. Ensure that the original value
is restored.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Testing with mksquasshfs 4.5.1 results in an error
ValueError: could not convert string to float: '4.5.1'
Version 4.10 would be considered to be lower than 4.4.
Fixes: 04c9813e95 ("test/py: rewrite common tools for SquashFS tests")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJ3Z5kACgkQxIHbvCwF
GsRXYA/+KxXQaYm++hkoc+WVyU7CnqQrb6pFkT60taGuqkTORwyPk+faWGZpeewf
JuTJ5GssVjS1Vo+rU1zpPJxHLlGz9JGx3txiGadHHnsKVDeQdN6vB2Jb2uIp6xMN
Z0LmFroTrNrUO6ymxqm0mi6rc/BV7iBNoR1TWxDOk+l68O3mpgJPnxnG0mxncThN
qxas2pVxlt1B60ri3KRdpR9Li2KF36apVsw5J+Pqrrv4MiEAC8Fr/l5TRMiHJoSr
/C1j704epoGqQMdpX+xLSykEhpZQ0RkVAUf3hcINPJxYYHRvQ4Qwk17yzqOlX8TV
EOWob0v9Tr/wkFDFFBOdTl1ByVixENU/Sk/2F1olN+9nlMLlTrmaDTuNXh6Fv81q
587fZ5bNI56PYmGWRS+p4YvQhKlZxVcpUiKVzopApPx+i0J101TlKs7OenLNKWnC
LaWkcly1QH5yaJwTI8qZOnA8tLAfkzPjODQfpnCvsiB7w26ZFBjuaLDgtzkSmLAN
07zHsrygesblmG3EfM7dJlIMNXYNWapZW+7BiTgH/f7KIqocjZt6qGY7sroHk1RY
NJWwLCzv5TqoxL+HumDFmCRZbfBJbBeiEKs5x4EfrOeSHrXcuR4QJB0ScDlUtT5l
eNp0Sn4lK5EhgXSeraiBkQVmca0rvCGEwbR4bV0832wZL2lqBqk=
=Kdu1
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-07-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-07-rc3-2
UEFI:
* Fix build errors due to
- using sed with non-standard extension for regular expression
- target architecture not recognized for CROSS_COMPILE=armv7a-*
- CONFIG_EVENT not selected
* add sha384/512 on certificate revocation
Others:
* factor out the user input handling in bootmenu command
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx. Update the sandbox selftests
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With sandbox, U-Boot can be run without a device tree (i.e. no -d or -T
parameter). In this case an empty device tree is created for convenience.
With a recent change this causes an error due to the missing '/binman'
node.
Add this node to avoid the problem, as well as a test that U-Boot can
be run without a device tree.
Fixes: 059df5624b ("arch: Kconfig: imply BINMAN for SANDBOX")
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/11
Signed-off-by: Simon Glass <sjg@chromium.org>
To make user aware of the menu entry selection, menu always
appears regardless of the number of entry.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Adjust test/py/tests/test_bootmenu.py
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We need to create a disk image with a partition table and a DOS-format
filesystem containing a few files. Provide a fallback binary for CI since
it does not seem able to detect the loopback partitions.
Add this to a dm_init test so that it happens when needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
As explained in commit 4af2a33ee5 ("cmd: gpio: Make `gpio input`
return pin value again") the `gpio input` is used in scripts to obtain
the value of a pin, despite the fact that CMD_RET_FAILURE is
indistinguishable from a valid pin value.
To be able to detect failures and properly use the value of a GPIO in
scripts we introduce the `gpio read` command that sets the variable
`name` to the value of the pin. Return code of the `gpio read` command
can be used to check for CMD_RET_SUCCESS or CMD_RET_FAILURE.
CONFIG_CMD_GPIO_READ is used to enable the `gpio read` command.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
The current UEFI capsule updation code uses two GUID values, one for
FIT images, and one for raw images across platforms. This logic is
being changed to have GUID values per image, per platform. Change the
tests for the capsule update code to reflect this change. The GUID
values now used are the ones specific to the sandbox platform -- one
for the u-boot image, and another for the u-boot environment image.
Install the FMP instance for raw images on the sandbox variant for
testing the capsule update code. Install the FMP instance for the FIT
images on the sandbox64 and sandbox_flattree variant for testing
capsule update for FIT images. This is being done by splitting the
capsule update script for FIT and raw images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
At present the tests assume that gawk is being used. Adjust the tests so
that the names are inserted in alphabetical order, so that awk is happy.
Also use PROCINFO to make gawk output in alphabetical order. This is not
ideal, since it changes the env-car ordering from what the user provided,
but it may be acceptable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Fixes: https://source.denx.de/u-boot/u-boot/-/issues/10