The primary motivation for having a sandbox without LTO build in CI is
to ensure that we don't have that option break. We now have the ability
to run tests of specific options being enabled/disabled, so drop the
parts of CI that build and test that configuration specifically and add
a build test instead. We still test that "NO_LTO=1" rather than editing
the config file works via the ftrace tests.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that everything is working, add a test to make sure that this
builds correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmU7j50ACgkQgS8AYozs
+qIh8w/+O4UjT0sG1NLwmyV7U1Ypk+EyYaE6wmSWzpsJLfH/YvtObBJOYRuXxRVh
J9lkgCsw8Ct1ZNCrp8iVO+Dz1DtV8+QvTecrUHZqcOhTYDaqxXnlvEH2/EUhgo5T
9a/ZaDtOP1mKz754C4G6G363+iRCvbcqDECeKg9VYxfWCo1cINOmqyQCqlGxFT+h
PKiB5VzUpN/K/yiie+Hr42/+6XaykAUjUvEWeyKOsRmYY4lNiK22vG/puE42bFTh
catXwTE2a7x+yzPKkdhR0UGvDUlIKET2kF6mi+pYN2h/cSUxWTzbP/OxcU9yJOnm
qJiRZ+Woez1I7ul6ln4ci2kiWc3CTYFXfctwrBJPuJ/EO+2EEb3oHqG2S3Fc9VBZ
N17flHW7XZHEQbNexlUhk9cRpCwRuSA5OJXwW+IZIuydgNeo3xF0iYvipbjkEGgW
BBkt8PH+ivTLjEz6Gcmquvo1fHGJLHRIPg7DNb0phGHviuC0zlDJ7N5DZk0CpkiT
36siV9xK4X6qvWkOTa6Ldw60e4tN9nv3VG30uXtPHi3XdOkKfNkyIuqO/5BkkQPt
6yEc9IYXYoWNKDVUGme5+xszZp1sSvqltajG9VVNupt958dFyOSgS5aNa6B4UsWX
3XfndP1/s2bezUHoQx5zjraapKVrqBFLkGeTlCDUD+mEgP440G8=
=gvDs
-----END PGP SIGNATURE-----
Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm
bootX measurements and measurement API moved to u-boot core:
Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.
The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.
With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.
I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions. Eddie tested the bootX part.
Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.
There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.
Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.
Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree. The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless. The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.
Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case. I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
commit 789ed27842 ("test/py: replace 'tpm2 init, startup, selftest' sequences")
changed some of the tpm2 init sequences to 'tpm2 autostart' instead of
calling 'tpm init', 'tpm startup TPM2_SU_CLEAR', 'tpm2 self_test full'.
The autostart command calls the afforementioned sequence and on top of
that deals with the 'tpm2 init' return codes if the tpm is already
started. Since we initialize the tpm from various subsystems now,
replace the last remaining instances of 'tpm2 init' with 'tpm2
autostart'. Since the latter calls 'tpm2 init' anyway we will still be
implicitly testing the validity of that command
It's worth noting that since 'tpm2 autostart' performs the startup and
self tests sequences of the tpm we could drop
'test_tpm2_sandbox_self_test_full' and 'test_tpm2_startup, but let's
keep the since they test tpm commands and options
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false positive.
So let's switch over to a PCR which is more suitable and is defined for
OS use. It's worth noting that we are using PCR10 here, since PCR9 is
used internally by U-Boot if we choose to measure the loaded DTB
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current code allows up to 3 MBR partitions without extended one.
If more than 3 partitions are required, then extended partition(s)
must be used.
This commit allows up to 4 primary MBR partitions without the
need for extended partition.
Add mbr test unit. In order to run the test manually, mmc6.img file
of size 12 MiB or greater is required in the same directory as u-boot.
Test also runs automatically via ./test/py/test.py tool.
Running mbr test is only supported in sandbox mode.
Signed-off-by: Alex Gendin <agendin@matrox.com>
[ And due to some further changes for testing ]
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test for the SPI load method. This one is pretty straightforward. We
can't enable FIT_EXTERNAL with LOAD_FIT_FULL because spl_spi_load_image
doesn't know the total image size and has to guess from fdt_totalsize. This
doesn't include external data, so loading it will fail.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
clk:
- remove additional compatible strings for Versal NET
net:
- zynq_gem: Fix clock calculation for MDC for higher frequencies
pinctrl:
- core: Extend pinmux status buffere size
- zynqmp driver: Show also tristate configuration
test:
- add test case for pxe get
Xilinx:
- describe SelectMAP boot mode
Zynq:
- Fix nand description in DT
ZynqMP:
- DTS sync patches with kernel and also W=1 related fixes
- Add support for KD240, zcu670, e-a2197 with x-prc cards, SC revB/C with i2c
description for other SC based boards
- k24 psu_init cleanup
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZSjvwAAKCRDKSWXLKUoM
IR34AJ92oum3pJXKxKREEZh0dCfDvJlE/wCggyzxI2T5liJfRG5jzlUuDjiLLU0=
=u1bz
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2024.01-rc1-v3' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2024.01-rc1 v3
clk:
- remove additional compatible strings for Versal NET
net:
- zynq_gem: Fix clock calculation for MDC for higher frequencies
pinctrl:
- core: Extend pinmux status buffere size
- zynqmp driver: Show also tristate configuration
test:
- add test case for pxe get
Xilinx:
- describe SelectMAP boot mode
Zynq:
- Fix nand description in DT
ZynqMP:
- DTS sync patches with kernel and also W=1 related fixes
- Add support for KD240, zcu670, e-a2197 with x-prc cards, SC revB/C with i2c
description for other SC based boards
- k24 psu_init cleanup
Execute "time <sleep cmd>", and validate that it gives the approximately
the correct amount of command execution time.
Signed-off-by: Love Kumar <love.kumar@amd.com>
U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Adds a command called "gpt transpose" which will swap the order two
partition table entries in the GPT partition table (but leaves them
pointing to the same locations on disk).
This can be useful for swapping bootloaders in systems that use an A/B
partitioning scheme where the bootrom is hard coded to look for the
bootloader in a specific index in the GPT partition table.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Sets the bootable flag when constructing the partition string from the
current partition configuration. This ensures that when the partitions
are written back (for example, when renaming a partition), the flag is
preserved.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
If CONFIG_PARTITION_TYPE_GUID is enabled, the type GUID will be
preserved when writing out the partition string. It was already
respected when writing out partitions; this ensures that if you capture
the current partition layout and write it back (such as when renaming),
the type GUIDs are preserved.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Adds a command that can be used to modify the GPT partition table to
indicate which partitions should have the bootable flag set
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Adds an additional variable called gpt_partition_bootable that indicates
if the given partition is bootable or not.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the initcall list consists of a list of function pointers. Over
time the initcall lists will likely change to mostly emitting events,
since most of the calls are board- or arch-specific.
As a first step, allow an initcall to be an event type instead of a
function pointer. Add the required macro and update initcall_run_list() to
emit an event in that case, or ignore it if events are not enabled.
The bottom 8 bits of the function pointer are used to hold the event type,
with the rest being all ones. This should avoid any collision, since
initcalls should not be above 0xffffff00 in memory.
Convert misc_init_f over to use this mechanism.
Add comments to the initcall header file while we are here. Also fix up
the trace test to handle the change.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current event spy is always passed the event context and the event.
The context is always NULL for a static spy. The event is not often used.
Introduce a 'simple' spy which takes no arguments. This allows us to drop
the adaptation code that many of these spy records use.
Update the event script to find these in the image.
Signed-off-by: Simon Glass <sjg@chromium.org>
The public key EFI Signature List(ESL) needed for capsule
authentication is now embedded into the platform's DTB as part of the
build. Remove the superfluous logic from the test setup.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When running the trace test on the sandbox platform, the current size
of 16MiB is no longer large enough for capturing the entire trace
history, and results in truncation. Use a size of 32MiB for the trace
buffer on the sandbox platform while running the trace test.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Support has been added for generating the EFI capsules through
binman. Make changes in the EFI capsule update testing feature to
generate capsules through binman.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The ChromiumOS bootmeth has no tests at present. Before adding more
features. add a basic test.
This creates a disk which can be scanned by the bootmeth, so make sure
things work. It is quite rudimentary, since the kernel is faked, the root
disk is missing and there is no cmdline stored.
Enable the bootmeth for snow so it can build the unit test.
Signed-off-by: Simon Glass <sjg@chromium.org>
These are currently created in the source directory, which is not ideal.
Move them to the persistent-data directory instead. Update the test so
skip validating the filename, since it now includes a full path.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tidy up this tool a little:
- define which arguments are needed
- split the enum values out into a header file
- warn if no enum values are found
- display the dtc error if something goes wrong
- avoid a Python traceback on error
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for semihosting testing reading and writing a file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
pytest 7.3.2 treats the function name 'setup' as a fixture [1].
This leads to errors like:
TypeError: setup() missing 2 required positional arguments:
'disk_img' and 'osindications'
Rename setup() to capsule_setup().
[1] How to run tests written for nose
https://docs.pytest.org/en/7.3.x/how-to/nose.html
Fixes: 482ef90aeb ("test: efi_capsule: refactor efi_capsule test")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If test_cat and test_xxd cannot create the required file, the test will
be skipped, but this would result in an exception being raised in the
finally block because the file didn't exist to be cleaned up. This
caused the test to be marked as failed instead of skipped.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Docs describe 'make clean' to delete most generated files, 'make
mrproper' to delete current configuration and all generated files. This
test tries to assert it.
Idea is to search remaining files by patterns in copies of the initial
out-of-source build, which has two advantages:
- looking in an out-of-source build dir allows to tell generated source
code from committed source code
- copying is fast (compared to rebuilding each time) which allows to do
a "world clean"
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On arm64 the its we use to generate the test FIT image has
arch = "arm";
We should use "arm64" here which is mapped to IH_ARCH_ARM64 via
uimage_arch[].
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copy pasting the commands needed to start a TPM consisting
of:
- tpm init
- tpm startup TPM2_SU_CLEAR
- tpm2 self_test full
use the newly added 'autostart' which does the same thing and simplify
our python scripts
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This test covers the FMP versioning for both raw and FIT image,
and both signed and non-signed capsule update.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current efi capsule python tests have much code duplication.
This commit creates the common function
in test/py/tests/test_efi_capsule/capsule_common.py,
aim to reduce the code size and improve maintainability.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Test the IPv6 network discovery feature if indicated by boardenv file.
Signed-off-by: Ehsan Mohandesi <emohandesi@linux.microsoft.com>
Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Requires proper environment with DHCP6 server provisioned.
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
- Various typo fixes, pass -Werror to host tools builds, bdi cleanups,
fix hush and local variables, a FSL PCI fix and correct some python in
one of the tests.
This function uses the same base name as all the others in this file, so
it is not easy to run just that one test. Add a _base suffix so that it
can be run on its own.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add a test for the hush shell variable assignment and clear.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sometimes when doing tests on real hardware we sometimes run in to the
case where some of these mounts haven't been fully flushed. Using the
--lazy option with umount will allow us to continue while letting the OS
handle flushing the data out still.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We cannot use old_dtb in the finally block if it has not been assigned
before the try block.
test/py/tests/test_efi_fit.py:458:30:
E0601: Using variable 'old_dtb' before assignment (used-before-assignment)
Fixes: 8391f95549 ("test/py: Create a test for launching UEFI binaries from FIT images")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>