Tidy this up so that pylint is happy. Use hex for the 1MB size and make
sure it is not a floating-point value.
Add a little main program to allow the code to be tried out, since at
present is only called from a long-running test.
Signed-off-by: Simon Glass <sjg@chromium.org>
'cert-to-efi-hash-list -t 0' does not work as expected, it produces
indeterminate timestamp.
$ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-113-0 00:00:255
If we need the CRL revoked for all the time, just don't specify
'-t' option.
$ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl
TimeOfRevocation is 0-0-0 00:00:00
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use a manual test for the VBE test, so we can make the pytest and the
C unit test work together properly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The vbe_fixup file handles device tree fixups, but these are called OS
requests in VBE. Rename the file to reflect its wider purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we normally write tests either in Python or in C. But most
Python tests end up doing a lot of checks which would be better done in C.
Checks done in C are orders of magnitude faster and it is possible to get
full access to U-Boot's internal workings, rather than just relying on
the command line.
The model is to have a Python test set up some things and then use C code
(in a unit test) to check that they were done correctly. But we don't want
those checks to happen as part of normal test running, since each C unit
tests is dependent on the associate Python tests, so cannot run without
it.
To acheive this, add a new UT_TESTF_MANUAL flag to use with the C 'check'
tests, so that they can be skipped by default when the 'ut' command is
used. Require that tests have a name ending with '_norun', so that pytest
knows to skip them.
Signed-off-by: Simon Glass <sjg@chromium.org>
This path does not seem to be present in clang-14 for some reason. Relax
the regular expression so that the test works, at least for non-LTO.
Signed-off-by: Simon Glass <sjg@chromium.org>
The version used on Ubuntu 2022.04 produces a number of warnings:
/usr/lib/python3/dist-packages/pkg_resources/__init__.py:116:
PkgResourcesDeprecationWarning: 1.16.0-unknown is an invalid version
and will not be supported in a future release
Same with: 0.1.43ubuntu1 11.4.1ubuntu1 2.22.1ubuntu1 1.1build1
According to [1] this is a bug in setuptools. Employ the workaround for
now.
[1] https://askubuntu.com/questions/1406952/what-is-the-meaning-of-this-
pkgresourcesdeprecationwarning-warning-from-pipenv
Signed-off-by: Simon Glass <sjg@chromium.org>
When a FIT includes some OS requests, U-Boot should process these and add
the requested info to corresponding subnodes of the /chosen node. Add a
pytest for this, which sets up the FIT, runs bootm and then uses a C
unit test to check that everything looks OK.
The test needs to run on sandbox_flattree since we don't support
device tree fixups on sandbox (live tree) yet. So enable BOOTMETH_VBE and
disable bootflow_system(), since EFI is not supported on
sandbox_flattree.
Add a link to the initial documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
As a starting point, add support for providing random data, if requested
by the OS. Also add ASLR, as a placeholder for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
(fixed up to use uclass_first_device_err() instead)
To avoid duplicating code, create a new fit_util module which provides
various utility functions for FIT. Move this code out from the existing
test_fit.py and refactor it with addition parameters.
Fix up pylint warnings in the conversion.
This involves no functional change.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add xxd command to print file content as hexdump to standard out
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Roger Knecht <rknecht@pm.me>
Add a simple uclass test for SCSI. It reads the partition table from a
disk image and checks that it looks correct.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for the eficonfig command.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present when -n is used, all workers try to build U-Boot at once.
Add a lock to ensure that only one of them builds, with the others using
the build that is produced.
The lock file is removed on startup.
Signed-off-by: Simon Glass <sjg@chromium.org>
This assumes that the GPIO starts as 0 but it does not if
test_gpio_input() ran first and test_gpio_exit_statuses() was skipped.
This can happen when running tests in parallel.
Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
This test seems to interfere with the other test in this file. Mark it
single-threaded to avoid any problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present test_pinmux_status() assumes that test_pinmux_dev() has run
beforehand. Drop this assumption so we can run the tests in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
- We now have a new enough sbsigntools in the distro, stop building.
- Use the 20220801 tag for Jammy.
- Move to pygit2 1.9.2 (current version) as the old one doesn't build on
"Jammy".
- Add the working directory to the list of safe directories for git.
- Move to pytest 6.2.5 to address other issues.
- This move exposed a number of minor issues in the existing scripts we
used within CI to perform the jobs themselves. The most notable changes
here involve using 'set +e / set -e' to enforce when we should or should
not make non-zero buildman status be a fatal error.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for VBE simple, which permits firmware update of a single
image stored in MMC or another block device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is a confusing array of functions that handle the
device tree fix-ups needed for booting an OS. We should be able to switch
to using events to clean this up.
As a first step, create a new event type and call it from the standard
place.
Note that this event uses the ofnode interface only, since this can
support live tree which is more efficient when making lots of updates.
Signed-off-by: Simon Glass <sjg@chromium.org>
The macros in this file are a little confusing and we currently have no
tests to check that they work as expected.
Add some tests which check the macros in C code. Add a few tests which
check that the build errors are generated correctly too, using buildman's
-a option.
Signed-off-by: Simon Glass <sjg@chromium.org>
The UEFI console initialisation has been modified by commit 68edbed454
("efi_loader: initialize console size late"). A corresponding workaround is
now necessary for the automated tests, as added to some of the tests
already by commit e05bd68ed5 ("test: work around for EFI terminal size
probing").
Add the same workaround to the UEFI authenticated capsules tests to repair
them.
This can be tested with sandbox_defconfig, sandbox64_defconfig or
sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
* Use spaces not tabs
* Limit lines to 100 spaces
* Remove an unused import
* Sort imports correctly
* Add a module description
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The stack protector test intentionally overflows a buffer in order to
corrupt the stack canary so that it can test that the corruption is
detected as expected. However, this is incompatible with ASAN, which
detects the buffer overflow and interrupts the test, so disable the test
for such configurations.
Signed-off-by: Andrew Scull <ascull@google.com>
When the UEFI sub-system is initialized it sends an escape sequence to the
serial console to determine the terminal size. This stops the
run_command_list() function of the console emulation from recognizing the
U-Boot command line prompt.
Add a 'print -e' command as first command in the command list to work
around this issue.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add support for the authentication of UEFI capsules containing FIT images.
The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.
The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.
This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair the python tests for authenticated EFI capsules, which can be run
with sandbox_defconfig plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.
- Account for the reset changes done by commit 3e6f810006 ("efi_loader:
test/py: Reset system after capsule update on disk").
- Fix the capsule GUID typo introduced by commit 2e9c3c6965 ("test:
capsule: Modify the capsule tests to use GUID values for sandbox").
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Changing the console timeout to 500 ms without restoring the original value
leads to failures in other tests. As the console timeout change is not
necessary for the text input protocol tests remove it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the bootmenu unit test the console timeout is set to 500 ms.
Other tests rely on the original timeout. Ensure that the original value
is restored.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>