| Message ID | 20230323110906.23783-6-masahisa.kojima@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | FMP versioning support | expand |
On Thu, 23 Mar 2023 at 13:09, Masahisa Kojima <masahisa.kojima@linaro.org> wrote: > > This test covers FMP versioning for both raw and FIT image, > and both signed and non-signed capsule update. > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > --- > Newly created in v4 > > test/py/tests/test_efi_capsule/conftest.py | 58 +++++ > .../test_capsule_firmware_fit.py | 187 ++++++++++++++++ > .../test_capsule_firmware_raw.py | 199 ++++++++++++++++++ > .../test_capsule_firmware_signed_fit.py | 159 ++++++++++++++ > .../test_capsule_firmware_signed_raw.py | 169 +++++++++++++++ > 5 files changed, 772 insertions(+) > > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py > index 4879f2b5c2..b7332de844 100644 > --- a/test/py/tests/test_efi_capsule/conftest.py > +++ b/test/py/tests/test_efi_capsule/conftest.py > @@ -95,6 +95,26 @@ def efi_capsule_data(request, u_boot_config): > check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % > (data_dir, u_boot_config.build_dir), > shell=True) > + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 --lsv 3 ' > + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % > + (data_dir, u_boot_config.build_dir), > + shell=True) > + check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 --lsv 7 ' > + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % > + (data_dir, u_boot_config.build_dir), > + shell=True) > + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 --lsv 1 ' > + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % > + (data_dir, u_boot_config.build_dir), > + shell=True) > + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 --lsv 3 ' > + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % > + (data_dir, u_boot_config.build_dir), > + shell=True) > + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 --lsv 1 ' > + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % > + (data_dir, u_boot_config.build_dir), > + shell=True) > > if capsule_auth_enabled: > # raw firmware signed with proper key > @@ -131,6 +151,44 @@ def efi_capsule_data(request, u_boot_config): > 'uboot_bin_env.itb Test14' > % (data_dir, u_boot_config.build_dir), > shell=True) > + # raw firmware signed with proper key with version information > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > + '--fw-version 5 --lsv 3 ' > + '--private-key SIGNER.key --certificate SIGNER.crt ' > + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' > + 'u-boot.bin.new Test111' > + % (data_dir, u_boot_config.build_dir), > + shell=True) > + # raw firmware signed with *mal* key with version information > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > + '--fw-version 8 --lsv 3 ' > + '--private-key SIGNER2.key ' > + '--certificate SIGNER2.crt ' > + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' > + 'u-boot.bin.new Test112' > + % (data_dir, u_boot_config.build_dir), > + shell=True) > + # FIT firmware signed with proper key with version information > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > + '--fw-version 5 --lsv 3 ' > + '--private-key SIGNER.key --certificate SIGNER.crt ' > + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' > + 'uboot_bin_env.itb Test113' > + % (data_dir, u_boot_config.build_dir), > + shell=True) > + # FIT firmware signed with *mal* key with version information > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > + '--fw-version 8 --lsv 3 ' > + '--private-key SIGNER2.key ' > + '--certificate SIGNER2.crt ' > + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' > + 'uboot_bin_env.itb Test114' > + % (data_dir, u_boot_config.build_dir), > + shell=True) > > # Create a disk image with EFI system partition > check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py > index d28b53a1a1..881fe233ec 100644 > --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py > @@ -189,3 +189,190 @@ class TestEfiCapsuleFirmwareFit(object): > assert 'u-boot-env:Old' in ''.join(output) > else: > assert 'u-boot-env:New' in ''.join(output) > + > + def test_efi_capsule_fw3( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 3 - Update U-Boot and U-Boot environment on SPI Flash with version information > + 0x100000-0x150000: U-Boot binary (but dummy) > + 0x150000-0x200000: U-Boot environment (but dummy) > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 3-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize contents > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 150000 10', > + 'sf read 5000000 150000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test104' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test104 $filesize' % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test104' in ''.join(output) > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + capsule_auth = u_boot_config.buildconfig.get( > + 'config_efi_capsule_authenticate') > + > + # reboot > + u_boot_console.restart_uboot(expect_reset = capsule_early) > + > + with u_boot_console.log.section('Test Case 3-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test104' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test104' not in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + if capsule_auth: > + assert 'u-boot:Old' in ''.join(output) > + else: > + assert 'u-boot:New' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf read 4000000 150000 10', > + 'md.b 4000000 10']) > + if capsule_auth: > + assert 'u-boot-env:Old' in ''.join(output) > + else: > + assert 'u-boot-env:New' in ''.join(output) > + > + # make sure the dfu_alt_info exists because it is required for making ESRT. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'efidebug capsule esrt']) > + > + if capsule_auth: > + assert 'ESRT: fw_version=5' not in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' not in ''.join(output) > + else: > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) > + > + def test_efi_capsule_fw4( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 4 - Update U-Boot and U-Boot environment on SPI Flash with version information > + but fw_version is lower than lowest_supported_version > + No update should happen > + 0x100000-0x150000: U-Boot binary (but dummy) > + 0x150000-0x200000: U-Boot environment (but dummy) > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 4-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize contents > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 150000 10', > + 'sf read 5000000 150000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test105' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test105 $filesize' % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test105' in ''.join(output) > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + capsule_auth = u_boot_config.buildconfig.get( > + 'config_efi_capsule_authenticate') > + > + # reboot > + u_boot_console.restart_uboot(expect_reset = capsule_early) > + > + with u_boot_console.log.section('Test Case 4-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test105' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test105' not in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf read 4000000 150000 10', > + 'md.b 4000000 10']) > + assert 'u-boot-env:Old' in ''.join(output) > + > + # make sure the dfu_alt_info exists because it is required for making ESRT. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'efidebug capsule esrt']) > + > + if not capsule_auth: > + assert 'ESRT: last_attempt_version=2' in ''.join(output) > + assert 'ESRT: last_attempt_status=incorrect version' in ''.join(output) > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py > index 92bfb14932..bb60065343 100644 > --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py > @@ -292,3 +292,202 @@ class TestEfiCapsuleFirmwareRaw: > assert 'u-boot-env:Old' in ''.join(output) > else: > assert 'u-boot-env:New' in ''.join(output) > + > + def test_efi_capsule_fw4( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ Test Case 4 > + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version > + 0x100000-0x150000: U-Boot binary (but dummy) > + 0x150000-0x200000: U-Boot environment (but dummy) > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 4-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize contents > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 150000 10', > + 'sf read 5000000 150000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place the capsule files > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test101' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test101 $filesize' % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test101' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test102' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test102 $filesize' % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test102' in ''.join(output) > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + capsule_auth = u_boot_config.buildconfig.get( > + 'config_efi_capsule_authenticate') > + > + # reboot > + u_boot_console.restart_uboot(expect_reset = capsule_early) > + > + with u_boot_console.log.section('Test Case 4-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test101' in ''.join(output) > + assert 'Test102' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test101' not in ''.join(output) > + assert 'Test102' not in ''.join(output) > + > + # make sure the dfu_alt_info exists because it is required for making ESRT. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'efidebug capsule esrt']) > + > + if capsule_auth: > + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. > + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) > + assert 'ESRT: fw_version=5' not in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' not in ''.join(output) > + > + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. > + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) > + assert 'ESRT: fw_version=10' not in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=7' not in ''.join(output) > + else: > + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. > + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) > + > + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. > + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) > + assert 'ESRT: fw_version=10' in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + if capsule_auth: > + assert 'u-boot:Old' in ''.join(output) > + else: > + assert 'u-boot:New' in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 150000 10', > + 'md.b 4000000 10']) > + if capsule_auth: > + assert 'u-boot-env:Old' in ''.join(output) > + else: > + assert 'u-boot-env:New' in ''.join(output) > + > + def test_efi_capsule_fw5( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ Test Case 5 > + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version > + but fw_version is lower than lowest_supported_version > + No update should happen > + 0x100000-0x150000: U-Boot binary (but dummy) > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 5-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize contents > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place the capsule files > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test103' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test103 $filesize' % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test103' in ''.join(output) > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + capsule_auth = u_boot_config.buildconfig.get( > + 'config_efi_capsule_authenticate') > + > + # reboot > + u_boot_console.restart_uboot(expect_reset = capsule_early) > + > + with u_boot_console.log.section('Test Case 5-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test103' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test103' not in ''.join(output) > + > + # make sure the dfu_alt_info exists because it is required for making ESRT. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', > + 'efidebug capsule esrt']) > + > + if not capsule_auth: > + assert 'ESRT: last_attempt_version=2' in ''.join(output) > + assert 'ESRT: last_attempt_status=incorrect version' in ''.join(output) > + > + # make sure capsule update failed > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output) > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py > index 8c2d616fd0..cf2a2c7ba6 100644 > --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py > @@ -257,3 +257,162 @@ class TestEfiCapsuleFirmwareSignedFit(object): > 'sf read 4000000 100000 10', > 'md.b 4000000 10']) > assert 'u-boot:Old' in ''.join(output) > + > + def test_efi_capsule_auth4( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 4 - Update U-Boot on SPI Flash, FIT image format > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is properly signed with version information, > + the authentication should pass and the firmware be updated. > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 4-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test113' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test113 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test113' in ''.join(output) > + > + # reboot > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 4-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test113' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test113' not in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:New' in ''.join(output) > + > + output = u_boot_console.run_command('efidebug capsule esrt') > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) > + > + def test_efi_capsule_auth5( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 5 - Update U-Boot on SPI Flash, FIT image format > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is properly signed with version information, > + the authentication should pass and the firmware be updated. > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 5-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test114' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test114 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test114' in ''.join(output) > + > + # reboot > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 5-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test114' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test114' not in ''.join(output) > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output) > + > + output = u_boot_console.run_command('efidebug capsule esrt') > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: last_attempt_version=8' in ''.join(output) > + assert 'ESRT: last_attempt_status=auth error' in ''.join(output) > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py > index 2bbaa9cc55..631e78b1f1 100644 > --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py > @@ -254,3 +254,172 @@ class TestEfiCapsuleFirmwareSignedRaw(object): > 'sf read 4000000 100000 10', > 'md.b 4000000 10']) > assert 'u-boot:Old' in ''.join(output) > + > + def test_efi_capsule_auth4( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is properly signed, the authentication > + should pass and the firmware be updated. > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 4-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + > + output = u_boot_console.run_command('efidebug capsule esrt') > + > + > + > + # initialize content > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test111' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test111 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test111' in ''.join(output) > + > + # reboot > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 4-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test111' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test111' not in ''.join(output) > + > + # TODO: check CapsuleStatus in CapsuleXXXX > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:New' in ''.join(output) > + > + output = u_boot_console.run_command('efidebug capsule esrt') > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) > + > + def test_efi_capsule_auth5( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is signed but with an invalid key, > + the authentication should fail and the firmware > + not be updated. > + """ > + disk_img = efi_capsule_data > + with u_boot_console.log.section('Test Case 5-a, before reboot'): > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'printenv -e PlatformLangCodes', # workaround for terminal size determination > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output = u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test112' % CAPSULE_DATA_DIR, > + 'fatwrite host 0:1 4000000 %s/Test112 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test112' in ''.join(output) > + > + # reboot > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early = u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 5-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent variables > + # are not available. > + output = u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=u-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test112' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output = u_boot_console.run_command( > + 'env print -e Capsule0000', wait_for_reboot = True) > + > + output = u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test112' not in ''.join(output) > + > + # TODO: check CapsuleStatus in CapsuleXXXX > + > + output = u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output) > + > + output = u_boot_console.run_command('efidebug capsule esrt') > + assert 'ESRT: fw_version=5' in ''.join(output) > + assert 'ESRT: last_attempt_version=8' in ''.join(output) > + assert 'ESRT: last_attempt_status=auth error' in ''.join(output) > -- > 2.17.1 > Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 4879f2b5c2..b7332de844 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -95,6 +95,26 @@ def efi_capsule_data(request, u_boot_config): check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' % (data_dir, u_boot_config.build_dir), shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 --lsv 3 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 --lsv 7 ' + '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 --lsv 1 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 --lsv 3 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' % + (data_dir, u_boot_config.build_dir), + shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 --lsv 1 ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % + (data_dir, u_boot_config.build_dir), + shell=True) if capsule_auth_enabled: # raw firmware signed with proper key @@ -131,6 +151,44 @@ def efi_capsule_data(request, u_boot_config): 'uboot_bin_env.itb Test14' % (data_dir, u_boot_config.build_dir), shell=True) + # raw firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 --lsv 3 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test111' + % (data_dir, u_boot_config.build_dir), + shell=True) + # raw firmware signed with *mal* key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 8 --lsv 3 ' + '--private-key SIGNER2.key ' + '--certificate SIGNER2.crt ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 ' + 'u-boot.bin.new Test112' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with proper key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 5 --lsv 3 ' + '--private-key SIGNER.key --certificate SIGNER.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test113' + % (data_dir, u_boot_config.build_dir), + shell=True) + # FIT firmware signed with *mal* key with version information + check_call('cd %s; ' + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' + '--fw-version 8 --lsv 3 ' + '--private-key SIGNER2.key ' + '--certificate SIGNER2.crt ' + '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 ' + 'uboot_bin_env.itb Test114' + % (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py index d28b53a1a1..881fe233ec 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py @@ -189,3 +189,190 @@ class TestEfiCapsuleFirmwareFit(object): assert 'u-boot-env:Old' in ''.join(output) else: assert 'u-boot-env:New' in ''.join(output) + + def test_efi_capsule_fw3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 3 - Update U-Boot and U-Boot environment on SPI Flash with version information + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 3-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize contents + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 150000 10', + 'sf read 5000000 150000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test104' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test104 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test104' in ''.join(output) + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + + # reboot + u_boot_console.restart_uboot(expect_reset = capsule_early) + + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test104' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test104' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + if capsule_auth: + assert 'u-boot:Old' in ''.join(output) + else: + assert 'u-boot:New' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf read 4000000 150000 10', + 'md.b 4000000 10']) + if capsule_auth: + assert 'u-boot-env:Old' in ''.join(output) + else: + assert 'u-boot-env:New' in ''.join(output) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + assert 'ESRT: fw_version=5' not in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' not in ''.join(output) + else: + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 4 - Update U-Boot and U-Boot environment on SPI Flash with version information + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 4-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize contents + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 150000 10', + 'sf read 5000000 150000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test105' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test105 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test105' in ''.join(output) + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + + # reboot + u_boot_console.restart_uboot(expect_reset = capsule_early) + + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test105' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test105' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf read 4000000 150000 10', + 'md.b 4000000 10']) + assert 'u-boot-env:Old' in ''.join(output) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if not capsule_auth: + assert 'ESRT: last_attempt_version=2' in ''.join(output) + assert 'ESRT: last_attempt_status=incorrect version' in ''.join(output) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index 92bfb14932..bb60065343 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -292,3 +292,202 @@ class TestEfiCapsuleFirmwareRaw: assert 'u-boot-env:Old' in ''.join(output) else: assert 'u-boot-env:New' in ''.join(output) + + def test_efi_capsule_fw4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 4-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize contents + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.env.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 150000 10', + 'sf read 5000000 150000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place the capsule files + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test101' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test101 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test101' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test102' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test102 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test102' in ''.join(output) + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + + # reboot + u_boot_console.restart_uboot(expect_reset = capsule_early) + + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test101' in ''.join(output) + assert 'Test102' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test101' not in ''.join(output) + assert 'Test102' not in ''.join(output) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if capsule_auth: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' not in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' not in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' not in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' not in ''.join(output) + else: + # ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT. + assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output) + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + # ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT. + assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output) + assert 'ESRT: fw_version=10' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + if capsule_auth: + assert 'u-boot:Old' in ''.join(output) + else: + assert 'u-boot:New' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 150000 10', + 'md.b 4000000 10']) + if capsule_auth: + assert 'u-boot-env:Old' in ''.join(output) + else: + assert 'u-boot-env:New' in ''.join(output) + + def test_efi_capsule_fw5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 5 + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + but fw_version is lower than lowest_supported_version + No update should happen + 0x100000-0x150000: U-Boot binary (but dummy) + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 5-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi -s ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize contents + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place the capsule files + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test103' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test103 $filesize' % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test103' in ''.join(output) + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + capsule_auth = u_boot_config.buildconfig.get( + 'config_efi_capsule_authenticate') + + # reboot + u_boot_console.restart_uboot(expect_reset = capsule_early) + + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test103' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test103' not in ''.join(output) + + # make sure the dfu_alt_info exists because it is required for making ESRT. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;u-boot-env raw 0x150000 0x200000"', + 'efidebug capsule esrt']) + + if not capsule_auth: + assert 'ESRT: last_attempt_version=2' in ''.join(output) + assert 'ESRT: last_attempt_status=incorrect version' in ''.join(output) + + # make sure capsule update failed + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index 8c2d616fd0..cf2a2c7ba6 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -257,3 +257,162 @@ class TestEfiCapsuleFirmwareSignedFit(object): 'sf read 4000000 100000 10', 'md.b 4000000 10']) assert 'u-boot:Old' in ''.join(output) + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 4 - Update U-Boot on SPI Flash, FIT image format + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed with version information, + the authentication should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 4-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' + % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test113' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test113 $filesize' + % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test113' in ''.join(output) + + # reboot + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/test_sig.dtb' + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test113' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test113' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:New' in ''.join(output) + + output = u_boot_console.run_command('efidebug capsule esrt') + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 5 - Update U-Boot on SPI Flash, FIT image format + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed with version information, + the authentication should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 5-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' + % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test114' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test114 $filesize' + % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test114' in ''.join(output) + + # reboot + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/test_sig.dtb' + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test114' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test114' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) + + output = u_boot_console.run_command('efidebug capsule esrt') + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: last_attempt_version=8' in ''.join(output) + assert 'ESRT: last_attempt_status=auth error' in ''.join(output) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 2bbaa9cc55..631e78b1f1 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -254,3 +254,172 @@ class TestEfiCapsuleFirmwareSignedRaw(object): 'sf read 4000000 100000 10', 'md.b 4000000 10']) assert 'u-boot:Old' in ''.join(output) + + def test_efi_capsule_auth4( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 4-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + + output = u_boot_console.run_command('efidebug capsule esrt') + + + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' + % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test111' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test111 $filesize' + % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test111' in ''.join(output) + + # reboot + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/test_sig.dtb' + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 4-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test111' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test111' not in ''.join(output) + + # TODO: check CapsuleStatus in CapsuleXXXX + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:New' in ''.join(output) + + output = u_boot_console.run_command('efidebug capsule esrt') + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output) + + def test_efi_capsule_auth5( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is signed but with an invalid key, + the authentication should fail and the firmware + not be updated. + """ + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 5-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'env save']) + + # initialize content + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'fatload host 0:1 4000000 %s/u-boot.bin.old' + % CAPSULE_DATA_DIR, + 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', + 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # place a capsule file + output = u_boot_console.run_command_list([ + 'fatload host 0:1 4000000 %s/Test112' % CAPSULE_DATA_DIR, + 'fatwrite host 0:1 4000000 %s/Test112 $filesize' + % CAPSULE_INSTALL_DIR, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test112' in ''.join(output) + + # reboot + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ + + '/test_sig.dtb' + u_boot_console.restart_uboot() + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 5-b, after reboot'): + if not capsule_early: + # make sure that dfu_alt_info exists even persistent variables + # are not available. + output = u_boot_console.run_command_list([ + 'env set dfu_alt_info ' + '"sf 0:0=u-boot-bin raw 0x100000 ' + '0x50000;u-boot-env raw 0x150000 0x200000"', + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test112' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e Capsule0000', wait_for_reboot = True) + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test112' not in ''.join(output) + + # TODO: check CapsuleStatus in CapsuleXXXX + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:Old' in ''.join(output) + + output = u_boot_console.run_command('efidebug capsule esrt') + assert 'ESRT: fw_version=5' in ''.join(output) + assert 'ESRT: last_attempt_version=8' in ''.join(output) + assert 'ESRT: last_attempt_status=auth error' in ''.join(output)
This test covers FMP versioning for both raw and FIT image, and both signed and non-signed capsule update. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> --- Newly created in v4 test/py/tests/test_efi_capsule/conftest.py | 58 +++++ .../test_capsule_firmware_fit.py | 187 ++++++++++++++++ .../test_capsule_firmware_raw.py | 199 ++++++++++++++++++ .../test_capsule_firmware_signed_fit.py | 159 ++++++++++++++ .../test_capsule_firmware_signed_raw.py | 169 +++++++++++++++ 5 files changed, 772 insertions(+)