| Message ID | 20230715134533.2025893-12-sughosh.ganu@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | Integrate EFI capsule tasks into u-boot's build flow | expand |
Hi, On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > Support has been added to the mkeficapsule tool to generate capsules > by parsing the capsule parameters through a config file. Add a config > file for generating capsules. These capsules will be used for testing > the capsule update feature on sandbox platform. > > Enable generation of capsules through the config file on the sandbox > variant. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > Changes since V3: > * Use fstrings for format specifiers. > * Add entries for generating capsules with version parameter. > > .azure-pipelines.yml | 2 + > .gitlab-ci.yml | 2 + > configs/sandbox_defconfig | 2 + > test/py/conftest.py | 5 + > .../test_efi_capsule/sandbox_capsule_cfg.txt | 162 ++++++++++++++++++ > 5 files changed, 173 insertions(+) > create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml > index d732ba443d..240ee4f692 100644 > --- a/.azure-pipelines.yml > +++ b/.azure-pipelines.yml > @@ -403,6 +403,7 @@ stages: > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > @@ -600,6 +601,7 @@ stages: > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > index aec6ffaf1c..42456e5f3f 100644 > --- a/.gitlab-ci.yml > +++ b/.gitlab-ci.yml > @@ -42,6 +42,7 @@ stages: > - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > @@ -148,6 +149,7 @@ build all other platforms: > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig > index 560f3317d9..f3c09f845a 100644 > --- a/configs/sandbox_defconfig > +++ b/configs/sandbox_defconfig > @@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y > CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > CONFIG_EFI_CAPSULE_AUTHENTICATE=y > CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl" > +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt" > +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y > CONFIG_EFI_SECURE_BOOT=y > CONFIG_TEST_FDTDEC=y > CONFIG_UNIT_TEST=y > diff --git a/test/py/conftest.py b/test/py/conftest.py > index 1092cb713b..20b8dc1913 100644 > --- a/test/py/conftest.py > +++ b/test/py/conftest.py > @@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log): > f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) > run_command(name, cmd, source_dir) > > + capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt' You can use cons.config.build_dir as your working directory. > + name = 'cp' > + cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' ) > + run_command(name, cmd, source_dir) > + > gen_capsule_payloads(capsule_sig_dir) > > def run_build(config, source_dir, build_dir, board_type, log): > diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > new file mode 100644 > index 0000000000..82d538dfb5 > --- /dev/null > +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > @@ -0,0 +1,162 @@ > +{ > + image-index: 1 > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 What are these? Can you at least given them a name and a description? We don't want to have GUIDs in the source code open-coded like this as they have no useful meaning. > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test01 > +} > +{ > + image-index: 2 > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > + payload: /tmp/capsules/u-boot.env.new > + capsule: /tmp/capsules/Test02 > +} > +{ > + image-index: 1 > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test03 > + > +} > +{ > + image-index: 1 > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test04 > + > +} > +{ > + image-index: 1 > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test05 > + > +} > +{ > + image-index: 1 > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test05 > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test11 > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER2.key > + pub-key-cert: /tmp/capsules/SIGNER2.crt > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test12 > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test13 > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER2.key > + pub-key-cert: /tmp/capsules/SIGNER2.crt > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test14 > +} > +{ > + image-index: 1 > + fw-version: 5 > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test101 > +} > +{ > + image-index: 2 > + fw-version: 10 > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > + payload: /tmp/capsules/u-boot.env.new > + capsule: /tmp/capsules/Test102 > +} > +{ > + image-index: 1 > + fw-version: 2 > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test103 > + > +} > +{ > + image-index: 1 > + fw-version: 5 > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test104 > +} > +{ > + image-index: 1 > + fw-version: 2 > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test105 > + > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + fw-version: 5 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test111 > +} > +{ > + image-index: 2 > + monotonic-count: 1 > + fw-version: 10 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > + payload: /tmp/capsules/u-boot.env.new > + capsule: /tmp/capsules/Test112 > +} > +{ > + image-index: 1 > + monotonic-count: 1 > + fw-version: 2 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > + payload: /tmp/capsules/u-boot.bin.new > + capsule: /tmp/capsules/Test113 > +} > +{ > + image-index: 1 > + fw-version: 5 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test114 > +} > +{ > + image-index: 1 > + fw-version: 2 > + monotonic-count: 1 > + private-key: /tmp/capsules/SIGNER.key > + pub-key-cert: /tmp/capsules/SIGNER.crt > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > + payload: /tmp/capsules/uboot_bin_env.itb > + capsule: /tmp/capsules/Test115 > +} > -- > 2.34.1 > Regards, Simon
hi Simon, On Sun, 16 Jul 2023 at 05:12, Simon Glass <sjg@chromium.org> wrote: > > Hi, > > On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > > > Support has been added to the mkeficapsule tool to generate capsules > > by parsing the capsule parameters through a config file. Add a config > > file for generating capsules. These capsules will be used for testing > > the capsule update feature on sandbox platform. > > > > Enable generation of capsules through the config file on the sandbox > > variant. > > > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > > --- > > Changes since V3: > > * Use fstrings for format specifiers. > > * Add entries for generating capsules with version parameter. > > > > .azure-pipelines.yml | 2 + > > .gitlab-ci.yml | 2 + > > configs/sandbox_defconfig | 2 + > > test/py/conftest.py | 5 + > > .../test_efi_capsule/sandbox_capsule_cfg.txt | 162 ++++++++++++++++++ > > 5 files changed, 173 insertions(+) > > create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > > > > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml > > index d732ba443d..240ee4f692 100644 > > --- a/.azure-pipelines.yml > > +++ b/.azure-pipelines.yml > > @@ -403,6 +403,7 @@ stages: > > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > > @@ -600,6 +601,7 @@ stages: > > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > > index aec6ffaf1c..42456e5f3f 100644 > > --- a/.gitlab-ci.yml > > +++ b/.gitlab-ci.yml > > @@ -42,6 +42,7 @@ stages: > > - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > > @@ -148,6 +149,7 @@ build all other platforms: > > echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; > > > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; > > openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; > > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig > > index 560f3317d9..f3c09f845a 100644 > > --- a/configs/sandbox_defconfig > > +++ b/configs/sandbox_defconfig > > @@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y > > CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > > CONFIG_EFI_CAPSULE_AUTHENTICATE=y > > CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl" > > +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt" > > +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y > > CONFIG_EFI_SECURE_BOOT=y > > CONFIG_TEST_FDTDEC=y > > CONFIG_UNIT_TEST=y > > diff --git a/test/py/conftest.py b/test/py/conftest.py > > index 1092cb713b..20b8dc1913 100644 > > --- a/test/py/conftest.py > > +++ b/test/py/conftest.py > > @@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log): > > f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) > > run_command(name, cmd, source_dir) > > > > + capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt' > > You can use cons.config.build_dir as your working directory. Sorry, I did not get this comment. This file is in the source directory, and does not get reflected in the build_dir. Which is why this needs to be copied to a known location(/tmp/capsules/). > > > + name = 'cp' > > + cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' ) > > + run_command(name, cmd, source_dir) > > + > > gen_capsule_payloads(capsule_sig_dir) > > > > def run_build(config, source_dir, build_dir, board_type, log): > > diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > > new file mode 100644 > > index 0000000000..82d538dfb5 > > --- /dev/null > > +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt > > @@ -0,0 +1,162 @@ > > +{ > > + image-index: 1 > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > What are these? Can you at least given them a name and a description? > We don't want to have GUIDs in the source code open-coded like this as > they have no useful meaning. I will add a comment against the GUID values. -sughosh > > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test01 > > +} > > +{ > > + image-index: 2 > > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > > + payload: /tmp/capsules/u-boot.env.new > > + capsule: /tmp/capsules/Test02 > > +} > > +{ > > + image-index: 1 > > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test03 > > + > > +} > > +{ > > + image-index: 1 > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test04 > > + > > +} > > +{ > > + image-index: 1 > > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test05 > > + > > +} > > +{ > > + image-index: 1 > > + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test05 > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test11 > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER2.key > > + pub-key-cert: /tmp/capsules/SIGNER2.crt > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test12 > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test13 > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER2.key > > + pub-key-cert: /tmp/capsules/SIGNER2.crt > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test14 > > +} > > +{ > > + image-index: 1 > > + fw-version: 5 > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test101 > > +} > > +{ > > + image-index: 2 > > + fw-version: 10 > > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > > + payload: /tmp/capsules/u-boot.env.new > > + capsule: /tmp/capsules/Test102 > > +} > > +{ > > + image-index: 1 > > + fw-version: 2 > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test103 > > + > > +} > > +{ > > + image-index: 1 > > + fw-version: 5 > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test104 > > +} > > +{ > > + image-index: 1 > > + fw-version: 2 > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test105 > > + > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + fw-version: 5 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test111 > > +} > > +{ > > + image-index: 2 > > + monotonic-count: 1 > > + fw-version: 10 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 > > + payload: /tmp/capsules/u-boot.env.new > > + capsule: /tmp/capsules/Test112 > > +} > > +{ > > + image-index: 1 > > + monotonic-count: 1 > > + fw-version: 2 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 > > + payload: /tmp/capsules/u-boot.bin.new > > + capsule: /tmp/capsules/Test113 > > +} > > +{ > > + image-index: 1 > > + fw-version: 5 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test114 > > +} > > +{ > > + image-index: 1 > > + fw-version: 2 > > + monotonic-count: 1 > > + private-key: /tmp/capsules/SIGNER.key > > + pub-key-cert: /tmp/capsules/SIGNER.crt > > + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 > > + payload: /tmp/capsules/uboot_bin_env.itb > > + capsule: /tmp/capsules/Test115 > > +} > > -- > > 2.34.1 > > > > Regards, > Simon
diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index d732ba443d..240ee4f692 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -403,6 +403,7 @@ stages: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; @@ -600,6 +601,7 @@ stages: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aec6ffaf1c..42456e5f3f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,6 +42,7 @@ stages: - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; @@ -148,6 +149,7 @@ build all other platforms: echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 560f3317d9..f3c09f845a 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -341,6 +341,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_CAPSULE_AUTHENTICATE=y CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl" +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt" +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y diff --git a/test/py/conftest.py b/test/py/conftest.py index 1092cb713b..20b8dc1913 100644 --- a/test/py/conftest.py +++ b/test/py/conftest.py @@ -158,6 +158,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log): f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) run_command(name, cmd, source_dir) + capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt' + name = 'cp' + cmd = ( f'cp {capsule_cfg_file} {capsule_sig_dir}' ) + run_command(name, cmd, source_dir) + gen_capsule_payloads(capsule_sig_dir) def run_build(config, source_dir, build_dir, board_type, log): diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt new file mode 100644 index 0000000000..82d538dfb5 --- /dev/null +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt @@ -0,0 +1,162 @@ +{ + image-index: 1 + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test01 +} +{ + image-index: 2 + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 + payload: /tmp/capsules/u-boot.env.new + capsule: /tmp/capsules/Test02 +} +{ + image-index: 1 + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test03 + +} +{ + image-index: 1 + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test04 + +} +{ + image-index: 1 + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test05 + +} +{ + image-index: 1 + image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test05 +} +{ + image-index: 1 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test11 +} +{ + image-index: 1 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER2.key + pub-key-cert: /tmp/capsules/SIGNER2.crt + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test12 +} +{ + image-index: 1 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test13 +} +{ + image-index: 1 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER2.key + pub-key-cert: /tmp/capsules/SIGNER2.crt + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test14 +} +{ + image-index: 1 + fw-version: 5 + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test101 +} +{ + image-index: 2 + fw-version: 10 + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 + payload: /tmp/capsules/u-boot.env.new + capsule: /tmp/capsules/Test102 +} +{ + image-index: 1 + fw-version: 2 + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test103 + +} +{ + image-index: 1 + fw-version: 5 + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test104 +} +{ + image-index: 1 + fw-version: 2 + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test105 + +} +{ + image-index: 1 + monotonic-count: 1 + fw-version: 5 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test111 +} +{ + image-index: 2 + monotonic-count: 1 + fw-version: 10 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0 + payload: /tmp/capsules/u-boot.env.new + capsule: /tmp/capsules/Test112 +} +{ + image-index: 1 + monotonic-count: 1 + fw-version: 2 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8 + payload: /tmp/capsules/u-boot.bin.new + capsule: /tmp/capsules/Test113 +} +{ + image-index: 1 + fw-version: 5 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test114 +} +{ + image-index: 1 + fw-version: 2 + monotonic-count: 1 + private-key: /tmp/capsules/SIGNER.key + pub-key-cert: /tmp/capsules/SIGNER.crt + image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937 + payload: /tmp/capsules/uboot_bin_env.itb + capsule: /tmp/capsules/Test115 +}
Support has been added to the mkeficapsule tool to generate capsules by parsing the capsule parameters through a config file. Add a config file for generating capsules. These capsules will be used for testing the capsule update feature on sandbox platform. Enable generation of capsules through the config file on the sandbox variant. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V3: * Use fstrings for format specifiers. * Add entries for generating capsules with version parameter. .azure-pipelines.yml | 2 + .gitlab-ci.yml | 2 + configs/sandbox_defconfig | 2 + test/py/conftest.py | 5 + .../test_efi_capsule/sandbox_capsule_cfg.txt | 162 ++++++++++++++++++ 5 files changed, 173 insertions(+) create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt