From patchwork Fri Feb 4 07:32:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 539861 Delivered-To: patch@linaro.org Received: by 2002:ac0:f7d2:0:0:0:0:0 with SMTP id i18csp3035789imr; Thu, 3 Feb 2022 23:32:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJz7cmr8McuhVmc3/TYm+DFG7Spyrkao7r7V0AesoYEs8XkfoxVr0mg/I0diuJ7NKbIwff6z X-Received: by 2002:a05:6402:2789:: with SMTP id b9mr1801847ede.358.1643959946809; Thu, 03 Feb 2022 23:32:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643959946; cv=none; d=google.com; s=arc-20160816; b=kkQv7z6wn4Vl+G0dTOXZY8OW9QV94INST9O9sN/dIKT5738JX2BkE1tYAez/4u9wgT Yib4r3cL3k1sIcDOskuwUaVz8Saef+N+fbygfUhhRa/k7QC8OpmiwDThLgu1hA9ahRSY VJ7sgR/t24y+YF2bgf2MdnU8P2K+104B1ZiprcLrWvTgfz/GIVXNM43hcAov9JoQ8AX+ BuWWcA5ffw4HrbKUiYPXcCBf1UPBIKHiF8mNw/YBqVrWVzVy8XnP3lvv/q4qqayQZKf9 HyI2Aj8qqLbvF88Y+RLKOMnWt2WrZLnRU5QSzfdzoYuICIOfDrUzavhKkKSlDiIpatv5 FkvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ht2txRRK5HvvdxLCVT6wWH1FRx2edw1snICbcNKXlME=; b=IJMXjCc4nmtsWo95kmmVW7zhiJ+ZK1LI11bQdnWfa6JXrpLtrYIrCMqU440lTcSql1 7kfp0jyvPBln2qAH44iWk5nsOiGPmAVRx+/Gtlrc3NLW4x67+9KDyqHbKdIEecXNKkYv q6hVs/xho92pzbl2bUWqiogEB55rgQDk0STxwbRY6Y3YQUpDbNkxNVDXnBGNerJLMknX YMS078CfvCuPTDJWOsSk7/Q5OIWrSghmh/HN2UnP07NprBM3mNpn4hygGPz+7ixOZOz/ T2D0bEq40IGhzd32Ya/d+yi1NkSS3EVjy8dTISNjjSIKzOvXbEpdA+qQ2Jvfs1NSBP4e a3HQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eG7np0MF; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id z27si650879ejl.466.2022.02.03.23.32.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:32:26 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eG7np0MF; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C342F83A56; Fri, 4 Feb 2022 08:32:16 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="eG7np0MF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EFA2E83A49; Fri, 4 Feb 2022 08:32:10 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 330AA83A4F for ; Fri, 4 Feb 2022 08:32:07 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x62b.google.com with SMTP id o12so16588499eju.13 for ; Thu, 03 Feb 2022 23:32:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ht2txRRK5HvvdxLCVT6wWH1FRx2edw1snICbcNKXlME=; b=eG7np0MFOof+/3kaQ3ei/e17scULgTArrsU8hC2A+86+YBfR131KFFK4Xx6G1Z4JeZ utsQdbUkAQaYIxMlbmuTQxHs/kP9YInFsvvNX7IPmlD1JKioE9WF2WSaXPtt6IPBqqj1 HD+/wcxlDBx4fWD3aVsJQhRJ08y5fBNsyc/aDdqbsaBvCKEDcs40z4hRZfXzxGal+PXL sY8qk+0d38RoOkOeziAi/F7prw44O8efC9+EXrh3T3oNFG2nIQ3hH220X5s4OutNeZXD +9EGdgLAsrhzQPdmdQKPfawEaxF/k4DUE3i0JXRTXmW99VocD6eMoTa4W4sIXisKb2gA yPqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ht2txRRK5HvvdxLCVT6wWH1FRx2edw1snICbcNKXlME=; b=ZlkO5X4nVdI9FYvTFD9Fua7QExrSmHso07D8ohdGzRmEoCeTgF1GKLuIBbr1l9NDaK PeQ2lmZCUMkYUDDs8k4hDxSymOwgU4iLbIVgJQ1Y/HL5HHkHIXAPbz52r36r2AGikRYC xyfGMoWS/+f5ce1j0IuOcvdMZ6d3D+kaYclhUF6QdmpT8/qy2DUAzrewY4eLNojXCosL amuzHa6OCgMad/V1I8aDMO6VcZmqI7suQ/1ST53CpTd9Z8sLX6+/7p3gduc+campI/nt PyiX9BjlDfdAn9xUv2p/yAyPNeD/BiA77fQwc/OfsfawCz9W/5R/QrMT6ax3dHxxO4tb GIXA== X-Gm-Message-State: AOAM5327V6jOyDqQ7BbgzHy2byl02D8TD3Mt0kaS7FvglIS9rnMZGI+Q 8gsLnSSGRMZt83f4zWXTLmdkUQ== X-Received: by 2002:a17:906:4fd2:: with SMTP id i18mr1414525ejw.206.1643959926792; Thu, 03 Feb 2022 23:32:06 -0800 (PST) Received: from hades.. ([2a02:587:46a6:e776:3efd:feff:fe6b:c5cb]) by smtp.gmail.com with ESMTPSA id lt12sm359904ejb.166.2022.02.03.23.32.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:32:06 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de, takahiro.akashi@linaro.org Cc: Ilias Apalodimas , u-boot@lists.denx.de Subject: [RFC PATCH 2/2] test/py: efi_secboot: adjust secure boot tests to code changes Date: Fri, 4 Feb 2022 09:32:02 +0200 Message-Id: <20220204073202.4141198-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220204073202.4141198-1-ilias.apalodimas@linaro.org> References: <20220204073202.4141198-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The previous patch is changing U-Boot's behavior wrt certificate based binary authentication. Specifically an image who's digest of a certificate is found in dbx is now rejected. Fix the test accordingly Signed-off-by: Ilias Apalodimas --- test/py/tests/test_efi_secboot/test_signed.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index 0aee34479f55..7f5ec78261da 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -186,7 +186,7 @@ class TestEfiSignedImage(object): assert 'Hello, world!' in ''.join(output) with u_boot_console.log.section('Test Case 5c'): - # Test Case 5c, not rejected if one of signatures (digest of + # Test Case 5c, rejected if one of signatures (digest of # certificate) is revoked output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_hash.auth', @@ -195,7 +195,8 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert 'Hello, world!' in ''.join(output) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) with u_boot_console.log.section('Test Case 5d'): # Test Case 5d, rejected if both of signatures are revoked