From patchwork Sun Jul 9 13:33:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 700809 Delivered-To: patch@linaro.org Received: by 2002:adf:fcc5:0:0:0:0:0 with SMTP id f5csp4732744wrs; Sun, 9 Jul 2023 06:35:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlFa79tISnWg50H0e+mjFP4yX8ZQQBBI33Ck7R1tK96GBHe7LvUzsOCco0gSjcfTuG+2aA6o X-Received: by 2002:a5e:9241:0:b0:787:8f3:65e7 with SMTP id z1-20020a5e9241000000b0078708f365e7mr1249480iop.10.1688909711684; Sun, 09 Jul 2023 06:35:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688909711; cv=none; d=google.com; s=arc-20160816; b=NY9Aj0qFxIppkzpiriFAb6XjMj9wcELfDtVvXpEoD/alvm8oMo1HJ2JwqYCjFzvP63 NBcBKtafu7OOtiIFWdY75rlV5MmLLHXmt7Cz/83G0ue4L4Q3m4eZbFHBTPPG1Hr0ZPiP A2NICW7DxXPu8hrFXFy1lXoB2Tue36iA2Dg/lu9rznLVUwg/tDCwGg5XEKCz3Hj+40nd b0M0Ro1BIEL4lLQnTt/ko+pa+d3uiz1M55241V2AyEN46RTml59ifmO7fL4r+eu+9OWO ZFP1rs12fheIKSixb7SAtoDzUFrfHua3a6TJzMJPuqu5CZM4moBLv3hNOfBEgXTbXy6X 8/nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9YUvmIk7W89MXi9FdaHaIYbwwqwbQW4fzbFdIwxoaSo=; fh=5yufCDEpV5fWA8r3jJ0mHshq3zHArlCzbvaufLK2jtI=; b=d+RkdmJbngQPmgZQNfprniYgwtJxvgQhwhC25zm1UUKcME1spYcUG5/OVELXufaaPx CaDL8ywxcNtXIcdVV3hymr10Zm4KJsJuKjbUjFoOKIlxE+NXsD3Z1Zzv2hy4Kku13rzH gMWIg5WzANC6ag7+2ItMKTTo2SZ3Es6pLI/eljYmrlgjo2IVpD9c6IfvqHfU2gb7c43y AwkiO7KT3NRprax4lXJLRon6LsRxTwubvBKDQPsBPzhCmvEv23sP6P+616vjm5Rm65d1 MUq0+Ah9JAAi3gcoUC+w3cqBn/mBtrkrEXZmfBTsmUjf8afI7djTaM9IbN+6XIGbFiV4 A5UA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id p6-20020a027806000000b0042b555ea799si2938202jac.78.2023.07.09.06.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Jul 2023 06:35:11 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2B3B1865D8; Sun, 9 Jul 2023 15:34:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 817C1865DB; Sun, 9 Jul 2023 15:34:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4E509865E5 for ; Sun, 9 Jul 2023 15:34:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C1C2A1FB; Sun, 9 Jul 2023 06:34:48 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 509CE3F762; Sun, 9 Jul 2023 06:34:04 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Tom Rini , Sughosh Ganu Subject: [PATCH v3 08/11] test: py: Setup capsule files for testing Date: Sun, 9 Jul 2023 19:03:23 +0530 Message-Id: <20230709133326.1015483-9-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230709133326.1015483-1-sughosh.ganu@linaro.org> References: <20230709133326.1015483-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Support has being added through earlier commits to build capsules and embed the public key needed for capsule authentication as part of u-boot build. >From the testing point-of-view, this means the input files needed for the above have to be setup before invoking the build. Set this up in the pytest configuration file for testing the capsule update feature. Signed-off-by: Sughosh Ganu Reviewed-by: Simon Glass --- Changes since V2: * New patch for setting up the capsule files in the pytest setup before initiation of u-boot build. test/py/conftest.py | 87 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/test/py/conftest.py b/test/py/conftest.py index fc9dd3a83f..661ed74fae 100644 --- a/test/py/conftest.py +++ b/test/py/conftest.py @@ -80,6 +80,89 @@ def pytest_addoption(parser): help='Run sandbox under gdbserver. The argument is the channel '+ 'over which gdbserver should communicate, e.g. localhost:1234') +def setup_capsule_build(source_dir, build_dir, board_type, log): + """Setup the platform's build for testing capsule updates + + This generates the payload/input files needed for testing the + capsule update functionality, along with the keys for signing + the capsules. An EFI Signature List(ESL) file, which houses the + public key for capsule authentication is generated as + well. + + The ESL file is subsequently embedded into the platform's + dtb during the u-boot build, to be used for capsule + authentication. + + Two sets of keys are generated, namely SIGNER and SIGNER2. + The SIGNER2 key pair is used as a malicious key for testing the + the capsule authentication functionality. + + All the generated files are placed under the /tmp/capsules/ + directory. + + Args: + soruce_dir (str): Directory containing source code + build_dir (str): Directory to build in + board_type (str): board_type parameter (e.g. 'sandbox') + log (Logfile): Log file to use + + Returns: + Nothing. + """ + def run_command(name, cmd, source_dir): + with log.section(name): + if isinstance(cmd, str): + cmd = cmd.split() + runner = log.get_runner(name, None) + runner.run(cmd, cwd=source_dir) + runner.close() + log.status_pass('OK') + + def gen_capsule_payloads(capsule_dir): + fname = '%su-boot.bin.old' % capsule_dir + with open(fname, 'w') as fd: + fd.write('u-boot:Old') + + fname = '%su-boot.bin.new' % capsule_dir + with open(fname, 'w') as fd: + fd.write('u-boot:New') + + fname = '%su-boot.env.old' % capsule_dir + with open(fname, 'w') as fd: + fd.write('u-boot-env:Old') + + fname = '%su-boot.env.new' % capsule_dir + with open(fname, 'w') as fd: + fd.write('u-boot-env:New') + + capsule_sig_dir = '/tmp/capsules/' + sig_name = 'SIGNER' + mkdir_p(capsule_sig_dir) + name = 'openssl' + cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 ' + '-subj /CN=TEST_SIGNER/ -keyout %s%s.key ' + '-out %s%s.crt -nodes -days 365' + % (capsule_sig_dir, sig_name, capsule_sig_dir, sig_name) + ) + run_command(name, cmd, source_dir) + + name = 'cert-to-efi-sig-list' + cmd = ( 'cert-to-efi-sig-list %s%s.crt %s%s.esl' + % (capsule_sig_dir, sig_name, capsule_sig_dir, sig_name) + ) + run_command(name, cmd, source_dir) + + sig_name = 'SIGNER2' + name = 'openssl' + cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 ' + '-subj /CN=TEST_SIGNER/ -keyout %s%s.key ' + '-out %s%s.crt -nodes -days 365' + % (capsule_sig_dir, sig_name, capsule_sig_dir, sig_name) + ) + run_command(name, cmd, source_dir) + + gen_capsule_payloads(capsule_sig_dir) + def run_build(config, source_dir, build_dir, board_type, log): """run_build: Build U-Boot @@ -90,6 +173,10 @@ def run_build(config, source_dir, build_dir, board_type, log): board_type (str): board_type parameter (e.g. 'sandbox') log (Logfile): Log file to use """ + capsule_boards = ( 'sandbox', 'sandbox64', 'sandbox_flattree' ) + if board_type in capsule_boards: + setup_capsule_build(source_dir, build_dir, board_type, log) + if config.getoption('buildman'): if build_dir != source_dir: dest_args = ['-o', build_dir, '-w']