Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-17 18:34:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test/py: efi_capsule: test for FMP versioning

Browse source 
This test covers the FMP versioning for both raw and FIT image,
and both signed and non-signed capsule update.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Masahisa Kojima 2023-06-07 14:42:00 +09:00 committed by Heinrich Schuchardt
parent 482ef90aeb
commit b6f954e5b0
6 changed files with 404 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
test/py/tests/test_efi_capsule/conftest.py
View file

@ -62,6 +62,23 @@ def efi_capsule_data(request, u_boot_config):
'-out SIGNER2.crt -nodes -days 365'
% data_dir, shell=True)
# Update dtb to add the version information
check_call('cd %s; '
'cp %s/test/py/tests/test_efi_capsule/version.dts .'
% (data_dir, u_boot_config.source_dir), shell=True)
if capsule_auth_enabled:
check_call('cd %s; '
'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
'fdtoverlay -i test_sig.dtb '
'-o test_ver.dtb version.dtbo'
% (data_dir), shell=True)
else:
check_call('cd %s; '
'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
'-o test_ver.dtb version.dtbo'
% (data_dir, u_boot_config.build_dir), shell=True)
# Create capsule files
# two regions: one for u-boot.bin and the other for u-boot.env
check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
@ -87,6 +104,26 @@ def efi_capsule_data(request, u_boot_config):
check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
(data_dir, u_boot_config.build_dir),
shell=True)
check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
'--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
(data_dir, u_boot_config.build_dir),
shell=True)
check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
'--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
(data_dir, u_boot_config.build_dir),
shell=True)
check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
'--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
(data_dir, u_boot_config.build_dir),
shell=True)
check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
'--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
(data_dir, u_boot_config.build_dir),
shell=True)
check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
'--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
(data_dir, u_boot_config.build_dir),
shell=True)
if capsule_auth_enabled:
# raw firmware signed with proper key
@ -123,6 +160,51 @@ def efi_capsule_data(request, u_boot_config):
'uboot_bin_env.itb Test14'
% (data_dir, u_boot_config.build_dir),
shell=True)
# raw firmware signed with proper key with version information
check_call('cd %s; '
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--fw-version 5 '
'--private-key SIGNER.key --certificate SIGNER.crt '
'--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
'u-boot.bin.new Test111'
% (data_dir, u_boot_config.build_dir),
shell=True)
# raw firmware signed with proper key with version information
check_call('cd %s; '
'%s/tools/mkeficapsule --index 2 --monotonic-count 1 '
'--fw-version 10 '
'--private-key SIGNER.key --certificate SIGNER.crt '
'--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 '
'u-boot.env.new Test112'
% (data_dir, u_boot_config.build_dir),
shell=True)
# raw firmware signed with proper key with lower version information
check_call('cd %s; '
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--fw-version 2 '
'--private-key SIGNER.key --certificate SIGNER.crt '
'--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
'u-boot.bin.new Test113'
% (data_dir, u_boot_config.build_dir),
shell=True)
# FIT firmware signed with proper key with version information
check_call('cd %s; '
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--fw-version 5 '
'--private-key SIGNER.key --certificate SIGNER.crt '
'--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
'uboot_bin_env.itb Test114'
% (data_dir, u_boot_config.build_dir),
shell=True)
# FIT firmware signed with proper key with lower version information
check_call('cd %s; '
'%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
'--fw-version 2 '
'--private-key SIGNER.key --certificate SIGNER.crt '
'--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
'uboot_bin_env.itb Test115'
% (data_dir, u_boot_config.build_dir),
shell=True)
# Create a disk image with EFI system partition
check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %

79
test/py/tests/test_efi_capsule/test_capsule_firmware_fit.py
View file

@ -13,7 +13,8 @@ from capsule_common import (
place_capsule_file,
exec_manual_update,
check_file_removed,
verify_content
verify_content,
do_reboot_dtb_specified
)
@pytest.mark.boardspec('sandbox_flattree')
@ -104,3 +105,79 @@ class TestEfiCapsuleFirmwareFit():
expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New'
verify_content(u_boot_console, '150000', expected)
def test_efi_capsule_fw3(
self, u_boot_config, u_boot_console, efi_capsule_data):
""" Test Case 3
Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
0x100000-0x150000: U-Boot binary (but dummy)
0x150000-0x200000: U-Boot environment (but dummy)
"""
disk_img = efi_capsule_data
capsule_files = ['Test104']
with u_boot_console.log.section('Test Case 3-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
# reboot
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
capsule_auth = u_boot_config.buildconfig.get(
'config_efi_capsule_authenticate')
with u_boot_console.log.section('Test Case 3-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
# deleted anyway
check_file_removed(u_boot_console, disk_img, capsule_files)
# make sure the dfu_alt_info exists because it is required for making ESRT.
output = u_boot_console.run_command_list([
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
'u-boot-env raw 0x150000 0x200000"',
'efidebug capsule esrt'])
if capsule_auth:
# capsule authentication failed
verify_content(u_boot_console, '100000', 'u-boot:Old')
verify_content(u_boot_console, '150000', 'u-boot-env:Old')
else:
# ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output)
assert 'ESRT: fw_version=5' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
verify_content(u_boot_console, '100000', 'u-boot:New')
verify_content(u_boot_console, '150000', 'u-boot-env:New')
def test_efi_capsule_fw4(
self, u_boot_config, u_boot_console, efi_capsule_data):
""" Test Case 4
Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
but fw_version is lower than lowest_supported_version
No update should happen
0x100000-0x150000: U-Boot binary (but dummy)
"""
disk_img = efi_capsule_data
capsule_files = ['Test105']
with u_boot_console.log.section('Test Case 4-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
# reboot
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 4-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
verify_content(u_boot_console, '100000', 'u-boot:Old')

84
test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py
View file

@ -14,7 +14,8 @@ from capsule_common import (
exec_manual_update,
check_file_removed,
check_file_exist,
verify_content
verify_content,
do_reboot_dtb_specified
)
@pytest.mark.boardspec('sandbox')
@ -145,3 +146,84 @@ class TestEfiCapsuleFirmwareRaw:
expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New'
verify_content(u_boot_console, '150000', expected)
def test_efi_capsule_fw4(
self, u_boot_config, u_boot_console, efi_capsule_data):
""" Test Case 4
Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
0x100000-0x150000: U-Boot binary (but dummy)
0x150000-0x200000: U-Boot environment (but dummy)
"""
disk_img = efi_capsule_data
capsule_files = ['Test101', 'Test102']
with u_boot_console.log.section('Test Case 4-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
# reboot
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
capsule_auth = u_boot_config.buildconfig.get(
'config_efi_capsule_authenticate')
with u_boot_console.log.section('Test Case 4-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
# deleted anyway
check_file_removed(u_boot_console, disk_img, capsule_files)
# make sure the dfu_alt_info exists because it is required for making ESRT.
output = u_boot_console.run_command_list([
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000'
'u-boot-env raw 0x150000 0x200000"',
'efidebug capsule esrt'])
if capsule_auth:
# capsule authentication failed
verify_content(u_boot_console, '100000', 'u-boot:Old')
verify_content(u_boot_console, '150000', 'u-boot-env:Old')
else:
# ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
assert 'ESRT: fw_version=5' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
# ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
assert 'ESRT: fw_version=10' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
verify_content(u_boot_console, '100000', 'u-boot:New')
verify_content(u_boot_console, '150000', 'u-boot-env:New')
def test_efi_capsule_fw5(
self, u_boot_config, u_boot_console, efi_capsule_data):
""" Test Case 5
Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version
but fw_version is lower than lowest_supported_version
No update should happen
0x100000-0x150000: U-Boot binary (but dummy)
"""
disk_img = efi_capsule_data
capsule_files = ['Test103']
with u_boot_console.log.section('Test Case 5-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
# reboot
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 5-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
verify_content(u_boot_console, '100000', 'u-boot:Old')

66
test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py
View file

@ -125,3 +125,69 @@ class TestEfiCapsuleFirmwareSignedFit():
# TODO: check CapsuleStatus in CapsuleXXXX
verify_content(u_boot_console, '100000', 'u-boot:Old')
def test_efi_capsule_auth4(
self, u_boot_config, u_boot_console, efi_capsule_data):
"""Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information
0x100000-0x150000: U-Boot binary (but dummy)
If the capsule is properly signed, the authentication
should pass and the firmware be updated.
"""
disk_img = efi_capsule_data
capsule_files = ['Test114']
with u_boot_console.log.section('Test Case 4-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 4-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
output = u_boot_console.run_command_list([
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
'u-boot-env raw 0x150000 0x200000"',
'efidebug capsule esrt'])
# ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
assert '3673B45D-6A7C-46F3-9E60-ADABB03F7937' in ''.join(output)
assert 'ESRT: fw_version=5' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
verify_content(u_boot_console, '100000', 'u-boot:New')
verify_content(u_boot_console, '150000', 'u-boot-env:New')
def test_efi_capsule_auth5(
self, u_boot_config, u_boot_console, efi_capsule_data):
"""Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information
0x100000-0x150000: U-Boot binary (but dummy)
If the capsule is signed but fw_version is lower than lowest
supported version, the authentication should fail and the firmware
not be updated.
"""
disk_img = efi_capsule_data
capsule_files = ['Test115']
with u_boot_console.log.section('Test Case 5-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 5-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
verify_content(u_boot_console, '100000', 'u-boot:Old')

71
test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py
View file

@ -119,3 +119,74 @@ class TestEfiCapsuleFirmwareSignedRaw():
# TODO: check CapsuleStatus in CapsuleXXXX
verify_content(u_boot_console, '100000', 'u-boot:Old')
def test_efi_capsule_auth4(
self, u_boot_config, u_boot_console, efi_capsule_data):
"""Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information
0x100000-0x150000: U-Boot binary (but dummy)
If the capsule is properly signed, the authentication
should pass and the firmware be updated.
"""
disk_img = efi_capsule_data
capsule_files = ['Test111', 'Test112']
with u_boot_console.log.section('Test Case 4-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 4-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
output = u_boot_console.run_command_list([
'env set dfu_alt_info "sf 0:0=u-boot-bin raw 0x100000 0x50000;'
'u-boot-env raw 0x150000 0x200000"',
'efidebug capsule esrt'])
# ensure that SANDBOX_UBOOT_IMAGE_GUID is in the ESRT.
assert '09D7CF52-0720-4710-91D1-08469B7FE9C8' in ''.join(output)
assert 'ESRT: fw_version=5' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=3' in ''.join(output)
# ensure that SANDBOX_UBOOT_ENV_IMAGE_GUID is in the ESRT.
assert '5A7021F5-FEF2-48B4-AABA-832E777418C0' in ''.join(output)
assert 'ESRT: fw_version=10' in ''.join(output)
assert 'ESRT: lowest_supported_fw_version=7' in ''.join(output)
verify_content(u_boot_console, '100000', 'u-boot:New')
verify_content(u_boot_console, '150000', 'u-boot-env:New')
def test_efi_capsule_auth5(
self, u_boot_config, u_boot_console, efi_capsule_data):
"""Test Case 5 - Update U-Boot on SPI Flash, raw image format with version information
0x100000-0x150000: U-Boot binary (but dummy)
If the capsule is signed but fw_version is lower than lowest
supported version, the authentication should fail and the firmware
not be updated.
"""
disk_img = efi_capsule_data
capsule_files = ['Test113']
with u_boot_console.log.section('Test Case 5-a, before reboot'):
setup(u_boot_console, disk_img, '0x0000000000000004')
init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old')
place_capsule_file(u_boot_console, capsule_files)
do_reboot_dtb_specified(u_boot_config, u_boot_console, 'test_ver.dtb')
capsule_early = u_boot_config.buildconfig.get(
'config_efi_capsule_on_disk_early')
with u_boot_console.log.section('Test Case 5-b, after reboot'):
if not capsule_early:
exec_manual_update(u_boot_console, disk_img, capsule_files)
check_file_removed(u_boot_console, disk_img, capsule_files)
verify_content(u_boot_console, '100000', 'u-boot:Old')

24
test/py/tests/test_efi_capsule/version.dts Normal file
View file

@ -0,0 +1,24 @@
// SPDX-License-Identifier: GPL-2.0+
/dts-v1/;
/plugin/;
&{/} {
firmware-version {
image1 {
lowest-supported-version = <3>;
image-index = <1>;
image-type-id = "09D7CF52-0720-4710-91D1-08469B7FE9C8";
};
image2 {
lowest-supported-version = <7>;
image-index = <2>;
image-type-id = "5A7021F5-FEF2-48B4-AABA-832E777418C0";
};
image3 {
lowest-supported-version = <3>;
image-index = <1>;
image-type-id = "3673B45D-6A7C-46F3-9E60-ADABB03F7937";
};
};
};