There is some potential security issue resolved by upgrading to v70.0.0
here and the latest is now v70.3.0.
Reported-by: GitHub dependabot
Suggested-by: Sebastian Kropatsch <seb-dev@mail.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Rasmus Villemoes <rasmus.villemoes@prevas.dk> says:
This is a followup to the patches that landed in 2024.01 and nearly
made sure that source files for producing .dtbo files use the .dtso
extension. In the same release, a few new .dts files snuck in, and
there was also some test code involving .dtbo -> .dtbo.S -> .dtbo.o I
didn't really know how to handle at the time. This should finish the
job, bring us in sync with linux (at least in this respect), and drop
the .dts -> .dtbo build rule.
Add a unit test for testing the Android bootmethod.
This requires another mmc image (mmc7) to contain the following partitions:
- misc: contains the Bootloader Control Block (BCB)
- boot_a: contains a fake generic kernel image
- vendor_boot_a: contains a fake vendor_boot image
Also add BOOTMETH_ANDROID as a dependency on sandbox so that we can test
this with:
$ ./test/py/test.py --bd sandbox --build -k test_ut # build the mmc7.img
$ ./test/py/test.py --bd sandbox --build -k bootflow_android
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Reviewed-by: Guillaume La Roque <glaroque@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Distinguish more clearly between source files meant for producing .dtb
from those meant for producing .dtbo.
Note that in the linux tree, all device tree overlay sources have been
renamed to .dtso, and the .dts->.dtbo rule is gone since v6.5 (commit
81d362732bac). So this is also a step towards staying closer to linux
with respect to both Kbuild and device tree sources, and eventually
eliminating all .dts -> .dtbo instances.
This also matches the documentation update done in commit 4fb7e570d6.
Cc: Masahisa Kojima <kojima.masahisa@socionext.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
A security issue exists with zipp before v3.19.1, and the current
release is now v3.19.2. While the change in versions numbers is large, a
manual inspection of the changelog shows that it's not as big as might
be implied.
Reported-by: GitHub dependabot
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The tests we currently have expect the firmware update to fail
when OsIndications is not set properly. However, we have a Kconfig flag
that explicitly ignores that variable. Adjust the tests accordingly
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The build option to support images of type 'IMAGE_FORMAT_LEGACY' is
CONFIG_LEGACY_IMAGE_FORMAT so update the pytest to check for the correct
option.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
On tests which require "tftpboot" we need to depend not on cmd_net but
rather cmd_tftpboot. And on tests which require cmd_pxe we do not need
to also depend on cmd_net as this should be handled already via Kconfig
logic.
Signed-off-by: Tom Rini <trini@konsulko.com>
The current test doesn't check anything about the output. If a bug
results in junk before the output, this is not currently detected.
Add a check for the first line being the one expected.
Signed-off-by: Simon Glass <sjg@chromium.org>
When a real board fails we don't want to decode the exception. Reserve
that behaviour for sandbox. Also avoid raising a new exception on
failure - just re-raise the existing one.
Signed-off-by: Simon Glass <sjg@chromium.org>
When a driver is not registered properly it is not clear which one it
is. Adjust test_dm_compat() to show this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tests for standard boot need disks to be set up, which can only be done
on sandbox, since adjusting disks on real hardware is not currently
supported. Mark the init function as sandbox-only.
Signed-off-by: Simon Glass <sjg@chromium.org>
The relocation offset can change in some initcall sequences. Handle
this and make sure it is used for all debugging statements in
init_run_list()
Update the trace test to match.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Caleb Connolly <caleb.connolly@linaro.org>
Add tests for booting image using tftpboot/pxe boot commands, tftpboot
boot case loads the FIT image into DDR and boots using bootm command
whereas pxe boot cases downloads the pxe configuration file from the
TFTP server and interprets it to boot the images mentioned in the pxe
configurations file.
This test relies on boardenv_* containing configuration values including
the parameter 'pattern'. tftpboot/pxe boot cases boots the Linux till the
boot log pattern value is matched. For example, if the parameter
'pattern' is defined as 'login:', it will boot till login prompt.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Tested-by: Tom Rini <trini@konsulko.com>
Executing a u-boot command may raise an error or extra bad pattern,
beyond the default bad patterns. Providing a way to enable the console
output error check in test.
For example, description for OS boot test:
import re
check_type = 'kernel_boot_error'
check_pattern = re.compile('ERROR -2: can't get kernel image!')
with u_boot_console.enable_check(check_type, check_pattern):
u_boot_console.run_command('<boot command>')
Signed-off-by: Love Kumar <love.kumar@amd.com>
The issue described in https://github.com/psf/requests/pull/6655 has
been assigned as a security issue. While unlikely to be exploited in our
usage, update to the current release to fix it. Furthermore, upstream
has now moved on to v2.23.2 as the release to use which has all of the
issues resolved.
Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <trini@konsulko.com>
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".
This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
For pcr_read and pcr_extend commands allow the digest algorithm to be
specified by an additional argument. If not specified it will default to
SHA256 for backwards compatibility.
Additionally update test_tpm2.py for the changes in output in pcr_read
which now shows the algo and algo length in the output.
A follow-on to this could be to extend all PCR banks with the detected
algo when the <digest_algo> argument is 'auto'.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d, reversing
changes made to 2ee6f3a5f7.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
Currently we have the option to tell the console code that we should
ignore the SPL banner. We also have an option to say that we can see it
a second time, and ignore it. However, some platforms such as TI AM64x
will have us see the SPL banner three times. Rather than add an
"spl3_skipped" option, rework the code. By default we expect to see the
banner once, but boards can specify seeing it as many times as they
expect to.
Signed-off-by: Tom Rini <trini@konsulko.com>
The image is not unloaded if a security violation occurs.
If efi_set_load_options() fails, we do not free the memory allocated for
the optional data. We do not unload the image.
* Unload the image if a security violation occurs.
* Free load_options if efi_set_load_options() fails.
* Unload the image if efi_set_load_options() fails.
Fixes: 53f6a5aa86 ("efi_loader: Replace config option for initrd loading")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fix typos in test_eficonfig.py: %s/curren/current/
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Currently, all the capsules for the sandbox platform are generated at
the time of running the capsule tests. To showcase generation of
capsules through binman, generate all raw(non FIT payload) capsules
needed for the sandbox platform as part of the build. This acts as an
illustrative example for generating capsules as part of a platform's
build.
Make corresponding change in the capsule test's configuration to get
these capsules from the build directory.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add a test for reset commands which performs resetting of CPU, It does
COLD reset by default and WARM reset with -w option.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add test case for saveenv command in non-JTAG bootmode which saves the
u-boot environment variables in persistent storage.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Abort the dhcp request in the middle by pressing ctrl + c on u-boot
prompt and validate the abort status.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Move SPDX license identifiers to the first line, so it conforms
to license placement rule [1]:
Placement:
The SPDX license identifier in kernel files shall be added at the first
possible line in a file which can contain a comment. For the majority
of files this is the first line, except for scripts which require the
'#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX
identifier goes into the second line.
[1] https://www.kernel.org/doc/Documentation/process/license-rules.rst
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Add a following test cases for scsi commands:
scsi_reset - To reset SCSI controller
scsi_info - To show available SCSI devices
scsi_scan - To (re-)scan SCSI bus
scsi_device - To show or set surrent device
scsi_part - To print partition table of selected SCSI device
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add the test cases for usb commands to test its various functionality
such as start, stop, reset, info, tree, storage, dev, part, ls, load,
and save. It also adds different file systems cases such as fat32, ext2
and ext4.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add the test cases for mmc commands to test its various functionality
such as mmc list, dev, info, rescan, part, ls, load, and save. It also
adds different file systems cases such as fat32, ext2 and ext4.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add test cases to verify the different type of secure boot images loaded
at DDR location for AMD's ZynqMP SoC. It also adds tests authentication
and decryption functionality using AES and RSA features for Zynq.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add gpio pins generic test for the set of gpio pin list to test various
gpio related functionality, such as the input, set, clear, and toggle,
it also tests the input and output functionality for shorted gpio pins.
This test depends on boardenv* configuration to define gpio pins names.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Add testcases for loading RPU applications in split and lockstep mode
including the negative one for AMD's ZynqMP SoC.
Signed-off-by: Love Kumar <love.kumar@amd.com>
Update pygit2 and py to their latest versions. Even in the venv pygit2
still links against the system libgit2 library which is failing on
latest Arch Linux.
The py library also needs updating to fix a KeyNotFound exception during
test initialisation.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
Provide a unit test for the smbios command.
Provide different test functions for QEMU, sandbox, and other systems.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add test cases for bootstage command to print the bootstage report, to
stash the data into memory and to unstash the data from memory.
Signed-off-by: Love Kumar <love.kumar@amd.com>
With commit 42c0e5bb05 ("test: Find leftovers after clean/mrproper")
we assume that we are performing out of tree builds. test_clean and
test_mrproper fail if the assumption isn't met.
However there are valid scenarios where tests run with in source builds
(i.e., test.py --build-dir=.).
Automatically skip cleanup tests in such scenarios to prevent false
positives.
Signed-off-by: Tobias Deiminger <tdmg@linutronix.de>
Reviewed-by: Harald Seiler <u-boot@rahix.de>
In practice, as this test defaults to enabled rather than disabled, too
many platforms now fail.
This reverts commit d836473862.
Signed-off-by: Tom Rini <trini@konsulko.com>
With newer versions of trace-cmd the report subcommand will have
different output from before if we do or do not pass -l. However, with
the -l flag passed our put is consistent here. This updates our regular
expressions and comments for this as well now.
Signed-off-by: Tom Rini <trini@konsulko.com>
Update packaging to be version 23.2 to match our Sphinx requirements.
This will let us build a pip cache out of both of our requirements.txt
files.
Signed-off-by: Tom Rini <trini@konsulko.com>
The version of pycryptodomex that we use is vulnerable to this CVE.
While not likely an issue for us, let us upgrade to be on the safe side.
Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <trini@konsulko.com>
