u-boot.git/test/py/tests/test_efi_secboot/conftest.py, branch v2022.07

test/py: efi_secboot: add a test for a forged signed image

2022-07-05T12:37:16Z

In this test case, a image binary, helloworld.efi.signed, is willfully modified to print a corrupted message while the signature itself is unchanged. This binary must be rejected under secure boot mode. Signed-off-by: AKASHI Takahiro

test/py: Add more test cases for rejecting an EFI image

2022-05-07T21:17:26Z

The previous patch adds support for rejecting images when the sha384/512 of an x.509 certificate is present in dbx. Update the sandbox selftests Signed-off-by: Ilias Apalodimas

test/py: efi_secboot: modify 'multiple signatures' test case

2020-08-14T10:34:33Z

The test case 5 in test_signed (multiple signatures) must be modified and aligned with the change introduced in the previous commit ("efi_loader: signature: correct a behavior against multiple signatures"). Signed-off-by: AKASHI Takahiro

test/py: efi_secboot: add test for intermediate certificates

2020-08-13T20:37:36Z

In this test case, an image may have a signature with additional intermediate certificates. A chain of trust will be followed and all the certificates in the middle of chain must be verified before loading. Signed-off-by: AKASHI Takahiro

test/py: efi_secboot: small rework for adding a new test

2020-08-13T20:37:36Z

It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME under the current code base. So just remove them. Signed-off-by: AKASHI Takahiro

test/py: efi_secboot: fix additional pylint errors

2020-07-22T10:32:42Z

This is a fixup by autopep8 after the commit ("test/py: efi_secboot: apply autopep8"). Signed-off-by: AKASHI Takahiro Signed-off-by: Heinrich Schuchardt

test/py: efi_secboot: remove unused function

2020-07-22T10:32:42Z

'tool_is_in_path' function is no longer used anywhere after Heinrich has removed 'sudo' version of fixture setup. Signed-off-by: AKASHI Takahiro Signed-off-by: Heinrich Schuchardt

test: use virt-make-fs to build image

2020-07-11T21:14:16Z

Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs. Signed-off-by: Heinrich Schuchardt

test/py: efi_secboot: add a test for verifying with digest of signed image

2020-07-11T21:14:16Z

Signature database (db or dbx) may have not only certificates that contain a public key for RSA decryption, but also digests of signed images. In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID) and if the value matches to a hash value calculated from image's binary, authentication should pass in case of db, and fail in case of dbx. Signed-off-by: AKASHI Takahiro Use defined time stamps for sign-efi-sig-list. Signed-off-by: Heinrich Schuchardt

test/py: efi_secboot: add a test for multiple signatures

2020-07-11T21:14:16Z

In this test case, an image is signed multiple times with different keys. If any of signatures contained is not verified, the whole authentication check should fail. Signed-off-by: AKASHI Takahiro Provide a defined time stamp for dbx_hash1.auth. Signed-off-by: Heinrich Schuchardt