<feed xmlns='http://www.w3.org/2005/Atom'>
<title>u-boot.git/test/py/tests/test_efi_secboot/conftest.py, branch v2023.01</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>http://cgit.235523.xyz/u-boot.git/atom/test/py/tests/test_efi_secboot/conftest.py?h=v2023.01</id>
<link rel='self' href='http://cgit.235523.xyz/u-boot.git/atom/test/py/tests/test_efi_secboot/conftest.py?h=v2023.01'/>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/'/>
<updated>2022-11-06T09:50:04Z</updated>
<entry>
<title>test/py: efi_secboot: Remove unnecessary cert-to-efi-hash-list option</title>
<updated>2022-11-06T09:50:04Z</updated>
<author>
<name>Masahisa Kojima</name>
<email>masahisa.kojima@linaro.org</email>
</author>
<published>2022-10-03T07:12:15Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=0b4cbeba593058104349a437ceb4d615e99b4019'/>
<id>urn:sha1:0b4cbeba593058104349a437ceb4d615e99b4019</id>
<content type='text'>
'cert-to-efi-hash-list -t 0' does not work as expected, it produces
indeterminate timestamp.

  $ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl
  TimeOfRevocation is 0-113-0 00:00:255

If we need the CRL revoked for all the time, just don't specify
'-t' option.

  $ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl
  TimeOfRevocation is 0-0-0 00:00:00

Signed-off-by: Masahisa Kojima &lt;masahisa.kojima@linaro.org&gt;
Acked-by: Ilias Apalodimas &lt;ilias.apalodimas@linaro.org&gt;
</content>
</entry>
<entry>
<title>test: fix some pylint errors in test_efi_secboot</title>
<updated>2022-10-06T20:54:57Z</updated>
<author>
<name>Heinrich Schuchardt</name>
<email>heinrich.schuchardt@canonical.com</email>
</author>
<published>2022-10-01T18:55:14Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=874490c7ec7a05a429b951720f11a3b966ec0572'/>
<id>urn:sha1:874490c7ec7a05a429b951720f11a3b966ec0572</id>
<content type='text'>
* Remove unused import
* Provide module docstring

Signed-off-by: Heinrich Schuchardt &lt;heinrich.schuchardt@canonical.com&gt;
Acked-by: Ilias Apalodimas &lt;ilias.apalodimas@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: add a test for a forged signed image</title>
<updated>2022-07-05T12:37:16Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2022-07-05T05:48:15Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=8fb9dbdea716ab764c7a3c544569f903cbfdd744'/>
<id>urn:sha1:8fb9dbdea716ab764c7a3c544569f903cbfdd744</id>
<content type='text'>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.

This binary must be rejected under secure boot mode.

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: Add more test cases for rejecting an EFI image</title>
<updated>2022-05-07T21:17:26Z</updated>
<author>
<name>Ilias Apalodimas</name>
<email>ilias.apalodimas@linaro.org</email>
</author>
<published>2022-05-06T12:36:01Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=4b494770577cc61c3c1a4b57ced2fc98d87957dc'/>
<id>urn:sha1:4b494770577cc61c3c1a4b57ced2fc98d87957dc</id>
<content type='text'>
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx.  Update the sandbox selftests

Signed-off-by: Ilias Apalodimas &lt;ilias.apalodimas@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: modify 'multiple signatures' test case</title>
<updated>2020-08-14T10:34:33Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2020-08-14T05:39:24Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=0274e50e057e1969876c9d1ef6e2a530688cf5ee'/>
<id>urn:sha1:0274e50e057e1969876c9d1ef6e2a530688cf5ee</id>
<content type='text'>
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: add test for intermediate certificates</title>
<updated>2020-08-13T20:37:36Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2020-07-21T10:35:24Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=e1174c566a61c863db1b782935269acba00e9281'/>
<id>urn:sha1:e1174c566a61c863db1b782935269acba00e9281</id>
<content type='text'>
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: small rework for adding a new test</title>
<updated>2020-08-13T20:37:36Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2020-07-21T10:35:23Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=57be8cdce35189ea063ebadb9338ef510289116f'/>
<id>urn:sha1:57be8cdce35189ea063ebadb9338ef510289116f</id>
<content type='text'>
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: fix additional pylint errors</title>
<updated>2020-07-22T10:32:42Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2020-07-20T06:33:39Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=a58dfd29698c65a22e3956e7aae96c7ce7fdddd3'/>
<id>urn:sha1:a58dfd29698c65a22e3956e7aae96c7ce7fdddd3</id>
<content type='text'>
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
Signed-off-by: Heinrich Schuchardt &lt;xypron.glpk@gmx.de&gt;
</content>
</entry>
<entry>
<title>test/py: efi_secboot: remove unused function</title>
<updated>2020-07-22T10:32:42Z</updated>
<author>
<name>AKASHI Takahiro</name>
<email>takahiro.akashi@linaro.org</email>
</author>
<published>2020-07-20T06:34:09Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=d09745b1967708bffbbc5ba466753df638000d40'/>
<id>urn:sha1:d09745b1967708bffbbc5ba466753df638000d40</id>
<content type='text'>
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.

Signed-off-by: AKASHI Takahiro &lt;takahiro.akashi@linaro.org&gt;
Signed-off-by: Heinrich Schuchardt &lt;xypron.glpk@gmx.de&gt;
</content>
</entry>
<entry>
<title>test: use virt-make-fs to build image</title>
<updated>2020-07-11T21:14:16Z</updated>
<author>
<name>Heinrich Schuchardt</name>
<email>xypron.glpk@gmx.de</email>
</author>
<published>2020-07-11T21:05:18Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=53ce9a6ed98b69a82e54a28254b014e480fc98ca'/>
<id>urn:sha1:53ce9a6ed98b69a82e54a28254b014e480fc98ca</id>
<content type='text'>
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs.

Signed-off-by: Heinrich Schuchardt &lt;xypron.glpk@gmx.de&gt;
</content>
</entry>
</feed>
