u-boot.git/test/py/tests/test_efi_secboot/test_authvar.py, branch master Unnamed repository; edit this file 'description' to name the repository. test/py: Shorten u_boot_console 2025-03-15T10:38:38+00:00 Simon Glass sjg@chromium.org 2025-02-09T16:07:14+00:00 752c3769874596d012cd8325099d2ae20123f989 This fixture name is quite long and results in lots of verbose code. We know this is U-Boot so the 'u_boot_' part is not necessary. But it is also a bit of a misnomer, since it provides access to all the information available to tests. It is not just the console. It would be too confusing to use con as it would be confused with config and it is probably too short. So shorten it to 'ubman'. Signed-off-by: Simon Glass <sjg@chromium.org> Link: https://lore.kernel.org/u-boot/CAFLszTgPa4aT_J9h9pqeTtLCVn4x2JvLWRcWRD8NaN3uoSAtyA@mail.gmail.com/ 
This fixture name is quite long and results in lots of verbose code.
We know this is U-Boot so the 'u_boot_' part is not necessary.

But it is also a bit of a misnomer, since it provides access to all the
information available to tests. It is not just the console.

It would be too confusing to use con as it would be confused with
config and it is probably too short.

So shorten it to 'ubman'.

Signed-off-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/u-boot/CAFLszTgPa4aT_J9h9pqeTtLCVn4x2JvLWRcWRD8NaN3uoSAtyA@mail.gmail.com/
efi_loader: Fix EFI_VARIABLE_APPEND_WRITE hash check 2024-06-10T13:01:44+00:00 Weizhao Ouyang o451686892@gmail.com 2024-05-08T11:13:12+00:00 3b7d26eb2b88bf2be5a4a32ece1fca61b57e7721 According to UEFI v2.10 spec section 8.2.6, if a caller invokes the SetVariables() service, it will produce a digest from hash(VariableName, VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the firmware that implements the SetVariable() service will compare the digest with the result of applying the signer’s public key to the signature. For EFI variable append write, efitools sign-efi-sig-list has an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will drop this attribute in efi_set_variable_int(). So if a caller uses "sign-efi-sig-list -a" to create the authenticated variable, this append write will fail in the u-boot due to "hash check failed". This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure that the hash check is correct. And also update the "test_efi_secboot" test case to compliance with the change. Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> 
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".

This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.

Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
efi_loader: use ':' as separator for setenv -i 2020-08-24T14:37:53+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-24T06:27:49+00:00 2b3fbcb59f4174e455a6285eaddf1426ed3e76c5 setenv -e -i <address>,<filesize> can be used to set a UEFI variable from memory. For separating an address and a size we use ':' in most commands. Let's do the same for setenv -e -i. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.

For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: more fixes against pylint 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:59+00:00 d863b307e8079867575335f584db0949467cc220 More fixes against pylint warnings that autopep8 didn't handle in the previous commit. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
More fixes against pylint warnings that autopep8 didn't handle
in the previous commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: apply autopep8 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:58+00:00 91d2b6216b643f4c932b594d186b31d49a53deeb Python's autopep8 can automatically correct some of warnings from pylint and rewrite the code in a pretty print format. So just do it. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: fix test case 1g of test_authvar 2020-07-03T16:00:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-09T05:09:43+00:00 4edd9ccd94a93e153ab95a75a819f2c7436e5acb In the test case (1g) of test_authvar, "db" is mistakenly used, and it ends up being the exact same as (1f). So correct it as "dbx" test case. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In the test case (1g) of test_authvar, "db" is mistakenly used,
and it ends up being the exact same as (1f).
So correct it as "dbx" test case.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: remove all "re.search" 2020-07-03T16:00:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-09T05:09:42+00:00 bed118fb103c4917fd45a652a9026d5e9b62a069 Currently, we don't use any regular expression in matching outputs from U-Boot. Since its use is just redundant, we can remove all. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Currently, we don't use any regular expression in matching outputs from
U-Boot. Since its use is just redundant, we can remove all.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Revert "test: stabilize test_efi_secboot" 2020-07-03T16:00:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-09T05:09:32+00:00 dc2b47344729d62af15a34e254cf64f4c6916cda This reverts commit 5827c2545849441dd60467565aac11964259972f. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This reverts commit 5827c2545849441dd60467565aac11964259972f.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test: stabilize test_efi_secboot 2020-05-04T10:26:11+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-04T10:21:51+00:00 5827c2545849441dd60467565aac11964259972f When setting up the console via function efi_console_register() we call query_console_serial(). This functions sends an escape sequence to the terminal to query the display size. The response is another escape sequence. console.run_command_list() is looking for a regular expression '^==>'. If the escape sequence for the screen size precedes the prompt without a line break, no match is found. When efi_disk_register() is called before efi_console_register() this leads to a test failuere of the UEFI secure boot tests. We can avoid the problem if the first UEFI command passed to u_boot_console.run_command_list() produces output. This patch achieves this by appending '; echo' to the first UEFI related command of the problematic tests. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
When setting up the console via function efi_console_register() we call
query_console_serial(). This functions sends an escape sequence to the
terminal to query the display size. The response is another escape
sequence.

console.run_command_list() is looking for a regular expression '^==>'.
If the escape sequence for the screen size precedes the prompt without a
line break, no match is found.

When efi_disk_register() is called before efi_console_register() this leads
to a test failuere of the UEFI secure boot tests.

We can avoid the problem if the first UEFI command passed to
u_boot_console.run_command_list() produces output. This patch achieves this
by appending '; echo' to the first UEFI related command of the problematic
tests.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader, pytest: add UEFI secure boot tests (authenticated variables) 2020-04-16T06:12:47+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:50+00:00 a9d5666d0ae63a76c7a020af3519c26198e35127 Provide a couple of test cases for variable authentication. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Provide a couple of test cases for variable authentication.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>