u-boot.git/test/py/tests/test_efi_secboot/test_signed.py, branch v2020.10 Unnamed repository; edit this file 'description' to name the repository. efi_loader: use ':' as separator for setenv -i 2020-08-24T14:37:53+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-24T06:27:49+00:00 2b3fbcb59f4174e455a6285eaddf1426ed3e76c5 setenv -e -i <address>,<filesize> can be used to set a UEFI variable from memory. For separating an address and a size we use ':' in most commands. Let's do the same for setenv -e -i. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.

For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: modify 'multiple signatures' test case 2020-08-14T10:34:33+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-14T05:39:24+00:00 0274e50e057e1969876c9d1ef6e2a530688cf5ee The test case 5 in test_signed (multiple signatures) must be modified and aligned with the change introduced in the previous commit ("efi_loader: signature: correct a behavior against multiple signatures"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: add a test for verifying with digest of signed image 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:03+00:00 7fdc02b3d7d2085231f44d44c0556f4a592c8daf Signature database (db or dbx) may have not only certificates that contain a public key for RSA decryption, but also digests of signed images. In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID) and if the value matches to a hash value calculated from image's binary, authentication should pass in case of db, and fail in case of dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Use defined time stamps for sign-efi-sig-list. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.

In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for multiple signatures 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:02+00:00 0c7772d40f7994b1ff75ad9acd220101241c1feb In this test case, an image is signed multiple times with different keys. If any of signatures contained is not verified, the whole authentication check should fail. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Provide a defined time stamp for dbx_hash1.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test against certificate revocation 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:01+00:00 c6361e73b5c21216fc49ed46721015283414d77e Revocation database (dbx) may have not only certificates, but also message digests of certificates with revocation time (EFI_CERT_X509_SHA256_GUILD). In this test case, if the database has such a digest and if the value matches to a certificate that created a given image's signature, authentication should fail. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Set defined time stamp for dbx_hash.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).

In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: split "signed image" test case-1 into two cases 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:00+00:00 48ead6097bb614698a53c898243c456e8d6737a3 Split the existing test case-1 into case1 and a new case-2: case-1 for non-SecureBoot mode; case-2 for SecureBoot mode. In addition, one corner case is added to case-2; a image is signed but a corresponding certificate is not yet installed in "db." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Split the existing test case-1 into case1 and a new case-2:
case-1 for non-SecureBoot mode; case-2 for SecureBoot mode.

In addition, one corner case is added to case-2; a image is signed
but a corresponding certificate is not yet installed in "db."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: more fixes against pylint 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:59+00:00 d863b307e8079867575335f584db0949467cc220 More fixes against pylint warnings that autopep8 didn't handle in the previous commit. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
More fixes against pylint warnings that autopep8 didn't handle
in the previous commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: apply autopep8 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:58+00:00 91d2b6216b643f4c932b594d186b31d49a53deeb Python's autopep8 can automatically correct some of warnings from pylint and rewrite the code in a pretty print format. So just do it. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: remove all "re.search" 2020-07-03T16:00:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-09T05:09:42+00:00 bed118fb103c4917fd45a652a9026d5e9b62a069 Currently, we don't use any regular expression in matching outputs from U-Boot. Since its use is just redundant, we can remove all. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Currently, we don't use any regular expression in matching outputs from
U-Boot. Since its use is just redundant, we can remove all.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Revert "test: stabilize test_efi_secboot" 2020-07-03T16:00:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-06-09T05:09:32+00:00 dc2b47344729d62af15a34e254cf64f4c6916cda This reverts commit 5827c2545849441dd60467565aac11964259972f. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This reverts commit 5827c2545849441dd60467565aac11964259972f.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>