u-boot.git/test/py/tests/test_efi_secboot, branch v2020.10 Unnamed repository; edit this file 'description' to name the repository. efi_loader: use ':' as separator for setenv -i 2020-08-24T14:37:53+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-24T06:27:49+00:00 2b3fbcb59f4174e455a6285eaddf1426ed3e76c5 setenv -e -i <address>,<filesize> can be used to set a UEFI variable from memory. For separating an address and a size we use ':' in most commands. Let's do the same for setenv -e -i. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.

For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: modify 'multiple signatures' test case 2020-08-14T10:34:33+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-14T05:39:24+00:00 0274e50e057e1969876c9d1ef6e2a530688cf5ee The test case 5 in test_signed (multiple signatures) must be modified and aligned with the change introduced in the previous commit ("efi_loader: signature: correct a behavior against multiple signatures"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: add test for intermediate certificates 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:24+00:00 e1174c566a61c863db1b782935269acba00e9281 In this test case, an image may have a signature with additional intermediate certificates. A chain of trust will be followed and all the certificates in the middle of chain must be verified before loading. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: small rework for adding a new test 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:23+00:00 57be8cdce35189ea063ebadb9338ef510289116f It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME under the current code base. So just remove them. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: fix additional pylint errors 2020-07-22T10:32:42+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-20T06:33:39+00:00 a58dfd29698c65a22e3956e7aae96c7ce7fdddd3 This is a fixup by autopep8 after the commit ("test/py: efi_secboot: apply autopep8"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: remove unused function 2020-07-22T10:32:42+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-20T06:34:09+00:00 d09745b1967708bffbbc5ba466753df638000d40 'tool_is_in_path' function is no longer used anywhere after Heinrich has removed 'sudo' version of fixture setup. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test: use virt-make-fs to build image 2020-07-11T21:14:16+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-07-11T21:05:18+00:00 53ce9a6ed98b69a82e54a28254b014e480fc98ca Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for verifying with digest of signed image 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:03+00:00 7fdc02b3d7d2085231f44d44c0556f4a592c8daf Signature database (db or dbx) may have not only certificates that contain a public key for RSA decryption, but also digests of signed images. In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID) and if the value matches to a hash value calculated from image's binary, authentication should pass in case of db, and fail in case of dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Use defined time stamps for sign-efi-sig-list. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.

In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for multiple signatures 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:02+00:00 0c7772d40f7994b1ff75ad9acd220101241c1feb In this test case, an image is signed multiple times with different keys. If any of signatures contained is not verified, the whole authentication check should fail. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Provide a defined time stamp for dbx_hash1.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test against certificate revocation 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:01+00:00 c6361e73b5c21216fc49ed46721015283414d77e Revocation database (dbx) may have not only certificates, but also message digests of certificates with revocation time (EFI_CERT_X509_SHA256_GUILD). In this test case, if the database has such a digest and if the value matches to a certificate that created a given image's signature, authentication should fail. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Set defined time stamp for dbx_hash.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).

In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>