u-boot.git/test/py/tests/test_efi_secboot, branch v2022.01 Unnamed repository; edit this file 'description' to name the repository. test/py: Fix efidebug related tests 2021-04-24T04:53:40+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-04-23T13:24:13+00:00 ce62b0f8f45f1b71fc03ddee84c0529cea228e24 commit cbea241e935e("efidebug: add multiple device path instances on Boot####") slightly tweaked the efidebug syntax adding -b, -i and -s for the boot image, initrd and optional data. The pytests using this command were adapted as well. However I completely missed the last "" argument, which at the time indicated the optional data and needed conversion as well. This patch is adding the missing -s flag and the tests are back to normal. Fixes: cbea241e935e("efidebug: add multiple device path instances on Boot####") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
commit cbea241e935e("efidebug: add multiple device path instances on Boot####")
slightly tweaked the efidebug syntax adding -b, -i and -s for the boot
image, initrd and optional data.
The pytests using this command were adapted as well. However I completely
missed the last "" argument, which at the time indicated the optional data
and needed conversion as well.  This patch is adding the missing -s flag
and the tests are back to normal.

Fixes: cbea241e935e("efidebug: add multiple device path instances on Boot####")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efidebug: add multiple device path instances on Boot#### 2021-03-25T19:14:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-03-17T19:55:01+00:00 cbea241e935ec754df44d5de0ad20b801f2d3f90 The UEFI spec allows a packed array of UEFI device paths in the FilePathList[] of an EFI_LOAD_OPTION. The first file path must describe the loaded image but the rest are OS specific. Previous patches parse the device path and try to use the second member of the array as an initrd. So let's modify efidebug slightly and install the second file described in the command line as the initrd device path. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The UEFI spec allows a packed array of UEFI device paths in the
FilePathList[] of an EFI_LOAD_OPTION. The first file path must
describe the loaded image but the rest are OS specific.

Previous patches parse the device path and try to use the second
member of the array as an initrd. So let's modify efidebug slightly
and install the second file described in the command line as the
initrd device path.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: use ':' as separator for setenv -i 2020-08-24T14:37:53+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-24T06:27:49+00:00 2b3fbcb59f4174e455a6285eaddf1426ed3e76c5 setenv -e -i <address>,<filesize> can be used to set a UEFI variable from memory. For separating an address and a size we use ':' in most commands. Let's do the same for setenv -e -i. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.

For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: modify 'multiple signatures' test case 2020-08-14T10:34:33+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-14T05:39:24+00:00 0274e50e057e1969876c9d1ef6e2a530688cf5ee The test case 5 in test_signed (multiple signatures) must be modified and aligned with the change introduced in the previous commit ("efi_loader: signature: correct a behavior against multiple signatures"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: add test for intermediate certificates 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:24+00:00 e1174c566a61c863db1b782935269acba00e9281 In this test case, an image may have a signature with additional intermediate certificates. A chain of trust will be followed and all the certificates in the middle of chain must be verified before loading. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: small rework for adding a new test 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:23+00:00 57be8cdce35189ea063ebadb9338ef510289116f It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME under the current code base. So just remove them. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
test/py: efi_secboot: fix additional pylint errors 2020-07-22T10:32:42+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-20T06:33:39+00:00 a58dfd29698c65a22e3956e7aae96c7ce7fdddd3 This is a fixup by autopep8 after the commit ("test/py: efi_secboot: apply autopep8"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: remove unused function 2020-07-22T10:32:42+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-20T06:34:09+00:00 d09745b1967708bffbbc5ba466753df638000d40 'tool_is_in_path' function is no longer used anywhere after Heinrich has removed 'sudo' version of fixture setup. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test: use virt-make-fs to build image 2020-07-11T21:14:16+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-07-11T21:05:18+00:00 53ce9a6ed98b69a82e54a28254b014e480fc98ca Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for verifying with digest of signed image 2020-07-11T21:14:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:02:03+00:00 7fdc02b3d7d2085231f44d44c0556f4a592c8daf Signature database (db or dbx) may have not only certificates that contain a public key for RSA decryption, but also digests of signed images. In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID) and if the value matches to a hash value calculated from image's binary, authentication should pass in case of db, and fail in case of dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Use defined time stamps for sign-efi-sig-list. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.

In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>