u-boot.git/test/py/tests/test_vboot.py, branch dependabot/pip/tools/patman/aiohttp-3.13.4 Unnamed repository; edit this file 'description' to name the repository. tests: FIT: Add "clone" image attack image test 2026-03-23T01:47:05+00:00 Tom Rini trini@konsulko.com 2026-03-18T17:02:33+00:00 a22e9e1b8ec7c96664072d7e629e811c318fb92a Related to the problem resolved with commit 2092322b31cc ("boot: Add fit_config_get_hash_list() to build signed node list"), add a testcase for the problem as well. Reported-by: Apple Security Engineering and Architecture (SEAR) Signed-off-by: Tom Rini <trini@konsulko.com> 
Related to the problem resolved with commit 2092322b31cc ("boot: Add
fit_config_get_hash_list() to build signed node list"), add a testcase
for the problem as well.

Reported-by: Apple Security Engineering and Architecture (SEAR)
Signed-off-by: Tom Rini <trini@konsulko.com>
boot: Add fit_config_get_hash_list() to build signed node list 2026-03-09T15:49:50+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T01:20:09+00:00 2092322b31cc8b1f8c9e2e238d1043ae0637b241 The hashed-nodes property in a FIT signature node lists which FDT paths are included in the signature hash. It is intended as a hint so should not be used for verification. Add a function to build the node list from scratch by iterating the configuration's image references. Skip properties known not to be image references. For each image, collect the path plus all hash and cipher subnodes. Use the new function in fit_config_check_sig() instead of reading 'hashed-nodes'. Update the test_vboot kernel@ test case: fit_check_sign now catches the attack at signature-verification time (the @-suffixed node is hashed instead of the real one, causing a mismatch) rather than at fit_check_format() time. Update the docs to cover this. The FIT spec can be updated separately. Signed-off-by: Simon Glass <simon.glass@canonical.com> Closes: https://lore.kernel.org/u-boot/20260302220937.3682128-1-trini@konsulko.com/ Reported-by: Apple Security Engineering and Architecture (SEAR) Tested-by: Tom Rini <trini@konsulko.com> 
The hashed-nodes property in a FIT signature node lists which FDT paths
are included in the signature hash. It is intended as a hint so should
not be used for verification.

Add a function to build the node list from scratch by iterating the
configuration's image references. Skip properties known not to be image
references. For each image, collect the path plus all hash and cipher
subnodes.

Use the new function in fit_config_check_sig() instead of reading
'hashed-nodes'.

Update the test_vboot kernel@ test case: fit_check_sign now catches the
attack at signature-verification time (the @-suffixed node is hashed
instead of the real one, causing a mismatch) rather than at
fit_check_format() time.

Update the docs to cover this. The FIT spec can be updated separately.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
Closes: https://lore.kernel.org/u-boot/20260302220937.3682128-1-trini@konsulko.com/
Reported-by: Apple Security Engineering and Architecture (SEAR)
Tested-by: Tom Rini <trini@konsulko.com>
test/py: Drop assigning ubman to cons 2025-03-15T11:47:04+00:00 Simon Glass sjg@chromium.org 2025-02-09T16:07:17+00:00 d08653d3699c1aafada3418c9f74b887bfb21a65 Now that we have a shorter name, we don't need this sort of thing. Just use ubman instead. Signed-off-by: Simon Glass <sjg@chromium.org> 
Now that we have a shorter name, we don't need this sort of thing. Just
use ubman instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
test/py: Drop importing utils as util 2025-03-15T11:02:04+00:00 Simon Glass sjg@chromium.org 2025-02-09T16:07:16+00:00 dd693ecb60384049dd8c3f6a36331c1a70b6558f Now that we have a shorter name, we don't need this sort of thing. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # test_android 
Now that we have a shorter name, we don't need this sort of thing.
Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # test_android
test/py: Drop u_boot_ prefix on test files 2025-03-15T11:02:04+00:00 Simon Glass sjg@chromium.org 2025-02-09T16:07:15+00:00 d9ed4b75add4b4ccc37cf32b54cd9c77f48e3396 We know this is U-Boot so the prefix serves no purpose other than to make things longer and harder to read. Drop it and rename the files. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # test_android / test_dfu 
We know this is U-Boot so the prefix serves no purpose other than to
make things longer and harder to read. Drop it and rename the files.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> # test_android / test_dfu
test/py: Shorten u_boot_console 2025-03-15T10:38:38+00:00 Simon Glass sjg@chromium.org 2025-02-09T16:07:14+00:00 752c3769874596d012cd8325099d2ae20123f989 This fixture name is quite long and results in lots of verbose code. We know this is U-Boot so the 'u_boot_' part is not necessary. But it is also a bit of a misnomer, since it provides access to all the information available to tests. It is not just the console. It would be too confusing to use con as it would be confused with config and it is probably too short. So shorten it to 'ubman'. Signed-off-by: Simon Glass <sjg@chromium.org> Link: https://lore.kernel.org/u-boot/CAFLszTgPa4aT_J9h9pqeTtLCVn4x2JvLWRcWRD8NaN3uoSAtyA@mail.gmail.com/ 
This fixture name is quite long and results in lots of verbose code.
We know this is U-Boot so the 'u_boot_' part is not necessary.

But it is also a bit of a misnomer, since it provides access to all the
information available to tests. It is not just the console.

It would be too confusing to use con as it would be confused with
config and it is probably too short.

So shorten it to 'ubman'.

Signed-off-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/u-boot/CAFLszTgPa4aT_J9h9pqeTtLCVn4x2JvLWRcWRD8NaN3uoSAtyA@mail.gmail.com/
test: vboot: Using variable 'old_dtb' before assignment 2023-12-13T23:39:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-12-11T18:07:33+00:00 229c4da6ca183b91f2ad928ecec47e073bce1b1a old_dtb can only be assumed initialized in the finally block if it is assigned a value before the try statement. Avoid a pylint error reported by current pylint. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
old_dtb can only be assumed initialized in the finally block
if it is assigned a value before the try statement.

Avoid a pylint error reported by current pylint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
test_vboot.py: include test of fdt_add_pubkey tool 2023-04-02T05:39:41+00:00 Roman Kopytin Roman.Kopytin@kaspersky.com 2023-03-20T03:28:13+00:00 90999b456902a7fe760e74f09b88b55141e7c20f Add test_fdt_add_pubkey test which provides simple functionality test which contains such steps: create DTB and FIT files add keys with fdt_add_pubkey to DTB sign FIT image check with fit_check_sign that keys properly added to DTB file Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com> Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> 
Add test_fdt_add_pubkey test which provides simple functionality test
which contains such steps:
 create DTB and FIT files
 add keys with fdt_add_pubkey to DTB
 sign FIT image
 check with fit_check_sign that keys properly added to DTB file

Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
test: Mark all but the first vboot test as slow 2022-09-12T22:06:36+00:00 Simon Glass sjg@chromium.org 2022-08-06T23:51:52+00:00 c7c113dc133b0833cde1366820ecfcc3c3869fad When doing a quick check we don't need to run all the vboot tests. Just run the first one, which is enough to catch most problems. Signed-off-by: Simon Glass <sjg@chromium.org> 
When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.

Signed-off-by: Simon Glass <sjg@chromium.org>
test: py: vboot: add test for global image signature 2022-03-31T18:12:23+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:57:06+00:00 776db4fa96bb606b88740ea2017c3c66a8394e86 Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>