u-boot.git/test/py/tests, branch v2021.04 Unnamed repository; edit this file 'description' to name the repository. test: Don't unmount not (yet) mounted system 2021-03-31T11:50:17+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2021-02-11T14:40:12+00:00 1ba21bb06b08d2f5d62afac29549ade8616929ce When test suite tries to create a file for a new filesystem test case and fails, the clean up of the exception tries to unmount the image, that has not yet been mounted. When it happens, the fuse_mounted global variable is set to False and inconveniently the test case tries to use sudo, so without this change the admin of the machine gets an (annoying) email: Subject: *** SECURITY information for example.com *** example.com : Feb 5 19:43:47 : ... COMMAND=/bin/umount .../build-sandbox/persistent-data/mnt and second run of the test cases on uncleaned build folder will ask for sudo which is not what expected. Besides that there is a double unmount calls during successfully run test case. All of these due to over engineered Python try-except clause and people didn't get it properly at all. The rule of thumb is that don't use more keywords than try-except in the exception handling code. Nevertheless, here we adjust code to be less intrusive to the initial logic behind that complex and unclear constructions in the test case, although it adds a lot of lines of the code, i.e. splits one exception handler to three, so on each step we know what cleanup shall perform. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
When test suite tries to create a file for a new filesystem test case and fails,
the clean up of the exception tries to unmount the image, that has not yet been
mounted. When it happens, the fuse_mounted global variable is set to False and
inconveniently the test case tries to use sudo, so without this change the
admin of the machine gets an (annoying) email:

  Subject: *** SECURITY information for example.com ***

  example.com : Feb  5 19:43:47 : ... COMMAND=/bin/umount .../build-sandbox/persistent-data/mnt

and second run of the test cases on uncleaned build folder will ask for sudo
which is not what expected.

Besides that there is a double unmount calls during successfully run test case.

All of these due to over engineered Python try-except clause and people didn't
get it properly at all. The rule of thumb is that don't use more keywords than
try-except in the exception handling code. Nevertheless, here we adjust code
to be less intrusive to the initial logic behind that complex and unclear
constructions in the test case, although it adds a lot of lines of the code,
i.e. splits one exception handler to three, so on each step we know what
cleanup shall perform.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
test: Include /sbin to the PATH when creating ext4 disk image 2021-03-17T16:50:19+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2021-02-11T14:40:09+00:00 9262fe15599a388e365cca3091e4852be8f23f11 On some distributions the mkfs.ext4 is under /sbin and /sbin is not set for mere users. Include /sbin to the PATH when creating ext4 disk image, so that users won't get a scary traceback from Python. Cc: Patrick Delaunay <patrick.delaunay@foss.st.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
On some distributions the mkfs.ext4 is under /sbin and /sbin is not set
for mere users. Include /sbin to the PATH when creating ext4 disk image,
so that users won't get a scary traceback from Python.

Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
efi_loader: correct uboot_bin_env.its file format 2021-03-07T16:37:26+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-03-02T07:07:19+00:00 7d3eff3412886f277c724a9effcbe545c4cdd5b5 Up to now the EFI capsule Python tests were always skipped. The reason is that mkimage fails with: uboot_bin_env.its:13.21-23.5: Warning (unit_address_vs_reg): /images/u-boot-bin@100000: node has a unit name, but no reg property uboot_bin_env.its:24.21-34.5: Warning (unit_address_vs_reg): /images/u-boot-env@150000: node has a unit name, but no reg property If a unit in a device-tree has an address, a reg property must be provided. But adding a reg property is not the solution here. Since 2017 unit addresses are disallowed for FIT, cf. common/image-fit.c:1624. So remove the unit addresses in uboot_bin_env.its. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Up to now the EFI capsule Python tests were always skipped. The reason is
that mkimage fails with:

uboot_bin_env.its:13.21-23.5: Warning (unit_address_vs_reg):
/images/u-boot-bin@100000: node has a unit name, but no reg property
uboot_bin_env.its:24.21-34.5: Warning (unit_address_vs_reg):
/images/u-boot-env@150000: node has a unit name, but no reg property

If a unit in a device-tree has an address, a reg property must be provided.
But adding a reg property is not the solution here.

Since 2017 unit addresses are disallowed for FIT,
cf. common/image-fit.c:1624.

So remove the unit addresses in uboot_bin_env.its.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
image: Check for unit addresses in FITs 2021-02-16T03:31:54+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:12+00:00 3f04db891a353f4b127ed57279279f851c6b4917 Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
libfdt: Check for multiple/invalid root nodes 2021-02-16T03:31:53+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:11+00:00 124c255731c76a2b09587378b2bcce561bcd3f2d It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
test: Add tests for the 'evil' vboot attacks 2021-02-16T00:17:33+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:08+00:00 d5f3aadacbc63df3b690d6fd9f0aa3f575b43356 Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
test: Add vboot_evil implementation 2021-02-16T00:17:29+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:07+00:00 fafafacb470b345f2f41b86e4633ef91a7c5ed23 Add a library which performs two different attacks on a FIT. Signed-off-by: Julien Lenoir <julien.lenoir@intel.com> Signed-off-by: Bruce Monroe <bruce.monroe@intel.com> Signed-off-by: Arie Haenel <arie.haenel@intel.com> Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a library which performs two different attacks on a FIT.

Signed-off-by: Julien Lenoir <julien.lenoir@intel.com>
Signed-off-by: Bruce Monroe <bruce.monroe@intel.com>
Signed-off-by: Arie Haenel <arie.haenel@intel.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
fit: Don't allow verification of images with @ nodes 2021-02-16T00:17:25+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:06+00:00 79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 When searching for a node called 'fred', any unit address appended to the name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This means that we cannot be sure that the node originally intended is the one that is used. Disallow use of nodes with unit addresses. Update the forge test also, since it uses @ addresses. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
test: Update test_fs to not use deprecated pytest.yield_fixture() 2021-01-29T15:36:49+00:00 Tom Rini trini@konsulko.com 2021-01-28T19:39:56+00:00 a59e59c9be844553384b67c36a8040f65ec10011 As noted in comments, yield_fixture has been deprecated for longer than our minimum required version of pytest. Newer versions of pytest cause this to be a louder warning, and as the migration is trivial, perform it now. Signed-off-by: Tom Rini <trini@konsulko.com> 
As noted in comments, yield_fixture has been deprecated for longer than
our minimum required version of pytest.  Newer versions of pytest cause
this to be a louder warning, and as the migration is trivial, perform it
now.

Signed-off-by: Tom Rini <trini@konsulko.com>
test: test_ofplatdata: Mark as sandbox specific 2021-01-29T15:34:34+00:00 Tom Rini trini@konsulko.com 2021-01-19T19:40:10+00:00 e6b8e948abda64c52bb6535d8670121f7e2953ce This test checks for output specific to the sandbox device tree, mark it as sandbox specific. Signed-off-by: Tom Rini <trini@konsulko.com> 
This test checks for output specific to the sandbox device tree, mark it
as sandbox specific.

Signed-off-by: Tom Rini <trini@konsulko.com>