u-boot.git/test/py, branch v2026.04 Unnamed repository; edit this file 'description' to name the repository. tests: FIT: Add "clone" image attack image test 2026-03-23T01:47:05+00:00 Tom Rini trini@konsulko.com 2026-03-18T17:02:33+00:00 a22e9e1b8ec7c96664072d7e629e811c318fb92a Related to the problem resolved with commit 2092322b31cc ("boot: Add fit_config_get_hash_list() to build signed node list"), add a testcase for the problem as well. Reported-by: Apple Security Engineering and Architecture (SEAR) Signed-off-by: Tom Rini <trini@konsulko.com> 
Related to the problem resolved with commit 2092322b31cc ("boot: Add
fit_config_get_hash_list() to build signed node list"), add a testcase
for the problem as well.

Reported-by: Apple Security Engineering and Architecture (SEAR)
Signed-off-by: Tom Rini <trini@konsulko.com>
boot: Add fit_config_get_hash_list() to build signed node list 2026-03-09T15:49:50+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T01:20:09+00:00 2092322b31cc8b1f8c9e2e238d1043ae0637b241 The hashed-nodes property in a FIT signature node lists which FDT paths are included in the signature hash. It is intended as a hint so should not be used for verification. Add a function to build the node list from scratch by iterating the configuration's image references. Skip properties known not to be image references. For each image, collect the path plus all hash and cipher subnodes. Use the new function in fit_config_check_sig() instead of reading 'hashed-nodes'. Update the test_vboot kernel@ test case: fit_check_sign now catches the attack at signature-verification time (the @-suffixed node is hashed instead of the real one, causing a mismatch) rather than at fit_check_format() time. Update the docs to cover this. The FIT spec can be updated separately. Signed-off-by: Simon Glass <simon.glass@canonical.com> Closes: https://lore.kernel.org/u-boot/20260302220937.3682128-1-trini@konsulko.com/ Reported-by: Apple Security Engineering and Architecture (SEAR) Tested-by: Tom Rini <trini@konsulko.com> 
The hashed-nodes property in a FIT signature node lists which FDT paths
are included in the signature hash. It is intended as a hint so should
not be used for verification.

Add a function to build the node list from scratch by iterating the
configuration's image references. Skip properties known not to be image
references. For each image, collect the path plus all hash and cipher
subnodes.

Use the new function in fit_config_check_sig() instead of reading
'hashed-nodes'.

Update the test_vboot kernel@ test case: fit_check_sign now catches the
attack at signature-verification time (the @-suffixed node is hashed
instead of the real one, causing a mismatch) rather than at
fit_check_format() time.

Update the docs to cover this. The FIT spec can be updated separately.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
Closes: https://lore.kernel.org/u-boot/20260302220937.3682128-1-trini@konsulko.com/
Reported-by: Apple Security Engineering and Architecture (SEAR)
Tested-by: Tom Rini <trini@konsulko.com>
test: cmd: Add test for zip/unzip/gzwrite commands 2026-02-18T21:02:58+00:00 Marek Vasut marek.vasut+renesas@mailbox.org 2026-02-05T01:40:45+00:00 6be3db6c1ab33c7ad90a8b25d7777e8425bf15cf Add simple test for zip/unzip/gzwrite commands. The test works as follows. First, create three buffers with a bit of space between each of them, fill them with random data, then compress data in buffer 1 into buffer 2, decompress data in buffer 2 either directly into buffer 3 or into MMC 1 and then read them back into buffer 3, and finally compare buffer 1 and buffer 3, they have to be identical. The buffers are filled with random data to detect out of bounds writes. Test for various sizes, both small and large and unaligned. The test uses ut_assert_skip_to_line() to skip over gzwrite progress bar. Since the progress bar updates fill up the console record buffer, increase the size of it to compensate. Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Tested-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> 
Add simple test for zip/unzip/gzwrite commands. The test works as
follows. First, create three buffers with a bit of space between
each of them, fill them with random data, then compress data in
buffer 1 into buffer 2, decompress data in buffer 2 either directly
into buffer 3 or into MMC 1 and then read them back into buffer 3,
and finally compare buffer 1 and buffer 3, they have to be identical.

The buffers are filled with random data to detect out of bounds writes.
Test for various sizes, both small and large and unaligned.

The test uses ut_assert_skip_to_line() to skip over gzwrite progress
bar. Since the progress bar updates fill up the console record buffer,
increase the size of it to compensate.

Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Tested-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
test/py: Fix spelling of source_dir in docstring 2026-02-16T17:52:01+00:00 David Lechner dlechner@baylibre.com 2026-02-06T21:31:14+00:00 6f96026b1e33207762ca0a936abd3b132a8fc0ee Fix a typo in the docstring for run_build() where source_dir was misspelled. Signed-off-by: David Lechner <dlechner@baylibre.com> 
Fix a typo in the docstring for run_build() where source_dir was
misspelled.

Signed-off-by: David Lechner <dlechner@baylibre.com>
Merge tag 'efi-2026-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi 2026-01-20T14:31:34+00:00 Tom Rini trini@konsulko.com 2026-01-20T14:31:34+00:00 a4dc1c3b7d563ac823bf351a656100c3fb2d6424 Pull request efi-2026-04-rc1-2 CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/29050 Documentation: * Update StarFive JH7110 common description * Add TI AM62D documentation * Update urllib3 version for building * Update links to doc/develop/falcon.rst * Describe QEMU networking * kdoc: handle the obsolescensce of docutils.ErrorString() * Fix typo "addtional" -> "additional" in pflash section. UEFI: * Fix boot failure from FIT with compressed EFI binary Others: * cmd/meminfo: Correct displaying addresses above 4 GiB * test: - Consider configuration in meminfo test - Consider initf_malloc is only traced with EARLY_TRACE - Clean up test_trace.py code 
Pull request efi-2026-04-rc1-2

CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/29050

Documentation:

* Update StarFive JH7110 common description
* Add TI AM62D documentation
* Update urllib3 version for building
* Update links to doc/develop/falcon.rst
* Describe QEMU networking
* kdoc: handle the obsolescensce of docutils.ErrorString()
* Fix typo "addtional" -> "additional" in pflash section.

UEFI:

* Fix boot failure from FIT with compressed EFI binary

Others:

* cmd/meminfo: Correct displaying addresses above 4 GiB
* test:
  - Consider configuration in meminfo test
  - Consider initf_malloc is only traced with EARLY_TRACE
  - Clean up test_trace.py code
test/py, buildman: Update filelock package version 2026-01-19T19:08:19+00:00 Tom Rini trini@konsulko.com 2026-01-15T16:17:26+00:00 8f16767dccffe504eae796ccc0ddf305dbee245e The GitHub dependabot tool has reported a "medium" priority bug CVE-2026-22701, with this package. Update to the patched version. Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com> 
The GitHub dependabot tool has reported a "medium" priority bug
CVE-2026-22701, with this package. Update to the patched version.

Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <trini@konsulko.com>
test: clean up test_trace.py code 2026-01-19T09:31:21+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2025-12-21T01:58:59+00:00 36262661d0f220fc2d992f4cc553335b484d12a2 * Add module doc string * Correct sequence of imports * Correct long exceeding 100 characters * Remove unused variables * Remove module level invocation of check_flamegraph * Add encoding to open() calls Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
* Add module doc string
* Correct sequence of imports
* Correct long exceeding 100 characters
* Remove unused variables
* Remove module level invocation of check_flamegraph
* Add encoding to open() calls

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
test: initf_malloc is only traced with EARLY_TRACE 2026-01-19T09:31:21+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2025-12-21T01:58:58+00:00 ddfb487a280497f7f4f4efcc092257ab4bc05341 Only if early tracing is enable the function initf_malloc can be traced. Add a configuration check. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> 
Only if early tracing is enable the function initf_malloc can be traced.

Add a configuration check.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Merge tag 'u-boot-dfu-20260116' of https://source.denx.de/u-boot/custodians/u-boot-dfu 2026-01-16T15:53:57+00:00 Tom Rini trini@konsulko.com 2026-01-16T15:18:34+00:00 1da640cc46ad84efb57bb45e02dd6c40265b5488 u-boot-dfu-20260116 CI: https://source.denx.de/u-boot/custodians/u-boot-dfu/-/pipelines/29018 Android: * Fix missing dependency for BOOTMETH_ANDROID * Add bootconfig support * Add 'get ramdisk' command to abootimg DFU: * Improve error handling in dfu_fill_entity() USB Gadget: * ci_udc: Ensure ci_ep->desc is valid before using it * ci_udc: Add additional debug prints 
u-boot-dfu-20260116

CI: https://source.denx.de/u-boot/custodians/u-boot-dfu/-/pipelines/29018

Android:
* Fix missing dependency for BOOTMETH_ANDROID
* Add bootconfig support
* Add 'get ramdisk' command to abootimg

DFU:
* Improve error handling in dfu_fill_entity()

USB Gadget:
* ci_udc: Ensure ci_ep->desc is valid before using it
* ci_udc: Add additional debug prints
test: abootimg: Add test for bootconfig handling 2026-01-16T13:07:58+00:00 Guillaume La Roque (TI.com) glaroque@baylibre.com 2026-01-12T10:55:41+00:00 0efe1d9502a022d5d5c39c73340dd0b7b3f9cbe5 Add test to verify that androidboot.* parameters are correctly extracted from bootargs and appended to the bootconfig section when using 'abootimg get ramdisk' with boot image v4 and vendor_boot image. The test verifies: - androidboot.* parameters are removed from bootargs - They are appended to the bootconfig section in the ramdisk - Non-androidboot parameters remain in bootargs - The bootconfig trailer is properly updated Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Guillaume La Roque (TI.com) <glaroque@baylibre.com> Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org> Link: https://lore.kernel.org/r/20260112-bootconfig-v5-5-79b242159ac7@baylibre.com [mkorpershoek: dropped whitespace changes from original patch] Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org> 
Add test to verify that androidboot.* parameters are correctly extracted
from bootargs and appended to the bootconfig section when using
'abootimg get ramdisk' with boot image v4 and vendor_boot image.

The test verifies:
- androidboot.* parameters are removed from bootargs
- They are appended to the bootconfig section in the ramdisk
- Non-androidboot parameters remain in bootargs
- The bootconfig trailer is properly updated

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Guillaume La Roque (TI.com) <glaroque@baylibre.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Link: https://lore.kernel.org/r/20260112-bootconfig-v5-5-79b242159ac7@baylibre.com
[mkorpershoek: dropped whitespace changes from original patch]
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>