u-boot.git/tools/binman, branch next Unnamed repository; edit this file 'description' to name the repository. test: binman: Add test for pkcs11 signed capsule 2026-03-18T12:14:17+00:00 Wojciech Dubowik Wojciech.Dubowik@mt.com 2026-02-20T09:15:16+00:00 e73443167be055c646dfd7d5a79bc30ac33e31d5 Test pkcs11 URI support for UEFI capsule generation. Both public certificate and private key are used over pkcs11 protocol. Pkcs11-tool has been introduced as softhsm tool doesn't have functionality to import certificates in commonly distributed version (only in the latest). Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> 
Test pkcs11 URI support for UEFI capsule generation. Both
public certificate and private key are used over pkcs11
protocol.
Pkcs11-tool has been introduced as softhsm tool doesn't have
functionality to import certificates in commonly distributed
version (only in the latest).

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
binman: DTS: Add dump-signature option for capsules 2026-03-18T12:14:17+00:00 Wojciech Dubowik Wojciech.Dubowik@mt.com 2026-02-20T09:15:15+00:00 e2c46d33cfbb92f493b520524a099fdf9af0a056 Mkeficapsule can dump signature for signed capsules. It can be used in test to validate signature i.e. with openssl. Add an entry for device tree node. Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> 
Mkeficapsule can dump signature for signed capsules. It can
be used in test to validate signature i.e. with openssl.
Add an entry for device tree node.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
binman: Add dump signature option to mkeficapsule 2026-03-18T12:14:17+00:00 Wojciech Dubowik Wojciech.Dubowik@mt.com 2026-02-20T09:15:14+00:00 a251d46e68470706d0585711943e8d36cd432675 It will be used to capsule signature verification. Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> 
It will be used to capsule signature verification.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
tools: mkeficapsule: Fix dump signature long option 2026-03-18T12:14:17+00:00 Wojciech Dubowik Wojciech.Dubowik@mt.com 2026-02-20T09:15:13+00:00 84432436bf564adc5f48ea81672ee8d5b374cb3d Only short option has been present. Also rename dump_sig to dump-sig to match with other parameter names. Fixes: 16abff246b40 ("tools: mkeficapsule: add firmware image signing") Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Only short option has been present. Also rename dump_sig
to dump-sig to match with other parameter names.

Fixes: 16abff246b40 ("tools: mkeficapsule: add firmware image signing")

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
binman: Accept pkcs11 URI tokens for capsule updates 2026-03-18T12:14:17+00:00 Wojciech Dubowik Wojciech.Dubowik@mt.com 2026-02-20T09:15:12+00:00 a8c8ebc8064183921ed419130df229a9d5d43192 With pkcs11 support in mkeficapsule we can now accept URI tokens and not only files. Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> 
With pkcs11 support in mkeficapsule we can now accept URI
tokens and not only files.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
binman: Remove the coverage allow_failures list 2026-03-18T12:14:16+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T18:12:49+00:00 dcdf2751c61ce3f89a781b62cac7f087bf6deab9 Now that iMX8 has full coverage the allow_failures list in RunTestCoverage() is no longer needed. Drop the list. Signed-off-by: Simon Glass <simon.glass@canonical.com> 
Now that iMX8 has full coverage the allow_failures list in
RunTestCoverage() is no longer needed.

Drop the list.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
binman: test: Fix code coverage for iMX8 and cst bintool 2026-03-18T12:14:16+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T18:12:48+00:00 0cab35362d7720975e7869d2bc3cc23cec73b376 Three files are currently missing test coverage: nxp_imx8mcst, nxp_imx8mimage and cst Add test methods to cover all missing code paths, trying to reuse the same .dts files where possible. This brings all three files to 100% coverage. Signed-off-by: Simon Glass <simon.glass@canonical.com> 
Three files are currently missing test coverage: nxp_imx8mcst,
nxp_imx8mimage and cst

Add test methods to cover all missing code paths, trying to reuse the
same .dts files where possible.

This brings all three files to 100% coverage.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
binman: test: Move shared key files to test/security/ 2026-03-18T12:14:16+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T18:12:47+00:00 b12f4bcf267c0eb80ef193f0eff246971812c575 Move key.key and key.pem into the security/ subdirectory. These are used by security, vendor, and capsule tests but security is the most natural home for key material. Update all references. Signed-off-by: Simon Glass <simon.glass@canonical.com> 
Move key.key and key.pem into the security/ subdirectory. These are
used by security, vendor, and capsule tests but security is the most
natural home for key material. Update all references.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
binman: test: Move FIT signing test data to test/fit/ 2026-03-18T12:14:16+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T18:12:46+00:00 0a806c3eb6ab16daaba3caf967c0b67d608028c0 Move the signing-related test data (keys, certificates, OpenSSL and SoftHSM2 configuration, dummy engine source) into the fit/ subdirectory alongside the FIT DTS test files. Drop the 340_ prefix from files that had it. Update the Makefile and all ftest.py references. Signed-off-by: Simon Glass <simon.glass@canonical.com> 
Move the signing-related test data (keys, certificates, OpenSSL and
SoftHSM2 configuration, dummy engine source) into the fit/ subdirectory
alongside the FIT DTS test files. Drop the 340_ prefix from files that
had it. Update the Makefile and all ftest.py references.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
binman: test: Move x86 binary test data to test/x86/ 2026-03-18T12:14:16+00:00 Simon Glass simon.glass@canonical.com 2026-03-06T18:12:45+00:00 c28fbed34939ba7d39a04eecd40838439708e902 Move descriptor.bin, fitimage.bin.gz and ifwi.bin.gz into the x86/ subdirectory alongside the x86 DTS test files and update all references. Signed-off-by: Simon Glass <simon.glass@canonical.com> 
Move descriptor.bin, fitimage.bin.gz and ifwi.bin.gz into the x86/
subdirectory alongside the x86 DTS test files and update all
references.

Signed-off-by: Simon Glass <simon.glass@canonical.com>