summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Glass <[email protected]>2026-03-06 11:12:36 -0700
committerSimon Glass <[email protected]>2026-03-18 06:14:16 -0600
commitdd487d0d55c5c8828972cbff871252ba98f8d65c (patch)
tree49c5ccd0c83e6c0b2239dd7037a8b5f54c4e8cfd
parent62d2388401a5c372c199ab081f5b6498e342530f (diff)
binman: test: Move security test files to test/security/
Move about 20 test files for signing, encryption, hash, pre-load, x509, and Xilinx bootgen entries into a security/ subdirectory. Drop the numeric prefixes and update all references. Signed-off-by: Simon Glass <[email protected]>
Diffstat
-rw-r--r--tools/binman/ftest.py52
-rw-r--r--tools/binman/test/security/encrypted_invalid_iv_file.dts (renamed from tools/binman/test/302_encrypted_invalid_iv_file.dts)0
-rw-r--r--tools/binman/test/security/encrypted_key_file.dts (renamed from tools/binman/test/305_encrypted_key_file.dts)0
-rw-r--r--tools/binman/test/security/encrypted_key_source.dts (renamed from tools/binman/test/304_encrypted_key_source.dts)0
-rw-r--r--tools/binman/test/security/encrypted_missing_key.dts (renamed from tools/binman/test/303_encrypted_missing_key.dts)0
-rw-r--r--tools/binman/test/security/encrypted_no_algo.dts (renamed from tools/binman/test/301_encrypted_no_algo.dts)0
-rw-r--r--tools/binman/test/security/hash.dts (renamed from tools/binman/test/090_hash.dts)0
-rw-r--r--tools/binman/test/security/hash_bad_algo.dts (renamed from tools/binman/test/092_hash_bad_algo.dts)0
-rw-r--r--tools/binman/test/security/hash_no_algo.dts (renamed from tools/binman/test/091_hash_no_algo.dts)0
-rw-r--r--tools/binman/test/security/hash_section.dts (renamed from tools/binman/test/099_hash_section.dts)0
-rw-r--r--tools/binman/test/security/key_name_hint_dir_spl_pubkey_dtb.dts (renamed from tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts)0
-rw-r--r--tools/binman/test/security/pre_load.dts (renamed from tools/binman/test/230_pre_load.dts)0
-rw-r--r--tools/binman/test/security/pre_load_invalid_algo.dts (renamed from tools/binman/test/235_pre_load_invalid_algo.dts)0
-rw-r--r--tools/binman/test/security/pre_load_invalid_key.dts (renamed from tools/binman/test/236_pre_load_invalid_key.dts)0
-rw-r--r--tools/binman/test/security/pre_load_invalid_padding.dts (renamed from tools/binman/test/233_pre_load_invalid_padding.dts)0
-rw-r--r--tools/binman/test/security/pre_load_invalid_sha.dts (renamed from tools/binman/test/234_pre_load_invalid_sha.dts)0
-rw-r--r--tools/binman/test/security/pre_load_pkcs.dts (renamed from tools/binman/test/231_pre_load_pkcs.dts)0
-rw-r--r--tools/binman/test/security/pre_load_pss.dts (renamed from tools/binman/test/232_pre_load_pss.dts)0
-rw-r--r--tools/binman/test/security/section_ignore_hash_signature.dts (renamed from tools/binman/test/165_section_ignore_hash_signature.dts)0
-rw-r--r--tools/binman/test/security/sign_non_fit.dts (renamed from tools/binman/test/281_sign_non_fit.dts)0
-rw-r--r--tools/binman/test/security/spl_pubkey_dtb.dts (renamed from tools/binman/test/306_spl_pubkey_dtb.dts)0
-rw-r--r--tools/binman/test/security/x509_cert.dts (renamed from tools/binman/test/279_x509_cert.dts)0
-rw-r--r--tools/binman/test/security/xilinx_bootgen_sign.dts (renamed from tools/binman/test/307_xilinx_bootgen_sign.dts)0
-rw-r--r--tools/binman/test/security/xilinx_bootgen_sign_enc.dts (renamed from tools/binman/test/308_xilinx_bootgen_sign_enc.dts)0
24 files changed, 26 insertions, 26 deletions
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 612a1bdb8cb..9ceb85f2b28 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -2261,7 +2261,7 @@ class TestFunctional(unittest.TestCase):
def testHash(self):
"""Test hashing of the contents of an entry"""
- _, _, _, out_dtb_fname = self._DoReadFileDtb('090_hash.dts',
+ _, _, _, out_dtb_fname = self._DoReadFileDtb('security/hash.dts',
use_real_dtb=True, update_dtb=True)
dtb = fdt.Fdt(out_dtb_fname)
dtb.Scan()
@@ -2272,19 +2272,19 @@ class TestFunctional(unittest.TestCase):
def testHashNoAlgo(self):
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('091_hash_no_algo.dts', update_dtb=True)
+ self._DoReadFileDtb('security/hash_no_algo.dts', update_dtb=True)
self.assertIn("Node \'/binman/u-boot\': Missing \'algo\' property for "
'hash node', str(e.exception))
def testHashBadAlgo(self):
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('092_hash_bad_algo.dts', update_dtb=True)
+ self._DoReadFileDtb('security/hash_bad_algo.dts', update_dtb=True)
self.assertIn("Node '/binman/u-boot': Unknown hash algorithm 'invalid'",
str(e.exception))
def testHashSection(self):
"""Test hashing of the contents of an entry"""
- _, _, _, out_dtb_fname = self._DoReadFileDtb('099_hash_section.dts',
+ _, _, _, out_dtb_fname = self._DoReadFileDtb('security/hash_section.dts',
use_real_dtb=True, update_dtb=True)
dtb = fdt.Fdt(out_dtb_fname)
dtb.Scan()
@@ -4166,7 +4166,7 @@ class TestFunctional(unittest.TestCase):
def testSectionIgnoreHashSignature(self):
"""Test that sections ignore hash, signature nodes for its data"""
- data = self._DoReadFile('165_section_ignore_hash_signature.dts')
+ data = self._DoReadFile('security/section_ignore_hash_signature.dts')
expected = (U_BOOT_DATA + U_BOOT_DATA)
self.assertEqual(expected, data)
@@ -5822,7 +5822,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
data = self._DoReadFileDtb(
- '230_pre_load.dts', entry_args=entry_args,
+ 'security/pre_load.dts', entry_args=entry_args,
extra_indirs=[os.path.join(self._binman_dir, 'test')])[0]
image_fname = tools.get_output_filename('image.bin')
@@ -5836,7 +5836,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
def testPreLoadNoKey(self):
"""Test an image with a pre-load heade0r with missing key"""
with self.assertRaises(FileNotFoundError) as exc:
- self._DoReadFile('230_pre_load.dts')
+ self._DoReadFile('security/pre_load.dts')
self.assertIn("No such file or directory: 'dev.key'",
str(exc.exception))
@@ -5845,7 +5845,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
entry_args = {
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
- data = self._DoReadFileDtb('231_pre_load_pkcs.dts',
+ data = self._DoReadFileDtb('security/pre_load_pkcs.dts',
entry_args=entry_args)[0]
self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
@@ -5856,7 +5856,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
entry_args = {
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
- data = self._DoReadFileDtb('232_pre_load_pss.dts',
+ data = self._DoReadFileDtb('security/pre_load_pss.dts',
entry_args=entry_args)[0]
self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
@@ -5868,7 +5868,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('233_pre_load_invalid_padding.dts',
+ self._DoReadFileDtb('security/pre_load_invalid_padding.dts',
entry_args=entry_args)
def testPreLoadInvalidSha(self):
@@ -5877,13 +5877,13 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('234_pre_load_invalid_sha.dts',
+ self._DoReadFileDtb('security/pre_load_invalid_sha.dts',
entry_args=entry_args)
def testPreLoadInvalidAlgo(self):
"""Test an image with a pre-load header with an invalid algo"""
with self.assertRaises(ValueError) as e:
- data = self._DoReadFile('235_pre_load_invalid_algo.dts')
+ data = self._DoReadFile('security/pre_load_invalid_algo.dts')
def testPreLoadInvalidKey(self):
"""Test an image with a pre-load header with an invalid key"""
@@ -5891,7 +5891,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
}
with self.assertRaises(ValueError) as e:
- data = self._DoReadFileDtb('236_pre_load_invalid_key.dts',
+ data = self._DoReadFileDtb('security/pre_load_invalid_key.dts',
entry_args=entry_args)
def _CheckSafeUniqueNames(self, *images):
@@ -6863,7 +6863,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
entry_args = {
'keyfile': keyfile,
}
- data = self._DoReadFileDtb('279_x509_cert.dts',
+ data = self._DoReadFileDtb('security/x509_cert.dts',
entry_args=entry_args)[0]
cert = data[:-4]
self.assertEqual(U_BOOT_DATA, data[-4:])
@@ -6877,7 +6877,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
'keyfile': 'keyfile',
}
with terminal.capture() as (_, stderr):
- self._DoTestFile('279_x509_cert.dts',
+ self._DoTestFile('security/x509_cert.dts',
force_missing_bintools='openssl',
entry_args=entry_args)
err = stderr.getvalue()
@@ -6963,7 +6963,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
"""Test a non-FIT entry cannot be signed"""
is_signed = False
fit, fname, private_key, _ = self._PrepareSignEnv(
- '281_sign_non_fit.dts')
+ 'security/sign_non_fit.dts')
# do sign with private key
with self.assertRaises(ValueError) as e:
@@ -7272,7 +7272,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
def testEncryptedNoAlgo(self):
"""Test encrypted node with missing required properties"""
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('301_encrypted_no_algo.dts')
+ self._DoReadFileDtb('security/encrypted_no_algo.dts')
self.assertIn(
"Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename",
str(e.exception))
@@ -7280,21 +7280,21 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
def testEncryptedInvalidIvfile(self):
"""Test encrypted node with invalid iv file"""
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('302_encrypted_invalid_iv_file.dts')
+ self._DoReadFileDtb('security/encrypted_invalid_iv_file.dts')
self.assertIn("Filename 'invalid-iv-file' not found in input path",
str(e.exception))
def testEncryptedMissingKey(self):
"""Test encrypted node with missing key properties"""
with self.assertRaises(ValueError) as e:
- self._DoReadFileDtb('303_encrypted_missing_key.dts')
+ self._DoReadFileDtb('security/encrypted_missing_key.dts')
self.assertIn(
"Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'",
str(e.exception))
def testEncryptedKeySource(self):
"""Test encrypted node with key-source property"""
- data = self._DoReadFileDtb('304_encrypted_key_source.dts')[0]
+ data = self._DoReadFileDtb('security/encrypted_key_source.dts')[0]
dtb = fdt.Fdt.FromData(data)
dtb.Scan()
@@ -7308,7 +7308,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
def testEncryptedKeyFile(self):
"""Test encrypted node with key-filename property"""
- data = self._DoReadFileDtb('305_encrypted_key_file.dts')[0]
+ data = self._DoReadFileDtb('security/encrypted_key_file.dts')[0]
dtb = fdt.Fdt.FromData(data)
dtb.Scan()
@@ -7324,7 +7324,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
def testKeyNameHintIsPathSplPubkeyDtb(self):
"""Test that binman errors out on key-name-hint being a path"""
with self.assertRaises(ValueError) as e:
- self._DoReadFile('348_key_name_hint_dir_spl_pubkey_dtb.dts')
+ self._DoReadFile('security/key_name_hint_dir_spl_pubkey_dtb.dts')
self.assertIn(
'Node \'/binman/u-boot-spl-pubkey-dtb\': \'keys/key\' is a path not a filename',
str(e.exception))
@@ -7333,7 +7333,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
"""Test u_boot_spl_pubkey_dtb etype"""
data = tools.read_file(self.TestFile("key.pem"))
self._MakeInputFile("key.crt", data)
- self._DoReadFileRealDtb('306_spl_pubkey_dtb.dts')
+ self._DoReadFileRealDtb('security/spl_pubkey_dtb.dts')
image = control.images['image']
entries = image.GetEntries()
dtb_entry = entries['u-boot-spl-pubkey-dtb']
@@ -7358,7 +7358,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self._MakeInputFile("ssk.pem", data)
self._SetupPmuFwlElf()
self._SetupSplElf()
- self._DoReadFileRealDtb('307_xilinx_bootgen_sign.dts')
+ self._DoReadFileRealDtb('security/xilinx_bootgen_sign.dts')
image_fname = tools.get_output_filename('image.bin')
# Read partition header table and check if authentication is enabled
@@ -7387,7 +7387,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self._MakeInputFile("ssk.pem", data)
self._SetupPmuFwlElf()
self._SetupSplElf()
- self._DoReadFileRealDtb('308_xilinx_bootgen_sign_enc.dts')
+ self._DoReadFileRealDtb('security/xilinx_bootgen_sign_enc.dts')
image_fname = tools.get_output_filename('image.bin')
# Read boot header in order to verify encryption source and
@@ -7420,7 +7420,7 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
self._SetupPmuFwlElf()
self._SetupSplElf()
with terminal.capture() as (_, stderr):
- self._DoTestFile('307_xilinx_bootgen_sign.dts',
+ self._DoTestFile('security/xilinx_bootgen_sign.dts',
force_missing_bintools='bootgen')
err = stderr.getvalue()
self.assertRegex(err,
diff --git a/tools/binman/test/302_encrypted_invalid_iv_file.dts b/tools/binman/test/security/encrypted_invalid_iv_file.dts
index 388a0a6ad90..388a0a6ad90 100644
--- a/tools/binman/test/302_encrypted_invalid_iv_file.dts
+++ b/tools/binman/test/security/encrypted_invalid_iv_file.dts
diff --git a/tools/binman/test/305_encrypted_key_file.dts b/tools/binman/test/security/encrypted_key_file.dts
index efd7ee5f35a..efd7ee5f35a 100644
--- a/tools/binman/test/305_encrypted_key_file.dts
+++ b/tools/binman/test/security/encrypted_key_file.dts
diff --git a/tools/binman/test/304_encrypted_key_source.dts b/tools/binman/test/security/encrypted_key_source.dts
index 884ec508db8..884ec508db8 100644
--- a/tools/binman/test/304_encrypted_key_source.dts
+++ b/tools/binman/test/security/encrypted_key_source.dts
diff --git a/tools/binman/test/303_encrypted_missing_key.dts b/tools/binman/test/security/encrypted_missing_key.dts
index d1daaa08851..d1daaa08851 100644
--- a/tools/binman/test/303_encrypted_missing_key.dts
+++ b/tools/binman/test/security/encrypted_missing_key.dts
diff --git a/tools/binman/test/301_encrypted_no_algo.dts b/tools/binman/test/security/encrypted_no_algo.dts
index 03f7ffee90f..03f7ffee90f 100644
--- a/tools/binman/test/301_encrypted_no_algo.dts
+++ b/tools/binman/test/security/encrypted_no_algo.dts
diff --git a/tools/binman/test/090_hash.dts b/tools/binman/test/security/hash.dts
index 200304599dc..200304599dc 100644
--- a/tools/binman/test/090_hash.dts
+++ b/tools/binman/test/security/hash.dts
diff --git a/tools/binman/test/092_hash_bad_algo.dts b/tools/binman/test/security/hash_bad_algo.dts
index d2402000db6..d2402000db6 100644
--- a/tools/binman/test/092_hash_bad_algo.dts
+++ b/tools/binman/test/security/hash_bad_algo.dts
diff --git a/tools/binman/test/091_hash_no_algo.dts b/tools/binman/test/security/hash_no_algo.dts
index b64df205117..b64df205117 100644
--- a/tools/binman/test/091_hash_no_algo.dts
+++ b/tools/binman/test/security/hash_no_algo.dts
diff --git a/tools/binman/test/099_hash_section.dts b/tools/binman/test/security/hash_section.dts
index dcd8683d642..dcd8683d642 100644
--- a/tools/binman/test/099_hash_section.dts
+++ b/tools/binman/test/security/hash_section.dts
diff --git a/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts b/tools/binman/test/security/key_name_hint_dir_spl_pubkey_dtb.dts
index 85ebd58b6c0..85ebd58b6c0 100644
--- a/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts
+++ b/tools/binman/test/security/key_name_hint_dir_spl_pubkey_dtb.dts
diff --git a/tools/binman/test/230_pre_load.dts b/tools/binman/test/security/pre_load.dts
index e6d9ef40c6c..e6d9ef40c6c 100644
--- a/tools/binman/test/230_pre_load.dts
+++ b/tools/binman/test/security/pre_load.dts
diff --git a/tools/binman/test/235_pre_load_invalid_algo.dts b/tools/binman/test/security/pre_load_invalid_algo.dts
index d6f6dd20cd9..d6f6dd20cd9 100644
--- a/tools/binman/test/235_pre_load_invalid_algo.dts
+++ b/tools/binman/test/security/pre_load_invalid_algo.dts
diff --git a/tools/binman/test/236_pre_load_invalid_key.dts b/tools/binman/test/security/pre_load_invalid_key.dts
index f93bc9792cd..f93bc9792cd 100644
--- a/tools/binman/test/236_pre_load_invalid_key.dts
+++ b/tools/binman/test/security/pre_load_invalid_key.dts
diff --git a/tools/binman/test/233_pre_load_invalid_padding.dts b/tools/binman/test/security/pre_load_invalid_padding.dts
index bbe2d1ba869..bbe2d1ba869 100644
--- a/tools/binman/test/233_pre_load_invalid_padding.dts
+++ b/tools/binman/test/security/pre_load_invalid_padding.dts
diff --git a/tools/binman/test/234_pre_load_invalid_sha.dts b/tools/binman/test/security/pre_load_invalid_sha.dts
index 29afd2e37e4..29afd2e37e4 100644
--- a/tools/binman/test/234_pre_load_invalid_sha.dts
+++ b/tools/binman/test/security/pre_load_invalid_sha.dts
diff --git a/tools/binman/test/231_pre_load_pkcs.dts b/tools/binman/test/security/pre_load_pkcs.dts
index 66268cdb212..66268cdb212 100644
--- a/tools/binman/test/231_pre_load_pkcs.dts
+++ b/tools/binman/test/security/pre_load_pkcs.dts
diff --git a/tools/binman/test/232_pre_load_pss.dts b/tools/binman/test/security/pre_load_pss.dts
index 3008d3f4649..3008d3f4649 100644
--- a/tools/binman/test/232_pre_load_pss.dts
+++ b/tools/binman/test/security/pre_load_pss.dts
diff --git a/tools/binman/test/165_section_ignore_hash_signature.dts b/tools/binman/test/security/section_ignore_hash_signature.dts
index 8adbe25512a..8adbe25512a 100644
--- a/tools/binman/test/165_section_ignore_hash_signature.dts
+++ b/tools/binman/test/security/section_ignore_hash_signature.dts
diff --git a/tools/binman/test/281_sign_non_fit.dts b/tools/binman/test/security/sign_non_fit.dts
index e16c954246d..e16c954246d 100644
--- a/tools/binman/test/281_sign_non_fit.dts
+++ b/tools/binman/test/security/sign_non_fit.dts
diff --git a/tools/binman/test/306_spl_pubkey_dtb.dts b/tools/binman/test/security/spl_pubkey_dtb.dts
index 3256ff970cd..3256ff970cd 100644
--- a/tools/binman/test/306_spl_pubkey_dtb.dts
+++ b/tools/binman/test/security/spl_pubkey_dtb.dts
diff --git a/tools/binman/test/279_x509_cert.dts b/tools/binman/test/security/x509_cert.dts
index 71238172717..71238172717 100644
--- a/tools/binman/test/279_x509_cert.dts
+++ b/tools/binman/test/security/x509_cert.dts
diff --git a/tools/binman/test/307_xilinx_bootgen_sign.dts b/tools/binman/test/security/xilinx_bootgen_sign.dts
index 02acf8652a5..02acf8652a5 100644
--- a/tools/binman/test/307_xilinx_bootgen_sign.dts
+++ b/tools/binman/test/security/xilinx_bootgen_sign.dts
diff --git a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts b/tools/binman/test/security/xilinx_bootgen_sign_enc.dts
index 5d7ce4c1f5a..5d7ce4c1f5a 100644
--- a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts
+++ b/tools/binman/test/security/xilinx_bootgen_sign_enc.dts
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-11 19:40:41 +0000