binman: test: Move security test files to test/security/

Move about 20 test files for signing, encryption, hash, pre-load, x509, and Xilinx bootgen entries into a security/ subdirectory. Drop the numeric prefixes and update all references. Signed-off-by: Simon Glass <[email protected]>
author: Simon Glass <[email protected]> 2026-03-06 11:12:36 -0700
committer: Simon Glass <[email protected]> 2026-03-18 06:14:16 -0600
commit: dd487d0d55c5c8828972cbff871252ba98f8d65c (patch)
tree: 49c5ccd0c83e6c0b2239dd7037a8b5f54c4e8cfd /tools
parent: 62d2388401a5c372c199ab081f5b6498e342530f (diff)
24 files changed, 26 insertions, 26 deletions
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 612a1bdb8cb..9ceb85f2b28 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -2261,7 +2261,7 @@ class TestFunctional(unittest.TestCase):
 
     def testHash(self):
         """Test hashing of the contents of an entry"""
-        _, _, _, out_dtb_fname = self._DoReadFileDtb('090_hash.dts',
+        _, _, _, out_dtb_fname = self._DoReadFileDtb('security/hash.dts',
                 use_real_dtb=True, update_dtb=True)
         dtb = fdt.Fdt(out_dtb_fname)
         dtb.Scan()
@@ -2272,19 +2272,19 @@ class TestFunctional(unittest.TestCase):
 
     def testHashNoAlgo(self):
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('091_hash_no_algo.dts', update_dtb=True)
+            self._DoReadFileDtb('security/hash_no_algo.dts', update_dtb=True)
         self.assertIn("Node \'/binman/u-boot\': Missing \'algo\' property for "
                       'hash node', str(e.exception))
 
     def testHashBadAlgo(self):
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('092_hash_bad_algo.dts', update_dtb=True)
+            self._DoReadFileDtb('security/hash_bad_algo.dts', update_dtb=True)
         self.assertIn("Node '/binman/u-boot': Unknown hash algorithm 'invalid'",
                       str(e.exception))
 
     def testHashSection(self):
         """Test hashing of the contents of an entry"""
-        _, _, _, out_dtb_fname = self._DoReadFileDtb('099_hash_section.dts',
+        _, _, _, out_dtb_fname = self._DoReadFileDtb('security/hash_section.dts',
                 use_real_dtb=True, update_dtb=True)
         dtb = fdt.Fdt(out_dtb_fname)
         dtb.Scan()
@@ -4166,7 +4166,7 @@ class TestFunctional(unittest.TestCase):
 
     def testSectionIgnoreHashSignature(self):
         """Test that sections ignore hash, signature nodes for its data"""
-        data = self._DoReadFile('165_section_ignore_hash_signature.dts')
+        data = self._DoReadFile('security/section_ignore_hash_signature.dts')
         expected = (U_BOOT_DATA + U_BOOT_DATA)
         self.assertEqual(expected, data)
 
@@ -5822,7 +5822,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
         data = self._DoReadFileDtb(
-            '230_pre_load.dts', entry_args=entry_args,
+            'security/pre_load.dts', entry_args=entry_args,
             extra_indirs=[os.path.join(self._binman_dir, 'test')])[0]
 
         image_fname = tools.get_output_filename('image.bin')
@@ -5836,7 +5836,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
     def testPreLoadNoKey(self):
         """Test an image with a pre-load heade0r with missing key"""
         with self.assertRaises(FileNotFoundError) as exc:
-            self._DoReadFile('230_pre_load.dts')
+            self._DoReadFile('security/pre_load.dts')
         self.assertIn("No such file or directory: 'dev.key'",
                       str(exc.exception))
 
@@ -5845,7 +5845,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         entry_args = {
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
-        data = self._DoReadFileDtb('231_pre_load_pkcs.dts',
+        data = self._DoReadFileDtb('security/pre_load_pkcs.dts',
                                    entry_args=entry_args)[0]
         self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
         self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
@@ -5856,7 +5856,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         entry_args = {
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
-        data = self._DoReadFileDtb('232_pre_load_pss.dts',
+        data = self._DoReadFileDtb('security/pre_load_pss.dts',
                                    entry_args=entry_args)[0]
         self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
         self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
@@ -5868,7 +5868,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('233_pre_load_invalid_padding.dts',
+            self._DoReadFileDtb('security/pre_load_invalid_padding.dts',
                                 entry_args=entry_args)
 
     def testPreLoadInvalidSha(self):
@@ -5877,13 +5877,13 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('234_pre_load_invalid_sha.dts',
+            self._DoReadFileDtb('security/pre_load_invalid_sha.dts',
                                 entry_args=entry_args)
 
     def testPreLoadInvalidAlgo(self):
         """Test an image with a pre-load header with an invalid algo"""
         with self.assertRaises(ValueError) as e:
-            data = self._DoReadFile('235_pre_load_invalid_algo.dts')
+            data = self._DoReadFile('security/pre_load_invalid_algo.dts')
 
     def testPreLoadInvalidKey(self):
         """Test an image with a pre-load header with an invalid key"""
@@ -5891,7 +5891,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             'pre-load-key-path': os.path.join(self._binman_dir, 'test'),
         }
         with self.assertRaises(ValueError) as e:
-            data = self._DoReadFileDtb('236_pre_load_invalid_key.dts',
+            data = self._DoReadFileDtb('security/pre_load_invalid_key.dts',
                                        entry_args=entry_args)
 
     def _CheckSafeUniqueNames(self, *images):
@@ -6863,7 +6863,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         entry_args = {
             'keyfile': keyfile,
         }
-        data = self._DoReadFileDtb('279_x509_cert.dts',
+        data = self._DoReadFileDtb('security/x509_cert.dts',
                                    entry_args=entry_args)[0]
         cert = data[:-4]
         self.assertEqual(U_BOOT_DATA, data[-4:])
@@ -6877,7 +6877,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             'keyfile': 'keyfile',
         }
         with terminal.capture() as (_, stderr):
-            self._DoTestFile('279_x509_cert.dts',
+            self._DoTestFile('security/x509_cert.dts',
                              force_missing_bintools='openssl',
                              entry_args=entry_args)
         err = stderr.getvalue()
@@ -6963,7 +6963,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         """Test a non-FIT entry cannot be signed"""
         is_signed = False
         fit, fname, private_key, _ = self._PrepareSignEnv(
-            '281_sign_non_fit.dts')
+            'security/sign_non_fit.dts')
 
         # do sign with private key
         with self.assertRaises(ValueError) as e:
@@ -7272,7 +7272,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
     def testEncryptedNoAlgo(self):
         """Test encrypted node with missing required properties"""
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('301_encrypted_no_algo.dts')
+            self._DoReadFileDtb('security/encrypted_no_algo.dts')
         self.assertIn(
             "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename",
             str(e.exception))
@@ -7280,21 +7280,21 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
     def testEncryptedInvalidIvfile(self):
         """Test encrypted node with invalid iv file"""
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('302_encrypted_invalid_iv_file.dts')
+            self._DoReadFileDtb('security/encrypted_invalid_iv_file.dts')
         self.assertIn("Filename 'invalid-iv-file' not found in input path",
                       str(e.exception))
 
     def testEncryptedMissingKey(self):
         """Test encrypted node with missing key properties"""
         with self.assertRaises(ValueError) as e:
-            self._DoReadFileDtb('303_encrypted_missing_key.dts')
+            self._DoReadFileDtb('security/encrypted_missing_key.dts')
         self.assertIn(
             "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'",
             str(e.exception))
 
     def testEncryptedKeySource(self):
         """Test encrypted node with key-source property"""
-        data = self._DoReadFileDtb('304_encrypted_key_source.dts')[0]
+        data = self._DoReadFileDtb('security/encrypted_key_source.dts')[0]
 
         dtb = fdt.Fdt.FromData(data)
         dtb.Scan()
@@ -7308,7 +7308,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
 
     def testEncryptedKeyFile(self):
         """Test encrypted node with key-filename property"""
-        data = self._DoReadFileDtb('305_encrypted_key_file.dts')[0]
+        data = self._DoReadFileDtb('security/encrypted_key_file.dts')[0]
 
         dtb = fdt.Fdt.FromData(data)
         dtb.Scan()
@@ -7324,7 +7324,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
     def testKeyNameHintIsPathSplPubkeyDtb(self):
         """Test that binman errors out on key-name-hint being a path"""
         with self.assertRaises(ValueError) as e:
-            self._DoReadFile('348_key_name_hint_dir_spl_pubkey_dtb.dts')
+            self._DoReadFile('security/key_name_hint_dir_spl_pubkey_dtb.dts')
         self.assertIn(
             'Node \'/binman/u-boot-spl-pubkey-dtb\': \'keys/key\' is a path not a filename',
             str(e.exception))
@@ -7333,7 +7333,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         """Test u_boot_spl_pubkey_dtb etype"""
         data = tools.read_file(self.TestFile("key.pem"))
         self._MakeInputFile("key.crt", data)
-        self._DoReadFileRealDtb('306_spl_pubkey_dtb.dts')
+        self._DoReadFileRealDtb('security/spl_pubkey_dtb.dts')
         image = control.images['image']
         entries = image.GetEntries()
         dtb_entry = entries['u-boot-spl-pubkey-dtb']
@@ -7358,7 +7358,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         self._MakeInputFile("ssk.pem", data)
         self._SetupPmuFwlElf()
         self._SetupSplElf()
-        self._DoReadFileRealDtb('307_xilinx_bootgen_sign.dts')
+        self._DoReadFileRealDtb('security/xilinx_bootgen_sign.dts')
         image_fname = tools.get_output_filename('image.bin')
 
         # Read partition header table and check if authentication is enabled
@@ -7387,7 +7387,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         self._MakeInputFile("ssk.pem", data)
         self._SetupPmuFwlElf()
         self._SetupSplElf()
-        self._DoReadFileRealDtb('308_xilinx_bootgen_sign_enc.dts')
+        self._DoReadFileRealDtb('security/xilinx_bootgen_sign_enc.dts')
         image_fname = tools.get_output_filename('image.bin')
 
         # Read boot header in order to verify encryption source and
@@ -7420,7 +7420,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         self._SetupPmuFwlElf()
         self._SetupSplElf()
         with terminal.capture() as (_, stderr):
-            self._DoTestFile('307_xilinx_bootgen_sign.dts',
+            self._DoTestFile('security/xilinx_bootgen_sign.dts',
                              force_missing_bintools='bootgen')
         err = stderr.getvalue()
         self.assertRegex(err,
diff --git a/tools/binman/test/302_encrypted_invalid_iv_file.dts b/tools/binman/test/security/encrypted_invalid_iv_file.dts
index 388a0a6ad90..388a0a6ad90 100644
--- a/tools/binman/test/302_encrypted_invalid_iv_file.dts
+++ b/tools/binman/test/security/encrypted_invalid_iv_file.dts
diff --git a/tools/binman/test/305_encrypted_key_file.dts b/tools/binman/test/security/encrypted_key_file.dts
index efd7ee5f35a..efd7ee5f35a 100644
--- a/tools/binman/test/305_encrypted_key_file.dts
+++ b/tools/binman/test/security/encrypted_key_file.dts
diff --git a/tools/binman/test/304_encrypted_key_source.dts b/tools/binman/test/security/encrypted_key_source.dts
index 884ec508db8..884ec508db8 100644
--- a/tools/binman/test/304_encrypted_key_source.dts
+++ b/tools/binman/test/security/encrypted_key_source.dts
diff --git a/tools/binman/test/303_encrypted_missing_key.dts b/tools/binman/test/security/encrypted_missing_key.dts
index d1daaa08851..d1daaa08851 100644
--- a/tools/binman/test/303_encrypted_missing_key.dts
+++ b/tools/binman/test/security/encrypted_missing_key.dts
diff --git a/tools/binman/test/301_encrypted_no_algo.dts b/tools/binman/test/security/encrypted_no_algo.dts
index 03f7ffee90f..03f7ffee90f 100644
--- a/tools/binman/test/301_encrypted_no_algo.dts
+++ b/tools/binman/test/security/encrypted_no_algo.dts
diff --git a/tools/binman/test/090_hash.dts b/tools/binman/test/security/hash.dts
index 200304599dc..200304599dc 100644
--- a/tools/binman/test/090_hash.dts
+++ b/tools/binman/test/security/hash.dts
diff --git a/tools/binman/test/092_hash_bad_algo.dts b/tools/binman/test/security/hash_bad_algo.dts
index d2402000db6..d2402000db6 100644
--- a/tools/binman/test/092_hash_bad_algo.dts
+++ b/tools/binman/test/security/hash_bad_algo.dts
diff --git a/tools/binman/test/091_hash_no_algo.dts b/tools/binman/test/security/hash_no_algo.dts
index b64df205117..b64df205117 100644
--- a/tools/binman/test/091_hash_no_algo.dts
+++ b/tools/binman/test/security/hash_no_algo.dts
diff --git a/tools/binman/test/099_hash_section.dts b/tools/binman/test/security/hash_section.dts
index dcd8683d642..dcd8683d642 100644
--- a/tools/binman/test/099_hash_section.dts
+++ b/tools/binman/test/security/hash_section.dts
diff --git a/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts b/tools/binman/test/security/key_name_hint_dir_spl_pubkey_dtb.dts
index 85ebd58b6c0..85ebd58b6c0 100644
--- a/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts
+++ b/tools/binman/test/security/key_name_hint_dir_spl_pubkey_dtb.dts
diff --git a/tools/binman/test/230_pre_load.dts b/tools/binman/test/security/pre_load.dts
index e6d9ef40c6c..e6d9ef40c6c 100644
--- a/tools/binman/test/230_pre_load.dts
+++ b/tools/binman/test/security/pre_load.dts
diff --git a/tools/binman/test/235_pre_load_invalid_algo.dts b/tools/binman/test/security/pre_load_invalid_algo.dts
index d6f6dd20cd9..d6f6dd20cd9 100644
--- a/tools/binman/test/235_pre_load_invalid_algo.dts
+++ b/tools/binman/test/security/pre_load_invalid_algo.dts
diff --git a/tools/binman/test/236_pre_load_invalid_key.dts b/tools/binman/test/security/pre_load_invalid_key.dts
index f93bc9792cd..f93bc9792cd 100644
--- a/tools/binman/test/236_pre_load_invalid_key.dts
+++ b/tools/binman/test/security/pre_load_invalid_key.dts
diff --git a/tools/binman/test/233_pre_load_invalid_padding.dts b/tools/binman/test/security/pre_load_invalid_padding.dts
index bbe2d1ba869..bbe2d1ba869 100644
--- a/tools/binman/test/233_pre_load_invalid_padding.dts
+++ b/tools/binman/test/security/pre_load_invalid_padding.dts
diff --git a/tools/binman/test/234_pre_load_invalid_sha.dts b/tools/binman/test/security/pre_load_invalid_sha.dts
index 29afd2e37e4..29afd2e37e4 100644
--- a/tools/binman/test/234_pre_load_invalid_sha.dts
+++ b/tools/binman/test/security/pre_load_invalid_sha.dts
diff --git a/tools/binman/test/231_pre_load_pkcs.dts b/tools/binman/test/security/pre_load_pkcs.dts
index 66268cdb212..66268cdb212 100644
--- a/tools/binman/test/231_pre_load_pkcs.dts
+++ b/tools/binman/test/security/pre_load_pkcs.dts
diff --git a/tools/binman/test/232_pre_load_pss.dts b/tools/binman/test/security/pre_load_pss.dts
index 3008d3f4649..3008d3f4649 100644
--- a/tools/binman/test/232_pre_load_pss.dts
+++ b/tools/binman/test/security/pre_load_pss.dts
diff --git a/tools/binman/test/165_section_ignore_hash_signature.dts b/tools/binman/test/security/section_ignore_hash_signature.dts
index 8adbe25512a..8adbe25512a 100644
--- a/tools/binman/test/165_section_ignore_hash_signature.dts
+++ b/tools/binman/test/security/section_ignore_hash_signature.dts
diff --git a/tools/binman/test/281_sign_non_fit.dts b/tools/binman/test/security/sign_non_fit.dts
index e16c954246d..e16c954246d 100644
--- a/tools/binman/test/281_sign_non_fit.dts
+++ b/tools/binman/test/security/sign_non_fit.dts
diff --git a/tools/binman/test/306_spl_pubkey_dtb.dts b/tools/binman/test/security/spl_pubkey_dtb.dts
index 3256ff970cd..3256ff970cd 100644
--- a/tools/binman/test/306_spl_pubkey_dtb.dts
+++ b/tools/binman/test/security/spl_pubkey_dtb.dts
diff --git a/tools/binman/test/279_x509_cert.dts b/tools/binman/test/security/x509_cert.dts
index 71238172717..71238172717 100644
--- a/tools/binman/test/279_x509_cert.dts
+++ b/tools/binman/test/security/x509_cert.dts
diff --git a/tools/binman/test/307_xilinx_bootgen_sign.dts b/tools/binman/test/security/xilinx_bootgen_sign.dts
index 02acf8652a5..02acf8652a5 100644
--- a/tools/binman/test/307_xilinx_bootgen_sign.dts
+++ b/tools/binman/test/security/xilinx_bootgen_sign.dts
diff --git a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts b/tools/binman/test/security/xilinx_bootgen_sign_enc.dts
index 5d7ce4c1f5a..5d7ce4c1f5a 100644
--- a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts
+++ b/tools/binman/test/security/xilinx_bootgen_sign_enc.dts
author	Simon Glass <[email protected]>	2026-03-06 11:12:36 -0700
committer	Simon Glass <[email protected]>	2026-03-18 06:14:16 -0600
commit	dd487d0d55c5c8828972cbff871252ba98f8d65c (patch)
tree	49c5ccd0c83e6c0b2239dd7037a8b5f54c4e8cfd /tools
parent	62d2388401a5c372c199ab081f5b6498e342530f (diff)