| Age | Commit message (Collapse) | Author |
|---|
|
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.
In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.
Signed-off-by: AKASHI Takahiro <[email protected]>
Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.
Signed-off-by: AKASHI Takahiro <[email protected]>
Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).
In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.
Signed-off-by: AKASHI Takahiro <[email protected]>
Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Split the existing test case-1 into case1 and a new case-2:
case-1 for non-SecureBoot mode; case-2 for SecureBoot mode.
In addition, one corner case is added to case-2; a image is signed
but a corresponding certificate is not yet installed in "db."
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
More fixes against pylint warnings that autopep8 didn't handle
in the previous commit.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
A time authenticated variable cannot be overwritten with another value
with the same time stamp. So we must ensure the correct sequence of time
stamps when generating out test data.
Using parameter -t for sign-efi-sig-list gives reproducible results and
avoids sleep statements.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In the test case (1g) of test_authvar, "db" is mistakenly used,
and it ends up being the exact same as (1f).
So correct it as "dbx" test case.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Currently, we don't use any regular expression in matching outputs from
U-Boot. Since its use is just redundant, we can remove all.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This reverts commit 5827c2545849441dd60467565aac11964259972f.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When setting up the console via function efi_console_register() we call
query_console_serial(). This functions sends an escape sequence to the
terminal to query the display size. The response is another escape
sequence.
console.run_command_list() is looking for a regular expression '^==>'.
If the escape sequence for the screen size precedes the prompt without a
line break, no match is found.
When efi_disk_register() is called before efi_console_register() this leads
to a test failuere of the UEFI secure boot tests.
We can avoid the problem if the first UEFI command passed to
u_boot_console.run_command_list() produces output. This patch achieves this
by appending '; echo' to the first UEFI related command of the problematic
tests.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
If udisksctl is present
test/py/tests/test_efi_secboot/conftest.py
fails because the disk image is never mounted.
Normal users can only mount fuse file systems. Unfortunately fusefat is
still in an experimental state and seems not to work here correctly.
So as we have to be root or use the sudo command anyway delete all coding
referring to udisksctl.
--
We should not use mount point /mnt as this directory or one of its
sub-directories might already be in use as active mount points. Instead
create a new directory in the build root as mount point.
--
Remove debug print statements that have been commented out. print without
parentheses is anyway invalid in Python 3. And pytest anyway filters out
the output if there is no exception reported.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Provide test cases for
* image authentication for signed images
(test_efi_secboot/test_signed.py)
* image authentication for unsigned images
(test_efi_secboot/test_unsigned.py)
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Provide a couple of test cases for variable authentication.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
A fixture for UEFI secure boot tests (image authentication and variable
authentication) is defined. A small file system with test data in a single
partition formatted in fat is created.
This test requires efitools v1.5.2 or later. If the system's efitools
is older, you have to build it on your own and define EFITOOLS_PATH.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
