GitHub-Mirror/u-boot
2
0
Fork 0
mirror of https://github.com/Fishwaldo/u-boot.git synced 2025-03-21 22:51:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test: vboot: Tidy up the code a little

Browse source 
Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass 2020-03-18 11:44:04 -06:00
parent c3aa81e35c
commit 3156ee35a3
1 changed files with 21 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
test/py/tests/test_vboot.py
View file

@ -91,7 +91,8 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
if boots: if boots:
assert('sandbox: continuing, as we cannot run' in ''.join(output)) assert('sandbox: continuing, as we cannot run' in ''.join(output))
else: else:
assert('sandbox: continuing, as we cannot run' not in ''.join(output)) assert('sandbox: continuing, as we cannot run'
not in ''.join(output))
def make_fit(its): def make_fit(its):
"""Make a new FIT from the .its source file. """Make a new FIT from the .its source file.
@ -211,7 +212,8 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
bcfg = u_boot_console.config.buildconfig bcfg = u_boot_console.config.buildconfig
max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0) max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)
existing_size = replace_fit_totalsize(max_size + 1) existing_size = replace_fit_totalsize(max_size + 1)
run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False) run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash',
False)
cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo) cons.log.action('%s: Check overflowed FIT header totalsize' % sha_algo)
# Replace with existing header bytes # Replace with existing header bytes
@ -229,7 +231,8 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
util.run_and_log(cons, 'fdtput -t bx %s %s value %s' % util.run_and_log(cons, 'fdtput -t bx %s %s value %s' %
(fit, sig_node, sig)) (fit, sig_node, sig))
run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash', False) run_bootm(sha_algo, 'Signed config with bad hash', 'Bad Data Hash',
False)
cons.log.action('%s: Check bad config on the host' % sha_algo) cons.log.action('%s: Check bad config on the host' % sha_algo)
util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit, util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
@ -238,12 +241,11 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
def test_required_key(sha_algo, padding): def test_required_key(sha_algo, padding):
"""Test verified boot with the given hash algorithm. """Test verified boot with the given hash algorithm.
This function test if u-boot reject an image when a required This function tests if U-Boot rejects an image when a required key isn't
key isn't used to sign a FIT. used to sign a FIT.
Args: Args:
sha_algo: Either 'sha1' or 'sha256', to select the algorithm to sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use
use.
""" """
# Compile our device tree files for kernel and U-Boot. These are # Compile our device tree files for kernel and U-Boot. These are
# regenerated here since mkimage will modify them (by adding a # regenerated here since mkimage will modify them (by adding a
@ -251,18 +253,24 @@ def test_vboot(u_boot_console, sha_algo, padding, required):
dtc('sandbox-kernel.dts') dtc('sandbox-kernel.dts')
dtc('sandbox-u-boot.dts') dtc('sandbox-u-boot.dts')
# Build the FIT with prod key (keys required)
# Build the FIT with dev key (keys NOT required)
# The dtb contain the key prod and dev and the key prod are set as required.
# Then try to boot the FIT with dev key
# This FIT should not be accepted by u-boot because the key prod is required
cons.log.action('%s: Test FIT with configs images' % sha_algo) cons.log.action('%s: Test FIT with configs images' % sha_algo)
# Build the FIT with prod key (keys required) and sign it. This puts the
# signature into sandbox-u-boot.dtb, marked 'required'
make_fit('sign-configs-%s%s-prod.its' % (sha_algo , padding)) make_fit('sign-configs-%s%s-prod.its' % (sha_algo , padding))
sign_fit(sha_algo) sign_fit(sha_algo)
# Build the FIT with dev key (keys NOT required). This adds the
# signature into sandbox-u-boot.dtb, NOT marked 'required'.
make_fit('sign-configs-%s%s.its' % (sha_algo , padding)) make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
sign_fit(sha_algo) sign_fit(sha_algo)
run_bootm(sha_algo, 'signed configs', '', False) # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys.
# Only the prod key is set as 'required'. But FIT we just built has
# a dev signature only (sign_fit() overwrites the FIT).
# Try to boot the FIT with dev key. This FIT should not be accepted by
# U-Boot because the prod key is required.
run_bootm(sha_algo, 'required key', '', False)
cons = u_boot_console cons = u_boot_console
tmpdir = cons.config.result_dir + '/' tmpdir = cons.config.result_dir + '/'