[v3,10/11] sandbox: capsule: Add a config file for generating capsules

Support has been added to the mkeficapsule tool to generate capsules
by parsing the capsule parameters through a config file. Add a config
file for generating capsules. These capsules will be used for testing
the capsule update feature on sandbox platform.

Enable generation of capsules through the config file on the sandbox
variant.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V2:
* New patch to add the capsule generation config file for sandbox.

 .azure-pipelines.yml                          |  1 +
 .gitlab-ci.yml                                |  1 +
 configs/sandbox_defconfig                     |  2 +
 test/py/conftest.py                           |  5 ++
 .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
 5 files changed, 84 insertions(+)
 create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt

Hi Sughosh,

On Sun, 9 Jul 2023 at 07:34, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
>
> Support has been added to the mkeficapsule tool to generate capsules
> by parsing the capsule parameters through a config file. Add a config
> file for generating capsules. These capsules will be used for testing
> the capsule update feature on sandbox platform.
>
> Enable generation of capsules through the config file on the sandbox
> variant.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
> Changes since V2:
> * New patch to add the capsule generation config file for sandbox.
>
>  .azure-pipelines.yml                          |  1 +
>  .gitlab-ci.yml                                |  1 +
>  configs/sandbox_defconfig                     |  2 +
>  test/py/conftest.py                           |  5 ++
>  .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
>  5 files changed, 84 insertions(+)
>  create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
>
> diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> index 75075bbd07..cc196bf98c 100644
> --- a/.azure-pipelines.yml
> +++ b/.azure-pipelines.yml
> @@ -403,6 +403,7 @@ stages:
>            echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
>            echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
>            echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> +          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
>            if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
>                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
>                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 577eebd678..614bf61962 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -42,6 +42,7 @@ stages:
>      - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
>      - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
>      - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> +    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
>      - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
>         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
>         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> index d8a2386bb0..0f4c59e1a8 100644
> --- a/configs/sandbox_defconfig
> +++ b/configs/sandbox_defconfig
> @@ -340,6 +340,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
>  CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
>  CONFIG_EFI_CAPSULE_AUTHENTICATE=y
>  CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
>  CONFIG_EFI_SECURE_BOOT=y
>  CONFIG_TEST_FDTDEC=y
>  CONFIG_UNIT_TEST=y
> diff --git a/test/py/conftest.py b/test/py/conftest.py
> index 661ed74fae..f32ab1a70c 100644
> --- a/test/py/conftest.py
> +++ b/test/py/conftest.py
> @@ -161,6 +161,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
>             )
>      run_command(name, cmd, source_dir)
>
> +    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
> +    name = 'cp'
> +    cmd = ( ' cp %s %s' % (capsule_cfg_file, capsule_sig_dir))

I forgot to mention this before, but you should use f strings:

cmd = f'cp {capsule_cfg_file} ...'

Please check the other files too, as it is a pain to clean it up
later. You can run 'pylint' on your source to check it.

> +    run_command(name, cmd, source_dir)
> +
>      gen_capsule_payloads(capsule_sig_dir)
>
>  def run_build(config, source_dir, build_dir, board_type, log):
> diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> new file mode 100644
> index 0000000000..4e5065d538
> --- /dev/null
> +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> @@ -0,0 +1,75 @@
> +{
> +       image-index: 1
> +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> +       payload: /tmp/capsules/u-boot.bin.new
> +       capsule: /tmp/capsules/Test01
> +}
> +{
> +       image-index: 2
> +       image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> +       payload: /tmp/capsules/u-boot.env.new
> +       capsule: /tmp/capsules/Test02
> +}
> +{
> +       image-index: 1
> +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> +       payload: /tmp/capsules/u-boot.bin.new
> +       capsule: /tmp/capsules/Test03
> +
> +}
> +{
> +       image-index: 1
> +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> +       payload: /tmp/capsules/uboot_bin_env.itb
> +       capsule: /tmp/capsules/Test04
> +
> +}
> +{
> +       image-index: 1
> +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> +       payload: /tmp/capsules/uboot_bin_env.itb
> +       capsule: /tmp/capsules/Test05
> +
> +}
> +{
> +       image-index: 1
> +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> +       payload: /tmp/capsules/uboot_bin_env.itb
> +       capsule: /tmp/capsules/Test05
> +}
> +{
> +       image-index: 1
> +       monotonic-count: 1
> +       private-key: /tmp/capsules/SIGNER.key
> +       pub-key-cert: /tmp/capsules/SIGNER.crt
> +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> +       payload: /tmp/capsules/u-boot.bin.new
> +       capsule: /tmp/capsules/Test11
> +}
> +{
> +       image-index: 1
> +       monotonic-count: 1
> +       private-key: /tmp/capsules/SIGNER2.key
> +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> +       payload: /tmp/capsules/u-boot.bin.new
> +       capsule: /tmp/capsules/Test12
> +}
> +{
> +       image-index: 1
> +       monotonic-count: 1
> +       private-key: /tmp/capsules/SIGNER.key
> +       pub-key-cert: /tmp/capsules/SIGNER.crt
> +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> +       payload: /tmp/capsules/uboot_bin_env.itb
> +       capsule: /tmp/capsules/Test13
> +}
> +{
> +       image-index: 1
> +       monotonic-count: 1
> +       private-key: /tmp/capsules/SIGNER2.key
> +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> +       payload: /tmp/capsules/uboot_bin_env.itb
> +       capsule: /tmp/capsules/Test14
> +}
> --
> 2.34.1
>

Regards,
Simon

hi Simon,

On Tue, 11 Jul 2023 at 03:08, Simon Glass <sjg@chromium.org> wrote:
>
> Hi Sughosh,
>
> On Sun, 9 Jul 2023 at 07:34, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
> >
> > Support has been added to the mkeficapsule tool to generate capsules
> > by parsing the capsule parameters through a config file. Add a config
> > file for generating capsules. These capsules will be used for testing
> > the capsule update feature on sandbox platform.
> >
> > Enable generation of capsules through the config file on the sandbox
> > variant.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> > ---
> > Changes since V2:
> > * New patch to add the capsule generation config file for sandbox.
> >
> >  .azure-pipelines.yml                          |  1 +
> >  .gitlab-ci.yml                                |  1 +
> >  configs/sandbox_defconfig                     |  2 +
> >  test/py/conftest.py                           |  5 ++
> >  .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
> >  5 files changed, 84 insertions(+)
> >  create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> >
> > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> > index 75075bbd07..cc196bf98c 100644
> > --- a/.azure-pipelines.yml
> > +++ b/.azure-pipelines.yml
> > @@ -403,6 +403,7 @@ stages:
> >            echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> >            echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> >            echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> >            if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> > index 577eebd678..614bf61962 100644
> > --- a/.gitlab-ci.yml
> > +++ b/.gitlab-ci.yml
> > @@ -42,6 +42,7 @@ stages:
> >      - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> >      - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> >      - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> >      - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> > index d8a2386bb0..0f4c59e1a8 100644
> > --- a/configs/sandbox_defconfig
> > +++ b/configs/sandbox_defconfig
> > @@ -340,6 +340,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
> >  CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> >  CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> >  CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> > +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> > +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
> >  CONFIG_EFI_SECURE_BOOT=y
> >  CONFIG_TEST_FDTDEC=y
> >  CONFIG_UNIT_TEST=y
> > diff --git a/test/py/conftest.py b/test/py/conftest.py
> > index 661ed74fae..f32ab1a70c 100644
> > --- a/test/py/conftest.py
> > +++ b/test/py/conftest.py
> > @@ -161,6 +161,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
> >             )
> >      run_command(name, cmd, source_dir)
> >
> > +    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
> > +    name = 'cp'
> > +    cmd = ( ' cp %s %s' % (capsule_cfg_file, capsule_sig_dir))
>
> I forgot to mention this before, but you should use f strings:
>
> cmd = f'cp {capsule_cfg_file} ...'

Will do.

>
> Please check the other files too, as it is a pain to clean it up
> later. You can run 'pylint' on your source to check it.

Do the pylint checks not run as part of CI? I did not get any pylint
errors in my CI run. Nonetheless, I will run the pylint tests in my
workspace. Thanks.

-sughosh


>
> > +    run_command(name, cmd, source_dir)
> > +
> >      gen_capsule_payloads(capsule_sig_dir)
> >
> >  def run_build(config, source_dir, build_dir, board_type, log):
> > diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> > new file mode 100644
> > index 0000000000..4e5065d538
> > --- /dev/null
> > +++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> > @@ -0,0 +1,75 @@
> > +{
> > +       image-index: 1
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test01
> > +}
> > +{
> > +       image-index: 2
> > +       image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
> > +       payload: /tmp/capsules/u-boot.env.new
> > +       capsule: /tmp/capsules/Test02
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test03
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test04
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test05
> > +
> > +}
> > +{
> > +       image-index: 1
> > +       image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test05
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER.key
> > +       pub-key-cert: /tmp/capsules/SIGNER.crt
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test11
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER2.key
> > +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> > +       image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
> > +       payload: /tmp/capsules/u-boot.bin.new
> > +       capsule: /tmp/capsules/Test12
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER.key
> > +       pub-key-cert: /tmp/capsules/SIGNER.crt
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test13
> > +}
> > +{
> > +       image-index: 1
> > +       monotonic-count: 1
> > +       private-key: /tmp/capsules/SIGNER2.key
> > +       pub-key-cert: /tmp/capsules/SIGNER2.crt
> > +       image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
> > +       payload: /tmp/capsules/uboot_bin_env.itb
> > +       capsule: /tmp/capsules/Test14
> > +}
> > --
> > 2.34.1
> >
>
> Regards,
> Simon

Hi Sughosh,

On Tue, 11 Jul 2023 at 01:18, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
>
> hi Simon,
>
> On Tue, 11 Jul 2023 at 03:08, Simon Glass <sjg@chromium.org> wrote:
> >
> > Hi Sughosh,
> >
> > On Sun, 9 Jul 2023 at 07:34, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
> > >
> > > Support has been added to the mkeficapsule tool to generate capsules
> > > by parsing the capsule parameters through a config file. Add a config
> > > file for generating capsules. These capsules will be used for testing
> > > the capsule update feature on sandbox platform.
> > >
> > > Enable generation of capsules through the config file on the sandbox
> > > variant.
> > >
> > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> > > ---
> > > Changes since V2:
> > > * New patch to add the capsule generation config file for sandbox.
> > >
> > >  .azure-pipelines.yml                          |  1 +
> > >  .gitlab-ci.yml                                |  1 +
> > >  configs/sandbox_defconfig                     |  2 +
> > >  test/py/conftest.py                           |  5 ++
> > >  .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
> > >  5 files changed, 84 insertions(+)
> > >  create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
> > >
> > > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> > > index 75075bbd07..cc196bf98c 100644
> > > --- a/.azure-pipelines.yml
> > > +++ b/.azure-pipelines.yml
> > > @@ -403,6 +403,7 @@ stages:
> > >            echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > >            echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > >            echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > > +          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> > >            if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> > >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > >                openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> > > index 577eebd678..614bf61962 100644
> > > --- a/.gitlab-ci.yml
> > > +++ b/.gitlab-ci.yml
> > > @@ -42,6 +42,7 @@ stages:
> > >      - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > >      - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > >      - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > > +    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
> > >      - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> > >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > >         openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> > > index d8a2386bb0..0f4c59e1a8 100644
> > > --- a/configs/sandbox_defconfig
> > > +++ b/configs/sandbox_defconfig
> > > @@ -340,6 +340,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
> > >  CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> > >  CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> > >  CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
> > > +CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
> > > +CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
> > >  CONFIG_EFI_SECURE_BOOT=y
> > >  CONFIG_TEST_FDTDEC=y
> > >  CONFIG_UNIT_TEST=y
> > > diff --git a/test/py/conftest.py b/test/py/conftest.py
> > > index 661ed74fae..f32ab1a70c 100644
> > > --- a/test/py/conftest.py
> > > +++ b/test/py/conftest.py
> > > @@ -161,6 +161,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
> > >             )
> > >      run_command(name, cmd, source_dir)
> > >
> > > +    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
> > > +    name = 'cp'
> > > +    cmd = ( ' cp %s %s' % (capsule_cfg_file, capsule_sig_dir))
> >
> > I forgot to mention this before, but you should use f strings:
> >
> > cmd = f'cp {capsule_cfg_file} ...'
>
> Will do.
>
> >
> > Please check the other files too, as it is a pain to clean it up
> > later. You can run 'pylint' on your source to check it.
>
> Do the pylint checks not run as part of CI? I did not get any pylint
> errors in my CI run. Nonetheless, I will run the pylint tests in my
> workspace. Thanks.

Yes there is 'make pylint' but since there are many existing warnings,
this only prevents things getting worse. Also it does not act on new
files that it doesn't know about. You could submit an update to
scripts/pylint.base to include your new files, if you want to
'protect' them from pylint rot.

Regards,
Simon