From patchwork Sat Jul 15 13:45:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 703200 Delivered-To: patch@linaro.org Received: by 2002:a5d:4e4d:0:b0:314:25da:8dc4 with SMTP id r13csp154283wrt; Sat, 15 Jul 2023 06:47:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlG/GDuaVZCrOqxvp0OZfi1WVJPoUIgJJduMKrN5fJGt7n9t9n/ROcHBBffG8h3rLTAiZvQO X-Received: by 2002:a17:906:7a0c:b0:977:d660:c5aa with SMTP id d12-20020a1709067a0c00b00977d660c5aamr6775531ejo.31.1689428845767; Sat, 15 Jul 2023 06:47:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689428845; cv=none; d=google.com; s=arc-20160816; b=ZzCNqCxyw8INUDwe/ereVbrc/KYvMYJAlRr2/v+pk8dNPKRq07qn4VQ1YseK8SGomN X+7E9UMaM2Ude30MO+d+Sj3j+7EU1HDoU1QIW4AOrActecrxPxa/LsLmLrlk29E43tVU OMc0UShTCJS/PlKl3v2001MJaZgGzkn1J6C352HLMqBQBjZOz8wcn0vSUZ+QLP0gHenA 8Si+pYkjSkY1P1CE5WkmscSuaFQS3sP+fW+FCUFyZuJ/af/W2Zk6vSJD+jFG1e6cq4hr p6bX8nMWRXcbWVUyRRSQ77nMYgji3fTRTgo+dbhZkkrpRkQmOHJiiojohQdQBo+C//S7 K/vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=rDgnBKASlQFXx9vIoNhqXdmPPFouQBT20WNvvP786j0=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=lP/6QXEwuN1IpPqgMPlv6+AZTKjuHfMPZF2bKQHaGlV/VN8UNpYmfGR7mXgHzPQPy7 eLHXO9JzgCfvoTx4kB3HM16Edg6nS9ooXy9Dqt5ua5HynUeFbxkzSDHBnoQdfG8pJYy2 tJGYtErIa+PyOoJDRPVr/5t0OlZwg0VpYDPesGEDBdwxoGFkTAcuHN9zN3wFBoK/V+JR wW9DBrkea2npPoAmhEiO4/SxPMmTl7O/s0dPALStgFyFLpFgYxRX9QuxECl5EgZ/MOIX ZWrMiPfM35DXqQ6E1HobX/up8FXf75qspVYARBumQ2bdZV5jBnptwGkB/NKTmmcCHkZp ZehA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id b26-20020a170906039a00b009784f00c5besi10693055eja.263.2023.07.15.06.47.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Jul 2023 06:47:25 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A54EE861A5; Sat, 15 Jul 2023 15:46:30 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id C71848624A; Sat, 15 Jul 2023 15:46:27 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 667FE861F6 for ; Sat, 15 Jul 2023 15:46:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 341C91063; Sat, 15 Jul 2023 06:47:06 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3A84D3F67D; Sat, 15 Jul 2023 06:46:21 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v4 08/12] CI: capsule: Setup the files needed for capsule update testing Date: Sat, 15 Jul 2023 19:15:29 +0530 Message-Id: <20230715134533.2025893-9-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230715134533.2025893-1-sughosh.ganu@linaro.org> References: <20230715134533.2025893-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Support has being added through earlier commits to build capsules and embed the public key needed for capsule authentication as part of u-boot build. >From the testing point-of-view, this means the input files needed for generating the above have to be setup before invoking the build. Set this up in the CI configuration files for testing the capsule update feature. Signed-off-by: Sughosh Ganu --- Changes since V3: * Remove whitespace in the command to generate capsule keys. .azure-pipelines.yml | 24 ++++++++++++++++++++++++ .gitlab-ci.yml | 22 ++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 06c46b681c..d732ba443d 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -398,6 +398,17 @@ stages: wget -O - https://github.com/riscv-software-src/opensbi/releases/download/v1.2/opensbi-1.2-rv-bin.tar.xz | tar -C /tmp -xJ; export OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; fi + mkdir -p /tmp/capsules/; + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl; + fi + # the below corresponds to .gitlab-ci.yml "script" cd ${WORK_DIR} export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD}; @@ -582,6 +593,19 @@ stages: cd ${WORK_DIR} # make environment variables available as tests are running inside a container export BUILDMAN="${BUILDMAN}" + if [[ "${BUILDMAN}" == "sandbox" ]] || [[ "${BUILDMAN}" == "sandbox x86" ]]; then + if [ ! -d "/tmp/capsules/" ]; then + mkdir -p /tmp/capsules/; + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl; + fi + fi git config --global --add safe.directory ${WORK_DIR} EOF cat << "EOF" >> build.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cfd58513c3..aec6ffaf1c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,17 @@ stages: export OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; fi + - mkdir -p /tmp/capsules/; + - echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; + - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; + - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; + - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl; + fi + after_script: - cp -v /tmp/${TEST_PY_BD}/*.{html,css} . - rm -rf /tmp/uboot-test-hooks /tmp/venv @@ -131,6 +142,17 @@ build all other platforms: stage: world build script: - ret=0; + if [ ! -d "/tmp/capsules/" ]; then + mkdir -p /tmp/capsules/; + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; + + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365; + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365; + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl; + fi git config --global --add safe.directory "${CI_PROJECT_DIR}"; ./tools/buildman/buildman -o /tmp -PEWM -x arm,powerpc || ret=$?; if [[ $ret -ne 0 ]]; then