From patchwork Tue Jul 25 08:57:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 706128 Delivered-To: patch@linaro.org Received: by 2002:a5d:464f:0:b0:317:2194:b2bc with SMTP id j15csp69267wrs; Tue, 25 Jul 2023 02:05:06 -0700 (PDT) X-Google-Smtp-Source: APBJJlE2B4innEfR+ACIJtvp7CK35AKTaT/InTyz9HyMpn47U5E4DvqJnn2LQ16HjJV7DBDAmNSl X-Received: by 2002:a05:6000:152:b0:317:6a7c:6e07 with SMTP id r18-20020a056000015200b003176a7c6e07mr1056777wrx.32.1690275906775; Tue, 25 Jul 2023 02:05:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690275906; cv=none; d=google.com; s=arc-20160816; b=mDLS2M52o14zUTw2HGk/rya60izBr8Cvltuz0e5ZoL++wvnnLgrwQ7pnLcaeNeQJmx c0ExDtGW+mBcKHIODohfCsIPwdkZ+66Pj7Gq4julzWT01MfUDKaKTKSrtyxzMuxLw6Kf oqOtlZCbANznwqoQeoqqsGI4zegJ/lvoWuZrviZBTJ8vx/OBz+jfCRmcaHXAzDfVUVHO bEfd4b26R3XOdKd1BMkPvquMQjhf+1+2fhgikT/Yq83hBbysCs0WLvj+GL0/qDYf2cQI dwfMVm9hP4Xp8ZSJP9thWdpzZP8TbjZ/7tbdqJihzc5ZA8b+5E1k+ezbz7Kt38aJV5V5 X2hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=HghZowOjG4vx+nzRcBj9QAmM4fjBRzHTmmCZ5v3sQ2c=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=NP8fU1qyD7YP5cgPRhjBJr6V3sXBiO5f3jwk6wM3OlLC3kDG9ToZV+RMLQFxrOk6lh Uqzd8a6PJy3rBL849vZeHtwVV/4p6QXRNN6JYRuVQNPXJjFGwgJEZd6Qz1uR86uNKWhY 1YEW0DDwPO/QRmlT24dC5Cw4DTalcnxggeRJA7M9djGikhjipXP04OK32DyXpn9OrHOt 8wVLQEZY7Yqu6t1QF/4hNH3kNXhCaMFetga1zroEpRoz5vJx+eYG8yBuxEBnKcmrkwVa 6YtCNZnpsg3SPZGjVFrUXYuB4cAEgAh46+qdFerp/zDPTaKFQAZNqSj0OJboagRvbix7 LjKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id u4-20020a5d6ac4000000b003141e83e578si5869730wrw.943.2023.07.25.02.05.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 02:05:06 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3133E86AFA; Tue, 25 Jul 2023 11:04:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 3BA3D8678A; Tue, 25 Jul 2023 11:00:43 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 0DCB486823 for ; Tue, 25 Jul 2023 10:58:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B7B1A15BF; Tue, 25 Jul 2023 01:59:06 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C48C13F6C4; Tue, 25 Jul 2023 01:58:20 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v5 09/12] test: py: Setup capsule files for testing Date: Tue, 25 Jul 2023 14:27:22 +0530 Message-Id: <20230725085725.350917-10-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230725085725.350917-1-sughosh.ganu@linaro.org> References: <20230725085725.350917-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Support has being added through earlier commits to build capsules and embed the public key needed for capsule authentication as part of u-boot build. >From the testing point-of-view, this means the input files needed for the above have to be setup before invoking the build. Set this up in the pytest configuration file for testing the capsule update feature. Signed-off-by: Sughosh Ganu Reviewed-by: Simon Glass --- Changes since V4: None test/py/conftest.py | 84 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/test/py/conftest.py b/test/py/conftest.py index fc9dd3a83f..1092cb713b 100644 --- a/test/py/conftest.py +++ b/test/py/conftest.py @@ -80,6 +80,86 @@ def pytest_addoption(parser): help='Run sandbox under gdbserver. The argument is the channel '+ 'over which gdbserver should communicate, e.g. localhost:1234') +def setup_capsule_build(source_dir, build_dir, board_type, log): + """Setup the platform's build for testing capsule updates + + This generates the payload/input files needed for testing the + capsule update functionality, along with the keys for signing + the capsules. An EFI Signature List(ESL) file, which houses the + public key for capsule authentication is generated as + well. + + The ESL file is subsequently embedded into the platform's + dtb during the u-boot build, to be used for capsule + authentication. + + Two sets of keys are generated, namely SIGNER and SIGNER2. + The SIGNER2 key pair is used as a malicious key for testing the + the capsule authentication functionality. + + All the generated files are placed under the /tmp/capsules/ + directory. + + Args: + soruce_dir (str): Directory containing source code + build_dir (str): Directory to build in + board_type (str): board_type parameter (e.g. 'sandbox') + log (Logfile): Log file to use + + Returns: + Nothing. + """ + def run_command(name, cmd, source_dir): + with log.section(name): + if isinstance(cmd, str): + cmd = cmd.split() + runner = log.get_runner(name, None) + runner.run(cmd, cwd=source_dir) + runner.close() + log.status_pass('OK') + + def gen_capsule_payloads(capsule_dir): + fname = f'{capsule_dir}u-boot.bin.old' + with open(fname, 'w') as fd: + fd.write('u-boot:Old') + + fname = f'{capsule_dir}u-boot.bin.new' + with open(fname, 'w') as fd: + fd.write('u-boot:New') + + fname = f'{capsule_dir}u-boot.env.old' + with open(fname, 'w') as fd: + fd.write('u-boot-env:Old') + + fname = f'{capsule_dir}u-boot.env.new' + with open(fname, 'w') as fd: + fd.write('u-boot-env:New') + + capsule_sig_dir = '/tmp/capsules/' + sig_name = 'SIGNER' + mkdir_p(capsule_sig_dir) + name = 'openssl' + cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 ' + '-subj /CN=TEST_SIGNER/ -keyout ' + f'{capsule_sig_dir}{sig_name}.key ' + f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) + run_command(name, cmd, source_dir) + + name = 'cert-to-efi-sig-list' + cmd = ( f'cert-to-efi-sig-list {capsule_sig_dir}{sig_name}.crt ' + f'{capsule_sig_dir}{sig_name}.esl' ) + run_command(name, cmd, source_dir) + + sig_name = 'SIGNER2' + name = 'openssl' + cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 ' + '-subj /CN=TEST_SIGNER/ -keyout ' + f'{capsule_sig_dir}{sig_name}.key ' + f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' ) + run_command(name, cmd, source_dir) + + gen_capsule_payloads(capsule_sig_dir) + def run_build(config, source_dir, build_dir, board_type, log): """run_build: Build U-Boot @@ -90,6 +170,10 @@ def run_build(config, source_dir, build_dir, board_type, log): board_type (str): board_type parameter (e.g. 'sandbox') log (Logfile): Log file to use """ + capsule_boards = ( 'sandbox', 'sandbox64', 'sandbox_flattree' ) + if board_type in capsule_boards: + setup_capsule_build(source_dir, build_dir, board_type, log) + if config.getoption('buildman'): if build_dir != source_dir: dest_args = ['-o', build_dir, '-w']