diff options
author | Tom Rini <trini@konsulko.com> | 2020-07-23 08:57:35 -0400 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-07-23 08:57:35 -0400 |
commit | 56d37f1c564107e27d873181d838571b7d7860e7 (patch) | |
tree | 41b20866e0a94e34ca76e54a2745ca7a5ba0889b /test | |
parent | 95fc1f164723270b2b0bd8d7e2f7ba21bce66381 (diff) | |
parent | 5ee81c6e3f9f6f851c69b1e3d2661d96671d1dd1 (diff) |
Merge tag 'efi-2020-10-rc1-5' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc1 (5)
The series provides bug fixes for:
* crash in OS when accessing UEFI variables
* returning from UEFI fit images to U-Boot
* error handling for variable services provided by OP-TEE
* error handling in EFI_FILE_PROTOCOL.Read()
* missing function documentation
The first patches needed to use intermediate certificates for
secure boot are added. (The rest of the series requires
updating sbsigntool in our CI systems.)
Logging is enabled in the bootefi command.
Diffstat (limited to 'test')
-rw-r--r-- | test/py/tests/test_efi_fit.py | 9 | ||||
-rw-r--r-- | test/py/tests/test_efi_loader.py | 9 | ||||
-rw-r--r-- | test/py/tests/test_efi_secboot/conftest.py | 24 |
3 files changed, 16 insertions, 26 deletions
diff --git a/test/py/tests/test_efi_fit.py b/test/py/tests/test_efi_fit.py index 06fb151c13..068a35a559 100644 --- a/test/py/tests/test_efi_fit.py +++ b/test/py/tests/test_efi_fit.py @@ -420,12 +420,11 @@ def test_efi_fit_launch(u_boot_console): fit_config = 'config-efi-fdt' if enable_fdt else 'config-efi-nofdt' # Try booting. - cons.run_command( - 'bootm %x#%s' % (addr, fit_config), wait_for_prompt=False) + output = cons.run_command('bootm %x#%s' % (addr, fit_config)) if enable_fdt: - cons.wait_for('Booting using the fdt blob') - cons.wait_for('Hello, world') - cons.wait_for('## Application terminated, r = 0') + assert 'Booting using the fdt blob' in output + assert 'Hello, world' in output + assert '## Application failed' not in output cons.restart_uboot() cons = u_boot_console diff --git a/test/py/tests/test_efi_loader.py b/test/py/tests/test_efi_loader.py index 7aa422e764..ca68626cec 100644 --- a/test/py/tests/test_efi_loader.py +++ b/test/py/tests/test_efi_loader.py @@ -161,8 +161,8 @@ def test_efi_helloworld_net(u_boot_console): output = u_boot_console.run_command('bootefi %x' % addr) expected_text = 'Hello, world' assert expected_text in output - expected_text = '## Application terminated, r = 0' - assert expected_text in output + expected_text = '## Application failed' + assert expected_text not in output @pytest.mark.buildconfigspec('cmd_bootefi_hello') def test_efi_helloworld_builtin(u_boot_console): @@ -198,8 +198,7 @@ def test_efi_grub_net(u_boot_console): # Then exit cleanly u_boot_console.wait_for('grub>') - output = u_boot_console.run_command('exit', wait_for_prompt=False, wait_for_echo=False) - u_boot_console.wait_for('r = 0') - + u_boot_console.run_command('exit', wait_for_prompt=False, wait_for_echo=False) + u_boot_console.wait_for('=>') # And give us our U-Boot prompt back u_boot_console.run_command('') diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py index c6709700a8..c0943b6250 100644 --- a/test/py/tests/test_efi_secboot/conftest.py +++ b/test/py/tests/test_efi_secboot/conftest.py @@ -8,15 +8,6 @@ from subprocess import call, check_call, check_output, CalledProcessError import pytest from defs import * -# from test/py/conftest.py - - -def tool_is_in_path(tool): - for path in os.environ["PATH"].split(os.pathsep): - full_path = os.path.join(path, tool) - if os.path.isfile(full_path) and os.access(full_path, os.X_OK): - return True - return False # # Fixture for UEFI secure boot test @@ -87,21 +78,21 @@ def efi_boot_env(request, u_boot_config): # db1-update check_call('cd %s; %ssign-efi-sig-list -t "2020-04-06" -a -c KEK.crt -k KEK.key db db1.esl db1-update.auth' % (mnt_point, EFITOOLS_PATH), shell=True) - ## dbx (TEST_dbx certificate) + # dbx (TEST_dbx certificate) check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_dbx/ -keyout dbx.key -out dbx.crt -nodes -days 365' % mnt_point, shell=True) check_call('cd %s; %scert-to-efi-sig-list -g %s dbx.crt dbx.esl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) - ## dbx_hash (digest of TEST_db certificate) + # dbx_hash (digest of TEST_db certificate) check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) - ## dbx_hash1 (digest of TEST_db1 certificate) + # dbx_hash1 (digest of TEST_db1 certificate) check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db1.crt dbx_hash1.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash1.crl dbx_hash1.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) - ## dbx_db (with TEST_db certificate) + # dbx_db (with TEST_db certificate) check_call('cd %s; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx db.esl dbx_db.auth' % (mnt_point, EFITOOLS_PATH), shell=True) @@ -112,10 +103,10 @@ def efi_boot_env(request, u_boot_config): # Sign image check_call('cd %s; sbsign --key db.key --cert db.crt helloworld.efi' % mnt_point, shell=True) - ## Sign already-signed image with another key + # Sign already-signed image with another key check_call('cd %s; sbsign --key db1.key --cert db1.crt --output helloworld.efi.signed_2sigs helloworld.efi.signed' % mnt_point, shell=True) - ## Digest image + # Digest image check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -t "2020-04-07" -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth' % (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), shell=True) @@ -126,7 +117,8 @@ def efi_boot_env(request, u_boot_config): % (mnt_point, EFITOOLS_PATH), shell=True) - check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat {} {}'.format(mnt_point, image_path), shell=True) + check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat {} {}'.format( + mnt_point, image_path), shell=True) check_call('rm -rf {}'.format(mnt_point), shell=True) except CalledProcessError as exception: |