From ce5172cf655533eabb977556036509416385cd90 Mon Sep 17 00:00:00 2001
From: Philippe Reynes <philippe.reynes@softathome.com>
Date: Wed, 18 Sep 2019 16:04:53 +0200
Subject: pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

(limited to 'test/py/tests/vboot')

diff --git a/test/py/tests/vboot/sign-configs-sha256-pss-prod.its b/test/py/tests/vboot/sign-configs-sha256-pss-prod.its
new file mode 100644
index 0000000000..aac732e304
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha256-pss-prod.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			hash-1 {
+				algo = "sha256";
+			};
+		};
+		fdt-1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			hash-1 {
+				algo = "sha256";
+			};
+		};
+	};
+	configurations {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
+				algo = "sha256,rsa2048";
+				padding = "pss";
+				key-name-hint = "prod";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
-- 
cgit