diff options
| -rw-r--r-- | scripts/pylint.base | 2 | ||||
| -rw-r--r-- | test/py/tests/test_vboot.py | 33 | ||||
| -rw-r--r-- | test/py/tests/vboot/sign-configs-algo-arg.its | 44 | ||||
| -rw-r--r-- | test/py/tests/vboot/sign-images-algo-arg.its | 40 |
4 files changed, 102 insertions, 17 deletions
diff --git a/scripts/pylint.base b/scripts/pylint.base index 7e25108b83..e84ae52cbe 100644 --- a/scripts/pylint.base +++ b/scripts/pylint.base @@ -66,7 +66,7 @@ test_tests_test_tpm2.py 8.51 test_tests_test_ums.py 6.32 test_tests_test_unknown_cmd.py 5.00 test_tests_test_ut.py 7.06 -test_tests_test_vboot.py 6.08 +test_tests_test_vboot.py 6.01 test_tests_vboot_evil.py 8.95 test_tests_vboot_forge.py 9.22 test_u_boot_console_base.py 7.08 diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index b080d482af..ac8ed9f114 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -35,18 +35,19 @@ import vboot_evil # Only run the full suite on a few combinations, since it doesn't add any more # test coverage. TESTDATA = [ - ['sha1-basic', 'sha1', '', None, False, True], - ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False], - ['sha1-pss', 'sha1', '-pss', None, False, False], - ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False], - ['sha256-basic', 'sha256', '', None, False, False], - ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False], - ['sha256-pss', 'sha256', '-pss', None, False, False], - ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False], - ['sha256-pss-required', 'sha256', '-pss', None, True, False], - ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True], - ['sha384-basic', 'sha384', '', None, False, False], - ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False], + ['sha1-basic', 'sha1', '', None, False, True, False], + ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False], + ['sha1-pss', 'sha1', '-pss', None, False, False, False], + ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False], + ['sha256-basic', 'sha256', '', None, False, False, False], + ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False], + ['sha256-pss', 'sha256', '-pss', None, False, False, False], + ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False], + ['sha256-pss-required', 'sha256', '-pss', None, True, False, False], + ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False], + ['sha384-basic', 'sha384', '', None, False, False, False], + ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False], + ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True], ] @pytest.mark.boardspec('sandbox') @@ -55,10 +56,10 @@ TESTDATA = [ @pytest.mark.requiredtool('fdtget') @pytest.mark.requiredtool('fdtput') @pytest.mark.requiredtool('openssl') -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test", +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg", TESTDATA) def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, - full_test): + full_test, algo_arg): """Test verified boot signing with mkimage and verification with 'bootm'. This works using sandbox only as it needs to update the device tree used @@ -219,7 +220,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, # Build the FIT, but don't sign anything yet cons.log.action('%s: Test FIT with signed images' % sha_algo) make_fit('sign-images-%s%s.its' % (sha_algo, padding)) - run_bootm(sha_algo, 'unsigned images', 'dev-', True) + run_bootm(sha_algo, 'unsigned images', ' - OK' if algo_arg else 'dev-', True) # Sign images with our dev keys sign_fit(sha_algo, sign_options) @@ -230,7 +231,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, cons.log.action('%s: Test FIT with signed configuration' % sha_algo) make_fit('sign-configs-%s%s.its' % (sha_algo, padding)) - run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True) + run_bootm(sha_algo, 'unsigned config', '%s+ OK' % ('sha256' if algo_arg else sha_algo), True) # Sign images with our dev keys sign_fit(sha_algo, sign_options) diff --git a/test/py/tests/vboot/sign-configs-algo-arg.its b/test/py/tests/vboot/sign-configs-algo-arg.its new file mode 100644 index 0000000000..3a5bb6d0f7 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-algo-arg.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash-1 { + algo = "sha256"; + }; + }; + fdt-1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash-1 { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature { + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-algo-arg.its b/test/py/tests/vboot/sign-images-algo-arg.its new file mode 100644 index 0000000000..9144c8b5ad --- /dev/null +++ b/test/py/tests/vboot/sign-images-algo-arg.its @@ -0,0 +1,40 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature { + key-name-hint = "dev"; + }; + }; + fdt-1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature { + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + }; + }; +}; |