#
229c4da6 |
|
11-Dec-2023 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
test: vboot: Using variable 'old_dtb' before assignment old_dtb can only be assumed initialized in the finally block if it is assigned a value before the try statement. Avoid a pylint error reported by current pylint. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
90999b45 |
|
19-Mar-2023 |
Roman Kopytin <Roman.Kopytin@kaspersky.com> |
test_vboot.py: include test of fdt_add_pubkey tool Add test_fdt_add_pubkey test which provides simple functionality test which contains such steps: create DTB and FIT files add keys with fdt_add_pubkey to DTB sign FIT image check with fit_check_sign that keys properly added to DTB file Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com> Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> |
#
c7c113dc |
|
06-Aug-2022 |
Simon Glass <sjg@chromium.org> |
test: Mark all but the first vboot test as slow When doing a quick check we don't need to run all the vboot tests. Just run the first one, which is enough to catch most problems. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
776db4fa |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: py: vboot: add test for global image signature Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
7ace56ae |
|
03-Feb-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
test/py: Add test case for mkimage -o argument Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base] |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@amd.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
90999b45 |
|
19-Mar-2023 |
Roman Kopytin <Roman.Kopytin@kaspersky.com> |
test_vboot.py: include test of fdt_add_pubkey tool Add test_fdt_add_pubkey test which provides simple functionality test which contains such steps: create DTB and FIT files add keys with fdt_add_pubkey to DTB sign FIT image check with fit_check_sign that keys properly added to DTB file Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com> Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> |
#
c7c113dc |
|
06-Aug-2022 |
Simon Glass <sjg@chromium.org> |
test: Mark all but the first vboot test as slow When doing a quick check we don't need to run all the vboot tests. Just run the first one, which is enough to catch most problems. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
776db4fa |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: py: vboot: add test for global image signature Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
7ace56ae |
|
03-Feb-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
test/py: Add test case for mkimage -o argument Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base] |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@amd.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c7c113dc |
|
06-Aug-2022 |
Simon Glass <sjg@chromium.org> |
test: Mark all but the first vboot test as slow When doing a quick check we don't need to run all the vboot tests. Just run the first one, which is enough to catch most problems. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
776db4fa |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: py: vboot: add test for global image signature Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
7ace56ae |
|
03-Feb-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
test/py: Add test case for mkimage -o argument Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base] |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@amd.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
776db4fa |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: py: vboot: add test for global image signature Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
7ace56ae |
|
03-Feb-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
test/py: Add test case for mkimage -o argument Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base] |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7ace56ae |
|
03-Feb-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
test/py: Add test case for mkimage -o argument Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base] |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
2a4b0d58 |
|
19-Jan-2022 |
Jamin Lin <jamin_lin@aspeedtech.com> |
rsa: adds rsa3072 algorithm Add to support rsa 3072 bits algorithm in tools for image sign at host side and adds rsa 3072 bits verification in the image binary. Add test case in vboot for sha384 with rsa3072 algorithm testing. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
cfb83f36 |
|
19-Sep-2021 |
Simon Glass <sjg@chromium.org> |
test: Allow vboot tests to run in parallel Update the tests to use separate working directories, so we can run them in parallel. It also makes it possible to see the individual output files after the tests have completed. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3f04db89 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
image: Check for unit addresses in FITs Using unit addresses in a FIT is a security risk. Add a check for this and disallow it. CVE-2021-27138 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
124c2557 |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
libfdt: Check for multiple/invalid root nodes It is possible to construct a devicetree blob with multiple root nodes. Update fdt_check_full() to check for this, along with a root node with an invalid name. CVE-2021-27097 Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
d5f3aada |
|
15-Feb-2021 |
Simon Glass <sjg@chromium.org> |
test: Add tests for the 'evil' vboot attacks Add tests to check that these two attacks are mitigated by recent patches. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
feaeee8b |
|
17-Aug-2020 |
Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> |
test: vboot: add tests for multiple required keys This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677daf2a ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
eb7690e8 |
|
29-Apr-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
test/py: vboot: add a test to check fit signature on fit with padding The pytest vboot does all his tests on fit without padding. We add the same tests on fit with padding. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0e29648f |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Reduce fake kernel size to 500 bytes We don't need 5KB to test things out. A smaller size makes it easier to look at the FIT with fdtdump. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
da76ed27 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Move key creation into a function This code is repeated so move it into a function with a parameter. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
b008677d |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Fix pylint errors Fix various minor things noticed by pylint. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
3156ee35 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Tidy up the code a little Fix some long lines and comments. Use a distinct name for the 'required key' test. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1b090032 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Parameterise the test This test is actually made up of five separate tests. Split them out so that they appear as separate tests. Unfortunately this restarts U-Boot multiple times which adds about a second to the already-long vboot test, about 8 seconds total on my machine. We could add a special 'teardown' test afterwards but if the tests are executed out of order that would not work. Changing test_vboot into a class causes it not to be discovered and makes it different from all other tests. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c021971e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Add a test for a forged configuration Add a check to make sure that it is not possible to add a new configuration and use the hashed nodes and hash of another configuration. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
477f559e |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
test: vboot: Drop unnecessary parameter for fit_check_sign This tool only uses the last -k parameter provided. Drop the earlier one since it has no effect. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@mips.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ce5172cf |
|
18-Sep-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
pytest: vboot: add a test for required key This commit add a test in the vboot test to check that when a required key is asked, only FIT signed with this key is used/accepted by u-boot. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@imgtec.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ed47097a |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: clean its file This update the its file used in vboot test to respect the new node style name defined in doc/uImage.FIT (for example: replace kernel@1 by kernel and fdt@1 by fdt-1) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
e246b728 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
test: vboot: add padding pss for rsa signature The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
6d07d63d |
|
15-Nov-2018 |
Simon Glass <sjg@chromium.org> |
sandbox: Drop the deprecated 'sb' command The old 'sb' command was deprecated in 2015 and replaced with 'host'. Remove the remaining users and the command, so that the name is available for other purposes. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1703fbef |
|
11-Jul-2018 |
Tom Rini <trini@konsulko.com> |
Merge git://git.denx.de/u-boot-dm
|
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@imgtec.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com> |
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com> |
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com> |
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com> |
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README) |
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org> |
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
72239fc8 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Add FIT_SIGNATURE_MAX_SIZE protection This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
8793631e |
|
14-Sep-2017 |
Paul Burton <paul.burton@imgtec.com> |
test/py: vboot: Remove stderr redirect from openssl command The openssl command specified in test_with_algo() ultimately ends up being run by RunAndLog::run(), which uses it to construct a Popen object with the default shell=False. The stderr redirect in the command is therefore simply passed to openssl as an argument. With at least openssl 1.1.0f this causes openssl, and therefore test_vboot, to fail with: genpkey: Use -help for summary. Exit code: 1 Any stderr output ought to be captured & stored in the RunAndLog object's output field and returned from run() via run_and_log() to test_with_algo() which then ignores it anyway, so we can drop the shell-like redirection with no ill effects. With this fix test_vboot now passes for me. Signed-off-by: Paul Burton <paul.burton@imgtec.com> Reviewed-by: Stephen Warren <swarren@nvidia.com>
|
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
2d26bf6c |
|
18-Sep-2017 |
Stephen Warren <swarren@nvidia.com> |
test/py: add skip marker for reliance on tools Some tests use external tools (executables) during their operation. Add a test.py mark to indicate this. This allows those tests to be skipped if the required tool is not present. Signed-off-by: Stephen Warren <swarren@nvidia.com>
|
#
de4be9ec |
|
18-Sep-2016 |
Tom Rini <trini@konsulko.com> |
test/py/tests/test_vboot.py: Add check that we boot the image Make sure that when we're telling bootm to boot an image, and we expect the image to boot we get the output from sandbox that we attempted to run Linux and that U-Boot completed its job. Cc: Simon Glass <sjg@chromium.org> Cc: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Stephen Warren <swarren@nvidia.com>
|
#
f6d34651 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Adjust run_command_list() to return a list of strings Return one string for each command that was executed. This seems cleaner. Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Warren <swarren@nvidia.com>
|
#
27c087d5 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Add a function to restart U-Boot Add a proper function for this rather than using internal functions. Use it in the single call site. Also, do a restart at the end of the vboot test to reset to the normal device tree. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Stephen Warren <swarren@nvidia.com>
|
#
851271a7 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: vboot: Put each test variant in its own section Use 'cons.log.section' feature to split up the test output. This makes it easier to read. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
ac9a23cf |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Rename sha to sha_algo and pass it around Rename this argument and pass it to each function that needs it, instead of making it global. Suggested-by: Stephen Warren <swarren@nvidia.com> Suggested-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
ec70f8a9 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Drop the cmd() function Instead of this, use the existing run_and_log() function, enhanced to support a command string as well as a list of arguments. Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
72f52268 |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos in comments Fix some typos in various files introduced with the vboot test conversion. Reported-by: Teddy Reed <teddy.reed@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
bcbd0c8f |
|
31-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Fix typos and tidy up Fix review comments that were missed at the time. Also explain why we need to regenerate the device tree for each test. Reported-by: Teddy Reed <teddy.reed@gmail.com> Suggested-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: f6349c3c (test: Add a README)
|
#
04a4786c |
|
18-Jul-2016 |
Michal Simek <michal.simek@xilinx.com> |
test/py: vboot can be run only at Sandbox Getting this error: Zynq> sb load hostfs - 100 /home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit Unknown command 'sb' - try 'help' because sb command is present only for Sandbox obj-$(CONFIG_SANDBOX) += host.o that's why mark this test to be run only at Sandbox Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Simon Glass <sjg@chromium.org>
|
#
c9ba60c4 |
|
18-Jul-2016 |
Stephen Warren <swarren@nvidia.com> |
test/py: use absolute dts path in vboot test Without this, the test fails if the test is run with a cwd other than the root of the U-Boot source tree. Fixes: 8729d582595d ("test: Convert the vboot test to test/py") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
8729d582 |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
test: Convert the vboot test to test/py Now that we have a suitable test framework we should move all tests into it. The vboot test is a suitable candidate. Rewrite it in Python and move the data files into an appropriate directory. Signed-off-by: Simon Glass <sjg@chromium.org>
|