test: vboot: Using variable 'old_dtb' before assignment

old_dtb can only be assumed initialized in the finally block
if it is assigned a value before the try statement.

Avoid a pylint error reported by current pylint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test_vboot.py: include test of fdt_add_pubkey tool

Add test_fdt_add_pubkey test which provides simple functionality test
which contains such steps:
create DTB and FIT files
add keys with fdt_add_pubkey to DTB
sign FIT image
check with fit_check_sign that keys properly added to DTB file

Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

test: Mark all but the first vboot test as slow

When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test_vboot.py: include test of fdt_add_pubkey tool

Add test_fdt_add_pubkey test which provides simple functionality test
which contains such steps:
create DTB and FIT files
add keys with fdt_add_pubkey to DTB
sign FIT image
check with fit_check_sign that keys properly added to DTB file

Signed-off-by: Roman Kopytin <Roman.Kopytin@kaspersky.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

test: Mark all but the first vboot test as slow

When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Mark all but the first vboot test as slow

When doing a quick check we don't need to run all the vboot tests. Just
run the first one, which is enough to catch most problems.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

rsa: adds rsa3072 algorithm

Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Allow vboot tests to run in parallel

Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

image: Check for unit addresses in FITs

Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

libfdt: Check for multiple/invalid root nodes

It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: Add tests for the 'evil' vboot attacks

Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: add tests for multiple required keys

This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.

This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.

Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Add a test for a forged configuration

Add a check to make sure that it is not possible to add a new
configuration and use the hashed nodes and hash of another configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Drop unnecessary parameter for fit_check_sign

This tool only uses the last -k parameter provided. Drop the earlier one
since it has no effect.

Signed-off-by: Simon Glass <sjg@chromium.org>

pytest: vboot: add a test for required key

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: clean its file

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel@1 by kernel and fdt@1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: vboot: add padding pss for rsa signature

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

sandbox: Drop the deprecated 'sb' command

The old 'sb' command was deprecated in 2015 and replaced with 'host'.
Remove the remaining users and the command, so that the name is available
for other purposes.

Signed-off-by: Simon Glass <sjg@chromium.org>

Merge git://git.denx.de/u-boot-dm

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test/py: vboot: Remove stderr redirect from openssl command

The openssl command specified in test_with_algo() ultimately ends up
being run by RunAndLog::run(), which uses it to construct a Popen object
with the default shell=False. The stderr redirect in the command is
therefore simply passed to openssl as an argument. With at least openssl
1.1.0f this causes openssl, and therefore test_vboot, to fail with:

genpkey: Use -help for summary.
Exit code: 1

Any stderr output ought to be captured & stored in the RunAndLog
object's output field and returned from run() via run_and_log() to
test_with_algo() which then ignores it anyway, so we can drop the
shell-like redirection with no ill effects. With this fix test_vboot now
passes for me.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

test/py: add skip marker for reliance on tools

Some tests use external tools (executables) during their operation. Add
a test.py mark to indicate this. This allows those tests to be skipped if
the required tool is not present.

Signed-off-by: Stephen Warren <swarren@nvidia.com>

test/py/tests/test_vboot.py: Add check that we boot the image

Make sure that when we're telling bootm to boot an image, and we expect
the image to boot we get the output from sandbox that we attempted to
run Linux and that U-Boot completed its job.

Cc: Simon Glass <sjg@chromium.org>
Cc: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>

test: Adjust run_command_list() to return a list of strings

Return one string for each command that was executed. This seems cleaner.

Suggested-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>

test: Add a function to restart U-Boot

Add a proper function for this rather than using internal functions. Use it
in the single call site.

Also, do a restart at the end of the vboot test to reset to the normal
device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Stephen Warren <swarren@nvidia.com>

test: vboot: Put each test variant in its own section

Use 'cons.log.section' feature to split up the test output. This makes it
easier to read.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Rename sha to sha_algo and pass it around

Rename this argument and pass it to each function that needs it, instead of
making it global.

Suggested-by: Stephen Warren <swarren@nvidia.com>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Drop the cmd() function

Instead of this, use the existing run_and_log() function, enhanced to
support a command string as well as a list of arguments.

Suggested-by: Stephen Warren <swarren@nvidia.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos in comments

Fix some typos in various files introduced with the vboot test conversion.

Reported-by: Teddy Reed <teddy.reed@gmail.com>

Signed-off-by: Simon Glass <sjg@chromium.org>

test: Fix typos and tidy up

Fix review comments that were missed at the time. Also explain why we need
to regenerate the device tree for each test.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Suggested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f6349c3c (test: Add a README)

test/py: vboot can be run only at Sandbox

Getting this error:
Zynq> sb load hostfs - 100
/home/monstr/data/disk/u-boot/build-zynq_zc706/test.fit
Unknown command 'sb' - try 'help'

because sb command is present only for Sandbox
obj-$(CONFIG_SANDBOX) += host.o

that's why mark this test to be run only at Sandbox

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Simon Glass <sjg@chromium.org>

test/py: use absolute dts path in vboot test

Without this, the test fails if the test is run with a cwd other than the
root of the U-Boot source tree.

Fixes: 8729d582595d ("test: Convert the vboot test to test/py")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

test: Convert the vboot test to test/py

Now that we have a suitable test framework we should move all tests into it.
The vboot test is a suitable candidate. Rewrite it in Python and move the
data files into an appropriate directory.

Signed-off-by: Simon Glass <sjg@chromium.org>

test/py: vboot: add a test to check fit signature on fit with padding

The pytest vboot does all his tests on fit without padding.
We add the same tests on fit with padding.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

test: vboot: Reduce fake kernel size to 500 bytes

We don't need 5KB to test things out. A smaller size makes it easier to
look at the FIT with fdtdump.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Move key creation into a function

This code is repeated so move it into a function with a parameter.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Fix pylint errors

Fix various minor things noticed by pylint.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Tidy up the code a little

Fix some long lines and comments. Use a distinct name for the
'required key' test.

Signed-off-by: Simon Glass <sjg@chromium.org>

test: vboot: Parameterise the test

This test is actually made up of five separate tests. Split them out so
that they appear as separate tests.

Unfortunately this restarts U-Boot multiple times which adds about a
second to the already-long vboot test, about 8 seconds total on my
machine. We could add a special 'teardown' test afterwards but if the
tests are executed out of order that would not work.

Changing test_vboot into a class causes it not to be discovered and makes
it different from all other tests.

Signed-off-by: Simon Glass <sjg@chromium.org>