From patchwork Wed Jun 17 02:55:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 242566 List-Id: U-Boot discussion From: takahiro.akashi at linaro.org (AKASHI Takahiro) Date: Wed, 17 Jun 2020 11:55:14 +0900 Subject: [PATCH v2 16/17] test/py: add a test for efi firmware update capsule of FIT image In-Reply-To: <20200617025515.23585-1-takahiro.akashi@linaro.org> References: <20200617025515.23585-1-takahiro.akashi@linaro.org> Message-ID: <20200617025515.23585-17-takahiro.akashi@linaro.org> The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI. Signed-off-by: AKASHI Takahiro --- test/py/tests/test_efi_capsule/conftest.py | 102 ++++++ test/py/tests/test_efi_capsule/defs.py | 24 ++ .../test_efi_capsule/test_capsule_firmware.py | 308 ++++++++++++++++++ .../tests/test_efi_capsule/uboot_bin_env.its | 36 ++ test/py/tests/test_efi_capsule/uboot_env.its | 25 ++ 5 files changed, 495 insertions(+) create mode 100644 test/py/tests/test_efi_capsule/conftest.py create mode 100644 test/py/tests/test_efi_capsule/defs.py create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware.py create mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its create mode 100644 test/py/tests/test_efi_capsule/uboot_env.its diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py new file mode 100644 index 000000000000..58daf63f1e52 --- /dev/null +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -0,0 +1,102 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2020, Linaro Limited +# Author: AKASHI Takahiro + +import os +import os.path +import re +from subprocess import call, check_call, check_output, CalledProcessError +import pytest +from defs import * + +# +# Fixture for UEFI secure boot test +# + + + at pytest.fixture(scope='session') +def efi_capsule_data(request, u_boot_config): + """Set up a file system to be used in UEFI capsule test. + + Args: + request: Pytest request object. + u_boot_config: U-boot configuration. + + Return: + A path to disk image to be used for testing + """ + image_path = u_boot_config.persistent_data_dir + image_path = image_path + '/' + EFI_BOOTDEV_IMAGE_NAME + + try: + # create U-Boot environment storage + check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True) + + # create a disk/partition + check_call('dd if=/dev/zero of=%s bs=1MiB count=%d' + % (image_path, EFI_BOOTDEV_IMAGE_SIZE), shell=True) + check_call( + 'sgdisk %s -n 1:0:+%dMiB -A 1:set:0 -t 1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B' % + (image_path, EFI_BOOTDEV_PART_SIZE), shell=True) + # create a file system + check_call('dd if=/dev/zero of=%s.tmp bs=1MiB count=%d' + % (image_path, EFI_BOOTDEV_PART_SIZE), shell=True) + check_call('mkfs -t %s %s.tmp' + % (EFI_BOOTDEV_FS_TYPE, image_path), shell=True) + check_call('dd if=%s.tmp of=%s bs=1MiB seek=1 count=%d conv=notrunc' + % (image_path, image_path, 1), shell=True) + check_call('rm %s.tmp' % image_path, shell=True) + loop_dev = check_output( + 'sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' % + (EFI_BOOTDEV_PART_SIZE, image_path), shell=True).decode() + check_call('sudo mkdir -p %s' % MNT_PNT, shell=True) + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), + shell=True) + check_call('mkdir -p %s%s' % (MNT_PNT, CAPSULE_DATA_DIR), shell=True) + check_call( + 'mkdir -p %s%s' % + (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + + # Create its' + # one region for U-Boot env in FIT image + check_call( + 'sed -e \"s?BINFILE?%s%s/%s?\" %s/test/py/tests/test_efi_capsule/uboot_env.its > %s%s/uboot_env.its' % + (MNT_PNT, CAPSULE_DATA_DIR, FW_BIN, u_boot_config.source_dir, MNT_PNT, CAPSULE_DATA_DIR), shell=True) + + # two regions: one for u-boot.bin and the other for u-boot.env + check_call( + 'echo -n u-boot:Old > %s%s/u-boot.bin.old; echo -n u-boot:New > %s%s/u-boot.bin.new; echo -n u-boot-env:Old -> %s%s/u-boot.env.old; echo -n u-boot-env:New > %s%s/u-boot.env.new' % + (MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR), + shell=True) + check_call( + 'sed -e \"s?BINFILE1?%s%s/u-boot.bin.new?\" -e \"s?BINFILE2?%s%s/u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s%s/uboot_bin_env.its' % + (MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR, + u_boot_config.source_dir, + MNT_PNT, + CAPSULE_DATA_DIR), + shell=True) + + # cleanup + call('sudo umount %s' % loop_dev, shell=True) + call('sudo losetup -d %s' % loop_dev, shell=True) + + except CalledProcessError as exception: + pytest.skip('Setup failed: %s' % exception.cmd) + return + else: + yield image_path + finally: + call('sudo rm -rf %s' % MNT_PNT, shell=True) + #call('rm -f %s' % image_path, shell=True) + call('rm -f ./spi.bin', shell=True) diff --git a/test/py/tests/test_efi_capsule/defs.py b/test/py/tests/test_efi_capsule/defs.py new file mode 100644 index 000000000000..911883368b27 --- /dev/null +++ b/test/py/tests/test_efi_capsule/defs.py @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: GPL-2.0+ + +# Disk image name +EFI_BOOTDEV_IMAGE_NAME = 'test_efi_capsule.img' + +# Size in MiB +EFI_BOOTDEV_IMAGE_SIZE = 16 +EFI_BOOTDEV_PART_SIZE = 8 + +# Partition file system type +EFI_BOOTDEV_FS_TYPE = 'vfat' + +# Mount Point for set-up +MNT_PNT = '/mnt/test_efi_capsule' + +# Owner guid +GUID = '11111111-2222-3333-4444-123456789abc' + +# Directories +CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' +CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule' + +# +FW_BIN = 'spi_sf.bin' diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware.py b/test/py/tests/test_efi_capsule/test_capsule_firmware.py new file mode 100644 index 000000000000..490dc039d81f --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware.py @@ -0,0 +1,308 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2020, Linaro Limited +# Author: AKASHI Takahiro +# +# U-Boot UEFI: Firmware Update Test + +""" +This test verifies capsule-on-disk firmware update +""" + +from subprocess import check_call, check_output, CalledProcessError +import pytest +from defs import * + + + at pytest.mark.boardspec('sandbox') + at pytest.mark.buildconfigspec('efi_capsule_firmware_fit') + at pytest.mark.buildconfigspec('efi_capsule_on_disk') + at pytest.mark.buildconfigspec('dfu') + at pytest.mark.buildconfigspec('dfu_sf') + at pytest.mark.buildconfigspec('env_is_in_spi_flash') + at pytest.mark.buildconfigspec('cmd_efidebug') + at pytest.mark.buildconfigspec('cmd_fat') + at pytest.mark.buildconfigspec('cmd_nvedit_efi') + at pytest.mark.buildconfigspec('cmd_saveenv') + at pytest.mark.slow +class TestEfiCapsuleFirmwareFit(object): + def test_efi_capsule_fw1( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 1 - Update U-Boot environment on SPI Flash + """ + # "-T" (or "-D") is required to enable spi flash on sandbox + u_boot_console.restart_uboot_with_flags('-T') + + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 1-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add 1 TEST host 0:1 /helloworld.efi ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info sf 0:0=u-boot-env raw 0 0x200000', + 'env set FW_STATUS This is Old environment', + 'env print FW_STATUS', + 'env save']) + assert 'Old environment' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'env set FW_STATUS This is New environment', + 'env export -c 5000000', + 'fatwrite host 0:1 5000000 %s/%s $filesize' + % (CAPSULE_DATA_DIR, FW_BIN), + 'env set -e -guid 39b68c46-f7fb-441b-b6ec-16b0f69821f3 Capsule0000', + 'fatls host 0:1 %s' % CAPSULE_DATA_DIR + ]) + assert '%s' % FW_BIN in ''.join(output) + + # create a capsule file + try: + loop_dev = check_output( + 'sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' % + (EFI_BOOTDEV_PART_SIZE, disk_img), shell=True).decode() + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), shell=True) + check_call( + '%s/tools/mkimage -f %s%s/uboot_env.its %s%s/uboot_env.itb' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR), + shell=True) + check_call( + '%s/tools/mkeficapsule --fit %s%s/uboot_env.itb --version 1 --index 1 %s%s/Test01' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_INSTALL_DIR), + shell=True) + check_call('ls %s/%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('sudo umount %s' % loop_dev, shell=True) + check_call('sudo losetup -d %s' % loop_dev, shell=True) + except CalledProcessError as exception: + assert 'failed to create firmware capsule: %s' % exception.cmd + + # reboot + u_boot_console.restart_uboot_with_flags('-T') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + if not capsule_early: + with u_boot_console.log.section('Test Case 1-b, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert 'Old environment' in ''.join(output) + + output = u_boot_console.run_command('fatls host 0:1 %s' + % CAPSULE_INSTALL_DIR) + assert 'Test01' in output + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e -all Capsule0000') + + # reboot again + u_boot_console.restart_uboot_with_flags('-T') + + with u_boot_console.log.section('Test Case 1-c, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert 'New environment' in ''.join(output) + + output = u_boot_console.run_command( + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + assert 'Test01' not in output + + def test_efi_capsule_fw2( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 2 - Update U-Boot environment on SPI Flash + but with OsIndications unset + No update should happen + """ + # "-T" (or "-D") is required to enable spi flash on sandbox + u_boot_console.restart_uboot_with_flags('-T') + + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 2-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add 1 TEST host 0:1 /helloworld.efi ""', + 'efidebug boot order 1', + 'env set -e OsIndications', + 'env set dfu_alt_info sf 0:0=u-boot-env raw 0 0x200000', + 'env set FW_STATUS This is Old environment', + 'env print FW_STATUS', + 'env save']) + assert 'Old environment' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'env set FW_STATUS This is New environment', + 'env export -c 5000000', + 'fatwrite host 0:1 5000000 %s/%s $filesize' + % (CAPSULE_DATA_DIR, FW_BIN), + 'env set -e -guid 39b68c46-f7fb-441b-b6ec-16b0f69821f3 Capsule0000', + 'fatls host 0:1 %s' % CAPSULE_DATA_DIR + ]) + assert '%s' % FW_BIN in ''.join(output) + + # create a capsule file + try: + loop_dev = check_output( + 'sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' % + (EFI_BOOTDEV_PART_SIZE, disk_img), shell=True).decode() + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), shell=True) + check_call( + '%s/tools/mkimage -f %s%s/uboot_env.its %s%s/uboot_env.itb' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR), + shell=True) + check_call( + '%s/tools/mkeficapsule --fit %s%s/uboot_env.itb --version 1 --index 1 %s%s/Test01' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_INSTALL_DIR), + shell=True) + check_call('ls %s/%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('sudo umount %s' % loop_dev, shell=True) + check_call('sudo losetup -d %s' % loop_dev, shell=True) + except CalledProcessError as exception: + assert 'failed to create firmware capsule: %s' % exception.cmd + + # reboot + u_boot_console.restart_uboot_with_flags('-T') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + if not capsule_early: + with u_boot_console.log.section('Test Case 2-b, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert 'Old environment' in ''.join(output) + + output = u_boot_console.run_command('fatls host 0:1 %s' + % CAPSULE_INSTALL_DIR) + assert 'Test01' in output + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e -all Capsule0000') + + # reboot again + u_boot_console.restart_uboot_with_flags('-T') + + with u_boot_console.log.section('Test Case 2-c, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert 'Old environment' in ''.join(output) + + output = u_boot_console.run_command( + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + assert 'Test01' in output + + def test_efi_capsule_fw3( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 3 - Update U-Boot and U-Boot environment on SPI Flash + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + # "-T" (or "-D") is required to enable spi flash on sandbox + u_boot_console.restart_uboot_with_flags('-T') + + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 3-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add 1 TEST host 0:1 /helloworld.efi ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info sf 0:0=u-boot-bin raw 0x100000 0x50000\;u-boot-env raw 0x150000 0x200000', + 'env save']) + + # initialize contents + output = u_boot_console.run_command_list( + ['sf probe 0:0', 'fatload host 0:1 4000000 %s/u-boot.bin.old' % + CAPSULE_DATA_DIR, 'sf write 4000000 100000 10', + 'sf read 5000000 100000 10', 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + output = u_boot_console.run_command_list( + ['sf probe 0:0', 'fatload host 0:1 4000000 %s/u-boot.env.old' % + CAPSULE_DATA_DIR, 'sf write 4000000 150000 10', + 'sf read 5000000 150000 10', 'md.b 5000000 10']) + assert 'Old' in ''.join(output) + + # create a capsule file + try: + loop_dev = check_output( + 'sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' % + (EFI_BOOTDEV_PART_SIZE, disk_img), shell=True).decode() + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), shell=True) + check_call( + '%s/tools/mkimage -f %s%s/uboot_bin_env.its %s%s/uboot_bin_env.itb' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_DATA_DIR), + shell=True) + check_call( + '%s/tools/mkeficapsule --fit %s%s/uboot_bin_env.itb --version 1 --index 1 %s%s/Test01' % + (u_boot_config.build_dir, + MNT_PNT, + CAPSULE_DATA_DIR, + MNT_PNT, + CAPSULE_INSTALL_DIR), + shell=True) + check_call('ls -l %s/%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), + shell=True) + check_call('sudo umount %s' % loop_dev, shell=True) + check_call('sudo losetup -d %s' % loop_dev, shell=True) + except CalledProcessError as exception: + assert 'failed to create firmware capsule: %s' % exception.cmd + + # reboot + u_boot_console.restart_uboot_with_flags('-T') + + capsule_early = u_boot_config.buildconfig.get( + 'config_efi_capsule_on_disk_early') + with u_boot_console.log.section('Test Case 3-b, after reboot'): + if not capsule_early: + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test01' in ''.join(output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command( + 'env print -e -all Capsule0000') + + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) + assert 'Test01' not in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf probe 0:0', + 'sf read 4000000 100000 10', + 'md.b 4000000 10']) + assert 'u-boot:New' in ''.join(output) + + output = u_boot_console.run_command_list([ + 'sf read 4000000 150000 10', + 'md.b 4000000 10']) + assert 'u-boot-env:New' in ''.join(output) diff --git a/test/py/tests/test_efi_capsule/uboot_bin_env.its b/test/py/tests/test_efi_capsule/uboot_bin_env.its new file mode 100644 index 000000000000..31e2f8049f9a --- /dev/null +++ b/test/py/tests/test_efi_capsule/uboot_bin_env.its @@ -0,0 +1,36 @@ +/* + * Automatic software update for U-Boot + * Make sure the flashing addresses ('load' prop) is correct for your board! + */ + +/dts-v1/; + +/ { + description = "Automatic U-Boot environment update"; + #address-cells = <2>; + + images { + u-boot-bin at 100000 { + description = "U-Boot binary on SPI Flash"; + data = /incbin/("BINFILE1"); + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + hash-1 { + algo = "sha1"; + }; + }; + u-boot-env at 150000 { + description = "U-Boot environment on SPI Flash"; + data = /incbin/("BINFILE2"); + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + hash-1 { + algo = "sha1"; + }; + }; + }; +}; diff --git a/test/py/tests/test_efi_capsule/uboot_env.its b/test/py/tests/test_efi_capsule/uboot_env.its new file mode 100644 index 000000000000..8e71892c0fae --- /dev/null +++ b/test/py/tests/test_efi_capsule/uboot_env.its @@ -0,0 +1,25 @@ +/* + * Automatic software update for U-Boot + * Make sure the flashing addresses ('load' prop) is correct for your board! + */ + +/dts-v1/; + +/ { + description = "Automatic U-Boot environment update"; + #address-cells = <2>; + + images { + u-boot-env at 0 { + description = "U-Boot environment on SPI Flash"; + data = /incbin/("BINFILE"); + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + hash-1 { + algo = "sha1"; + }; + }; + }; +};