[v4,09/12] test: py: Setup capsule files for testing

Message ID	20230715134533.2025893-10-sughosh.ganu@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; From: Sughosh Ganu <sughosh.ganu@linaro.org> To: u-boot@lists.denx.de Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>, Ilias Apalodimas <ilias.apalodimas@linaro.org>, Simon Glass <sjg@chromium.org>, Takahiro Akashi <takahiro.akashi@linaro.org>, Malte Schmidt <malte.schmidt-oss@weidmueller.com>, Michal Simek <michal.simek@amd.com>, Tom Rini <trini@konsulko.com>, Sughosh Ganu <sughosh.ganu@linaro.org> Subject: [PATCH v4 09/12] test: py: Setup capsule files for testing Date: Sat, 15 Jul 2023 19:15:30 +0530 Message-Id: <20230715134533.2025893-10-sughosh.ganu@linaro.org> In-Reply-To: <20230715134533.2025893-1-sughosh.ganu@linaro.org> References: <20230715134533.2025893-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	Integrate EFI capsule tasks into u-boot's build flow \| expand [v4,00/12] Integrate EFI capsule tasks into u-boot's build flow [v4,01/12] binman: bintool: Build a tool from a list of commands [v4,02/12] nuvoton: npcm845-evb: Add a newline at the end of file [v4,03/12] capsule: authenticate: Add capsule public key in platform's dtb [v4,04/12] doc: capsule: Document the new mechanism to embed ESL file into dtb [v4,05/12] tools: mkeficapsule: Add support for parsing capsule params from config file [v4,06/12] binman: capsule: Add support for generating capsules [v4,07/12] doc: Add documentation to highlight capsule generation related updates [v4,08/12] CI: capsule: Setup the files needed for capsule update testing [v4,09/12] test: py: Setup capsule files for testing [v4,10/12] test: capsule: Remove public key embed logic from capsule update test [v4,11/12] sandbox: capsule: Add a config file for generating capsules [v4,12/12] sandbox: capsule: Generate capsule related files through binman

Message ID

20230715134533.2025893-10-sughosh.ganu@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61;
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Malte Schmidt <malte.schmidt-oss@weidmueller.com>,
 Michal Simek <michal.simek@amd.com>, Tom Rini <trini@konsulko.com>,
 Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH v4 09/12] test: py: Setup capsule files for testing
Date: Sat, 15 Jul 2023 19:15:30 +0530
Message-Id: <20230715134533.2025893-10-sughosh.ganu@linaro.org>
In-Reply-To: <20230715134533.2025893-1-sughosh.ganu@linaro.org>
References: <20230715134533.2025893-1-sughosh.ganu@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

Integrate EFI capsule tasks into u-boot's build flow | expand

Commit Message

Sughosh Ganu July 15, 2023, 1:45 p.m. UTC

Support has being added through earlier commits to build capsules and
embed the public key needed for capsule authentication as part of
u-boot build.

From the testing point-of-view, this means the input files needed for
the above have to be setup before invoking the build. Set this up in
the pytest configuration file for testing the capsule update feature.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
Changes since V3:
* Use fstrings for format specifiers.

 test/py/conftest.py | 84 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/test/py/conftest.py b/test/py/conftest.py
index fc9dd3a83f..1092cb713b 100644
--- a/test/py/conftest.py
+++ b/test/py/conftest.py
@@ -80,6 +80,86 @@  def pytest_addoption(parser):
         help='Run sandbox under gdbserver. The argument is the channel '+
         'over which gdbserver should communicate, e.g. localhost:1234')
 
+def setup_capsule_build(source_dir, build_dir, board_type, log):
+    """Setup the platform's build for testing capsule updates
+
+    This generates the payload/input files needed for testing the
+    capsule update functionality, along with the keys for signing
+    the capsules. An EFI Signature List(ESL) file, which houses the
+    public key for capsule authentication is generated as
+    well.
+
+    The ESL file is subsequently embedded into the platform's
+    dtb during the u-boot build, to be used for capsule
+    authentication.
+
+    Two sets of keys are generated, namely SIGNER and SIGNER2.
+    The SIGNER2 key pair is used as a malicious key for testing the
+    the capsule authentication functionality.
+
+    All the generated files are placed under the /tmp/capsules/
+    directory.
+
+    Args:
+        soruce_dir (str): Directory containing source code
+        build_dir (str): Directory to build in
+        board_type (str): board_type parameter (e.g. 'sandbox')
+        log (Logfile): Log file to use
+
+    Returns:
+        Nothing.
+    """
+    def run_command(name, cmd, source_dir):
+        with log.section(name):
+            if isinstance(cmd, str):
+                cmd = cmd.split()
+                runner = log.get_runner(name, None)
+                runner.run(cmd, cwd=source_dir)
+                runner.close()
+                log.status_pass('OK')
+
+    def gen_capsule_payloads(capsule_dir):
+        fname = f'{capsule_dir}u-boot.bin.old'
+        with open(fname, 'w') as fd:
+            fd.write('u-boot:Old')
+
+        fname = f'{capsule_dir}u-boot.bin.new'
+        with open(fname, 'w') as fd:
+            fd.write('u-boot:New')
+
+        fname = f'{capsule_dir}u-boot.env.old'
+        with open(fname, 'w') as fd:
+            fd.write('u-boot-env:Old')
+
+        fname = f'{capsule_dir}u-boot.env.new'
+        with open(fname, 'w') as fd:
+            fd.write('u-boot-env:New')
+
+    capsule_sig_dir = '/tmp/capsules/'
+    sig_name = 'SIGNER'
+    mkdir_p(capsule_sig_dir)
+    name = 'openssl'
+    cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 '
+            '-subj /CN=TEST_SIGNER/ -keyout '
+            f'{capsule_sig_dir}{sig_name}.key '
+            f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' )
+    run_command(name, cmd, source_dir)
+
+    name = 'cert-to-efi-sig-list'
+    cmd = ( f'cert-to-efi-sig-list {capsule_sig_dir}{sig_name}.crt '
+            f'{capsule_sig_dir}{sig_name}.esl' )
+    run_command(name, cmd, source_dir)
+
+    sig_name = 'SIGNER2'
+    name = 'openssl'
+    cmd = ( 'openssl req -x509 -sha256 -newkey rsa:2048 '
+            '-subj /CN=TEST_SIGNER/ -keyout '
+            f'{capsule_sig_dir}{sig_name}.key '
+            f'-out {capsule_sig_dir}{sig_name}.crt -nodes -days 365' )
+    run_command(name, cmd, source_dir)
+
+    gen_capsule_payloads(capsule_sig_dir)
+
 def run_build(config, source_dir, build_dir, board_type, log):
     """run_build: Build U-Boot
 
@@ -90,6 +170,10 @@  def run_build(config, source_dir, build_dir, board_type, log):
         board_type (str): board_type parameter (e.g. 'sandbox')
         log (Logfile): Log file to use
     """
+    capsule_boards = ( 'sandbox', 'sandbox64', 'sandbox_flattree' )
+    if board_type in capsule_boards:
+        setup_capsule_build(source_dir, build_dir, board_type, log)
+
     if config.getoption('buildman'):
         if build_dir != source_dir:
             dest_args = ['-o', build_dir, '-w']

[v4,09/12] test: py: Setup capsule files for testing

Commit Message

Patch