Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0bdde5f3022c6b794e61110466d3e79b6df0f696 / . / test / py / tests / test_efi_capsule / conftest.py
blob: 27c05971ca32f75fc5f3109a68f93e5c43ccfa43 [file] [log] [blame]
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]1# SPDX-License-Identifier: GPL-2.0+
2# Copyright (c) 2020, Linaro Limited
3# Author: AKASHI Takahiro <takahiro.akashi@linaro.org>
4
5import os
6import os.path
7import re
8from subprocess import call, check_call, check_output, CalledProcessError
9import pytest
10from capsule_defs import *
11
12#
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame^]13# Fixture for UEFI capsule test
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]14#
15
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]16@pytest.fixture(scope='session')
17def efi_capsule_data(request, u_boot_config):
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame^]18 """Set up a file system to be used in UEFI capsule and
19 authentication test.
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]20
21 Args:
22 request: Pytest request object.
23 u_boot_config: U-boot configuration.
24
25 Return:
26 A path to disk image to be used for testing
27 """
28 global CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR
29
30 mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
31 data_dir = mnt_point + CAPSULE_DATA_DIR
32 install_dir = mnt_point + CAPSULE_INSTALL_DIR
33 image_path = u_boot_config.persistent_data_dir + '/test_efi_capsule.img'
34
35 try:
36 # Create a target device
37 check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True)
38
39 check_call('rm -rf %s' % mnt_point, shell=True)
40 check_call('mkdir -p %s' % data_dir, shell=True)
41 check_call('mkdir -p %s' % install_dir, shell=True)
42
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame^]43 capsule_auth_enabled = u_boot_config.buildconfig.get(
44 'config_efi_capsule_authenticate')
45 if capsule_auth_enabled:
46 # Create private key (SIGNER.key) and certificate (SIGNER.crt)
47 check_call('cd %s; '
48 'openssl req -x509 -sha256 -newkey rsa:2048 '
49 '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key '
50 '-out SIGNER.crt -nodes -days 365'
51 % data_dir, shell=True)
52 check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl'
53 % (data_dir, EFITOOLS_PATH), shell=True)
54
55 # Update dtb adding capsule certificate
56 check_call('cd %s; '
57 'cp %s/test/py/tests/test_efi_capsule/signature.dts .'
58 % (data_dir, u_boot_config.source_dir), shell=True)
59 check_call('cd %s; '
60 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; '
61 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
62 '-o test_sig.dtb signature.dtbo'
63 % (data_dir, u_boot_config.build_dir), shell=True)
64
65 # Create *malicious* private key (SIGNER2.key) and certificate
66 # (SIGNER2.crt)
67 check_call('cd %s; '
68 'openssl req -x509 -sha256 -newkey rsa:2048 '
69 '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key '
70 '-out SIGNER2.crt -nodes -days 365'
71 % data_dir, shell=True)
72
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]73 # Create capsule files
74 # two regions: one for u-boot.bin and the other for u-boot.env
75 check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
76 shell=True)
77 check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
78 (u_boot_config.source_dir, data_dir),
79 shell=True)
80 check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
81 (data_dir, u_boot_config.build_dir),
82 shell=True)
83 check_call('cd %s; %s/tools/mkeficapsule --fit uboot_bin_env.itb --index 1 Test01' %
84 (data_dir, u_boot_config.build_dir),
85 shell=True)
AKASHI Takahiro30a7c612020-11-30 18:12:17 +0900[diff] [blame]86 check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 Test02' %
87 (data_dir, u_boot_config.build_dir),
88 shell=True)
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame^]89 if capsule_auth_enabled:
90 # firmware signed with proper key
91 check_call('cd %s; '
92 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
93 '--private-key SIGNER.key --certificate SIGNER.crt '
94 '--raw u-boot.bin.new Test11'
95 % (data_dir, u_boot_config.build_dir),
96 shell=True)
97 # firmware signed with *mal* key
98 check_call('cd %s; '
99 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
100 '--private-key SIGNER2.key '
101 '--certificate SIGNER2.crt '
102 '--raw u-boot.bin.new Test12'
103 % (data_dir, u_boot_config.build_dir),
104 shell=True)
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]105
106 # Create a disk image with EFI system partition
107 check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
108 (mnt_point, image_path), shell=True)
109 check_call('sgdisk %s -A 1:set:0 -t 1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B' %
110 image_path, shell=True)
111
112 except CalledProcessError as exception:
113 pytest.skip('Setup failed: %s' % exception.cmd)
114 return
115 else:
116 yield image_path
117 finally:
118 call('rm -rf %s' % mnt_point, shell=True)
119 call('rm -f %s' % image_path, shell=True)
120 call('rm -f ./spi.bin', shell=True)