Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 73a8a1d8263ddfda861dc6b14a93b4574c0d80b0 / . / test / py / tests / test_efi_capsule / conftest.py
blob: d0e20df01e321bfa06bebbaacd781f4a353a7050 [file] [log] [blame]
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]1# SPDX-License-Identifier: GPL-2.0+
2# Copyright (c) 2020, Linaro Limited
3# Author: AKASHI Takahiro <takahiro.akashi@linaro.org>
4
Heinrich Schuchardt14dee8b2023-05-03 07:08:05 +0200[diff] [blame]5"""Fixture for UEFI capsule test."""
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]6
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]7from subprocess import call, check_call, CalledProcessError
8import pytest
9from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR, EFITOOLS_PATH
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]10
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]11@pytest.fixture(scope='session')
12def efi_capsule_data(request, u_boot_config):
Heinrich Schuchardt14dee8b2023-05-03 07:08:05 +0200[diff] [blame]13 """Set up a file system and return path to image.
14
15 The function sets up a file system to be used in UEFI capsule and
16 authentication test and returns a path to disk image to be used
17 for testing.
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]18
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]19 request -- Pytest request object.
20 u_boot_config -- U-boot configuration.
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]21 """
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]22 mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
23 data_dir = mnt_point + CAPSULE_DATA_DIR
24 install_dir = mnt_point + CAPSULE_INSTALL_DIR
25 image_path = u_boot_config.persistent_data_dir + '/test_efi_capsule.img'
26
27 try:
28 # Create a target device
29 check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True)
30
31 check_call('rm -rf %s' % mnt_point, shell=True)
32 check_call('mkdir -p %s' % data_dir, shell=True)
33 check_call('mkdir -p %s' % install_dir, shell=True)
34
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]35 capsule_auth_enabled = u_boot_config.buildconfig.get(
36 'config_efi_capsule_authenticate')
37 if capsule_auth_enabled:
38 # Create private key (SIGNER.key) and certificate (SIGNER.crt)
39 check_call('cd %s; '
40 'openssl req -x509 -sha256 -newkey rsa:2048 '
41 '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key '
42 '-out SIGNER.crt -nodes -days 365'
43 % data_dir, shell=True)
44 check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl'
45 % (data_dir, EFITOOLS_PATH), shell=True)
46
47 # Update dtb adding capsule certificate
48 check_call('cd %s; '
49 'cp %s/test/py/tests/test_efi_capsule/signature.dts .'
50 % (data_dir, u_boot_config.source_dir), shell=True)
51 check_call('cd %s; '
52 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; '
53 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
54 '-o test_sig.dtb signature.dtbo'
55 % (data_dir, u_boot_config.build_dir), shell=True)
56
57 # Create *malicious* private key (SIGNER2.key) and certificate
58 # (SIGNER2.crt)
59 check_call('cd %s; '
60 'openssl req -x509 -sha256 -newkey rsa:2048 '
61 '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key '
62 '-out SIGNER2.crt -nodes -days 365'
63 % data_dir, shell=True)
64
Masahisa Kojima73a8a1d2023-06-07 14:42:00 +0900[diff] [blame^]65 # Update dtb to add the version information
66 check_call('cd %s; '
67 'cp %s/test/py/tests/test_efi_capsule/version.dts .'
68 % (data_dir, u_boot_config.source_dir), shell=True)
69 if capsule_auth_enabled:
70 check_call('cd %s; '
71 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
72 'fdtoverlay -i test_sig.dtb '
73 '-o test_ver.dtb version.dtbo'
74 % (data_dir), shell=True)
75 else:
76 check_call('cd %s; '
77 'dtc -@ -I dts -O dtb -o version.dtbo version.dts; '
78 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
79 '-o test_ver.dtb version.dtbo'
80 % (data_dir, u_boot_config.build_dir), shell=True)
81
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]82 # Create capsule files
83 # two regions: one for u-boot.bin and the other for u-boot.env
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]84 check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]85 shell=True)
86 check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
87 (u_boot_config.source_dir, data_dir),
88 shell=True)
89 check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
90 (data_dir, u_boot_config.build_dir),
91 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]92 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]93 (data_dir, u_boot_config.build_dir),
94 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]95 check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
AKASHI Takahiro30a7c612020-11-30 18:12:17 +0900[diff] [blame]96 (data_dir, u_boot_config.build_dir),
97 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]98 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
AKASHI Takahiro20d91552022-02-09 19:10:41 +0900[diff] [blame]99 (data_dir, u_boot_config.build_dir),
100 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]101 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
102 (data_dir, u_boot_config.build_dir),
103 shell=True)
104 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
105 (data_dir, u_boot_config.build_dir),
106 shell=True)
Masahisa Kojima73a8a1d2023-06-07 14:42:00 +0900[diff] [blame^]107 check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
108 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test101' %
109 (data_dir, u_boot_config.build_dir),
110 shell=True)
111 check_call('cd %s; %s/tools/mkeficapsule --index 2 --fw-version 10 '
112 '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test102' %
113 (data_dir, u_boot_config.build_dir),
114 shell=True)
115 check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
116 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test103' %
117 (data_dir, u_boot_config.build_dir),
118 shell=True)
119 check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 5 '
120 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test104' %
121 (data_dir, u_boot_config.build_dir),
122 shell=True)
123 check_call('cd %s; %s/tools/mkeficapsule --index 1 --fw-version 2 '
124 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' %
125 (data_dir, u_boot_config.build_dir),
126 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]127
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]128 if capsule_auth_enabled:
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]129 # raw firmware signed with proper key
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]130 check_call('cd %s; '
131 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
132 '--private-key SIGNER.key --certificate SIGNER.crt '
Vincent Stehléf0c7daa2022-05-31 09:55:33 +0200[diff] [blame]133 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]134 'u-boot.bin.new Test11'
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]135 % (data_dir, u_boot_config.build_dir),
136 shell=True)
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]137 # raw firmware signed with *mal* key
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]138 check_call('cd %s; '
139 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
140 '--private-key SIGNER2.key '
141 '--certificate SIGNER2.crt '
Vincent Stehléf0c7daa2022-05-31 09:55:33 +0200[diff] [blame]142 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]143 'u-boot.bin.new Test12'
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]144 % (data_dir, u_boot_config.build_dir),
145 shell=True)
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]146 # FIT firmware signed with proper key
147 check_call('cd %s; '
148 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
149 '--private-key SIGNER.key --certificate SIGNER.crt '
150 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
151 'uboot_bin_env.itb Test13'
152 % (data_dir, u_boot_config.build_dir),
153 shell=True)
154 # FIT firmware signed with *mal* key
155 check_call('cd %s; '
156 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
157 '--private-key SIGNER2.key '
158 '--certificate SIGNER2.crt '
159 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
160 'uboot_bin_env.itb Test14'
161 % (data_dir, u_boot_config.build_dir),
162 shell=True)
Masahisa Kojima73a8a1d2023-06-07 14:42:00 +0900[diff] [blame^]163 # raw firmware signed with proper key with version information
164 check_call('cd %s; '
165 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
166 '--fw-version 5 '
167 '--private-key SIGNER.key --certificate SIGNER.crt '
168 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
169 'u-boot.bin.new Test111'
170 % (data_dir, u_boot_config.build_dir),
171 shell=True)
172 # raw firmware signed with proper key with version information
173 check_call('cd %s; '
174 '%s/tools/mkeficapsule --index 2 --monotonic-count 1 '
175 '--fw-version 10 '
176 '--private-key SIGNER.key --certificate SIGNER.crt '
177 '--guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 '
178 'u-boot.env.new Test112'
179 % (data_dir, u_boot_config.build_dir),
180 shell=True)
181 # raw firmware signed with proper key with lower version information
182 check_call('cd %s; '
183 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
184 '--fw-version 2 '
185 '--private-key SIGNER.key --certificate SIGNER.crt '
186 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
187 'u-boot.bin.new Test113'
188 % (data_dir, u_boot_config.build_dir),
189 shell=True)
190 # FIT firmware signed with proper key with version information
191 check_call('cd %s; '
192 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
193 '--fw-version 5 '
194 '--private-key SIGNER.key --certificate SIGNER.crt '
195 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
196 'uboot_bin_env.itb Test114'
197 % (data_dir, u_boot_config.build_dir),
198 shell=True)
199 # FIT firmware signed with proper key with lower version information
200 check_call('cd %s; '
201 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
202 '--fw-version 2 '
203 '--private-key SIGNER.key --certificate SIGNER.crt '
204 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
205 'uboot_bin_env.itb Test115'
206 % (data_dir, u_boot_config.build_dir),
207 shell=True)
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]208
209 # Create a disk image with EFI system partition
210 check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
211 (mnt_point, image_path), shell=True)
212 check_call('sgdisk %s -A 1:set:0 -t 1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B' %
213 image_path, shell=True)
214
215 except CalledProcessError as exception:
216 pytest.skip('Setup failed: %s' % exception.cmd)
217 return
218 else:
219 yield image_path
220 finally:
221 call('rm -rf %s' % mnt_point, shell=True)
222 call('rm -f %s' % image_path, shell=True)
223 call('rm -f ./spi.bin', shell=True)