Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / bd932b7da0088ec2a3ba23f2c3da1bee68b42834 / . / test / py / tests / test_efi_capsule / conftest.py
blob: 0e5137de60d2d5087b9c7cb51f7fc003384feda2 [file] [log] [blame]
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]1# SPDX-License-Identifier: GPL-2.0+
2# Copyright (c) 2020, Linaro Limited
3# Author: AKASHI Takahiro <takahiro.akashi@linaro.org>
4
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]5"""Fixture for UEFI capsule test
6"""
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]7
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]8from subprocess import call, check_call, CalledProcessError
9import pytest
10from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR, EFITOOLS_PATH
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]11
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]12@pytest.fixture(scope='session')
13def efi_capsule_data(request, u_boot_config):
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]14 """Set up a file system to be used in UEFI capsule and authentication test
15 and return a ath to disk image to be used for testing
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]16
Heinrich Schuchardt2275a412023-04-13 18:13:32 +0200[diff] [blame]17 request -- Pytest request object.
18 u_boot_config -- U-boot configuration.
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]19 """
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]20
21 mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule'
22 data_dir = mnt_point + CAPSULE_DATA_DIR
23 install_dir = mnt_point + CAPSULE_INSTALL_DIR
24 image_path = u_boot_config.persistent_data_dir + '/test_efi_capsule.img'
25
26 try:
27 # Create a target device
28 check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True)
29
30 check_call('rm -rf %s' % mnt_point, shell=True)
31 check_call('mkdir -p %s' % data_dir, shell=True)
32 check_call('mkdir -p %s' % install_dir, shell=True)
33
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]34 capsule_auth_enabled = u_boot_config.buildconfig.get(
35 'config_efi_capsule_authenticate')
36 if capsule_auth_enabled:
37 # Create private key (SIGNER.key) and certificate (SIGNER.crt)
38 check_call('cd %s; '
39 'openssl req -x509 -sha256 -newkey rsa:2048 '
40 '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key '
41 '-out SIGNER.crt -nodes -days 365'
42 % data_dir, shell=True)
43 check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl'
44 % (data_dir, EFITOOLS_PATH), shell=True)
45
46 # Update dtb adding capsule certificate
47 check_call('cd %s; '
48 'cp %s/test/py/tests/test_efi_capsule/signature.dts .'
49 % (data_dir, u_boot_config.source_dir), shell=True)
50 check_call('cd %s; '
51 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; '
52 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb '
53 '-o test_sig.dtb signature.dtbo'
54 % (data_dir, u_boot_config.build_dir), shell=True)
55
56 # Create *malicious* private key (SIGNER2.key) and certificate
57 # (SIGNER2.crt)
58 check_call('cd %s; '
59 'openssl req -x509 -sha256 -newkey rsa:2048 '
60 '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key '
61 '-out SIGNER2.crt -nodes -days 365'
62 % data_dir, shell=True)
63
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]64 # Create capsule files
65 # two regions: one for u-boot.bin and the other for u-boot.env
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]66 check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old > u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir,
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]67 shell=True)
68 check_call('sed -e \"s?BINFILE1?u-boot.bin.new?\" -e \"s?BINFILE2?u-boot.env.new?\" %s/test/py/tests/test_efi_capsule/uboot_bin_env.its > %s/uboot_bin_env.its' %
69 (u_boot_config.source_dir, data_dir),
70 shell=True)
71 check_call('cd %s; %s/tools/mkimage -f uboot_bin_env.its uboot_bin_env.itb' %
72 (data_dir, u_boot_config.build_dir),
73 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]74 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 u-boot.bin.new Test01' %
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]75 (data_dir, u_boot_config.build_dir),
76 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]77 check_call('cd %s; %s/tools/mkeficapsule --index 2 --guid 5A7021F5-FEF2-48B4-AABA-832E777418C0 u-boot.env.new Test02' %
AKASHI Takahiro30a7c612020-11-30 18:12:17 +0900[diff] [blame]78 (data_dir, u_boot_config.build_dir),
79 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]80 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 u-boot.bin.new Test03' %
AKASHI Takahiro20d91552022-02-09 19:10:41 +0900[diff] [blame]81 (data_dir, u_boot_config.build_dir),
82 shell=True)
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]83 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test04' %
84 (data_dir, u_boot_config.build_dir),
85 shell=True)
86 check_call('cd %s; %s/tools/mkeficapsule --index 1 --guid 058B7D83-50D5-4C47-A195-60D86AD341C4 uboot_bin_env.itb Test05' %
87 (data_dir, u_boot_config.build_dir),
88 shell=True)
89
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]90 if capsule_auth_enabled:
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]91 # raw firmware signed with proper key
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]92 check_call('cd %s; '
93 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
94 '--private-key SIGNER.key --certificate SIGNER.crt '
Vincent Stehléf0c7daa2022-05-31 09:55:33 +0200[diff] [blame]95 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]96 'u-boot.bin.new Test11'
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]97 % (data_dir, u_boot_config.build_dir),
98 shell=True)
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]99 # raw firmware signed with *mal* key
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]100 check_call('cd %s; '
101 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
102 '--private-key SIGNER2.key '
103 '--certificate SIGNER2.crt '
Vincent Stehléf0c7daa2022-05-31 09:55:33 +0200[diff] [blame]104 '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8 '
Sughosh Ganu2db313d2022-04-15 11:29:38 +0530[diff] [blame]105 'u-boot.bin.new Test12'
AKASHI Takahiro0bdde5f2022-02-09 19:10:38 +0900[diff] [blame]106 % (data_dir, u_boot_config.build_dir),
107 shell=True)
Vincent Stehlé6a4625e2022-05-31 09:55:34 +0200[diff] [blame]108 # FIT firmware signed with proper key
109 check_call('cd %s; '
110 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
111 '--private-key SIGNER.key --certificate SIGNER.crt '
112 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
113 'uboot_bin_env.itb Test13'
114 % (data_dir, u_boot_config.build_dir),
115 shell=True)
116 # FIT firmware signed with *mal* key
117 check_call('cd %s; '
118 '%s/tools/mkeficapsule --index 1 --monotonic-count 1 '
119 '--private-key SIGNER2.key '
120 '--certificate SIGNER2.crt '
121 '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 '
122 'uboot_bin_env.itb Test14'
123 % (data_dir, u_boot_config.build_dir),
124 shell=True)
AKASHI Takahiro0f626ce2020-11-30 18:12:16 +0900[diff] [blame]125
126 # Create a disk image with EFI system partition
127 check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' %
128 (mnt_point, image_path), shell=True)
129 check_call('sgdisk %s -A 1:set:0 -t 1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B' %
130 image_path, shell=True)
131
132 except CalledProcessError as exception:
133 pytest.skip('Setup failed: %s' % exception.cmd)
134 return
135 else:
136 yield image_path
137 finally:
138 call('rm -rf %s' % mnt_point, shell=True)
139 call('rm -f %s' % image_path, shell=True)
140 call('rm -f ./spi.bin', shell=True)