From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Mh9B=PX=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 933C2C433F5
	for <u-boot@archiver.kernel.org>; Thu,  4 Nov 2021 02:04:20 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2678760EBC
	for <u-boot@archiver.kernel.org>; Thu,  4 Nov 2021 02:04:19 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2678760EBC
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id B515C83642;
	Thu,  4 Nov 2021 03:04:15 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="tF8M/8np";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 77BCC83642; Thu,  4 Nov 2021 03:04:13 +0100 (CET)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com
 [IPv6:2607:f8b0:4864:20::632])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 4AE6B83632
 for <u-boot@lists.denx.de>; Thu,  4 Nov 2021 03:04:09 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pl1-x632.google.com with SMTP id p18so4640354plf.13
 for <u-boot@lists.denx.de>; Wed, 03 Nov 2021 19:04:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:mail-followup-to:references
 :mime-version:content-disposition:in-reply-to;
 bh=Y/XccWxS9ZaYWF6+b0gKIzCRF9fdMAQMCVe+U8k7t8Q=;
 b=tF8M/8npVb0aQGzgGEOrv3oriz4FAJSLXcHveTh4lk7R0w+ykdLG10wXzzn8F/n2Mq
 crkJ/3im9RyjUlCLmxik8URcqfwSM5Kjl6Im1fI33t8urrOjUk3st4QGBifK2boUfXb2
 xfRDlSzn66gu0OTVMkjOUjo0LCg3k8qDYDpr0zP1zwUSFZ8NT7SG4aG1nvgi8jHk4VaW
 oXJw3Hy5n2Qdw2abITlTcundvh9nQbn8whryXQfVGgFmItlTYJQPIRFuHha1a2rls4H1
 nXdTztfRKdsNX4LiOPYtJvkep0z0sGcBFMQHShRriUFi6zMRwWDoqAkwfRkcAvZ5fLmq
 tn8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id
 :mail-followup-to:references:mime-version:content-disposition
 :in-reply-to;
 bh=Y/XccWxS9ZaYWF6+b0gKIzCRF9fdMAQMCVe+U8k7t8Q=;
 b=GTX4WFgyG6Jr7WO0PfUnnlWygFfKiRRKFYc+JGZdk4nUnlEfZVI+6Dy+i1iEl4Oxwr
 026aR/3ND9vSXK6toiBZhPLAhkmE6YKDlpMOcvo2vGu8cyfpNUF6lPR63YdUHaVYJiRg
 FR3lyTnlqda1y1+uFiYe4Gxur9Y0vLuZaO5mRfq0EwrXEbsKv419ZqSAN3831pLU9DMy
 P83fp6/e6kw6/MKh4febKIAqNamzc+7MnJjB9y6xk0sRmleA/Wq+sBhXlvZOAhOKJNkI
 OYz+wGdCEZggo93wr9K/bjRvZNzSqUgbiFcNDAV5+pMjW3A1PusHIod8R/F0UrEkpsHN
 xV+A==
X-Gm-Message-State: AOAM531RxVQQVfQ+Ss04TYCd8nWH8U8yqCu871bXOIyJjc28ax0ArQ8A
 8e9ekwFGnOVUrHkLVOwratbWeQ==
X-Google-Smtp-Source: ABdhPJzRR+MmvD3NABE5f1FCFrZ9QRx1XgjjC7c0ALTQoGozM3ZslxcD4Im6ptdw9efO01Ouiv5nAg==
X-Received: by 2002:a17:902:da81:b0:141:fa9d:806d with SMTP id
 j1-20020a170902da8100b00141fa9d806dmr19112470plx.26.1635991447521; 
 Wed, 03 Nov 2021 19:04:07 -0700 (PDT)
Received: from laputa ([2400:4050:c3e1:100:9171:d985:c6fb:194d])
 by smtp.gmail.com with ESMTPSA id d12sm3959265pfl.141.2021.11.03.19.04.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 03 Nov 2021 19:04:07 -0700 (PDT)
Date: Thu, 4 Nov 2021 11:04:03 +0900
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>, Alex Graf <agraf@csgraf.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Sughosh Ganu <sughosh.ganu@linaro.org>,
 Masami Hiramatsu <masami.hiramatsu@linaro.org>,
 U-Boot Mailing List <u-boot@lists.denx.de>
Subject: Re: [PATCH v5 05/11] test/py: efi_capsule: add image authentication
 test
Message-ID: <20211104020403.GB46422@laputa>
Mail-Followup-To: AKASHI Takahiro <takahiro.akashi@linaro.org>,
 Simon Glass <sjg@chromium.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Alex Graf <agraf@csgraf.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Sughosh Ganu <sughosh.ganu@linaro.org>,
 Masami Hiramatsu <masami.hiramatsu@linaro.org>,
 U-Boot Mailing List <u-boot@lists.denx.de>
References: <20211028062356.98224-1-takahiro.akashi@linaro.org>
 <20211028062356.98224-6-takahiro.akashi@linaro.org>
 <CAPnjgZ04E29oenqoVs6nPqzmdOrb01xVvC+WCRe79OB0BrqnkA@mail.gmail.com>
 <20211029052539.GC33977@laputa>
 <CAPnjgZ0CMCBinED9EbC-BSDRpa_0cBPLEUpN1+suaFyLEeBgCw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAPnjgZ0CMCBinED9EbC-BSDRpa_0cBPLEUpN1+suaFyLEeBgCw@mail.gmail.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On Tue, Nov 02, 2021 at 08:58:15AM -0600, Simon Glass wrote:
> Hi Takahiro,
> 
> On Thu, 28 Oct 2021 at 23:25, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > On Thu, Oct 28, 2021 at 09:17:49PM -0600, Simon Glass wrote:
> > > Hi Takahiro,
> > >
> > > On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro
> > > <takahiro.akashi@linaro.org> wrote:
> > > >
> > > > Add a couple of test cases against capsule image authentication
> > > > for capsule-on-disk, where only a signed capsule file with the verified
> > > > signature will be applied to the system.
> > > >
> > > > Due to the difficulty of embedding a public key (esl file) in U-Boot
> > > > binary during pytest setup time, all the keys/certificates are pre-created.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > ---
> > > >  .../py/tests/test_efi_capsule/capsule_defs.py |   5 +
> > > >  test/py/tests/test_efi_capsule/conftest.py    |  35 ++-
> > > >  test/py/tests/test_efi_capsule/signature.dts  |  10 +
> > > >  .../test_capsule_firmware_signed.py           | 233 ++++++++++++++++++
> > > >  4 files changed, 280 insertions(+), 3 deletions(-)
> > > >  create mode 100644 test/py/tests/test_efi_capsule/signature.dts
> > > >  create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py
> > > >
> > > > diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py
> > > > index 4fd6353c2040..aa9bf5eee3aa 100644
> > > > --- a/test/py/tests/test_efi_capsule/capsule_defs.py
> > > > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py
> > > > @@ -3,3 +3,8 @@
> > > >  # Directories
> > > >  CAPSULE_DATA_DIR = '/EFI/CapsuleTestData'
> > > >  CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule'
> > > > +
> > > > +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and
> > > > +# you need build a newer version on your own.
> > > > +# The path must terminate with '/'.
> > > > +EFITOOLS_PATH = ''
> > > > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py
> > > > index 6ad5608cd71c..b0e84dec4931 100644
> > > > --- a/test/py/tests/test_efi_capsule/conftest.py
> > > > +++ b/test/py/tests/test_efi_capsule/conftest.py
> > > > @@ -10,13 +10,13 @@ import pytest
> > > >  from capsule_defs import *
> > > >
> > > >  #
> > > > -# Fixture for UEFI secure boot test
> > > > +# Fixture for UEFI capsule test
> > > >  #
> > > >
> > > > -
> > > >  @pytest.fixture(scope='session')
> > > >  def efi_capsule_data(request, u_boot_config):
> > > > -    """Set up a file system to be used in UEFI capsule test.
> > > > +    """Set up a file system to be used in UEFI capsule and
> > > > +       authentication test.
> > > >
> > > >      Args:
> > > >          request: Pytest request object.
> > > > @@ -40,6 +40,26 @@ def efi_capsule_data(request, u_boot_config):
> > > >          check_call('mkdir -p %s' % data_dir, shell=True)
> > > >          check_call('mkdir -p %s' % install_dir, shell=True)
> > > >
> > > > +        capsule_auth_enabled = u_boot_config.buildconfig.get(
> > > > +                    'config_efi_capsule_authenticate')
> > > > +        if capsule_auth_enabled:
> > > > +            # Create private key (SIGNER.key) and certificate (SIGNER.crt)
> > > > +            check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365'
> > > > +                       % data_dir, shell=True)
> > >
> > > run_and_log()?
> >
> > I have always used this style of coding in this file as well as
> > other my pytests in test/py/tests (filesystem and secure boot).
> >
> > So, at least in this patch, I don't want to have mixed styles.
> 
> I don't mind about the style.
> 
> Does the command appear in the test log?

I don't think so as it is invoked in conftest.py.
If the command fails, the tests will skip, and if it generates
a improper signature, the tests will fail.

-Takahiro Akashi


> Regards,
> Simon