From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9831AC433F5 for ; Mon, 17 Jan 2022 02:04:12 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D86BA81E3E; Mon, 17 Jan 2022 03:04:09 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bqAH+uXC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4944D82A71; Mon, 17 Jan 2022 03:04:07 +0100 (CET) Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5FA1C81DCC for ; Mon, 17 Jan 2022 03:04:02 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x52f.google.com with SMTP id g2so9367865pgo.9 for ; Sun, 16 Jan 2022 18:04:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=yJL3yICuIlUh63X2+I4oTtkxMR3nR6UGqHNFTPnTa9Q=; b=bqAH+uXC4RRJWknbviDBFCuxy6vQr0lfWnH7Wmudm/3eahJCzMw4CJOthOZHUqw1Py 699xtZJ5kNQMublghIMSAwxKLOTcO9zK3ZO/qmrRJUNz59CB9oy7xWXAHmeyVbHmcVzF lntMXTnn0uemh+3EziennJE8rEJXSFU5ZjrzINLU5FtMRfDcyWW8y1jKGpRZou/uiOkG e2ePGUJGpDEWNsOnAoiapkFc0mMbrlZfXvjuBLkiWnoFEjSTwKo3+SM2lWTLivRYRils XOb1GX1TFJkcH4kz5cfSNz9s9RHzTkxUiUI2UNEBAMR/uprSwVybT2m0XFCtZnludcIs BF+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=yJL3yICuIlUh63X2+I4oTtkxMR3nR6UGqHNFTPnTa9Q=; b=fJFDubZtSqDv7m4S2b9OZd58DJkU2wpndhRX7x+VC8XVUhY5uvC51KX8slQWTgtdwN j5A0NMrG7eem6OkR3IHBRsyvDLH1AQQFkZfbQRtQMnJ+jfWlvxj/7XzzY1nHUCOXT1DT FrCe08JLMW0CZ5xBlZz64gXvrIqn7TM0NofpLR0f77OcXozjaxbWbClvtgk5K9txB5ti dOxsYWhXR4EZ06HZwFC/C/ozFtlICbGmXP1GtMdSn0TaVZDEYjwrwZvB0cj80wWXfDpx 9BBgYd0OgyxzvGzWC4nWsbu57NO5h83K7JzJuX1bI5H2Ng/MRctcFGaPXqNapAtaMJip KOGg== X-Gm-Message-State: AOAM532ZoLd91K3jWu7qWM9xF/2X2+Beh1ZPzl6weH7PV4WkWRUIajuO eBIy//ocHZtc38cO4aq8w+bi8w== X-Google-Smtp-Source: ABdhPJxteIN/oRHf5cM3sx7cAH5rCCB03q0iFwXXvs1sHP26FHj2Jc/PmOR/isY+Nwa0y2VLpM4rqw== X-Received: by 2002:a63:6c04:: with SMTP id h4mr17065076pgc.30.1642385040513; Sun, 16 Jan 2022 18:04:00 -0800 (PST) Received: from laputa ([2400:4050:c3e1:100:d862:4b52:199a:dd27]) by smtp.gmail.com with ESMTPSA id o21sm10802243pjq.29.2022.01.16.18.03.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Jan 2022 18:03:59 -0800 (PST) Date: Mon, 17 Jan 2022 11:03:55 +0900 From: AKASHI Takahiro To: Heinrich Schuchardt Cc: agraf@csgraf.de, sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, mark.kettenis@xs4all.nl, u-boot@lists.denx.de Subject: Re: [PATCH v8 06/12] test/py: efi_capsule: add image authentication test Message-ID: <20220117020355.GD7045@laputa> Mail-Followup-To: AKASHI Takahiro , Heinrich Schuchardt , agraf@csgraf.de, sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, mark.kettenis@xs4all.nl, u-boot@lists.denx.de References: <20211220050253.31163-1-takahiro.akashi@linaro.org> <20211220050253.31163-7-takahiro.akashi@linaro.org> <93ac022e-ed13-7acd-40a2-783a9188d071@gmx.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <93ac022e-ed13-7acd-40a2-783a9188d071@gmx.de> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Sat, Jan 01, 2022 at 11:18:47PM +0100, Heinrich Schuchardt wrote: > On 12/20/21 06:02, AKASHI Takahiro wrote: > > Add a couple of test cases against capsule image authentication > > for capsule-on-disk, where only a signed capsule file with the verified > > signature will be applied to the system. > > > > Due to the difficulty of embedding a public key (esl file) in U-Boot > > binary during pytest setup time, all the keys/certificates are pre-created. > > > > Signed-off-by: AKASHI Takahiro > > Reviewed-by: Simon Glass > > Acked-by: Ilias Apalodimas > > --- > > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > > test/py/tests/test_efi_capsule/conftest.py | 52 +++- > > test/py/tests/test_efi_capsule/signature.dts | 10 + > > .../test_capsule_firmware_signed.py | 254 ++++++++++++++++++ > > 4 files changed, 318 insertions(+), 3 deletions(-) > > create mode 100644 test/py/tests/test_efi_capsule/signature.dts > > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > > > diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py > > index 4fd6353c2040..aa9bf5eee3aa 100644 > > --- a/test/py/tests/test_efi_capsule/capsule_defs.py > > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py > > @@ -3,3 +3,8 @@ > > # Directories > > CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' > > CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule' > > + > > +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and > > +# you need build a newer version on your own. > > Why should I build it on my own? The version in Debian Bullseye and > Ubuntu Impish is 1.9.2. Is your Linux distro outdated? ? This is just a cautious warning for users who might hit this bug in their own environment. > > +# The path must terminate with '/'. > > +EFITOOLS_PATH = '' > > This is contradictory. > '' seems not to be '/' terminated. OK. I will describe it more specifically, adding "if the path is not NULL". > > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py > > index 6ad5608cd71c..27c05971ca32 100644 > > --- a/test/py/tests/test_efi_capsule/conftest.py > > +++ b/test/py/tests/test_efi_capsule/conftest.py > > @@ -10,13 +10,13 @@ import pytest > > from capsule_defs import * > > > > # > > -# Fixture for UEFI secure boot test > > +# Fixture for UEFI capsule test > > # > > > > - > > @pytest.fixture(scope='session') > > def efi_capsule_data(request, u_boot_config): > > - """Set up a file system to be used in UEFI capsule test. > > + """Set up a file system to be used in UEFI capsule and > > + authentication test. > > > > Args: > > request: Pytest request object. > > @@ -40,6 +40,36 @@ def efi_capsule_data(request, u_boot_config): > > check_call('mkdir -p %s' % data_dir, shell=True) > > check_call('mkdir -p %s' % install_dir, shell=True) > > > > + capsule_auth_enabled = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_authenticate') > > + if capsule_auth_enabled: > > + # Create private key (SIGNER.key) and certificate (SIGNER.crt) > > + check_call('cd %s; ' > > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > > + '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key ' > > + '-out SIGNER.crt -nodes -days 365' > > + % data_dir, shell=True) > > + check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl' > > + % (data_dir, EFITOOLS_PATH), shell=True) > > + > > + # Update dtb adding capsule certificate > > + check_call('cd %s; ' > > + 'cp %s/test/py/tests/test_efi_capsule/signature.dts .' > > + % (data_dir, u_boot_config.source_dir), shell=True) > > + check_call('cd %s; ' > > + 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; ' > > + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' > > + '-o test_sig.dtb signature.dtbo' > > + % (data_dir, u_boot_config.build_dir), shell=True) > > + > > + # Create *malicious* private key (SIGNER2.key) and certificate > > There is nothing malicious in an unsupported private key. > > %s/\*malicious\*/unsupported/ I believe that "unsupported" is very much ambiguous and "malicious" is much better in terms of the test purpose in this test case. For instance, the key should be invalidated if it was broken or the image was signed by a faked or "malicious" key. -Takahiro Akashi > Best regards > > Heinrich > > > + # (SIGNER2.crt) > > + check_call('cd %s; ' > > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > > + '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key ' > > + '-out SIGNER2.crt -nodes -days 365' > > + % data_dir, shell=True) > > + > > # Create capsule files > > # two regions: one for u-boot.bin and the other for u-boot.env > > check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, > > @@ -56,6 +86,22 @@ def efi_capsule_data(request, u_boot_config): > > check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 Test02' % > > (data_dir, u_boot_config.build_dir), > > shell=True) > > + if capsule_auth_enabled: > > + # firmware signed with proper key > > + check_call('cd %s; ' > > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > > + '--private-key SIGNER.key --certificate SIGNER.crt ' > > + '--raw u-boot.bin.new Test11' > > + % (data_dir, u_boot_config.build_dir), > > + shell=True) > > + # firmware signed with *mal* key > > + check_call('cd %s; ' > > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > > + '--private-key SIGNER2.key ' > > + '--certificate SIGNER2.crt ' > > + '--raw u-boot.bin.new Test12' > > + % (data_dir, u_boot_config.build_dir), > > + shell=True) > > > > # Create a disk image with EFI system partition > > check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % > > diff --git a/test/py/tests/test_efi_capsule/signature.dts b/test/py/tests/test_efi_capsule/signature.dts > > new file mode 100644 > > index 000000000000..078cfc76c93c > > --- /dev/null > > +++ b/test/py/tests/test_efi_capsule/signature.dts > > @@ -0,0 +1,10 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > + > > +/dts-v1/; > > +/plugin/; > > + > > +&{/} { > > + signature { > > + capsule-key = /incbin/("SIGNER.esl"); > > + }; > > +}; > > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > new file mode 100644 > > index 000000000000..593b032e9015 > > --- /dev/null > > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > @@ -0,0 +1,254 @@ > > +# SPDX-License-Identifier: GPL-2.0+ > > +# Copyright (c) 2021, Linaro Limited > > +# Author: AKASHI Takahiro > > +# > > +# U-Boot UEFI: Firmware Update (Signed capsule) Test > > + > > +""" > > +This test verifies capsule-on-disk firmware update > > +with signed capsule files > > +""" > > + > > +import pytest > > +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR > > + > > +@pytest.mark.boardspec('sandbox') > > +@pytest.mark.buildconfigspec('efi_capsule_firmware_raw') > > +@pytest.mark.buildconfigspec('efi_capsule_authenticate') > > +@pytest.mark.buildconfigspec('dfu') > > +@pytest.mark.buildconfigspec('dfu_sf') > > +@pytest.mark.buildconfigspec('cmd_efidebug') > > +@pytest.mark.buildconfigspec('cmd_fat') > > +@pytest.mark.buildconfigspec('cmd_memory') > > +@pytest.mark.buildconfigspec('cmd_nvedit_efi') > > +@pytest.mark.buildconfigspec('cmd_sf') > > +@pytest.mark.slow > > +class TestEfiCapsuleFirmwareSigned(object): > > + def test_efi_capsule_auth1( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 1 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is properly signed, the authentication > > + should pass and the firmware be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 1-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test11 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 1-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' not in ''.join(output) > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:New' in ''.join(output) > > + > > + def test_efi_capsule_auth2( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 2 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is signed but with an invalid key, > > + the authentication should fail and the firmware > > + not be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 2-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test12 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 2-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + # deleted any way > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' not in ''.join(output) > > + > > + # TODO: check CapsuleStatus in CapsuleXXXX > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:Old' in ''.join(output) > > + > > + def test_efi_capsule_auth3( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 3 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is not signed, the authentication > > + should fail and the firmware not be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 3-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test02 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 3-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + # deleted any way > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' not in ''.join(output) > > + > > + # TODO: check CapsuleStatus in CapsuleXXXX > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:Old' in ''.join(output) >