From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D8045C433FE for ; Mon, 3 Oct 2022 07:52:42 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5F79984DB4; Mon, 3 Oct 2022 09:52:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZdoIJ7aL"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1D1AF84DB5; Mon, 3 Oct 2022 09:52:38 +0200 (CEST) Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4795F84D75 for ; Mon, 3 Oct 2022 09:52:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pf1-x435.google.com with SMTP id i6so9551477pfb.2 for ; Mon, 03 Oct 2022 00:52:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=WpXdSvPa/D9Jy/SHMnMh140Rs3omGzPDtZrK19Dljtw=; b=ZdoIJ7aL/Lp69JWro7YCRtxNoweF/9/XGqP55AuJQEQU7bWjHI7j+4pGurLrR4KMDi ebF1Lyb34RXPDyj7Uy8mF1UBrEUjh+rR7/IGL4uSj2fRYI8eH14/rsd9w8Jy+0Cflcc7 VG8kdX1hq9tuVG89DRodYNHpvWOL0FWwqd/ecsGeguZsXbCZuTHuSXv86MlfNzeOS3A+ inAS+RK8XY4sB+20hEBy8nuGDdXqD5Um6AwYeWtSFyaRofbrlIQaGyfd4nSBSU7C0yT+ ysF3dy2tZmfcowiZp1sjl4YbXARPlSbcSpwpohDsFZSM+jHyg1beiezUlmy1Y38LMs0w nwcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WpXdSvPa/D9Jy/SHMnMh140Rs3omGzPDtZrK19Dljtw=; b=XZRREcs41LrNp8owFEux8nUTgG3BeTeabNMRAprQn9emh0Bhdzo69psgNXO2gA2MdO qmP408rbPDRnYmCcTwaaplYkbEunm/ai60LuaXKQHRI7zu99iHxeEfjKqNqYStIIQS4G dV9BE92DBFsHHwyTJap/1ox1CapQJLTd3Le/OLEWUIAg3zmJPanpaKE8PqpwUs+XdjP/ BqSo+3hrw0EoWSDhLbVd9FSPwgAS4xrSsGaXcB4KRW0fT/D/wwc0Ei3M4lG+59+GXsWP CWEKtrJUV0/kHT9G8Xp50r88TFxbw79B/cU7Ov2EllEkRx/g38pitfVxU3u8HrRm8R/4 RiJA== X-Gm-Message-State: ACrzQf3AeKnia3WYAEDS48CLFas4LMPIb/2ZTAj92ybx0+rqrkAIs3AF iVFS6PzH/REZnnYAD/4or3h8Mg== X-Google-Smtp-Source: AMsMyM7zKPF3m8PQ3vDRY65hhM7Vn2ti2AfSwYOO7Sw1N1ClPmcZIThBohESleFGDhoYEgJsHEs5mA== X-Received: by 2002:a63:6c01:0:b0:429:ea6e:486d with SMTP id h1-20020a636c01000000b00429ea6e486dmr17454793pgc.247.1664783553358; Mon, 03 Oct 2022 00:52:33 -0700 (PDT) Received: from laputa ([2400:4050:c3e1:100:89e:d429:f30:41af]) by smtp.gmail.com with ESMTPSA id y1-20020aa793c1000000b0053ea3d2ecd6sm1051512pff.94.2022.10.03.00.52.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Oct 2022 00:52:32 -0700 (PDT) Date: Mon, 3 Oct 2022 16:52:28 +0900 From: Takahiro Akashi To: Masahisa Kojima Cc: u-boot@lists.denx.de, Heinrich Schuchardt , Ilias Apalodimas Subject: Re: [PATCH] test/py: efi_secboot: Remove unnecessary cert-to-efi-hash-list option Message-ID: <20221003075228.GA54319@laputa> Mail-Followup-To: Takahiro Akashi , Masahisa Kojima , u-boot@lists.denx.de, Heinrich Schuchardt , Ilias Apalodimas References: <20221003071215.21883-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221003071215.21883-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Mon, Oct 03, 2022 at 04:12:15PM +0900, Masahisa Kojima wrote: > 'cert-to-efi-hash-list -t 0' does not work as expected, it produces > indeterminate timestamp. > > $ cert-to-efi-hash-list -t 0 -s 256 db.crt dbx_hash.crl > TimeOfRevocation is 0-113-0 00:00:255 > > If we need the CRL revoked for all the time, just don't specify > '-t' option. Correct. Thank you for the fix. (The tests happen to pass since the year is always 0 (or 1900?).) -Takahiro Akashi > $ cert-to-efi-hash-list -s 256 db.crt dbx_hash.crl > TimeOfRevocation is 0-0-0 00:00:00 > > Signed-off-by: Masahisa Kojima > --- > test/py/tests/test_efi_secboot/conftest.py | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py > index db6b8d301f..f2f914f617 100644 > --- a/test/py/tests/test_efi_secboot/conftest.py > +++ b/test/py/tests/test_efi_secboot/conftest.py > @@ -77,17 +77,17 @@ def efi_boot_env(request, u_boot_config): > % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), > shell=True) > # dbx_hash (digest of TEST_db certificate) > - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' > + check_call('cd %s; %scert-to-efi-hash-list -g %s -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' > % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), > shell=True) > - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 384 db.crt dbx_hash384.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash384.crl dbx_hash384.auth' > + check_call('cd %s; %scert-to-efi-hash-list -g %s -s 384 db.crt dbx_hash384.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash384.crl dbx_hash384.auth' > % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), > shell=True) > - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 512 db.crt dbx_hash512.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash512.crl dbx_hash512.auth' > + check_call('cd %s; %scert-to-efi-hash-list -g %s -s 512 db.crt dbx_hash512.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash512.crl dbx_hash512.auth' > % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), > shell=True) > # dbx_hash1 (digest of TEST_db1 certificate) > - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db1.crt dbx_hash1.crl; %ssign-efi-sig-list -t "2020-04-06" -c KEK.crt -k KEK.key dbx dbx_hash1.crl dbx_hash1.auth' > + check_call('cd %s; %scert-to-efi-hash-list -g %s -s 256 db1.crt dbx_hash1.crl; %ssign-efi-sig-list -t "2020-04-06" -c KEK.crt -k KEK.key dbx dbx_hash1.crl dbx_hash1.auth' > % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), > shell=True) > # dbx_db (with TEST_db certificate) > -- > 2.17.1 >