From d8a2d3b2901932179c5ee562c01473dd8cf77ae1 Mon Sep 17 00:00:00 2001 From: Lukas Funke Date: Thu, 3 Aug 2023 17:22:14 +0200 Subject: [PATCH] binman: ftest: Add test for xilinx-bootgen etype Add test for the 'xilinx-bootgen' etype Signed-off-by: Lukas Funke Reviewed-by: Simon Glass Allow missing bootgen tool; comment testXilinxBootgenMissing() comment: Signed-off-by: Simon Glass --- tools/binman/ftest.py | 77 +++++++++++++++++++ tools/binman/test/307_xilinx_bootgen_sign.dts | 22 ++++++ .../test/308_xilinx_bootgen_sign_enc.dts | 24 ++++++ 3 files changed, 123 insertions(+) create mode 100644 tools/binman/test/307_xilinx_bootgen_sign.dts create mode 100644 tools/binman/test/308_xilinx_bootgen_sign_enc.dts diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 78389b34a7..1293e9dbf4 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -7139,5 +7139,82 @@ fdt fdtmap Extract the devicetree blob from the fdtmap self.assertEqual(fdt_util.GetString(key_node, "key-name-hint"), "key") + def testXilinxBootgenSigning(self): + """Test xilinx-bootgen etype""" + bootgen = bintool.Bintool.create('bootgen') + self._CheckBintool(bootgen) + data = tools.read_file(self.TestFile("key.key")) + self._MakeInputFile("psk.pem", data) + self._MakeInputFile("ssk.pem", data) + self._SetupPmuFwlElf() + self._SetupSplElf() + self._DoReadFileRealDtb('307_xilinx_bootgen_sign.dts') + image_fname = tools.get_output_filename('image.bin') + + # Read partition header table and check if authentication is enabled + bootgen_out = bootgen.run_cmd("-arch", "zynqmp", + "-read", image_fname, "pht").splitlines() + attributes = {"authentication": None, + "core": None, + "encryption": None} + + for l in bootgen_out: + for a in attributes.keys(): + if a in l: + m = re.match(fr".*{a} \[([^]]+)\]", l) + attributes[a] = m.group(1) + + self.assertTrue(attributes['authentication'] == "rsa") + self.assertTrue(attributes['core'] == "a53-0") + self.assertTrue(attributes['encryption'] == "no") + + def testXilinxBootgenSigningEncryption(self): + """Test xilinx-bootgen etype""" + bootgen = bintool.Bintool.create('bootgen') + self._CheckBintool(bootgen) + data = tools.read_file(self.TestFile("key.key")) + self._MakeInputFile("psk.pem", data) + self._MakeInputFile("ssk.pem", data) + self._SetupPmuFwlElf() + self._SetupSplElf() + self._DoReadFileRealDtb('308_xilinx_bootgen_sign_enc.dts') + image_fname = tools.get_output_filename('image.bin') + + # Read boot header in order to verify encryption source and + # encryption parameter + bootgen_out = bootgen.run_cmd("-arch", "zynqmp", + "-read", image_fname, "bh").splitlines() + attributes = {"auth_only": + {"re": r".*auth_only \[([^]]+)\]", "value": None}, + "encryption_keystore": + {"re": r" *encryption_keystore \(0x28\) : (.*)", + "value": None}, + } + + for l in bootgen_out: + for a in attributes.keys(): + if a in l: + m = re.match(attributes[a]['re'], l) + attributes[a] = m.group(1) + + # Check if fsbl-attribute is set correctly + self.assertTrue(attributes['auth_only'] == "true") + # Check if key is stored in efuse + self.assertTrue(attributes['encryption_keystore'] == "0xa5c3c5a3") + + def testXilinxBootgenMissing(self): + """Test that binman still produces an image if bootgen is missing""" + data = tools.read_file(self.TestFile("key.key")) + self._MakeInputFile("psk.pem", data) + self._MakeInputFile("ssk.pem", data) + self._SetupPmuFwlElf() + self._SetupSplElf() + with test_util.capture_sys_output() as (_, stderr): + self._DoTestFile('307_xilinx_bootgen_sign.dts', + force_missing_bintools='bootgen') + err = stderr.getvalue() + self.assertRegex(err, + "Image 'image'.*missing bintools.*: bootgen") + if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/307_xilinx_bootgen_sign.dts b/tools/binman/test/307_xilinx_bootgen_sign.dts new file mode 100644 index 0000000000..02acf8652a --- /dev/null +++ b/tools/binman/test/307_xilinx_bootgen_sign.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + xilinx-bootgen { + auth-params = "ppk_select=0", "spk_id=0x00000000"; + pmufw-filename = "pmu-firmware.elf"; + psk-key-name-hint = "psk"; + ssk-key-name-hint = "ssk"; + + u-boot-spl-nodtb { + }; + u-boot-spl-dtb { + }; + }; + }; +}; diff --git a/tools/binman/test/308_xilinx_bootgen_sign_enc.dts b/tools/binman/test/308_xilinx_bootgen_sign_enc.dts new file mode 100644 index 0000000000..5d7ce4c1f5 --- /dev/null +++ b/tools/binman/test/308_xilinx_bootgen_sign_enc.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + xilinx-bootgen { + auth-params = "ppk_select=0", "spk_id=0x00000000"; + fsbl-config = "auth_only"; + keysrc-enc = "efuse_red_key"; + pmufw-filename = "pmu-firmware.elf"; + psk-key-name-hint = "psk"; + ssk-key-name-hint = "ssk"; + + u-boot-spl-nodtb { + }; + u-boot-spl-dtb { + }; + }; + }; +}; -- 2.39.5