From: Tom Rini Date: Thu, 16 Mar 2023 16:16:14 +0000 (-0400) Subject: Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next X-Git-Tag: v2025.01-rc5-pxa1908~1023^2~32 X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20%24image.RelPermalink%20%7D%7D?a=commitdiff_plain;h=cb90ddb2a64f30e6b0411f9385ddd84c5612314e;p=u-boot.git Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next More tests and fixes for fdt command binman signing feature fix buildman -A bug introduced recently Signed-off-by: Tom Rini --- cb90ddb2a64f30e6b0411f9385ddd84c5612314e diff --cc tools/binman/ftest.py index d455ea02ea,9862e23438..43b4f850a6 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@@ -6567,22 -6573,91 +6575,107 @@@ fdt fdtmap Extra err = stderr.getvalue() self.assertRegex(err, "Image 'image'.*missing bintools.*: openssl") + def testPackRockchipTpl(self): + """Test that an image with a Rockchip TPL binary can be created""" + data = self._DoReadFile('277_rockchip_tpl.dts') + self.assertEqual(ROCKCHIP_TPL_DATA, data[:len(ROCKCHIP_TPL_DATA)]) + + def testMkimageMissingBlobMultiple(self): + """Test missing blob with mkimage entry and multiple-data-files""" + with test_util.capture_sys_output() as (stdout, stderr): + self._DoTestFile('278_mkimage_missing_multiple.dts', allow_missing=True) + err = stderr.getvalue() + self.assertIn("is missing external blobs and is non-functional", err) + + with self.assertRaises(ValueError) as e: + self._DoTestFile('278_mkimage_missing_multiple.dts', allow_missing=False) + self.assertIn("not found in input path", str(e.exception)) + + def _PrepareSignEnv(self, dts='280_fit_sign.dts'): + """Prepare sign environment + + Create private and public keys, add pubkey into dtb. + + Returns: + Tuple: + FIT container + Image name + Private key + DTB + """ + + data = self._DoReadFileRealDtb(dts) + updated_fname = tools.get_output_filename('image-updated.bin') + tools.write_file(updated_fname, data) + dtb = tools.get_output_filename('source.dtb') + private_key = tools.get_output_filename('test_key.key') + public_key = tools.get_output_filename('test_key.crt') + fit = tools.get_output_filename('fit.fit') + key_dir = tools.get_output_dir() + + tools.run('openssl', 'req', '-batch' , '-newkey', 'rsa:4096', + '-sha256', '-new', '-nodes', '-x509', '-keyout', + private_key, '-out', public_key) + tools.run('fdt_add_pubkey', '-a', 'sha256,rsa4096', '-k', key_dir, + '-n', 'test_key', '-r', 'conf', dtb) + + return fit, updated_fname, private_key, dtb + + def testSignSimple(self): + """Test that a FIT container can be signed in image""" + is_signed = False + fit, fname, private_key, dtb = self._PrepareSignEnv() + + # do sign with private key + control.SignEntries(fname, None, private_key, 'sha256,rsa4096', + ['fit']) + is_signed = self._CheckSign(fit, dtb) + + self.assertEqual(is_signed, True) + + def testSignExactFIT(self): + """Test that a FIT container can be signed and replaced in image""" + is_signed = False + fit, fname, private_key, dtb = self._PrepareSignEnv() + + # Make sure we propagate the toolpath, since mkimage may not be on PATH + args = [] + if self.toolpath: + for path in self.toolpath: + args += ['--toolpath', path] + + # do sign with private key + self._DoBinman(*args, 'sign', '-i', fname, '-k', private_key, '-a', + 'sha256,rsa4096', '-f', fit, 'fit') + is_signed = self._CheckSign(fit, dtb) + + self.assertEqual(is_signed, True) + + def testSignNonFit(self): + """Test a non-FIT entry cannot be signed""" + is_signed = False + fit, fname, private_key, _ = self._PrepareSignEnv( + '281_sign_non_fit.dts') + + # do sign with private key + with self.assertRaises(ValueError) as e: + self._DoBinman('sign', '-i', fname, '-k', private_key, '-a', + 'sha256,rsa4096', '-f', fit, 'u-boot') + self.assertIn( + "Node '/u-boot': Updating signatures is not supported with this entry type", + str(e.exception)) + + def testSignMissingMkimage(self): + """Test that FIT signing handles a missing mkimage tool""" + fit, fname, private_key, _ = self._PrepareSignEnv() + + # try to sign with a missing mkimage tool + bintool.Bintool.set_missing_list(['mkimage']) + with self.assertRaises(ValueError) as e: + control.SignEntries(fname, None, private_key, 'sha256,rsa4096', + ['fit']) + self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception)) + if __name__ == "__main__": unittest.main()