From: Tom Rini <trini@konsulko.com>
Date: Thu, 16 Mar 2023 16:16:14 +0000 (-0400)
Subject: Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next
X-Git-Url: http://git.dujemihanovic.xyz/img/static/git-favicon.png?a=commitdiff_plain;h=cb90ddb2a64f30e6b0411f9385ddd84c5612314e;p=u-boot.git

Merge tag 'dm-next-12mar23a' of git://git.denx.de/u-boot-dm into next

More tests and fixes for fdt command
binman signing feature
fix buildman -A bug introduced recently

Signed-off-by: Tom Rini <trini@konsulko.com>
---

cb90ddb2a64f30e6b0411f9385ddd84c5612314e
diff --cc tools/binman/ftest.py
index d455ea02ea,9862e23438..43b4f850a6
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@@ -6567,22 -6573,91 +6575,107 @@@ fdt         fdtmap                Extra
          err = stderr.getvalue()
          self.assertRegex(err, "Image 'image'.*missing bintools.*: openssl")
  
 +    def testPackRockchipTpl(self):
 +        """Test that an image with a Rockchip TPL binary can be created"""
 +        data = self._DoReadFile('277_rockchip_tpl.dts')
 +        self.assertEqual(ROCKCHIP_TPL_DATA, data[:len(ROCKCHIP_TPL_DATA)])
 +
 +    def testMkimageMissingBlobMultiple(self):
 +        """Test missing blob with mkimage entry and multiple-data-files"""
 +        with test_util.capture_sys_output() as (stdout, stderr):
 +            self._DoTestFile('278_mkimage_missing_multiple.dts', allow_missing=True)
 +        err = stderr.getvalue()
 +        self.assertIn("is missing external blobs and is non-functional", err)
 +
 +        with self.assertRaises(ValueError) as e:
 +            self._DoTestFile('278_mkimage_missing_multiple.dts', allow_missing=False)
 +        self.assertIn("not found in input path", str(e.exception))
 +
+     def _PrepareSignEnv(self, dts='280_fit_sign.dts'):
+         """Prepare sign environment
+ 
+         Create private and public keys, add pubkey into dtb.
+ 
+         Returns:
+             Tuple:
+                 FIT container
+                 Image name
+                 Private key
+                 DTB
+         """
+ 
+         data = self._DoReadFileRealDtb(dts)
+         updated_fname = tools.get_output_filename('image-updated.bin')
+         tools.write_file(updated_fname, data)
+         dtb = tools.get_output_filename('source.dtb')
+         private_key = tools.get_output_filename('test_key.key')
+         public_key = tools.get_output_filename('test_key.crt')
+         fit = tools.get_output_filename('fit.fit')
+         key_dir = tools.get_output_dir()
+ 
+         tools.run('openssl', 'req', '-batch' , '-newkey', 'rsa:4096',
+                   '-sha256', '-new',  '-nodes',  '-x509', '-keyout',
+                   private_key, '-out', public_key)
+         tools.run('fdt_add_pubkey', '-a', 'sha256,rsa4096', '-k', key_dir,
+                   '-n', 'test_key', '-r', 'conf', dtb)
+ 
+         return fit, updated_fname, private_key, dtb
+ 
+     def testSignSimple(self):
+         """Test that a FIT container can be signed in image"""
+         is_signed = False
+         fit, fname, private_key, dtb = self._PrepareSignEnv()
+ 
+         # do sign with private key
+         control.SignEntries(fname, None, private_key, 'sha256,rsa4096',
+                             ['fit'])
+         is_signed = self._CheckSign(fit, dtb)
+ 
+         self.assertEqual(is_signed, True)
+ 
+     def testSignExactFIT(self):
+         """Test that a FIT container can be signed and replaced in image"""
+         is_signed = False
+         fit, fname, private_key, dtb = self._PrepareSignEnv()
+ 
+         # Make sure we propagate the toolpath, since mkimage may not be on PATH
+         args = []
+         if self.toolpath:
+             for path in self.toolpath:
+                 args += ['--toolpath', path]
+ 
+         # do sign with private key
+         self._DoBinman(*args, 'sign', '-i', fname, '-k', private_key, '-a',
+                        'sha256,rsa4096', '-f', fit, 'fit')
+         is_signed = self._CheckSign(fit, dtb)
+ 
+         self.assertEqual(is_signed, True)
+ 
+     def testSignNonFit(self):
+         """Test a non-FIT entry cannot be signed"""
+         is_signed = False
+         fit, fname, private_key, _ = self._PrepareSignEnv(
+             '281_sign_non_fit.dts')
+ 
+         # do sign with private key
+         with self.assertRaises(ValueError) as e:
+             self._DoBinman('sign', '-i', fname, '-k', private_key, '-a',
+                        'sha256,rsa4096', '-f', fit, 'u-boot')
+         self.assertIn(
+             "Node '/u-boot': Updating signatures is not supported with this entry type",
+             str(e.exception))
+ 
+     def testSignMissingMkimage(self):
+         """Test that FIT signing handles a missing mkimage tool"""
+         fit, fname, private_key, _ = self._PrepareSignEnv()
+ 
+         # try to sign with a missing mkimage tool
+         bintool.Bintool.set_missing_list(['mkimage'])
+         with self.assertRaises(ValueError) as e:
+             control.SignEntries(fname, None, private_key, 'sha256,rsa4096',
+                                 ['fit'])
+         self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception))
+ 
  
  if __name__ == "__main__":
      unittest.main()