eaw/u-boot
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'efi-2020-10-rc3-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Browse Source 
Pull request for UEFI sub-system for efi-2020-10-rc3 (3)

The following bug fixes are contained in this pull-request:

* ResetSystem() should no hang if not implemented.
* Device paths in Bootxxxx variables should be verified.
* Use ':' as separator for command setenv -e -i instead of ','.
* Correct comments for functions.
* Update UEFI documentation.
This commit is contained in:
Tom Rini
2020-08-24 17:28:18 -04:00
parent 1aa3966173 2b3fbcb59f
commit 3c0cec035e
18 changed files with 252 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
test/lib/Makefile
View File

@@ -3,6 +3,7 @@
# (C) Copyright 2018
# Mario Six, Guntermann & Drunck GmbH, mario.six@gdsys.cc
obj-y += cmd_ut_lib.o
obj-$(CONFIG_EFI_LOADER) += efi_device_path.o
obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o
obj-y += hexdump.o
obj-y += lmb.o

50
test/lib/efi_device_path.c Normal file
View File

@@ -0,0 +1,50 @@
// SPDX-License-Identifier: GPL-2.0+
/*
* Test device path functions
*
* Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
*/
#include <common.h>
#include <efi_loader.h>
#include <test/lib.h>
#include <test/test.h>
#include <test/ut.h>
static int lib_test_efi_dp_check_length(struct unit_test_state *uts)
{
/* end of device path */
u8 d1[] __aligned(2) = {
0x7f, 0xff, 0x04, 0x00 };
/* device path node with length less then 4 */
u8 d2[] __aligned(2) = {
0x01, 0x02, 0x02, 0x00, 0x04, 0x00, 0x7f, 0xff, 0x04, 0x00 };
/* well formed device path */
u8 d3[] __aligned(2) = {
0x03, 0x02, 0x08, 0x00, 0x01, 0x00, 0x01, 0x00,
0x7f, 0xff, 0x04, 0x00 };
struct efi_device_path *p1 = (struct efi_device_path *)d1;
struct efi_device_path *p2 = (struct efi_device_path *)d2;
struct efi_device_path *p3 = (struct efi_device_path *)d3;
ut_asserteq((ssize_t)-EINVAL, efi_dp_check_length(p1, SIZE_MAX));
ut_asserteq((ssize_t)sizeof(d1), efi_dp_check_length(p1, sizeof(d1)));
ut_asserteq((ssize_t)sizeof(d1),
efi_dp_check_length(p1, sizeof(d1) + 4));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p1, sizeof(d1) - 1));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p2, sizeof(d2)));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p3, sizeof(d3) - 1));
ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, sizeof(d3)));
ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, SSIZE_MAX));
ut_asserteq((ssize_t)-EINVAL,
efi_dp_check_length(p3, (size_t)SSIZE_MAX + 1));
ut_asserteq((ssize_t)sizeof(d3),
efi_dp_check_length(p3, sizeof(d3) + 4));
return 0;
}
LIB_TEST(lib_test_efi_dp_check_length, 0);

60
test/py/tests/test_efi_secboot/test_authvar.py
View File

@@ -38,14 +38,14 @@ class TestEfiAuthVar(object):
# Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1c'):
# Test Case 1c, install PK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'PK:' in ''.join(output)
@@ -60,24 +60,24 @@ class TestEfiAuthVar(object):
# Test Case 1d, db/dbx without KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1e'):
# Test Case 1e, install KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize KEK'])
'setenv -e -nv -bs -rt -i 4000000:$filesize KEK'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'printenv -e -n KEK'])
assert 'KEK:' in ''.join(output)
@@ -89,12 +89,12 @@ class TestEfiAuthVar(object):
# Test Case 1f, install db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -107,12 +107,12 @@ class TestEfiAuthVar(object):
# Test Case 1g, install dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'dbx:' in ''.join(output)
@@ -132,32 +132,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2c'):
# Test Case 2c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -173,32 +173,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3c'):
# Test Case 3c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -214,11 +214,11 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -248,18 +248,18 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'PK:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' in ''.join(output)
assert 'PK:' in ''.join(output)
@@ -268,7 +268,7 @@ class TestEfiAuthVar(object):
# Test Case 5b, Uninstall PK with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert '\"PK\" not defined' in ''.join(output)

46
test/py/tests/test_efi_secboot/test_signed.py
View File

@@ -53,9 +53,9 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""',
@@ -74,7 +74,7 @@ class TestEfiSignedImage(object):
# Test Case 2b, authenticated by db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 2',
@@ -97,11 +97,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -114,7 +114,7 @@ class TestEfiSignedImage(object):
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -133,13 +133,13 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -162,11 +162,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""',
@@ -178,7 +178,7 @@ class TestEfiSignedImage(object):
# Test Case 5b, authenticated if both signatures are verified
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -190,7 +190,7 @@ class TestEfiSignedImage(object):
# certificate) is revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -201,7 +201,7 @@ class TestEfiSignedImage(object):
# Test Case 5d, rejected if both of signatures are revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -220,11 +220,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -236,7 +236,7 @@ class TestEfiSignedImage(object):
# Test Case 6b, rejected by TEST_db certificate in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -248,9 +248,9 @@ class TestEfiSignedImage(object):
# Test Case 6c, rejected by image's digest in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 dbx_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',

24
test/py/tests/test_efi_secboot/test_signed_intca.py
View File

@@ -31,11 +31,11 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -64,9 +64,9 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -80,7 +80,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2b, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
@@ -90,7 +90,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2c, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert 'Hello, world!' in ''.join(output)
@@ -106,13 +106,13 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -128,7 +128,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 3b, revoked by root CA in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)

18
test/py/tests/test_efi_secboot/test_unsigned.py
View File

@@ -29,9 +29,9 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -56,11 +56,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -80,11 +80,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -102,7 +102,7 @@ class TestEfiUnsignedImage(object):
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([