diff options
| author | Tom Rini | 2020-07-05 18:13:12 -0400 |
|---|---|---|
| committer | Tom Rini | 2020-07-05 18:13:12 -0400 |
| commit | 621e09cb3bf7e6d4fce9dd5e6de97e057adebc3a (patch) | |
| tree | c2fcb855263939c0cf2a19d7c192fb9a74679d3b /test | |
| parent | df3d0a3f95dd9109b889c5411204f133451b7a7e (diff) | |
| parent | 93f6201af71d9a0a521c99212e6066778270a357 (diff) | |
Merge tag 'efi-2020-10-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for efi-2020-10-rc1
This series comprises error corrections for the UEFI subsystem:
* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec
The boot manager uses log functions instead of printf() and debug().
The UEFI intialization state is exported.
Diffstat (limited to 'test')
| -rw-r--r-- | test/lib/Makefile | 1 | ||||
| -rw-r--r-- | test/lib/efi_image_region.c | 163 | ||||
| -rw-r--r-- | test/py/tests/test_efi_fit.py | 4 | ||||
| -rw-r--r-- | test/py/tests/test_efi_secboot/conftest.py | 16 | ||||
| -rw-r--r-- | test/py/tests/test_efi_secboot/test_authvar.py | 91 | ||||
| -rw-r--r-- | test/py/tests/test_efi_secboot/test_signed.py | 38 | ||||
| -rw-r--r-- | test/py/tests/test_efi_secboot/test_unsigned.py | 38 |
7 files changed, 253 insertions, 98 deletions
diff --git a/test/lib/Makefile b/test/lib/Makefile index ce9ae4a9bed..6ccc2c41bc3 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -3,6 +3,7 @@ # (C) Copyright 2018 # Mario Six, Guntermann & Drunck GmbH, mario.six@gdsys.cc obj-y += cmd_ut_lib.o +obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o obj-y += hexdump.o obj-y += lmb.o obj-y += string.o diff --git a/test/lib/efi_image_region.c b/test/lib/efi_image_region.c new file mode 100644 index 00000000000..0b888f84337 --- /dev/null +++ b/test/lib/efi_image_region.c @@ -0,0 +1,163 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2020, Heinrich Schuchardt <xypron.glpk@gmx.de> + */ + +#include <common.h> +#include <efi_loader.h> +#include <test/lib.h> +#include <test/test.h> +#include <test/ut.h> + +#define UT_REG_CAPACITY 6 + +static int lib_test_efi_image_region_add(struct unit_test_state *uts) +{ + struct efi_image_regions *regs; + + regs = calloc(sizeof(*regs) + + sizeof(struct image_region) * UT_REG_CAPACITY, 1); + ut_assert(regs); + + regs->max = UT_REG_CAPACITY; + + ut_asserteq(0, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x4000, + (void *)0x3000, 1)); + ut_asserteq(0, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x3100, + (void *)0x4000, 1)); + ut_asserteq(1, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x2000, + (void *)0x3100, 1)); + ut_asserteq(2, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x1000, + (void *)0x1f00, 1)); + ut_asserteq(3, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x4000, + (void *)0x4e00, 1)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x1f00, + (void *)0x2001, 1)); + ut_asserteq(5, regs->num); + + ut_asserteq_ptr((void *)0x3100, regs->reg[0].data); + ut_asserteq(0x0f00, regs->reg[0].size); + + ut_asserteq_ptr((void *)0x2000, regs->reg[1].data); + ut_asserteq(0x1100, regs->reg[1].size); + + ut_asserteq_ptr((void *)0x1000, regs->reg[2].data); + ut_asserteq(0x0f00, regs->reg[2].size); + + ut_asserteq_ptr((void *)0x4000, regs->reg[3].data); + ut_asserteq(0x0e00, regs->reg[3].size); + + ut_asserteq_ptr((void *)0x1f00, regs->reg[4].data); + ut_asserteq(0x0101, regs->reg[4].size); + + free(regs); + + return 0; +} + +LIB_TEST(lib_test_efi_image_region_add, 0); + +static int lib_test_efi_image_region_sort(struct unit_test_state *uts) +{ + struct efi_image_regions *regs; + + regs = calloc(sizeof(*regs) + + sizeof(struct image_region) * UT_REG_CAPACITY, 1); + ut_assert(regs); + + regs->max = UT_REG_CAPACITY; + + ut_asserteq(0, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x4000, + (void *)0x3000, 0)); + ut_asserteq(0, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x3100, + (void *)0x4000, 0)); + ut_asserteq(1, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x2000, + (void *)0x3100, 0)); + ut_asserteq(2, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x1000, + (void *)0x1f00, 0)); + ut_asserteq(3, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x4000, + (void *)0x4e00, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x1f00, + (void *)0x2001, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x10ff, + (void *)0x11ff, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x0000, + (void *)0x6000, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x3100, + (void *)0x0e00, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x3200, + (void *)0x0e00, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_INVALID_PARAMETER, + efi_image_region_add(regs, (void *)0x3200, + (void *)0x0d00, 0)); + ut_asserteq(4, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x1f00, + (void *)0x2000, 0)); + ut_asserteq(5, regs->num); + ut_asserteq_64(EFI_SUCCESS, + efi_image_region_add(regs, (void *)0x4000, + (void *)0x4000, 0)); + ut_asserteq(6, regs->num); + ut_asserteq_64(EFI_OUT_OF_RESOURCES, + efi_image_region_add(regs, (void *)0x6000, + (void *)0x0100, 0)); + ut_asserteq(6, regs->num); + + ut_asserteq_ptr((void *)0x1000, regs->reg[0].data); + ut_asserteq(0x0f00, regs->reg[0].size); + + ut_asserteq_ptr((void *)0x1f00, regs->reg[1].data); + ut_asserteq(0x0100, regs->reg[1].size); + + ut_asserteq_ptr((void *)0x2000, regs->reg[2].data); + ut_asserteq(0x1100, regs->reg[2].size); + + ut_asserteq_ptr((void *)0x3100, regs->reg[3].data); + ut_asserteq(0x0f00, regs->reg[3].size); + + ut_asserteq_ptr((void *)0x4000, regs->reg[4].data); + ut_asserteq(0x0000, regs->reg[4].size); + + ut_asserteq_ptr((void *)0x4000, regs->reg[5].data); + ut_asserteq(0x0e00, regs->reg[5].size); + + free(regs); + + return 0; +} + +LIB_TEST(lib_test_efi_image_region_sort, 0); diff --git a/test/py/tests/test_efi_fit.py b/test/py/tests/test_efi_fit.py index beaf4a3c511..06fb151c138 100644 --- a/test/py/tests/test_efi_fit.py +++ b/test/py/tests/test_efi_fit.py @@ -106,14 +106,14 @@ FDT_DATA = ''' / { #address-cells = <1>; - #size-cells = <0>; + #size-cells = <1>; model = "%(sys-arch)s %(fdt_type)s EFI FIT Boot Test"; compatible = "%(sys-arch)s"; reset@0 { compatible = "%(sys-arch)s,reset"; - reg = <0>; + reg = <0 4>; }; }; ''' diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py index 5d99b8b7189..ac5a780fdb7 100644 --- a/test/py/tests/test_efi_secboot/conftest.py +++ b/test/py/tests/test_efi_secboot/conftest.py @@ -76,37 +76,37 @@ def efi_boot_env(request, u_boot_config): ## PK check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -t "2020-04-01" -c PK.crt -k PK.key PK PK.esl PK.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) ## PK_null for deletion - check_call('cd %s; sleep 2; touch PK_null.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' + check_call('cd %s; touch PK_null.esl; %ssign-efi-sig-list -t "2020-04-02" -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' % (mnt_point, EFITOOLS_PATH), shell=True) ## KEK check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s KEK.crt KEK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s KEK.crt KEK.esl; %ssign-efi-sig-list -t "2020-04-03" -c PK.crt -k PK.key KEK KEK.esl KEK.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) ## db check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ -keyout db.key -out db.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s db.crt db.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s db.crt db.esl; %ssign-efi-sig-list -t "2020-04-04" -c KEK.crt -k KEK.key db db.esl db.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) ## db1 check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db1/ -keyout db1.key -out db1.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s db1.crt db1.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db1.esl db1.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s db1.crt db1.esl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key db db1.esl db1.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) ## db1-update - check_call('cd %s; %ssign-efi-sig-list -a -c KEK.crt -k KEK.key db db1.esl db1-update.auth' + check_call('cd %s; %ssign-efi-sig-list -t "2020-04-06" -a -c KEK.crt -k KEK.key db db1.esl db1-update.auth' % (mnt_point, EFITOOLS_PATH), shell=True) ## dbx check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_dbx/ -keyout dbx.key -out dbx.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s dbx.crt dbx.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s dbx.crt dbx.esl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) @@ -117,7 +117,7 @@ def efi_boot_env(request, u_boot_config): check_call('cd %s; sbsign --key db.key --cert db.crt helloworld.efi' % mnt_point, shell=True) ## Digest image - check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth' + check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -t "2020-04-07" -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth' % (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), shell=True) diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py index 9912694a3e3..148aa3123e4 100644 --- a/test/py/tests/test_efi_secboot/test_authvar.py +++ b/test/py/tests/test_efi_secboot/test_authvar.py @@ -9,7 +9,6 @@ This test verifies variable authentication """ import pytest -import re from defs import * @pytest.mark.boardspec('sandbox') @@ -40,7 +39,7 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize PK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 1c'): # Test Case 1c, install PK @@ -48,7 +47,7 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(re.search('PK:', ''.join(output))) + assert('PK:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -62,25 +61,25 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 1e'): # Test Case 1e, install KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize KEK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'printenv -e -n KEK']) - assert(re.search('KEK:', ''.join(output))) + assert('KEK:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -91,14 +90,14 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -107,16 +106,16 @@ class TestEfiAuthVar(object): with u_boot_console.log.section('Test Case 1g'): # Test Case 1g, install dbx output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + 'fatload host 0:1 4000000 dbx.auth', + 'setenv -e -nv -bs -rt -i 4000000,$filesize dbx']) + assert('Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', - 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + 'fatload host 0:1 4000000 dbx.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx']) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('dbx:' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') @@ -133,26 +132,26 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 2c'): # Test Case 2c, update with correct signature @@ -160,8 +159,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth3(self, u_boot_console, efi_boot_env): """ @@ -174,26 +173,26 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -a -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) with u_boot_console.log.section('Test Case 3c'): # Test Case 3c, update with correct signature @@ -201,8 +200,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth4(self, u_boot_console, efi_boot_env): """ @@ -215,28 +214,28 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) with u_boot_console.log.section('Test Case 4b'): # Test Case 4b, update without correct signature/data output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt -at db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('db:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('db:' in ''.join(output)) def test_efi_var_auth5(self, u_boot_console, efi_boot_env): """ @@ -249,21 +248,21 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('PK:', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('PK:' in ''.join(output)) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK_null.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('PK:', ''.join(output))) + assert('Failed to set EFI variable' in ''.join(output)) + assert('PK:' in ''.join(output)) with u_boot_console.log.section('Test Case 5b'): # Test Case 5b, Uninstall PK with correct signature @@ -271,8 +270,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK_null.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) - assert(re.search('\"PK\" not defined', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) + assert('\"PK\" not defined' in ''.join(output)) output = u_boot_console.run_command( 'printenv -e SecureBoot') diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index fc722ab506c..19d78b1b64e 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -9,7 +9,6 @@ This test verifies image authentication for signed images. """ import pytest -import re from defs import * @pytest.mark.boardspec('sandbox') @@ -29,10 +28,10 @@ class TestEfiSignedImage(object): # Test Case 1a, run signed image if no db/dbx output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, - 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""; echo', + 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('Hello, world!', ''.join(output))) + assert('Hello, world!' in ''.join(output)) with u_boot_console.log.section('Test Case 1b'): # Test Case 1b, run unsigned image if no db/dbx @@ -40,7 +39,7 @@ class TestEfiSignedImage(object): 'efidebug boot add 2 HELLO2 host 0:1 /helloworld.efi ""', 'efidebug boot next 2', 'bootefi bootmgr']) - assert(re.search('Hello, world!', ''.join(output))) + assert('Hello, world!' in ''.join(output)) with u_boot_console.log.section('Test Case 1c'): # Test Case 1c, not authenticated by db @@ -51,24 +50,23 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 2', 'bootefi bootmgr']) - assert(re.search('\'HELLO2\' failed', ''.join(output))) + assert('\'HELLO2\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 2', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) with u_boot_console.log.section('Test Case 1d'): # Test Case 1d, authenticated by db output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('Hello, world!', ''.join(output))) + assert('Hello, world!' in ''.join(output)) def test_efi_signed_image_auth2(self, u_boot_console, efi_boot_env): """ @@ -81,37 +79,35 @@ class TestEfiSignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('\'HELLO\' failed', ''.join(output))) + assert('\'HELLO\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('\'HELLO\' failed', ''.join(output))) + assert('\'HELLO\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py index a4af845c514..c42c5ddc477 100644 --- a/test/py/tests/test_efi_secboot/test_unsigned.py +++ b/test/py/tests/test_efi_secboot/test_unsigned.py @@ -9,7 +9,6 @@ This test verifies image authentication for unsigned images. """ import pytest -import re from defs import * @pytest.mark.boardspec('sandbox') @@ -30,22 +29,21 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('\'HELLO\' failed', ''.join(output))) + assert('\'HELLO\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) def test_efi_unsigned_image_auth2(self, u_boot_console, efi_boot_env): """ @@ -58,18 +56,18 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('Hello, world!', ''.join(output))) + assert('Hello, world!' in ''.join(output)) def test_efi_unsigned_image_auth3(self, u_boot_console, efi_boot_env): """ @@ -82,40 +80,38 @@ class TestEfiUnsignedImage(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx; echo', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('\'HELLO\' failed', ''.join(output))) + assert('\'HELLO\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db_hello.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(not re.search('Failed to set EFI variable', ''.join(output))) + assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert(re.search('\'HELLO\' failed', ''.join(output))) + assert('\'HELLO\' failed' in ''.join(output)) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert(re.search('efi_start_image[(][)] returned: 26', - ''.join(output))) - assert(not re.search('Hello, world!', ''.join(output))) + assert('efi_start_image() returned: 26' in ''.join(output)) + assert(not 'Hello, world!' in ''.join(output)) |