brain-hackers_pepepper-mirror
/
u-boot-brain
mirror of https://github.com/brain-hackers/u-boot-brain
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

efi_loader: use ':' as separator for setenv -i 

setenv -e -i <address>,<filesize> can be used to set a UEFI variable
from memory.

For separating an address and a size we use ':' in most commands.
Let's do the same for setenv -e -i.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Heinrich Schuchardt 2020-08-24 08:27:49 +02:00
parent 15d8f008dc
commit 2b3fbcb59f
6 changed files with 78 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/nvedit_efi.c
View File

@ -473,7 +473,7 @@ int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,
argc--; argc--;
argv++; argv++;
addr = simple_strtoul(argv[0], &ep, 16); addr = simple_strtoul(argv[0], &ep, 16);
if (*ep != ',') if (*ep != ':')
return CMD_RET_USAGE; return CMD_RET_USAGE;
/* 0 should be allowed for delete */ /* 0 should be allowed for delete */

6
doc/uefi/uefi.rst
View File

@ -173,11 +173,11 @@ Sign an image with one of the keys in "db" on your host
Now in U-Boot install the keys on your board:: Now in U-Boot install the keys on your board::
fatload mmc 0:1 <tmpaddr> PK.auth fatload mmc 0:1 <tmpaddr> PK.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize PK setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize PK
fatload mmc 0:1 <tmpaddr> KEK.auth fatload mmc 0:1 <tmpaddr> KEK.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize KEK setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize KEK
fatload mmc 0:1 <tmpaddr> db.auth fatload mmc 0:1 <tmpaddr> db.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize db setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize db
Set up boot parameters on your board:: Set up boot parameters on your board::

60
test/py/tests/test_efi_secboot/test_authvar.py
View File

@ -38,14 +38,14 @@ class TestEfiAuthVar(object):
# Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS # Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1c'): with u_boot_console.log.section('Test Case 1c'):
# Test Case 1c, install PK # Test Case 1c, install PK
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK']) 'printenv -e -n PK'])
assert 'PK:' in ''.join(output) assert 'PK:' in ''.join(output)
@ -60,24 +60,24 @@ class TestEfiAuthVar(object):
# Test Case 1d, db/dbx without KEK # Test Case 1d, db/dbx without KEK
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1e'): with u_boot_console.log.section('Test Case 1e'):
# Test Case 1e, install KEK # Test Case 1e, install KEK
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize KEK']) 'setenv -e -nv -bs -rt -i 4000000:$filesize KEK'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'printenv -e -n KEK']) 'printenv -e -n KEK'])
assert 'KEK:' in ''.join(output) assert 'KEK:' in ''.join(output)
@ -89,12 +89,12 @@ class TestEfiAuthVar(object):
# Test Case 1f, install db # Test Case 1f, install db
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
@ -107,12 +107,12 @@ class TestEfiAuthVar(object):
# Test Case 1g, install dbx # Test Case 1g, install dbx
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth', 'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth', 'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'dbx:' in ''.join(output) assert 'dbx:' in ''.join(output)
@ -132,32 +132,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth', 'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'): with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, update without correct signature # Test Case 2b, update without correct signature
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl', 'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2c'): with u_boot_console.log.section('Test Case 2c'):
# Test Case 2c, update with correct signature # Test Case 2c, update with correct signature
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth', 'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
@ -173,32 +173,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth', 'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -a -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'): with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, update without correct signature # Test Case 3b, update without correct signature
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl', 'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3c'): with u_boot_console.log.section('Test Case 3c'):
# Test Case 3c, update with correct signature # Test Case 3c, update with correct signature
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth', 'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
@ -214,11 +214,11 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output) assert 'db:' in ''.join(output)
@ -248,18 +248,18 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n PK']) 'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert 'PK:' in ''.join(output) assert 'PK:' in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.esl', 'fatload host 0:1 4000000 PK_null.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK']) 'printenv -e -n PK'])
assert 'Failed to set EFI variable' in ''.join(output) assert 'Failed to set EFI variable' in ''.join(output)
assert 'PK:' in ''.join(output) assert 'PK:' in ''.join(output)
@ -268,7 +268,7 @@ class TestEfiAuthVar(object):
# Test Case 5b, Uninstall PK with correct signature # Test Case 5b, Uninstall PK with correct signature
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.auth', 'fatload host 0:1 4000000 PK_null.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK']) 'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
assert '\"PK\" not defined' in ''.join(output) assert '\"PK\" not defined' in ''.join(output)

46
test/py/tests/test_efi_secboot/test_signed.py
View File

@ -53,9 +53,9 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""', 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""',
@ -74,7 +74,7 @@ class TestEfiSignedImage(object):
# Test Case 2b, authenticated by db # Test Case 2b, authenticated by db
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 2', 'efidebug boot next 2',
@ -97,11 +97,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -114,7 +114,7 @@ class TestEfiSignedImage(object):
# Test Case 3b, rejected by dbx even if db allows # Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',
@ -133,13 +133,13 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_hash.auth', 'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -162,11 +162,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""', 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""',
@ -178,7 +178,7 @@ class TestEfiSignedImage(object):
# Test Case 5b, authenticated if both signatures are verified # Test Case 5b, authenticated if both signatures are verified
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth', 'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',
@ -190,7 +190,7 @@ class TestEfiSignedImage(object):
# certificate) is revoked # certificate) is revoked
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash.auth', 'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',
@ -201,7 +201,7 @@ class TestEfiSignedImage(object):
# Test Case 5d, rejected if both of signatures are revoked # Test Case 5d, rejected if both of signatures are revoked
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash1.auth', 'fatload host 0:1 4000000 dbx_hash1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',
@ -220,11 +220,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello_signed.auth', 'fatload host 0:1 4000000 db_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -236,7 +236,7 @@ class TestEfiSignedImage(object):
# Test Case 6b, rejected by TEST_db certificate in dbx # Test Case 6b, rejected by TEST_db certificate in dbx
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_db.auth', 'fatload host 0:1 4000000 dbx_db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',
@ -248,9 +248,9 @@ class TestEfiSignedImage(object):
# Test Case 6c, rejected by image's digest in dbx # Test Case 6c, rejected by image's digest in dbx
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth', 'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 dbx_hello_signed.auth', 'fatload host 0:1 4000000 dbx_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'efidebug boot next 1', 'efidebug boot next 1',

24
test/py/tests/test_efi_secboot/test_signed_intca.py
View File

@ -31,11 +31,11 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_c.auth', 'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -64,9 +64,9 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -80,7 +80,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2b, signed and authenticated by root CA # Test Case 2b, signed and authenticated by root CA
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_b.auth', 'fatload host 0:1 4000000 db_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1', 'efidebug boot next 1',
'efidebug test bootmgr']) 'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output) assert '\'HELLO_abc\' failed' in ''.join(output)
@ -90,7 +90,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2c, signed and authenticated by root CA # Test Case 2c, signed and authenticated by root CA
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_c.auth', 'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1', 'efidebug boot next 1',
'efidebug test bootmgr']) 'efidebug test bootmgr'])
assert 'Hello, world!' in ''.join(output) assert 'Hello, world!' in ''.join(output)
@ -106,13 +106,13 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_b.auth', 'fatload host 0:1 4000000 dbx_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db_c.auth', 'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -128,7 +128,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 3b, revoked by root CA in dbx # Test Case 3b, revoked by root CA in dbx
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_c.auth', 'fatload host 0:1 4000000 dbx_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'efidebug boot next 1', 'efidebug boot next 1',
'efidebug test bootmgr']) 'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output) assert '\'HELLO_abc\' failed' in ''.join(output)

18
test/py/tests/test_efi_secboot/test_unsigned.py
View File

@ -29,9 +29,9 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -56,11 +56,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth', 'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -80,11 +80,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img, 'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth', 'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth', 'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth', 'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
@ -102,7 +102,7 @@ class TestEfiUnsignedImage(object):
# Test Case 3b, rejected by dbx even if db allows # Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_hello.auth', 'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output) assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([ output = u_boot_console.run_command_list([