brain-hackers_pepepper-mirror/u-boot-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/u-boot-brain synced 2024-06-09 23:36:03 +09:00
Code Issues Projects Releases Wiki Activity

Pull request for UEFI sub-system for efi-2020-10-rc3 (3)

Browse Source 
The following bug fixes are contained in this pull-request:
 
 * ResetSystem() should no hang if not implemented.
 * Device paths in Bootxxxx variables should be verified.
 * Use ':' as separator for command setenv -e -i instead of ','.
 * Correct comments for functions.
 * Update UEFI documentation.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl9D0nYACgkQxIHbvCwF
 GsQWOhAAge0LCMinKmSDCpTwpvuoJz+oUUu/medgUPw1QRSeWU28I7pCY9802pNK
 Gwo5gxBnyjJpuJr8w7SjNmDSNvFD5jj0M2FkZbZLoawYYT0SzWAxxlrbD15zeW5D
 Gdz1/gv/uR5FwzzeG233B46O286I94XW+kISTxdEdg3kkmVRe44syhmi6xvAsFj/
 0+2Liq3myfJ+uxIK6A3PgjljeuVJhKkgrp/wpbk196JHFstCddWxGkhVlh+oD2cq
 WrtjPwFC2g1zpDHnCopYr3QCxPLBmhtbuFb+H6q6JnQS2SoeUae+XUgIuXi2K/zc
 mxVa3bSPx6gJz2bQuwOHf+ysP95A/pYqjacqJUBAVXqdxhRSJHjRewi3EwE4YyAA
 uOCnnGDQ1Z3eUT3mxpfKWigL0ZEu+Ne3WcCq3Z+E4FXXH9ybqRWzgRRyTfD1Ir1e
 fxZKLemJcmno5sQC7F/LRg++AF2e5b4LFVNJxT5Vk2x/tJbfi9LFxtFffkNed2vE
 9pTRCiK0T5/QtQ79smg3+0fTEXPyslKHypSqhu8WqX+wqDfGd7ayU7REg2UI6/w0
 lsyLyXKry/yUu9/wrVCTtH3sBUIJ66FLfihIkI7kJlfATNrlcDD8dfWREWu+VBYc
 UhVv05eT3xuTyCqOpoulH5O5Q+8mCU7dilSGYI7mDxlQtdWuo14=
 =e50Q
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-10-rc3-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-10-rc3 (3)

The following bug fixes are contained in this pull-request:

* ResetSystem() should no hang if not implemented.
* Device paths in Bootxxxx variables should be verified.
* Use ':' as separator for command setenv -e -i instead of ','.
* Correct comments for functions.
* Update UEFI documentation.
This commit is contained in:
Tom Rini 2020-08-24 17:28:18 -04:00
commit 3c0cec035e
18 changed files with 252 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/bootefi.c
View File

@ -304,7 +304,11 @@ efi_status_t efi_install_fdt(void *fdt)
/**
* do_bootefi_exec() - execute EFI binary
*
* The image indicated by @handle is started. When it returns the allocated
* memory for the @load_options is freed.
*
* @handle: handle of loaded image
* @load_options: load options
* Return: status code
*
* Load the EFI binary into a newly assigned memory unwinding the relocation

2
cmd/nvedit_efi.c
View File

@ -473,7 +473,7 @@ int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,
argc--;
argv++;
addr = simple_strtoul(argv[0], &ep, 16);
if (*ep != ',')
if (*ep != ':')
return CMD_RET_USAGE;
/* 0 should be allowed for delete */

18
doc/uefi/uefi.rst
View File

@ -59,6 +59,10 @@ Below you find the output of an example session starting GRUB::
120832 bytes read in 7 ms (16.5 MiB/s)
=> bootefi ${kernel_addr_r} ${fdt_addr_r}
The bootefi command uses the device, the file name, and the file size
(environment variable 'filesize') of the most recently loaded file when setting
up the binary for execution. So the UEFI binary should be loaded last.
The environment variable 'bootargs' is passed as load options in the UEFI system
table. The Linux kernel EFI stub uses the load options as command line
arguments.
@ -169,11 +173,11 @@ Sign an image with one of the keys in "db" on your host
Now in U-Boot install the keys on your board::
fatload mmc 0:1 <tmpaddr> PK.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize PK
setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize PK
fatload mmc 0:1 <tmpaddr> KEK.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize KEK
setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize KEK
fatload mmc 0:1 <tmpaddr> db.auth
setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize db
setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize db
Set up boot parameters on your board::
@ -217,13 +221,13 @@ which has to be enabled via CONFIG_SUPPORT_EMMC_RPMB=y.
Executing the boot manager
~~~~~~~~~~~~~~~~~~~~~~~~~~
The UEFI specification foresees to define boot entries and boot sequence via UEFI
variables. Booting according to these variables is possible via::
The UEFI specification foresees to define boot entries and boot sequence via
UEFI variables. Booting according to these variables is possible via::
bootefi bootmgr [fdt address]
As of U-Boot v2018.03 UEFI variables are not persisted and cannot be set at
runtime.
As of U-Boot v2020.10 UEFI variables cannot be set at runtime. The U-Boot
command 'efidebug' can be used to set the variables.
Executing the built in hello world application
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2
include/efi_loader.h
View File

@ -631,6 +631,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr,
const char *path,
struct efi_device_path **device,
struct efi_device_path **file);
ssize_t efi_dp_check_length(const struct efi_device_path *dp,
const size_t maxlen);
#define EFI_DP_TYPE(_dp, _type, _subtype) \
(((_dp)->type == DEVICE_PATH_TYPE_##_type) && \

1
include/efi_variable.h
View File

@ -274,7 +274,6 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_na
* @data: buffer to which the variable value is copied
* @timep: authentication time (seconds since start of epoch)
* Return: status code
*/
efi_status_t __efi_runtime
efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes,

3
include/linux/kernel.h
View File

@ -19,6 +19,9 @@
#ifndef SIZE_MAX
#define SIZE_MAX (~(size_t)0)
#endif
#ifndef SSIZE_MAX
#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1))
#endif
#define U8_MAX ((u8)~0U)
#define S8_MAX ((s8)(U8_MAX>>1))

6
lib/efi_loader/efi_bootmgr.c
View File

@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data,
if (*size < len)
return EFI_INVALID_PARAMETER;
lo->file_path = (struct efi_device_path *)data;
/*
* TODO: validate device path. There should be an end node within
* the indicated file_path_length.
*/
if (efi_dp_check_length(lo->file_path, len) < 0)
return EFI_INVALID_PARAMETER;
data += len;
*size -= len;

33
lib/efi_loader/efi_device_path.c
View File

@ -1127,3 +1127,36 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr,
return EFI_SUCCESS;
}
/**
* efi_dp_check_length() - check length of a device path
*
* @dp: pointer to device path
* @maxlen: maximum length of the device path
* Return:
* * length of the device path if it is less or equal @maxlen
* * -1 if the device path is longer then @maxlen
* * -1 if a device path node has a length of less than 4
* * -EINVAL if maxlen exceeds SSIZE_MAX
*/
ssize_t efi_dp_check_length(const struct efi_device_path *dp,
const size_t maxlen)
{
ssize_t ret = 0;
u16 len;
if (maxlen > SSIZE_MAX)
return -EINVAL;
for (;;) {
len = dp->length;
if (len < 4)
return -1;
ret += len;
if (ret > maxlen)
return -1;
if (dp->type == DEVICE_PATH_TYPE_END &&
dp->sub_type == DEVICE_PATH_SUB_TYPE_END)
return ret;
dp = (const struct efi_device_path *)((const u8 *)dp + len);
}
}

7
lib/efi_loader/efi_runtime.c
View File

@ -365,7 +365,9 @@ out:
* efi_reset_system() - reset system
*
* This function implements the ResetSystem() runtime service after
* SetVirtualAddressMap() is called. It only executes an endless loop.
* SetVirtualAddressMap() is called. As this placeholder cannot reset the
* system it simply return to the caller.
*
* Boards may override the helpers below to implement reset functionality.
*
* See the Unified Extensible Firmware Interface (UEFI) specification for
@ -381,8 +383,7 @@ void __weak __efi_runtime EFIAPI efi_reset_system(
efi_status_t reset_status,
unsigned long data_size, void *reset_data)
{
/* Nothing we can do */
while (1) { }
return;
}
/**

1
lib/efi_selftest/Makefile
View File

@ -31,6 +31,7 @@ efi_selftest_mem.o \
efi_selftest_memory.o \
efi_selftest_open_protocol.o \
efi_selftest_register_notify.o \
efi_selftest_reset.o \
efi_selftest_set_virtual_address_map.o \
efi_selftest_textinput.o \
efi_selftest_textinputex.o \

10
lib/efi_selftest/efi_selftest.c
View File

@ -5,6 +5,7 @@
* Copyright (c) 2017 Heinrich Schuchardt <xypron.glpk@gmx.de>
*/
#include <command.h>
#include <efi_selftest.h>
#include <vsprintf.h>
@ -309,8 +310,13 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle,
/* Reset system */
efi_st_printf("Preparing for reset. Press any key...\n");
efi_st_get_key();
runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY,
sizeof(reset_message), reset_message);
if (IS_ENABLED(CONFIG_EFI_HAVE_RUNTIME_RESET))
runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY,
sizeof(reset_message), reset_message);
else
do_reset(NULL, 0, 0, NULL);
efi_st_printf("\n");
efi_st_error("Reset failed\n");

58
lib/efi_selftest/efi_selftest_reset.c Normal file
View File

@ -0,0 +1,58 @@
// SPDX-License-Identifier: GPL-2.0+
/*
* efi_selftest_reset
*
* Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
*
* This test checks the following service at boot time or runtime:
* ResetSystem()
*/
#include <efi_selftest.h>
static struct efi_runtime_services *runtime;
/*
* Setup unit test.
*
* @handle: handle of the loaded image
* @systable: system table
* @return: EFI_ST_SUCCESS for success
*/
static int setup(const efi_handle_t handle,
const struct efi_system_table *systable)
{
runtime = systable->runtime;
return EFI_ST_SUCCESS;
}
/*
* Execute unit test.
*
* @return: EFI_ST_SUCCESS for success
*/
static int execute(void)
{
u16 reset_data[] = L"Reset by selftest";
runtime->reset_system(EFI_RESET_COLD, EFI_SUCCESS,
sizeof(reset_data), reset_data);
efi_st_error("Reset failed.\n");
return EFI_ST_FAILURE;
}
EFI_UNIT_TEST(reset) = {
.name = "reset system",
.phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
.setup = setup,
.execute = execute,
.on_request = true,
};
EFI_UNIT_TEST(resetrt) = {
.name = "reset system runtime",
.phase = EFI_SETUP_BEFORE_BOOTTIME_EXIT,
.setup = setup,
.execute = execute,
.on_request = true,
};

1
test/lib/Makefile
View File

@ -3,6 +3,7 @@
# (C) Copyright 2018
# Mario Six, Guntermann & Drunck GmbH, mario.six@gdsys.cc
obj-y += cmd_ut_lib.o
obj-$(CONFIG_EFI_LOADER) += efi_device_path.o
obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o
obj-y += hexdump.o
obj-y += lmb.o

50
test/lib/efi_device_path.c Normal file
View File

@ -0,0 +1,50 @@
// SPDX-License-Identifier: GPL-2.0+
/*
* Test device path functions
*
* Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
*/
#include <common.h>
#include <efi_loader.h>
#include <test/lib.h>
#include <test/test.h>
#include <test/ut.h>
static int lib_test_efi_dp_check_length(struct unit_test_state *uts)
{
/* end of device path */
u8 d1[] __aligned(2) = {
0x7f, 0xff, 0x04, 0x00 };
/* device path node with length less then 4 */
u8 d2[] __aligned(2) = {
0x01, 0x02, 0x02, 0x00, 0x04, 0x00, 0x7f, 0xff, 0x04, 0x00 };
/* well formed device path */
u8 d3[] __aligned(2) = {
0x03, 0x02, 0x08, 0x00, 0x01, 0x00, 0x01, 0x00,
0x7f, 0xff, 0x04, 0x00 };
struct efi_device_path *p1 = (struct efi_device_path *)d1;
struct efi_device_path *p2 = (struct efi_device_path *)d2;
struct efi_device_path *p3 = (struct efi_device_path *)d3;
ut_asserteq((ssize_t)-EINVAL, efi_dp_check_length(p1, SIZE_MAX));
ut_asserteq((ssize_t)sizeof(d1), efi_dp_check_length(p1, sizeof(d1)));
ut_asserteq((ssize_t)sizeof(d1),
efi_dp_check_length(p1, sizeof(d1) + 4));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p1, sizeof(d1) - 1));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p2, sizeof(d2)));
ut_asserteq((ssize_t)-1, efi_dp_check_length(p3, sizeof(d3) - 1));
ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, sizeof(d3)));
ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, SSIZE_MAX));
ut_asserteq((ssize_t)-EINVAL,
efi_dp_check_length(p3, (size_t)SSIZE_MAX + 1));
ut_asserteq((ssize_t)sizeof(d3),
efi_dp_check_length(p3, sizeof(d3) + 4));
return 0;
}
LIB_TEST(lib_test_efi_dp_check_length, 0);

60
test/py/tests/test_efi_secboot/test_authvar.py
View File

@ -38,14 +38,14 @@ class TestEfiAuthVar(object):
# Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1c'):
# Test Case 1c, install PK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'PK:' in ''.join(output)
@ -60,24 +60,24 @@ class TestEfiAuthVar(object):
# Test Case 1d, db/dbx without KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1e'):
# Test Case 1e, install KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize KEK'])
'setenv -e -nv -bs -rt -i 4000000:$filesize KEK'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'printenv -e -n KEK'])
assert 'KEK:' in ''.join(output)
@ -89,12 +89,12 @@ class TestEfiAuthVar(object):
# Test Case 1f, install db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@ -107,12 +107,12 @@ class TestEfiAuthVar(object):
# Test Case 1g, install dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'dbx:' in ''.join(output)
@ -132,32 +132,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2c'):
# Test Case 2c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@ -173,32 +173,32 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3c'):
# Test Case 3c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@ -214,11 +214,11 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@ -248,18 +248,18 @@ class TestEfiAuthVar(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'PK:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.esl',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' in ''.join(output)
assert 'PK:' in ''.join(output)
@ -268,7 +268,7 @@ class TestEfiAuthVar(object):
# Test Case 5b, Uninstall PK with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert '\"PK\" not defined' in ''.join(output)

46
test/py/tests/test_efi_secboot/test_signed.py
View File

@ -53,9 +53,9 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""',
@ -74,7 +74,7 @@ class TestEfiSignedImage(object):
# Test Case 2b, authenticated by db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 2',
@ -97,11 +97,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -114,7 +114,7 @@ class TestEfiSignedImage(object):
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@ -133,13 +133,13 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -162,11 +162,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""',
@ -178,7 +178,7 @@ class TestEfiSignedImage(object):
# Test Case 5b, authenticated if both signatures are verified
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@ -190,7 +190,7 @@ class TestEfiSignedImage(object):
# certificate) is revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@ -201,7 +201,7 @@ class TestEfiSignedImage(object):
# Test Case 5d, rejected if both of signatures are revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash1.auth',
'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@ -220,11 +220,11 @@ class TestEfiSignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@ -236,7 +236,7 @@ class TestEfiSignedImage(object):
# Test Case 6b, rejected by TEST_db certificate in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@ -248,9 +248,9 @@ class TestEfiSignedImage(object):
# Test Case 6c, rejected by image's digest in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 dbx_hello_signed.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',

24
test/py/tests/test_efi_secboot/test_signed_intca.py
View File

@ -31,11 +31,11 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -64,9 +64,9 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -80,7 +80,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2b, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
@ -90,7 +90,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 2c, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert 'Hello, world!' in ''.join(output)
@ -106,13 +106,13 @@ class TestEfiSignedImageIntca(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_b.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -128,7 +128,7 @@ class TestEfiSignedImageIntca(object):
# Test Case 3b, revoked by root CA in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_c.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)

18
test/py/tests/test_efi_secboot/test_unsigned.py
View File

@ -29,9 +29,9 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -56,11 +56,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -80,11 +80,11 @@ class TestEfiUnsignedImage(object):
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@ -102,7 +102,7 @@ class TestEfiUnsignedImage(object):
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_hello.auth',
'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([