MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-05 05:04:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

oe-selftest: fitimage drop test-mkimage-wrapper

Browse Source 
Rather than writing hints into log files and verify the hints can be
found, the tests should verify that the artifacts in the deploy folder
are correctly signed. This is a much better test.
u-boot-tools provide a utility fit_check_sign which can verify the
signatures in fit images. Lets use it.

grepping in temp/run. or temp/log. files also does not work if the tasks
runs from sstate and the corresponding run file is not even generated.

(From OE-Core rev: 86e504b4f792eeadd67ea57dd71a62bcb4f16f02)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Adrian Freihofer 2024-07-04 09:09:39 +02:00 committed by Richard Purdie
parent 7889a5cd4b
commit 2c27b231f9
2 changed files with 77 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
meta-selftest/classes/test-mkimage-wrapper.bbclass
View File

@ -1,19 +0,0 @@
# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
# (in conjunction with kernel-fitimage.bbclass)
#
# SPDX-License-Identifier: MIT
#
UBOOT_MKIMAGE = "test_mkimage_wrapper"
UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
test_mkimage_wrapper() {
echo "### uboot-mkimage wrapper message"
uboot-mkimage "$@"
}
test_mkimage_signing_wrapper() {
echo "### uboot-mkimage signing wrapper message"
uboot-mkimage "$@"
}

118
meta/lib/oeqa/selftest/cases/fitimage.py
View File

@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase):
bitbake("u-boot-tools-native -c addto_recipe_sysroot")
return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
"""Verify the signature of a fit contfiguration
The fit_check_sign utility from u-boot-tools-native is called.
uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
"""
fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
if conf_name:
cmd += ' -c %s' % conf_name
result = runCmd(cmd)
self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
self.assertIn("Signature check OK", result.output)
@staticmethod
def _find_string_in_bin_file(file_path, search_string):
"""find stings in a binary file
Shell equivalent: strings "$1" | grep "$2" | wc -l
return number of matches
"""
found_positions = 0
with open(file_path, 'rb') as file:
byte = file.read(1)
current_position = 0
current_match = 0
while byte:
char = byte.decode('ascii', errors='ignore')
if char == search_string[current_match]:
current_match += 1
if current_match == len(search_string):
found_positions += 1
current_match = 0
else:
current_match = 0
current_position += 1
byte = file.read(1)
return found_positions
def test_fit_image(self):
"""
Summary: Check if FIT image and Image Tree Source (its) are built
@ -113,19 +153,21 @@ FIT_DESC = "A model description"
Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon
work by Usama Arif <usama.arif@arm.com>
"""
a_comment = "a smart comment"
config = """
# Enable creation of fitImage
MACHINE = "beaglebone-yocto"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper "
KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
"""
UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
""" % a_comment
self.write_config(config)
# fitImage is created as part of linux recipe
@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
value = values.get('Sign value', None)
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for UBOOT_MKIMAGE_SIGN_ARGS
result = runCmd('bitbake -e virtual/kernel | grep ^T=')
tempdir = result.output.split('=', 1)[1].strip().strip('')
result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
# Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
# Looks like mkimage supports to add a comment but does not support to read it back.
found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
# Check for evidence of test-mkimage-wrapper class
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
# Verify the signature for all configurations = DTBs
for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
def test_uboot_fit_image(self):
"""
@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage "
INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com>
"""
a_comment = "a smart U-Boot comment"
config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@ -437,7 +477,6 @@ SPL_BINARY = "MLO"
# The kernel-fitimage class is a dependency even if we're only
# creating/signing the U-Boot fitImage
KERNEL_CLASSES = " kernel-fitimage"
INHERIT += "test-mkimage-wrapper"
# Enable creation and signing of the U-Boot fitImage
UBOOT_FITIMAGE_ENABLE = "1"
SPL_SIGN_ENABLE = "1"
@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000"
UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_EXTLINUX = "0"
UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256"
"""
""" % a_comment
self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader")
image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image,
@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS
result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
tempdir = result.output.split('=', 1)[1].strip().strip('')
result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
# Looks like mkimage supports to add a comment but does not support to read it back.
found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
# Verify the signature
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
# Check for evidence of test-mkimage-wrapper class
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
def test_sign_cascaded_uboot_fit_image(self):
"""
@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com>
"""
a_comment = "a smart cascaded U-Boot comment"
config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb"
UBOOT_ENTRYPOINT = "0x80000000"
UBOOT_LOADADDRESS = "0x80000000"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'"
UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage "
INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
"""
""" % a_comment
self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader")
image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image,
@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS
result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
tempdir = result.output.split('=', 1)[1].strip().strip('')
result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
# Check for evidence of test-mkimage-wrapper class
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
# Looks like mkimage supports to add a comment but does not support to read it back.
found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
# Verify the signature
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
def test_initramfs_bundle(self):
@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256"
test_passed = True
self.assertTrue(test_passed == True,"Initramfs bundle test success")
# Verify the signature
uboot_tools_sysroot_native = self._setup_uboot_tools_native()
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))