diff --git a/meta-selftest/classes/test-mkimage-wrapper.bbclass b/meta-selftest/classes/test-mkimage-wrapper.bbclass deleted file mode 100644 index 7c98d7b71e..0000000000 --- a/meta-selftest/classes/test-mkimage-wrapper.bbclass +++ /dev/null @@ -1,19 +0,0 @@ -# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN -# (in conjunction with kernel-fitimage.bbclass) -# -# SPDX-License-Identifier: MIT -# - -UBOOT_MKIMAGE = "test_mkimage_wrapper" -UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper" - -test_mkimage_wrapper() { - echo "### uboot-mkimage wrapper message" - uboot-mkimage "$@" -} - -test_mkimage_signing_wrapper() { - echo "### uboot-mkimage signing wrapper message" - uboot-mkimage "$@" -} - diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py index 15baf3b239..4891ac8010 100644 --- a/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/meta/lib/oeqa/selftest/cases/fitimage.py @@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase): bitbake("u-boot-tools-native -c addto_recipe_sysroot") return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native') + def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None): + """Verify the signature of a fit contfiguration + + The fit_check_sign utility from u-boot-tools-native is called. + uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name + """ + fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign') + cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path) + if conf_name: + cmd += ' -c %s' % conf_name + result = runCmd(cmd) + self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output) + self.assertIn("Signature check OK", result.output) + + @staticmethod + def _find_string_in_bin_file(file_path, search_string): + """find stings in a binary file + + Shell equivalent: strings "$1" | grep "$2" | wc -l + return number of matches + """ + found_positions = 0 + with open(file_path, 'rb') as file: + byte = file.read(1) + current_position = 0 + current_match = 0 + while byte: + char = byte.decode('ascii', errors='ignore') + if char == search_string[current_match]: + current_match += 1 + if current_match == len(search_string): + found_positions += 1 + current_match = 0 + else: + current_match = 0 + current_position += 1 + byte = file.read(1) + return found_positions + + def test_fit_image(self): """ Summary: Check if FIT image and Image Tree Source (its) are built @@ -113,19 +153,21 @@ FIT_DESC = "A model description" Author: Paul Eggleton based upon work by Usama Arif """ + a_comment = "a smart comment" config = """ # Enable creation of fitImage MACHINE = "beaglebone-yocto" KERNEL_IMAGETYPES += " fitImage " -KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper " +KERNEL_CLASSES = " kernel-fitimage " UBOOT_SIGN_ENABLE = "1" FIT_GENERATE_KEYS = "1" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest" UBOOT_SIGN_KEYNAME = "cfg-oe-selftest" FIT_SIGN_INDIVIDUAL = "1" -UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'" -""" +UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'" +""" % a_comment + self.write_config(config) # fitImage is created as part of linux recipe @@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'" value = values.get('Sign value', None) self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) - # Check for UBOOT_MKIMAGE_SIGN_ARGS - result = runCmd('bitbake -e virtual/kernel | grep ^T=') - tempdir = result.output.split('=', 1)[1].strip().strip('') - result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used') + # Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections + # Looks like mkimage supports to add a comment but does not support to read it back. + found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment) + self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.") - # Check for evidence of test-mkimage-wrapper class - result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work') - result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work') + # Verify the signature for all configurations = DTBs + for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']: + self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, + os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb) def test_uboot_fit_image(self): """ @@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000" UBOOT_FIT_DESC = "A model description" KERNEL_IMAGETYPES += " fitImage " KERNEL_CLASSES = " kernel-fitimage " -INHERIT += "test-mkimage-wrapper" UBOOT_SIGN_ENABLE = "1" FIT_GENERATE_KEYS = "1" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" @@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'" work by Paul Eggleton and Usama Arif """ + a_comment = "a smart U-Boot comment" config = """ # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set @@ -437,7 +477,6 @@ SPL_BINARY = "MLO" # The kernel-fitimage class is a dependency even if we're only # creating/signing the U-Boot fitImage KERNEL_CLASSES = " kernel-fitimage" -INHERIT += "test-mkimage-wrapper" # Enable creation and signing of the U-Boot fitImage UBOOT_FITIMAGE_ENABLE = "1" SPL_SIGN_ENABLE = "1" @@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000" UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_ARCH = "arm" SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" -SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'" +SPL_MKIMAGE_SIGN_ARGS = "-c '%s'" UBOOT_EXTLINUX = "0" UBOOT_FIT_GENERATE_KEYS = "1" UBOOT_FIT_HASH_ALG = "sha256" -""" +""" % a_comment + self.write_config(config) # The U-Boot fitImage is created as part of the U-Boot recipe bitbake("virtual/bootloader") - image_type = "core-image-minimal" deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') machine = get_bb_var('MACHINE') fitimage_its_path = os.path.join(deploy_dir_image, @@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256" self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) # Check for SPL_MKIMAGE_SIGN_ARGS - result = runCmd('bitbake -e virtual/bootloader | grep ^T=') - tempdir = result.output.split('=', 1)[1].strip().strip('') - result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used') + # Looks like mkimage supports to add a comment but does not support to read it back. + found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment) + self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.") + + # Verify the signature + self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, + os.path.join(deploy_dir_image, 'u-boot-spl.dtb')) - # Check for evidence of test-mkimage-wrapper class - result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work') - result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work') def test_sign_cascaded_uboot_fit_image(self): """ @@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256" work by Paul Eggleton and Usama Arif """ + a_comment = "a smart cascaded U-Boot comment" config = """ # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set @@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb" UBOOT_ENTRYPOINT = "0x80000000" UBOOT_LOADADDRESS = "0x80000000" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" -UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'" +UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'" UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_ARCH = "arm" SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" @@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1" UBOOT_FIT_HASH_ALG = "sha256" KERNEL_IMAGETYPES += " fitImage " KERNEL_CLASSES = " kernel-fitimage " -INHERIT += "test-mkimage-wrapper" UBOOT_SIGN_ENABLE = "1" FIT_GENERATE_KEYS = "1" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest" UBOOT_SIGN_KEYNAME = "cfg-oe-selftest" FIT_SIGN_INDIVIDUAL = "1" -""" +""" % a_comment self.write_config(config) # The U-Boot fitImage is created as part of the U-Boot recipe bitbake("virtual/bootloader") - image_type = "core-image-minimal" deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') machine = get_bb_var('MACHINE') fitimage_its_path = os.path.join(deploy_dir_image, @@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1" self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) # Check for SPL_MKIMAGE_SIGN_ARGS - result = runCmd('bitbake -e virtual/bootloader | grep ^T=') - tempdir = result.output.split('=', 1)[1].strip().strip('') - result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used') - - # Check for evidence of test-mkimage-wrapper class - result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work') - result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) - self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work') + # Looks like mkimage supports to add a comment but does not support to read it back. + found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment) + self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.") + # Verify the signature + self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, + os.path.join(deploy_dir_image, 'u-boot-spl.dtb')) def test_initramfs_bundle(self): @@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256" test_passed = True self.assertTrue(test_passed == True,"Initramfs bundle test success") + + # Verify the signature + uboot_tools_sysroot_native = self._setup_uboot_tools_native() + self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))