MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 12:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

oe-selftest: fitimage drop test-mkimage-wrapper

Browse Source 
Rather than writing hints into log files and verify the hints can be
found, the tests should verify that the artifacts in the deploy folder
are correctly signed. This is a much better test.
u-boot-tools provide a utility fit_check_sign which can verify the
signatures in fit images. Lets use it.

grepping in temp/run. or temp/log. files also does not work if the tasks
runs from sstate and the corresponding run file is not even generated.

(From OE-Core rev: 86e504b4f792eeadd67ea57dd71a62bcb4f16f02)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Adrian Freihofer 2024-07-04 09:09:39 +02:00 committed by Richard Purdie
parent 7889a5cd4b
commit 2c27b231f9
2 changed files with 77 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
meta-selftest/classes/test-mkimage-wrapper.bbclass
View File

@ -1,19 +0,0 @@
# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
# (in conjunction with kernel-fitimage.bbclass)
#
# SPDX-License-Identifier: MIT
#
UBOOT_MKIMAGE = "test_mkimage_wrapper"
UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
test_mkimage_wrapper() {
echo "### uboot-mkimage wrapper message"
uboot-mkimage "$@"
}
test_mkimage_signing_wrapper() {
echo "### uboot-mkimage signing wrapper message"
uboot-mkimage "$@"
}

118
meta/lib/oeqa/selftest/cases/fitimage.py
View File

@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase):
bitbake("u-boot-tools-native -c addto_recipe_sysroot") bitbake("u-boot-tools-native -c addto_recipe_sysroot")
return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native') return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
"""Verify the signature of a fit contfiguration
The fit_check_sign utility from u-boot-tools-native is called.
uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
"""
fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
if conf_name:
cmd += ' -c %s' % conf_name
result = runCmd(cmd)
self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
self.assertIn("Signature check OK", result.output)
@staticmethod
def _find_string_in_bin_file(file_path, search_string):
"""find stings in a binary file
Shell equivalent: strings "$1" | grep "$2" | wc -l
return number of matches
"""
found_positions = 0
with open(file_path, 'rb') as file:
byte = file.read(1)
current_position = 0
current_match = 0
while byte:
char = byte.decode('ascii', errors='ignore')
if char == search_string[current_match]:
current_match += 1
if current_match == len(search_string):
found_positions += 1
current_match = 0
else:
current_match = 0
current_position += 1
byte = file.read(1)
return found_positions
def test_fit_image(self): def test_fit_image(self):
""" """
Summary: Check if FIT image and Image Tree Source (its) are built Summary: Check if FIT image and Image Tree Source (its) are built
@ -113,19 +153,21 @@ FIT_DESC = "A model description"
Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon
work by Usama Arif <usama.arif@arm.com> work by Usama Arif <usama.arif@arm.com>
""" """
a_comment = "a smart comment"
config = """ config = """
# Enable creation of fitImage # Enable creation of fitImage
MACHINE = "beaglebone-yocto" MACHINE = "beaglebone-yocto"
KERNEL_IMAGETYPES += " fitImage " KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper " KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1" UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1" FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest" UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest" UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1" FIT_SIGN_INDIVIDUAL = "1"
UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'" UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
""" """ % a_comment
self.write_config(config) self.write_config(config)
# fitImage is created as part of linux recipe # fitImage is created as part of linux recipe
@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
value = values.get('Sign value', None) value = values.get('Sign value', None)
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for UBOOT_MKIMAGE_SIGN_ARGS # Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
result = runCmd('bitbake -e virtual/kernel | grep ^T=') # Looks like mkimage supports to add a comment but does not support to read it back.
tempdir = result.output.split('=', 1)[1].strip().strip('') found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True) self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
# Check for evidence of test-mkimage-wrapper class # Verify the signature for all configurations = DTBs
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True) for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work') self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True) os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
def test_uboot_fit_image(self): def test_uboot_fit_image(self):
""" """
@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description" UBOOT_FIT_DESC = "A model description"
KERNEL_IMAGETYPES += " fitImage " KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage " KERNEL_CLASSES = " kernel-fitimage "
INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1" UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1" FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
work by Paul Eggleton <paul.eggleton@microsoft.com> and work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com> Usama Arif <usama.arif@arm.com>
""" """
a_comment = "a smart U-Boot comment"
config = """ config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@ -437,7 +477,6 @@ SPL_BINARY = "MLO"
# The kernel-fitimage class is a dependency even if we're only # The kernel-fitimage class is a dependency even if we're only
# creating/signing the U-Boot fitImage # creating/signing the U-Boot fitImage
KERNEL_CLASSES = " kernel-fitimage" KERNEL_CLASSES = " kernel-fitimage"
INHERIT += "test-mkimage-wrapper"
# Enable creation and signing of the U-Boot fitImage # Enable creation and signing of the U-Boot fitImage
UBOOT_FITIMAGE_ENABLE = "1" UBOOT_FITIMAGE_ENABLE = "1"
SPL_SIGN_ENABLE = "1" SPL_SIGN_ENABLE = "1"
@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000"
UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm" UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'" SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_EXTLINUX = "0" UBOOT_EXTLINUX = "0"
UBOOT_FIT_GENERATE_KEYS = "1" UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256" UBOOT_FIT_HASH_ALG = "sha256"
""" """ % a_comment
self.write_config(config) self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe # The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader") bitbake("virtual/bootloader")
image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE') machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image, fitimage_its_path = os.path.join(deploy_dir_image,
@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS # Check for SPL_MKIMAGE_SIGN_ARGS
result = runCmd('bitbake -e virtual/bootloader | grep ^T=') # Looks like mkimage supports to add a comment but does not support to read it back.
tempdir = result.output.split('=', 1)[1].strip().strip('') found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
# Verify the signature
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
# Check for evidence of test-mkimage-wrapper class
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
def test_sign_cascaded_uboot_fit_image(self): def test_sign_cascaded_uboot_fit_image(self):
""" """
@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
work by Paul Eggleton <paul.eggleton@microsoft.com> and work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com> Usama Arif <usama.arif@arm.com>
""" """
a_comment = "a smart cascaded U-Boot comment"
config = """ config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb"
UBOOT_ENTRYPOINT = "0x80000000" UBOOT_ENTRYPOINT = "0x80000000"
UBOOT_LOADADDRESS = "0x80000000" UBOOT_LOADADDRESS = "0x80000000"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'" UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm" UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256" UBOOT_FIT_HASH_ALG = "sha256"
KERNEL_IMAGETYPES += " fitImage " KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage " KERNEL_CLASSES = " kernel-fitimage "
INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1" UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1" FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys" UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest" UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest" UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1" FIT_SIGN_INDIVIDUAL = "1"
""" """ % a_comment
self.write_config(config) self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe # The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader") bitbake("virtual/bootloader")
image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE') deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE') machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image, fitimage_its_path = os.path.join(deploy_dir_image,
@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section) self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS # Check for SPL_MKIMAGE_SIGN_ARGS
result = runCmd('bitbake -e virtual/bootloader | grep ^T=') # Looks like mkimage supports to add a comment but does not support to read it back.
tempdir = result.output.split('=', 1)[1].strip().strip('') found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True) self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
# Check for evidence of test-mkimage-wrapper class
result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
# Verify the signature
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
def test_initramfs_bundle(self): def test_initramfs_bundle(self):
@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256"
test_passed = True test_passed = True
self.assertTrue(test_passed == True,"Initramfs bundle test success") self.assertTrue(test_passed == True,"Initramfs bundle test success")
# Verify the signature
uboot_tools_sysroot_native = self._setup_uboot_tools_native()
self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))