oe-selftest: fitimage drop test-mkimage-wrapper

Rather than writing hints into log files and verify the hints can be found, the tests should verify that the artifacts in the deploy folder are correctly signed. This is a much better test. u-boot-tools provide a utility fit_check_sign which can verify the signatures in fit images. Lets use it. grepping in temp/run. or temp/log. files also does not work if the tasks runs from sstate and the corresponding run file is not even generated. (From OE-Core rev: 86e504b4f792eeadd67ea57dd71a62bcb4f16f02) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Adrian Freihofer <adrian.freihofer@siemens.com> 2024-07-04 09:09:39 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-07-13 23:28:30 +0100
commit: 2c27b231f900bb293be8f6b24732305291a1c5ae (patch)
tree: a97f2ba1f9900c50ac18d1e3c4c9d5648e18fdf6
parent: 7889a5cd4bff32ea5d7a049d3f78434364e36758 (diff)
download: poky-2c27b231f900bb293be8f6b24732305291a1c5ae.tar.gz
2 files changed, 77 insertions, 60 deletions
diff --git a/meta-selftest/classes/test-mkimage-wrapper.bbclass b/meta-selftest/classes/test-mkimage-wrapper.bbclass
deleted file mode 100644
index 7c98d7b71e..0000000000
--- a/meta-selftest/classes/test-mkimage-wrapper.bbclass
+++ /dev/null
@@ -1,19 +0,0 @@
-# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
-# (in conjunction with kernel-fitimage.bbclass)
-#
-# SPDX-License-Identifier: MIT
-#
-UBOOT_MKIMAGE = "test_mkimage_wrapper"
-UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
-test_mkimage_wrapper() {
-    echo "### uboot-mkimage wrapper message"
-    uboot-mkimage "$@"
-}
-test_mkimage_signing_wrapper() {
-    echo "### uboot-mkimage signing wrapper message"
-    uboot-mkimage "$@"
-}
diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py
index 15baf3b239..4891ac8010 100644
--- a/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase):
        bitbake("u-boot-tools-native -c addto_recipe_sysroot")
        return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
+    def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
+        """Verify the signature of a fit contfiguration
+        The fit_check_sign utility from u-boot-tools-native is called.
+        uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
+        """
+        fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
+        cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
+        if conf_name:
+            cmd += ' -c %s' % conf_name
+        result = runCmd(cmd)
+        self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
+        self.assertIn("Signature check OK", result.output)
+    @staticmethod
+    def _find_string_in_bin_file(file_path, search_string):
+        """find stings in a binary file
+        Shell equivalent: strings "$1" | grep "$2" | wc -l
+        return number of matches
+        """
+        found_positions = 0
+        with open(file_path, 'rb') as file:
+            byte = file.read(1)
+            current_position = 0
+            current_match = 0
+            while byte:
+                char = byte.decode('ascii', errors='ignore')
+                if char == search_string[current_match]:
+                    current_match += 1
+                    if current_match == len(search_string):
+                        found_positions += 1
+                        current_match = 0
+                else:
+                    current_match = 0
+                current_position += 1
+                byte = file.read(1)
+        return found_positions
    def test_fit_image(self):
        """
        Summary:     Check if FIT image and Image Tree Source (its) are built
@@ -113,19 +153,21 @@ FIT_DESC = "A model description"
        Author:      Paul Eggleton <paul.eggleton@microsoft.com> based upon
                     work by Usama Arif <usama.arif@arm.com>
        """
+        a_comment = "a smart comment"
        config = """
 # Enable creation of fitImage
 MACHINE = "beaglebone-yocto"
 KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper "
+KERNEL_CLASSES = " kernel-fitimage "
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
 UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
 UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
 FIT_SIGN_INDIVIDUAL = "1"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
-"""
+""" % a_comment
        self.write_config(config)
        # fitImage is created as part of linux recipe
@@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
            value = values.get('Sign value', None)
            self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
-        # Check for UBOOT_MKIMAGE_SIGN_ARGS
+        # Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
-        result = runCmd('bitbake -e virtual/kernel | grep ^T=')
+        # Looks like mkimage supports to add a comment but does not support to read it back.
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
-        result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True)
+        self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
-        # Check for evidence of test-mkimage-wrapper class
+        # Verify the signature for all configurations = DTBs
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
+        for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
+            self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
+                                             os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
    def test_uboot_fit_image(self):
        """
@@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000"
 UBOOT_FIT_DESC = "A model description"
 KERNEL_IMAGETYPES += " fitImage "
 KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
                     work by Paul Eggleton <paul.eggleton@microsoft.com> and
                     Usama Arif <usama.arif@arm.com>
        """
+        a_comment = "a smart U-Boot comment"
        config = """
 # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
 # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -437,7 +477,6 @@ SPL_BINARY = "MLO"
 # The kernel-fitimage class is a dependency even if we're only
 # creating/signing the U-Boot fitImage
 KERNEL_CLASSES = " kernel-fitimage"
-INHERIT += "test-mkimage-wrapper"
 # Enable creation and signing of the U-Boot fitImage
 UBOOT_FITIMAGE_ENABLE = "1"
 SPL_SIGN_ENABLE = "1"
@@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000"
 UBOOT_DTB_LOADADDRESS = "0x82000000"
 UBOOT_ARCH = "arm"
 SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
+SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
 UBOOT_EXTLINUX = "0"
 UBOOT_FIT_GENERATE_KEYS = "1"
 UBOOT_FIT_HASH_ALG = "sha256"
-"""
+""" % a_comment
        self.write_config(config)
        # The U-Boot fitImage is created as part of the U-Boot recipe
        bitbake("virtual/bootloader")
-        image_type = "core-image-minimal"
        deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
        machine = get_bb_var('MACHINE')
        fitimage_its_path = os.path.join(deploy_dir_image,
@@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256"
            self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
        # Check for SPL_MKIMAGE_SIGN_ARGS
-        result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
+        # Looks like mkimage supports to add a comment but does not support to read it back.
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
-        result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
+        self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
-        self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
+        # Verify the signature
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+                                         os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
-        # Check for evidence of test-mkimage-wrapper class
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
    def test_sign_cascaded_uboot_fit_image(self):
        """
@@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
                     work by Paul Eggleton <paul.eggleton@microsoft.com> and
                     Usama Arif <usama.arif@arm.com>
        """
+        a_comment = "a smart cascaded U-Boot comment"
        config = """
 # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
 # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb"
 UBOOT_ENTRYPOINT  = "0x80000000"
 UBOOT_LOADADDRESS = "0x80000000"
 UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
 UBOOT_DTB_LOADADDRESS = "0x82000000"
 UBOOT_ARCH = "arm"
 SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1"
 UBOOT_FIT_HASH_ALG = "sha256"
 KERNEL_IMAGETYPES += " fitImage "
 KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
 UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
 UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
 FIT_SIGN_INDIVIDUAL = "1"
-"""
+""" % a_comment
        self.write_config(config)
        # The U-Boot fitImage is created as part of the U-Boot recipe
        bitbake("virtual/bootloader")
-        image_type = "core-image-minimal"
        deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
        machine = get_bb_var('MACHINE')
        fitimage_its_path = os.path.join(deploy_dir_image,
@@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1"
            self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
        # Check for SPL_MKIMAGE_SIGN_ARGS
-        result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
+        # Looks like mkimage supports to add a comment but does not support to read it back.
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
-        result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
+        self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
-        self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
-        # Check for evidence of test-mkimage-wrapper class
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
+        # Verify the signature
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+                                         os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
    def test_initramfs_bundle(self):
@@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256"
            test_passed = True
            self.assertTrue(test_passed == True,"Initramfs bundle test success")
+        # Verify the signature
+        uboot_tools_sysroot_native = self._setup_uboot_tools_native()
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))
author	Adrian Freihofer <adrian.freihofer@siemens.com>	2024-07-04 09:09:39 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-07-13 23:28:30 +0100
commit	2c27b231f900bb293be8f6b24732305291a1c5ae (patch)
tree	a97f2ba1f9900c50ac18d1e3c4c9d5648e18fdf6
parent	7889a5cd4bff32ea5d7a049d3f78434364e36758 (diff)
download	poky-2c27b231f900bb293be8f6b24732305291a1c5ae.tar.gz

diff --git a/meta-selftest/classes/test-mkimage-wrapper.bbclass b/meta-selftest/classes/test-mkimage-wrapper.bbclass deleted file mode 100644 index 7c98d7b71e..0000000000 --- a/meta-selftest/classes/test-mkimage-wrapper.bbclass +++ /dev/null
@@ -1,19 +0,0 @@
1	# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
2	# (in conjunction with kernel-fitimage.bbclass)
3	#
4	# SPDX-License-Identifier: MIT
5	#
6
7	UBOOT_MKIMAGE = "test_mkimage_wrapper"
8	UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
9
10	test_mkimage_wrapper() {
11	echo "### uboot-mkimage wrapper message"
12	uboot-mkimage "$@"
13	}
14
15	test_mkimage_signing_wrapper() {
16	echo "### uboot-mkimage signing wrapper message"
17	uboot-mkimage "$@"
18	}
19


diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py index 15baf3b239..4891ac8010 100644 --- a/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase):
16	bitbake("u-boot-tools-native -c addto_recipe_sysroot")	16	bitbake("u-boot-tools-native -c addto_recipe_sysroot")
17	return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')	17	return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
18		18
		19	def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
		20	"""Verify the signature of a fit contfiguration
		21
		22	The fit_check_sign utility from u-boot-tools-native is called.
		23	uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
		24	"""
		25	fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
		26	cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
		27	if conf_name:
		28	cmd += ' -c %s' % conf_name
		29	result = runCmd(cmd)
		30	self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
		31	self.assertIn("Signature check OK", result.output)
		32
		33	@staticmethod
		34	def _find_string_in_bin_file(file_path, search_string):
		35	"""find stings in a binary file
		36
		37	Shell equivalent: strings "$1" \| grep "$2" \| wc -l
		38	return number of matches
		39	"""
		40	found_positions = 0
		41	with open(file_path, 'rb') as file:
		42	byte = file.read(1)
		43	current_position = 0
		44	current_match = 0
		45	while byte:
		46	char = byte.decode('ascii', errors='ignore')
		47	if char == search_string[current_match]:
		48	current_match += 1
		49	if current_match == len(search_string):
		50	found_positions += 1
		51	current_match = 0
		52	else:
		53	current_match = 0
		54	current_position += 1
		55	byte = file.read(1)
		56	return found_positions
		57
		58
19	def test_fit_image(self):	59	def test_fit_image(self):
20	"""	60	"""
21	Summary: Check if FIT image and Image Tree Source (its) are built	61	Summary: Check if FIT image and Image Tree Source (its) are built
@@ -113,19 +153,21 @@ FIT_DESC = "A model description"
113	Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon	153	Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon
114	work by Usama Arif <usama.arif@arm.com>	154	work by Usama Arif <usama.arif@arm.com>
115	"""	155	"""
		156	a_comment = "a smart comment"
116	config = """	157	config = """
117	# Enable creation of fitImage	158	# Enable creation of fitImage
118	MACHINE = "beaglebone-yocto"	159	MACHINE = "beaglebone-yocto"
119	KERNEL_IMAGETYPES += " fitImage "	160	KERNEL_IMAGETYPES += " fitImage "
120	KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper "	161	KERNEL_CLASSES = " kernel-fitimage "
121	UBOOT_SIGN_ENABLE = "1"	162	UBOOT_SIGN_ENABLE = "1"
122	FIT_GENERATE_KEYS = "1"	163	FIT_GENERATE_KEYS = "1"
123	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"	164	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
124	UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"	165	UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
125	UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"	166	UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
126	FIT_SIGN_INDIVIDUAL = "1"	167	FIT_SIGN_INDIVIDUAL = "1"
127	UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"	168	UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
128	"""	169	""" % a_comment
		170
129	self.write_config(config)	171	self.write_config(config)
130		172
131	# fitImage is created as part of linux recipe	173	# fitImage is created as part of linux recipe
@@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
227	value = values.get('Sign value', None)	269	value = values.get('Sign value', None)
228	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)	270	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
229		271
230	# Check for UBOOT_MKIMAGE_SIGN_ARGS	272	# Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
231	result = runCmd('bitbake -e virtual/kernel \| grep ^T=')	273	# Looks like mkimage supports to add a comment but does not support to read it back.
232	tempdir = result.output.split('=', 1)[1].strip().strip('')	274	found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
233	result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True)	275	self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
234	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
235		276
236	# Check for evidence of test-mkimage-wrapper class	277	# Verify the signature for all configurations = DTBs
237	result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)	278	for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
238	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')	279	self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
239	result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)	280	os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
240	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
241		281
242	def test_uboot_fit_image(self):	282	def test_uboot_fit_image(self):
243	"""	283	"""
@@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000"
354	UBOOT_FIT_DESC = "A model description"	394	UBOOT_FIT_DESC = "A model description"
355	KERNEL_IMAGETYPES += " fitImage "	395	KERNEL_IMAGETYPES += " fitImage "
356	KERNEL_CLASSES = " kernel-fitimage "	396	KERNEL_CLASSES = " kernel-fitimage "
357	INHERIT += "test-mkimage-wrapper"
358	UBOOT_SIGN_ENABLE = "1"	397	UBOOT_SIGN_ENABLE = "1"
359	FIT_GENERATE_KEYS = "1"	398	FIT_GENERATE_KEYS = "1"
360	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"	399	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
428	work by Paul Eggleton <paul.eggleton@microsoft.com> and	467	work by Paul Eggleton <paul.eggleton@microsoft.com> and
429	Usama Arif <usama.arif@arm.com>	468	Usama Arif <usama.arif@arm.com>
430	"""	469	"""
		470	a_comment = "a smart U-Boot comment"
431	config = """	471	config = """
432	# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at	472	# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
433	# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set	473	# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -437,7 +477,6 @@ SPL_BINARY = "MLO"
437	# The kernel-fitimage class is a dependency even if we're only	477	# The kernel-fitimage class is a dependency even if we're only
438	# creating/signing the U-Boot fitImage	478	# creating/signing the U-Boot fitImage
439	KERNEL_CLASSES = " kernel-fitimage"	479	KERNEL_CLASSES = " kernel-fitimage"
440	INHERIT += "test-mkimage-wrapper"
441	# Enable creation and signing of the U-Boot fitImage	480	# Enable creation and signing of the U-Boot fitImage
442	UBOOT_FITIMAGE_ENABLE = "1"	481	UBOOT_FITIMAGE_ENABLE = "1"
443	SPL_SIGN_ENABLE = "1"	482	SPL_SIGN_ENABLE = "1"
@@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000"
449	UBOOT_DTB_LOADADDRESS = "0x82000000"	488	UBOOT_DTB_LOADADDRESS = "0x82000000"
450	UBOOT_ARCH = "arm"	489	UBOOT_ARCH = "arm"
451	SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"	490	SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
452	SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"	491	SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
453	UBOOT_EXTLINUX = "0"	492	UBOOT_EXTLINUX = "0"
454	UBOOT_FIT_GENERATE_KEYS = "1"	493	UBOOT_FIT_GENERATE_KEYS = "1"
455	UBOOT_FIT_HASH_ALG = "sha256"	494	UBOOT_FIT_HASH_ALG = "sha256"
456	"""	495	""" % a_comment
		496
457	self.write_config(config)	497	self.write_config(config)
458		498
459	# The U-Boot fitImage is created as part of the U-Boot recipe	499	# The U-Boot fitImage is created as part of the U-Boot recipe
460	bitbake("virtual/bootloader")	500	bitbake("virtual/bootloader")
461		501
462	image_type = "core-image-minimal"
463	deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')	502	deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
464	machine = get_bb_var('MACHINE')	503	machine = get_bb_var('MACHINE')
465	fitimage_its_path = os.path.join(deploy_dir_image,	504	fitimage_its_path = os.path.join(deploy_dir_image,
@@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256"
543	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)	582	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
544		583
545	# Check for SPL_MKIMAGE_SIGN_ARGS	584	# Check for SPL_MKIMAGE_SIGN_ARGS
546	result = runCmd('bitbake -e virtual/bootloader \| grep ^T=')	585	# Looks like mkimage supports to add a comment but does not support to read it back.
547	tempdir = result.output.split('=', 1)[1].strip().strip('')	586	found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
548	result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)	587	self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
549	self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')	588
		589	# Verify the signature
		590	self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
		591	os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
550		592
551	# Check for evidence of test-mkimage-wrapper class
552	result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
553	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
554	result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
555	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
556		593
557	def test_sign_cascaded_uboot_fit_image(self):	594	def test_sign_cascaded_uboot_fit_image(self):
558	"""	595	"""
@@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
574	work by Paul Eggleton <paul.eggleton@microsoft.com> and	611	work by Paul Eggleton <paul.eggleton@microsoft.com> and
575	Usama Arif <usama.arif@arm.com>	612	Usama Arif <usama.arif@arm.com>
576	"""	613	"""
		614	a_comment = "a smart cascaded U-Boot comment"
577	config = """	615	config = """
578	# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at	616	# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
579	# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set	617	# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb"
589	UBOOT_ENTRYPOINT = "0x80000000"	627	UBOOT_ENTRYPOINT = "0x80000000"
590	UBOOT_LOADADDRESS = "0x80000000"	628	UBOOT_LOADADDRESS = "0x80000000"
591	UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"	629	UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
592	UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'"	630	UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
593	UBOOT_DTB_LOADADDRESS = "0x82000000"	631	UBOOT_DTB_LOADADDRESS = "0x82000000"
594	UBOOT_ARCH = "arm"	632	UBOOT_ARCH = "arm"
595	SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"	633	SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1"
599	UBOOT_FIT_HASH_ALG = "sha256"	637	UBOOT_FIT_HASH_ALG = "sha256"
600	KERNEL_IMAGETYPES += " fitImage "	638	KERNEL_IMAGETYPES += " fitImage "
601	KERNEL_CLASSES = " kernel-fitimage "	639	KERNEL_CLASSES = " kernel-fitimage "
602	INHERIT += "test-mkimage-wrapper"
603	UBOOT_SIGN_ENABLE = "1"	640	UBOOT_SIGN_ENABLE = "1"
604	FIT_GENERATE_KEYS = "1"	641	FIT_GENERATE_KEYS = "1"
605	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"	642	UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
606	UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"	643	UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
607	UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"	644	UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
608	FIT_SIGN_INDIVIDUAL = "1"	645	FIT_SIGN_INDIVIDUAL = "1"
609	"""	646	""" % a_comment
610	self.write_config(config)	647	self.write_config(config)
611		648
612	# The U-Boot fitImage is created as part of the U-Boot recipe	649	# The U-Boot fitImage is created as part of the U-Boot recipe
613	bitbake("virtual/bootloader")	650	bitbake("virtual/bootloader")
614		651
615	image_type = "core-image-minimal"
616	deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')	652	deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
617	machine = get_bb_var('MACHINE')	653	machine = get_bb_var('MACHINE')
618	fitimage_its_path = os.path.join(deploy_dir_image,	654	fitimage_its_path = os.path.join(deploy_dir_image,
@@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1"
696	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)	732	self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
697		733
698	# Check for SPL_MKIMAGE_SIGN_ARGS	734	# Check for SPL_MKIMAGE_SIGN_ARGS
699	result = runCmd('bitbake -e virtual/bootloader \| grep ^T=')	735	# Looks like mkimage supports to add a comment but does not support to read it back.
700	tempdir = result.output.split('=', 1)[1].strip().strip('')	736	found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
701	result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)	737	self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
702	self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
703
704	# Check for evidence of test-mkimage-wrapper class
705	result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
706	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
707	result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
708	self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
709		738
		739	# Verify the signature
		740	self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
		741	os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
710		742
711		743
712	def test_initramfs_bundle(self):	744	def test_initramfs_bundle(self):
@@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256"
843		875
844	test_passed = True	876	test_passed = True
845	self.assertTrue(test_passed == True,"Initramfs bundle test success")	877	self.assertTrue(test_passed == True,"Initramfs bundle test success")
		878
		879	# Verify the signature
		880	uboot_tools_sysroot_native = self._setup_uboot_tools_native()
		881	self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))