From patchwork Sun Jul  9 13:33:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 1805274
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QzSnK6579z20WT
	for <incoming@patchwork.ozlabs.org>; Sun,  9 Jul 2023 23:35:33 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 1DD3286608;
	Sun,  9 Jul 2023 15:34:17 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 23D4A865DB; Sun,  9 Jul 2023 15:34:16 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
 SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
 version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id 0575E865DB
 for <u-boot@lists.denx.de>; Sun,  9 Jul 2023 15:34:13 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 652A01FB;
 Sun,  9 Jul 2023 06:34:54 -0700 (PDT)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.46.7])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E80083F762;
 Sun,  9 Jul 2023 06:34:09 -0700 (PDT)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Malte Schmidt <malte.schmidt-oss@weidmueller.com>,
 Tom Rini <trini@konsulko.com>, Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH v3 10/11] sandbox: capsule: Add a config file for generating
 capsules
Date: Sun,  9 Jul 2023 19:03:25 +0530
Message-Id: <20230709133326.1015483-11-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230709133326.1015483-1-sughosh.ganu@linaro.org>
References: <20230709133326.1015483-1-sughosh.ganu@linaro.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Support has been added to the mkeficapsule tool to generate capsules
by parsing the capsule parameters through a config file. Add a config
file for generating capsules. These capsules will be used for testing
the capsule update feature on sandbox platform.

Enable generation of capsules through the config file on the sandbox
variant.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
Changes since V2:
* New patch to add the capsule generation config file for sandbox.

 .azure-pipelines.yml                          |  1 +
 .gitlab-ci.yml                                |  1 +
 configs/sandbox_defconfig                     |  2 +
 test/py/conftest.py                           |  5 ++
 .../test_efi_capsule/sandbox_capsule_cfg.txt  | 75 +++++++++++++++++++
 5 files changed, 84 insertions(+)
 create mode 100644 test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt

diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
index 75075bbd07..cc196bf98c 100644
--- a/.azure-pipelines.yml
+++ b/.azure-pipelines.yml
@@ -403,6 +403,7 @@ stages:
           echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
           echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
           echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+          cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
           if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
               openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
               openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 577eebd678..614bf61962 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,6 +42,7 @@ stages:
     - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
     - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
     - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+    - cp test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt /tmp/capsules/;
     - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index d8a2386bb0..0f4c59e1a8 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -340,6 +340,8 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
 CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
 CONFIG_EFI_CAPSULE_AUTHENTICATE=y
 CONFIG_EFI_CAPSULE_ESL_FILE="/tmp/capsules/SIGNER.esl"
+CONFIG_EFI_CAPSULE_CFG_FILE="/tmp/capsules/sandbox_capsule_cfg.txt"
+CONFIG_EFI_USE_CAPSULE_CFG_FILE=y
 CONFIG_EFI_SECURE_BOOT=y
 CONFIG_TEST_FDTDEC=y
 CONFIG_UNIT_TEST=y
diff --git a/test/py/conftest.py b/test/py/conftest.py
index 661ed74fae..f32ab1a70c 100644
--- a/test/py/conftest.py
+++ b/test/py/conftest.py
@@ -161,6 +161,11 @@ def setup_capsule_build(source_dir, build_dir, board_type, log):
            )
     run_command(name, cmd, source_dir)
 
+    capsule_cfg_file = 'test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt'
+    name = 'cp'
+    cmd = ( ' cp %s %s' % (capsule_cfg_file, capsule_sig_dir))
+    run_command(name, cmd, source_dir)
+
     gen_capsule_payloads(capsule_sig_dir)
 
 def run_build(config, source_dir, build_dir, board_type, log):
diff --git a/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
new file mode 100644
index 0000000000..4e5065d538
--- /dev/null
+++ b/test/py/tests/test_efi_capsule/sandbox_capsule_cfg.txt
@@ -0,0 +1,75 @@
+{
+	image-index: 1
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test01
+}
+{
+	image-index: 2
+	image-guid: 5A7021F5-FEF2-48B4-AABA-832E777418C0
+	payload: /tmp/capsules/u-boot.env.new
+	capsule: /tmp/capsules/Test02
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test03
+
+}
+{
+	image-index: 1
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test04
+
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test05
+
+}
+{
+	image-index: 1
+	image-guid: 058B7D83-50D5-4C47-A195-60D86AD341C4
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test05
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test11
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER2.key
+	pub-key-cert: /tmp/capsules/SIGNER2.crt
+	image-guid: 09D7CF52-0720-4710-91D1-08469B7FE9C8
+	payload: /tmp/capsules/u-boot.bin.new
+	capsule: /tmp/capsules/Test12
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER.key
+	pub-key-cert: /tmp/capsules/SIGNER.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test13
+}
+{
+	image-index: 1
+	monotonic-count: 1
+	private-key: /tmp/capsules/SIGNER2.key
+	pub-key-cert: /tmp/capsules/SIGNER2.crt
+	image-guid: 3673B45D-6A7C-46F3-9E60-ADABB03F7937
+	payload: /tmp/capsules/uboot_bin_env.itb
+	capsule: /tmp/capsules/Test14
+}