{"id":2198154,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2198154/?format=json","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.0/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260219132552.1499698-9-philippe.reynes@softathome.com>","date":"2026-02-19T13:25:51","name":"[RFC,v2,8/9] test: py: vboot: prepare integration test for ecdsa","commit_ref":null,"pull_url":null,"state":"rfc","archived":false,"hash":"8b09e9d675234cbf630cc90545d794089d15e2ff","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/1.0/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":{"id":3651,"url":"http://patchwork.ozlabs.org/api/1.0/users/3651/?format=json","username":"trini","first_name":"Tom","last_name":"Rini","email":"trini@ti.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260219132552.1499698-9-philippe.reynes@softathome.com/mbox/","series":[{"id":492675,"url":"http://patchwork.ozlabs.org/api/1.0/series/492675/?format=json","date":"2026-02-19T13:25:49","name":"add software ecdsa support","version":2,"mbox":"http://patchwork.ozlabs.org/series/492675/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2198154/checks/","tags":{},"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=n9sapkHL;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"n9sapkHL\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGvM41zLrz1xpY\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 20 Feb 2026 00:27:44 +1100 (AEDT)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 95F1683EC6;\n\tThu, 19 Feb 2026 14:26:25 +0100 (CET)","by phobos.denx.de (Postfix, from userid 109)\n id 209F583E7A; Thu, 19 Feb 2026 14:26:20 +0100 (CET)","from MRZP264CU002.outbound.protection.outlook.com\n (mail-francesouthazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c207::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id C246083AC5\n for <u-boot@lists.denx.de>; Thu, 19 Feb 2026 14:26:17 +0100 (CET)","from PA7P264CA0482.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:3dc::10)\n by MRZP264MB2103.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:a::5) with\n Microsoft\n SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n 15.20.9632.13; Thu, 19 Feb 2026 13:26:10 +0000","from PA3PEPF000089B8.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:3dc:cafe::9c) by PA7P264CA0482.outlook.office365.com\n (2603:10a6:102:3dc::10) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.15 via Frontend Transport; Thu,\n 19 Feb 2026 13:26:10 +0000","from proxy.softathome.com (149.6.166.170) by\n PA3PEPF000089B8.mail.protection.outlook.com (10.167.242.20) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.12\n via Frontend Transport; Thu, 19 Feb 2026 13:26:10 +0000","from sah1lpt726.home (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id 3D27120737;\n Thu, 19 Feb 2026 14:26:10 +0100 (CET)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=MFzPcJ/DVq2fhk3N/SicoaypNfX+wb11XMDyDzYx5dzI0tFiuJt23kGb/5DNJv+mDPXViLsOSRKzyfYW9oYrZe+NfenspiDQ9lEJ5IK+nv2WTNGFM3JKtmu2EQhSvXwiXt7v6BJKF5qb6Bvd4oKwr0GoJ/V3cDF1+oj+6VWo0rncXKYMdp+ZHcSiKk0qGA/L0mRVtrjIXLtYjTN5yWWvSW/uuycJvqUGUK8ipoHwbLqohyz2nYCcPb8xL0MRSbK/s/QslzUPvh5ReWE8HXAaUqbQPekkha+TrnUgo24Ns+8MgrerR/VeOM3xpv1Kz7OzQwsDHu+IE6+NMFE5gOI1JQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=aVS1ROdBp73KJ/sMuX8wDMBYMnHZYRpsDNu+W4wY94E=;\n b=wso0KVY1BUa2Gu6msKBYQCw5eoHXq36VAwQb6nQ/sx0eEtcdTjgfaiI2PBAscqA/C2OX7Ou69/3Mnhk2gTXvURnmMzrFg+md5QW7gwb5YoCxakXLR4lPo1raL3nZJkSk9kXqxd8J7laKrLE7zOQvc8T4lw7UT6M3dVA7lkRo9F2H4Vo2UsNHJVla6sHT10gohRUsQgj16bujisltusavdpdF64WrneIcRPO7bjADS9o5BQzx3BnFNM7F707x2gqK1S8sy10FPvA7WoOdT+QSqxjoTYVtL2OiU/CyOsWtOhy4zGIvMRC5oepQoNZV3Ivz7rSwNGKWvOCc+E3GtXyNQA==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=gmail.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=aVS1ROdBp73KJ/sMuX8wDMBYMnHZYRpsDNu+W4wY94E=;\n b=n9sapkHLAytbvMKk+jWfle4go0bv0Q/Um06eGsZMyFzGpmUVOQhpQPvhJhx+p9Ri5QTE8DIvhDnm5GkaYNxvzZ3/TddhnlynBfbG2GsVAtTZrACdyHuPdN+Paiu4Pha6Tgzf1gvt4gNuHMeHjV8K5VooRY5GxRV6uLTwqg1EhLpL+UUUrzgluyxKuldd9YBJ20X6UW5+jzKx9xK8je4wbzDCmwtfIkCLeg55gtjcqzvtAbErTQ7+KN5DDDd/cQqlBk5wfy3HE0TsPj/6vNYn4siMJnLsCwTc9fHDnid+3w3UCWWioWju8tCUWoXSPskXVQPCjk/S1J02kWybCTfFTw==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes <philippe.reynes@softathome.com>","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com","Cc":"u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>","Subject":"[RFC PATCH v2 8/9] test: py: vboot: prepare integration test for\n ecdsa","Date":"Thu, 19 Feb 2026 14:25:51 +0100","Message-ID":"<20260219132552.1499698-9-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260219132552.1499698-1-philippe.reynes@softathome.com>","References":"<20260219132552.1499698-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA3PEPF000089B8:EE_|MRZP264MB2103:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"2006713c-91f6-4143-0c92-08de6fba7246","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|1800799024|36860700013|82310400026|376014|7142099003;","X-Microsoft-Antispam-Message-Info":"\n Qv1NtXNzvP3nNEyXMMhpzcd+6jujqadUv+zaPngCXg/NDgE9UdCvNQvKbV6Y6c1bZKWxKDUTSWxNOABAbZXiNjYnKHeG2Ibe9ypHzwS9avPd1PfpgtiD5y9kHV611O3Z3TC7jVHBQCqsZG02tKOKsjNePE+KStuDLaALALAWhgEv/A16kIJ2mkHgOMhTDrbFl1iJvPx5HvMqXZI4IKgRKUrlWDtuZHxMLYkeYceXNQEwzzv6Sc7etsmT5cZM3Qm8CODkDM/KJtGi/ktE6TQezuBE1FH2njYkpdNC0ULT64XeS3uff01GyQNvAJ8sXNGw4vzcKd189Uou6z4BirMLF5i7W7jx5Ehiz+lYa2R5Us1kbIyXdbVa9CRWDttYMevQnmAiXH5xXt0euILZGdgW749LDn7mEDH3xVDUXGprStQa8Ut4y8Qo8uMSFCN212Ipb8U1kGKF6gSdieVF5obY5aPfXlOVhoSGaGm3DHTRzJhRtWqebeGKi66bfwxzHTnrCuHTIZ1qE6eE05vITZ2nykYy0nX0FAvIhTIdi38t7itfIgtCq5MfveZdb5NEAVIbR23ux4AbOIkdG10MKytLJM3N23onVWm2oZe/hW1PgUFWRsHmmFC6E98k3JOF27U4/Umkz1K7gisE5WYZZN86aVss8IHvRoTwwLEDC5kQVsj6oOeSgr7swFzKkJHeNKqeYF8kPdDkPjboouo9GkVaei3KX8jrLuus1TqSsV9Aai0dSH6/FfttMlUUuVWer5t9ctV2fyVQg1en/Ud6W8TFeDK3uRBnXEqNEZlNKsQUxBbeA+UbM6qY1O0V7NteZzqQAFBHtBxEKTEjKgzSREVJr4VY5/Lq3/0eUmuBZ43cUytqm1stQaxrB9qXHgG9XP4+J743RLFn3c6k5yGzUredhqArM/SFOiIg3vGirTG+o7WeUugbZ1ebya+99fteNctGoIIZCJ6Rmhised/2kh/QIDHPg3/G4Bk7TDh1U4TArbR1/oQ9z44OUdKRSia5S91A9U8QQmPGVTJgLYpDsG1/hXfnrn4b1cU3Bee392YcoO9APApvXpFI27INGawqoP43LuohMUU1MyFyCDkfz7PUWeCtqwS38xcZn3bKj3OZdGA9BGVEk8uiyOaTbhs88hWHxM2Ol4mmtuUHxH/3kCVit3i4CvMoe7E6L5whZIEYjkg/hAXqOp443Dr7rYR+goTUzrjn6+73pnC7lMOjA7T2CY3obhDJ9Pssgl13FIm3Cdh8GjRywEH66SZ9DgKuq1ZqKXQMrT6M5SMGYdIpqF06LIaAf8/rjBNMfwKQgTxB7VqsUSKERX+f7mcwk2WxtxpAqyN6jdXNU/Gtb4XhHfeXhruFIiA9EqvGsboQRcMGz6zyZT7c9UjUtjsiHcaYwZ5ccW8uL8UHAYdMeRgrG1oT96VJP1/L4+1RFbx1gk6FCqBD5BKz9fs0Rpo0/QTq2PIvnHTUGpTMLMFQKGrF+r0zuERyaf3dCC0SgSKiquG5gwANuQ2U7TrpviXXb+AN9gYCt25OHcZXvOlOO0FN8zDjV58p1HohZk0UEMry34a6oVNoblAzsksoczlHvhJl70fsrBUfSsXF6QtRcaZ7xfUrUV+fgjW6VtS/ELtdLpm0gATghaV8UhLmgFMkU2AMoJ19gRn2qsBl0G/Oz74Fd4xQhA==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014)(7142099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n JRjISWZS8W0JpLI73gULXTVDbDPzZHnnPIhMxX1MNJJ5gxByyJct3kh7ZohJk7PkTLq20zH8aUlUAeH+IIWGC/WchqJh9bjLJL2hOd6c7dczYHr08zobwmwBBSrLt1O+yoDm3iBQVjZ9oageqOw0b+F8vM6KHKKkKe5SwD/O0ZbAE2CSPsmN5/iI3Bq84linfkomBtKjkS4T24WOThqkPL7gfyYFc5MnZfrhVwD2xX8E/lqhM4Grg0JVFOmilVWH0213w8c7YLXcCPUJokhZyEB8lXk0MG7FenWSDFQPHy28rcFe8ksoo+oKfUfLj+lHGws2h8eGVCAwN60brUTODM9HOpjJZGMcjiz5r1BVgrfpL9pBflinxLrzUe9LUXXX/rnMd3EGeVNr2WBZTabry6uKuRnhBYczR+T8DkhSNI20stZTbHzub2Bd7WxvkYNJ","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"19 Feb 2026 13:26:10.4520 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n 2006713c-91f6-4143-0c92-08de6fba7246","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"PA3PEPF000089B8.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"MRZP264MB2103","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"The vboot tests only consider rsa algo for signature.\nTo prepare the integration of ecdsa test, the signature\nalgo is now explicit.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv2:\n- initial version\n\n test/py/tests/test_fit_ecdsa.py               |  2 +-\n test/py/tests/test_vboot.py                   | 99 ++++++++++---------\n ....its => sign-configs-sha1-rsa2048-pss.its} |  0\n ...sha1.its => sign-configs-sha1-rsa2048.its} |  0\n ... sign-configs-sha256-rsa2048-pss-prod.its} |  0\n ...ts => sign-configs-sha256-rsa2048-pss.its} |  0\n ...56.its => sign-configs-sha256-rsa2048.its} |  0\n ...84.its => sign-configs-sha384-rsa3072.its} |  0\n ...s.its => sign-images-sha1-rsa2048-pss.its} |  0\n ...-sha1.its => sign-images-sha1-rsa2048.its} |  0\n ...its => sign-images-sha256-rsa2048-pss.its} |  0\n ...256.its => sign-images-sha256-rsa2048.its} |  0\n ...384.its => sign-images-sha384-rsa3072.its} |  0\n 13 files changed, 51 insertions(+), 50 deletions(-)\n rename test/py/tests/vboot/{sign-configs-sha1-pss.its => sign-configs-sha1-rsa2048-pss.its} (100%)\n rename test/py/tests/vboot/{sign-configs-sha1.its => sign-configs-sha1-rsa2048.its} (100%)\n rename test/py/tests/vboot/{sign-configs-sha256-pss-prod.its => sign-configs-sha256-rsa2048-pss-prod.its} (100%)\n rename test/py/tests/vboot/{sign-configs-sha256-pss.its => sign-configs-sha256-rsa2048-pss.its} (100%)\n rename test/py/tests/vboot/{sign-configs-sha256.its => sign-configs-sha256-rsa2048.its} (100%)\n rename test/py/tests/vboot/{sign-configs-sha384.its => sign-configs-sha384-rsa3072.its} (100%)\n rename test/py/tests/vboot/{sign-images-sha1-pss.its => sign-images-sha1-rsa2048-pss.its} (100%)\n rename test/py/tests/vboot/{sign-images-sha1.its => sign-images-sha1-rsa2048.its} (100%)\n rename test/py/tests/vboot/{sign-images-sha256-pss.its => sign-images-sha256-rsa2048-pss.its} (100%)\n rename test/py/tests/vboot/{sign-images-sha256.its => sign-images-sha256-rsa2048.its} (100%)\n rename test/py/tests/vboot/{sign-images-sha384.its => sign-images-sha384-rsa3072.its} (100%)","diff":"diff --git a/test/py/tests/test_fit_ecdsa.py b/test/py/tests/test_fit_ecdsa.py\nindex 3e816d68eb6..e59390374af 100644\n--- a/test/py/tests/test_fit_ecdsa.py\n+++ b/test/py/tests/test_fit_ecdsa.py\n@@ -102,7 +102,7 @@ def test_fit_ecdsa(ubman):\n     with open(key_file, 'w') as f:\n         f.write(key.export_key(format='PEM'))\n \n-    assemble_fit_image(fit_file, f'{datadir}/sign-images-sha256.its', tempdir)\n+    assemble_fit_image(fit_file, f'{datadir}/sign-images-sha256-rsa2048.its', tempdir)\n \n     fit = SignableFitImage(ubman, fit_file)\n     nodes = fit.find_signable_image_nodes()\ndiff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py\nindex 7a7f9c379de..fd1bf6eb8aa 100644\n--- a/test/py/tests/test_vboot.py\n+++ b/test/py/tests/test_vboot.py\n@@ -84,21 +84,21 @@ def make_fit(its, ubman, mkimage, dtc_args, datadir, fit):\n # Only run the full suite on a few combinations, since it doesn't add any more\n # test coverage.\n TESTDATA_IN = [\n-    ['sha1-basic', 'sha1', '', None, False, True, False, False],\n-    ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False, False],\n-    ['sha1-pss', 'sha1', '-pss', None, False, False, False, False],\n-    ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False, False],\n-    ['sha256-basic', 'sha256', '', None, False, False, False, False],\n-    ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False, False],\n-    ['sha256-pss', 'sha256', '-pss', None, False, False, False, False],\n-    ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False, False],\n-    ['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False],\n-    ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False, False],\n-    ['sha384-basic', 'sha384', '', None, False, False, False, False],\n-    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False, False],\n-    ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, False],\n-    ['sha256-global-sign', 'sha256', '', '', False, False, False, True],\n-    ['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, True],\n+    ['sha1-basic', 'sha1', '-rsa2048', '', None, False, True, False, False],\n+    ['sha1-pad', 'sha1', '-rsa2048', '', '-E -p 0x10000', False, False, False, False],\n+    ['sha1-pss', 'sha1', '-rsa2048', '-pss', None, False, False, False, False],\n+    ['sha1-pss-pad', 'sha1', '-rsa2048', '-pss', '-E -p 0x10000', False, False, False, False],\n+    ['sha256-basic', 'sha256', '-rsa2048', '', None, False, False, False, False],\n+    ['sha256-pad', 'sha256', '-rsa2048', '', '-E -p 0x10000', False, False, False, False],\n+    ['sha256-pss', 'sha256', '-rsa2048', '-pss', None, False, False, False, False],\n+    ['sha256-pss-pad', 'sha256', '-rsa2048', '-pss', '-E -p 0x10000', False, False, False, False],\n+    ['sha256-pss-required', 'sha256', '-rsa2048', '-pss', None, True, False, False, False],\n+    ['sha256-pss-pad-required', 'sha256', '-rsa2048', '-pss', '-E -p 0x10000', True, True, False, False],\n+    ['sha384-basic', 'sha384', '-rsa3072', '', None, False, False, False, False],\n+    ['sha384-pad', 'sha384', '-rsa3072', '', '-E -p 0x10000', False, False, False, False],\n+    ['algo-arg', 'algo-arg', '', '', '-o sha256,rsa2048', False, False, True, False],\n+    ['sha256-global-sign', 'sha256', '-rsa2048', '', '', False, False, False, True],\n+    ['sha256-global-sign-pss', 'sha256', '-rsa2048', '-pss', '', False, False, False, True],\n ]\n \n # Mark all but the first test as slow, so they are not run with '-k not slow'\n@@ -111,9 +111,9 @@ TESTDATA += [pytest.param(*v, marks=pytest.mark.slow) for v in TESTDATA_IN[1:]]\n @pytest.mark.requiredtool('fdtget')\n @pytest.mark.requiredtool('fdtput')\n @pytest.mark.requiredtool('openssl')\n-@pytest.mark.parametrize(\"name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign\",\n+@pytest.mark.parametrize(\"name,sha_algo,sig_algo,padding,sign_options,required,full_test,algo_arg,global_sign\",\n                          TESTDATA)\n-def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n+def test_vboot(ubman, name, sha_algo, sig_algo, padding, sign_options, required,\n                full_test, algo_arg, global_sign):\n     \"\"\"Test verified boot signing with mkimage and verification with 'bootm'.\n \n@@ -287,7 +287,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n         utils.run_and_log(ubman, 'openssl req -batch -new -x509 -key %s%s.key '\n                           '-out %s%s.crt' % (tmpdir, name, tmpdir, name))\n \n-    def test_with_algo(sha_algo, padding, sign_options):\n+    def test_with_algo(sha_algo, sig_algo, padding, sign_options):\n         \"\"\"Test verified boot with the given hash algorithm.\n \n         This is the main part of the test code. The same procedure is followed\n@@ -308,7 +308,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n \n         # Build the FIT, but don't sign anything yet\n         ubman.log.action('%s: Test FIT with signed images' % sha_algo)\n-        make_fit('sign-images-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-images-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         run_bootm(sha_algo, 'unsigned images', ' - OK' if algo_arg else 'dev-', True)\n \n         # Sign images with our dev keys\n@@ -319,7 +319,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n         dtc('sandbox-u-boot.dts', ubman, dtc_args, datadir, tmpdir, dtb)\n \n         ubman.log.action('%s: Test FIT with signed configuration' % sha_algo)\n-        make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         run_bootm(sha_algo, 'unsigned config', '%s+ OK' % ('sha256' if algo_arg else sha_algo), True)\n \n         # Sign images with our dev keys\n@@ -369,7 +369,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n             run_bootm(sha_algo, 'evil kernel@', msg, False, efit)\n \n         # Create a new properly signed fit and replace header bytes\n-        make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         sign_fit(sha_algo, sign_options)\n         bcfg = ubman.config.buildconfig\n         max_size = int(bcfg.get('config_fit_signature_max_size', 0x10000000), 0)\n@@ -401,7 +401,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n             ubman, [fit_check_sign, '-f', fit, '-k', dtb],\n             1, 'Failed to verify required signature')\n \n-    def test_required_key(sha_algo, padding, sign_options):\n+    def test_required_key(sha_algo, sig_algo, padding, sign_options):\n         \"\"\"Test verified boot with the given hash algorithm.\n \n         This function tests if U-Boot rejects an image when a required key isn't\n@@ -423,12 +423,12 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n \n         # Build the FIT with prod key (keys required) and sign it. This puts the\n         # signature into sandbox-u-boot.dtb, marked 'required'\n-        make_fit('sign-configs-%s%s-prod.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s-prod.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         sign_fit(sha_algo, sign_options)\n \n         # Build the FIT with dev key (keys NOT required). This adds the\n         # signature into sandbox-u-boot.dtb, NOT marked 'required'.\n-        make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         sign_fit_norequire(sha_algo, sign_options)\n \n         # So now sandbox-u-boot.dtb two signatures, for the prod and dev keys.\n@@ -440,7 +440,7 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n \n         # Build the FIT with dev key (keys required) and sign it. This puts the\n         # signature into sandbox-u-boot.dtb, marked 'required'.\n-        make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n         sign_fit(sha_algo, sign_options)\n \n         # Set the required-mode policy to \"any\".\n@@ -520,8 +520,9 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n     dtb = '%ssandbox-u-boot.dtb' % tmpdir\n     sig_node = '/configurations/conf-1/signature'\n \n-    create_rsa_pair('dev')\n-    create_rsa_pair('prod')\n+    if sig_algo == \"-rsa2048\" or sig_algo == \"-rsa3072\" or sig_algo == \"\":\n+        create_rsa_pair('dev')\n+        create_rsa_pair('prod')\n \n     # Create a number kernel image with zeroes\n     with open('%stest-kernel.bin' % tmpdir, 'wb') as fd:\n@@ -540,9 +541,9 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n         if global_sign:\n             test_global_sign(sha_algo, padding, sign_options)\n         elif required:\n-            test_required_key(sha_algo, padding, sign_options)\n+            test_required_key(sha_algo, sig_algo, padding, sign_options)\n         else:\n-            test_with_algo(sha_algo, padding, sign_options)\n+            test_with_algo(sha_algo, sig_algo, padding, sign_options)\n     finally:\n         # Go back to the original U-Boot with the correct dtb.\n         ubman.config.dtb = old_dtb\n@@ -550,21 +551,21 @@ def test_vboot(ubman, name, sha_algo, padding, sign_options, required,\n \n \n TESTDATA_IN = [\n-    ['sha1-basic', 'sha1', '', None, False],\n-    ['sha1-pad', 'sha1', '', '-E -p 0x10000', False],\n-    ['sha1-pss', 'sha1', '-pss', None, False],\n-    ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False],\n-    ['sha256-basic', 'sha256', '', None, False],\n-    ['sha256-pad', 'sha256', '', '-E -p 0x10000', False],\n-    ['sha256-pss', 'sha256', '-pss', None, False],\n-    ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False],\n-    ['sha256-pss-required', 'sha256', '-pss', None, False],\n-    ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', False],\n-    ['sha384-basic', 'sha384', '', None, False],\n-    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False],\n-    ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', True],\n-    ['sha256-global-sign', 'sha256', '', '', False],\n-    ['sha256-global-sign-pss', 'sha256', '-pss', '', False],\n+    ['sha1-basic', 'sha1', '-rsa2048', '', None, False],\n+    ['sha1-pad', 'sha1', '-rsa2048', '', '-E -p 0x10000', False],\n+    ['sha1-pss', 'sha1', '-rsa2048', '-pss', None, False],\n+    ['sha1-pss-pad', 'sha1', '-rsa2048', '-pss', '-E -p 0x10000', False],\n+    ['sha256-basic', 'sha256', '-rsa2048', '', None, False],\n+    ['sha256-pad', 'sha256', '-rsa2048', '', '-E -p 0x10000', False],\n+    ['sha256-pss', 'sha256', '-rsa2048', '-pss', None, False],\n+    ['sha256-pss-pad', 'sha256', '-rsa2048', '-pss', '-E -p 0x10000', False],\n+    ['sha256-pss-required', 'sha256', '-rsa2048', '-pss', None, False],\n+    ['sha256-pss-pad-required', 'sha256', '-rsa2048' , '-pss', '-E -p 0x10000', False],\n+    ['sha384-basic', 'sha384', '-rsa3072', '', None, False],\n+    ['sha384-pad', 'sha384', '-rsa3072', '', '-E -p 0x10000', False],\n+    ['algo-arg', 'algo-arg', '', '', '-o sha256,rsa2048', True],\n+    ['sha256-global-sign', 'sha256', '-rsa2048', '', '', False],\n+    ['sha256-global-sign-pss', 'sha256', '-rsa2048', '-pss', '', False],\n ]\n \n # Mark all but the first test as slow, so they are not run with '-k not slow'\n@@ -575,8 +576,8 @@ TESTDATA += [pytest.param(*v, marks=pytest.mark.slow) for v in TESTDATA_IN[1:]]\n @pytest.mark.buildconfigspec('fit_signature')\n @pytest.mark.requiredtool('dtc')\n @pytest.mark.requiredtool('openssl')\n-@pytest.mark.parametrize(\"name,sha_algo,padding,sign_options,algo_arg\", TESTDATA)\n-def test_fdt_add_pubkey(ubman, name, sha_algo, padding, sign_options, algo_arg):\n+@pytest.mark.parametrize(\"name,sha_algo,sig_algo,padding,sign_options,algo_arg\", TESTDATA)\n+def test_fdt_add_pubkey(ubman, name, sha_algo, sig_algo, padding, sign_options, algo_arg):\n     \"\"\"Test fdt_add_pubkey utility with bunch of different algo options.\"\"\"\n \n     def sign_fit(sha_algo, options):\n@@ -595,7 +596,7 @@ def test_fdt_add_pubkey(ubman, name, sha_algo, padding, sign_options, algo_arg):\n         ubman.log.action('%s: Sign images' % sha_algo)\n         utils.run_and_log(ubman, args)\n \n-    def test_add_pubkey(sha_algo, padding, sign_options):\n+    def test_add_pubkey(sha_algo, sig_algo, padding, sign_options):\n         \"\"\"Test fdt_add_pubkey utility with given hash algorithm and padding.\n \n         This function tests if fdt_add_pubkey utility may add public keys into dtb.\n@@ -618,7 +619,7 @@ def test_fdt_add_pubkey(ubman, name, sha_algo, padding, sign_options, algo_arg):\n                             'rsa3072' if sha_algo == 'sha384' else 'rsa2048'),\n                            '-k', tmpdir, '-n', 'dev', '-r', 'conf', dtb])\n \n-        make_fit('sign-configs-%s%s.its' % (sha_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n+        make_fit('sign-configs-%s%s%s.its' % (sha_algo, sig_algo, padding), ubman, mkimage, dtc_args, datadir, fit)\n \n         # Sign images with our dev keys\n         sign_fit(sha_algo, sign_options)\n@@ -640,4 +641,4 @@ def test_fdt_add_pubkey(ubman, name, sha_algo, padding, sign_options, algo_arg):\n \n     # keys created in test_vboot test\n \n-    test_add_pubkey(sha_algo, padding, sign_options)\n+    test_add_pubkey(sha_algo, sig_algo, padding, sign_options)\ndiff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-rsa2048-pss.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha1-pss.its\nrename to test/py/tests/vboot/sign-configs-sha1-rsa2048-pss.its\ndiff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1-rsa2048.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha1.its\nrename to test/py/tests/vboot/sign-configs-sha1-rsa2048.its\ndiff --git a/test/py/tests/vboot/sign-configs-sha256-pss-prod.its b/test/py/tests/vboot/sign-configs-sha256-rsa2048-pss-prod.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha256-pss-prod.its\nrename to test/py/tests/vboot/sign-configs-sha256-rsa2048-pss-prod.its\ndiff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-rsa2048-pss.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha256-pss.its\nrename to test/py/tests/vboot/sign-configs-sha256-rsa2048-pss.its\ndiff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256-rsa2048.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha256.its\nrename to test/py/tests/vboot/sign-configs-sha256-rsa2048.its\ndiff --git a/test/py/tests/vboot/sign-configs-sha384.its b/test/py/tests/vboot/sign-configs-sha384-rsa3072.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-configs-sha384.its\nrename to test/py/tests/vboot/sign-configs-sha384-rsa3072.its\ndiff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-rsa2048-pss.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-images-sha1-pss.its\nrename to test/py/tests/vboot/sign-images-sha1-rsa2048-pss.its\ndiff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1-rsa2048.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-images-sha1.its\nrename to test/py/tests/vboot/sign-images-sha1-rsa2048.its\ndiff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-rsa2048-pss.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-images-sha256-pss.its\nrename to test/py/tests/vboot/sign-images-sha256-rsa2048-pss.its\ndiff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256-rsa2048.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-images-sha256.its\nrename to test/py/tests/vboot/sign-images-sha256-rsa2048.its\ndiff --git a/test/py/tests/vboot/sign-images-sha384.its b/test/py/tests/vboot/sign-images-sha384-rsa3072.its\nsimilarity index 100%\nrename from test/py/tests/vboot/sign-images-sha384.its\nrename to test/py/tests/vboot/sign-images-sha384-rsa3072.its\n","prefixes":["RFC","v2","8/9"]}