From patchwork Mon Apr 27 09:48:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1277496 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=GQXCkSRl; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 499g5g1tTlz9sP7 for ; Mon, 27 Apr 2020 19:51:19 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id ADC6D81E3C; Mon, 27 Apr 2020 11:49:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GQXCkSRl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1B99181E0F; Mon, 27 Apr 2020 11:49:30 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1887181E0F for ; Mon, 27 Apr 2020 11:49:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x62a.google.com with SMTP id t16so6805473plo.7 for ; Mon, 27 Apr 2020 02:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/pwJtjaFt/x7gYBrYmmCQaGPyL5EGwqmeHPTy0UjjvY=; b=GQXCkSRlK2A37eRatkAilAdH26VwEb6ms9+acTrukMOHyTWc3dcPTZq90dYYeN5jdb wCgWlmSQOUO4YF6ttRUcGyX8cVRxuY5AvcMRfF08I14lelISQQNsgoN1xqceCgmnQsTP KfDVoKfdnkhVFwhc5YZ2bxj7w5soiLq9leRU8hJoeDQuGB0Zxk9bpr67dvGOTVqsSqVe Dm7zU4l0kKtrv6P1i6nasrKlxQxLQF6rw7E3pCP3Pm6Fm2Zb2nrkPh149I0vTmWVsJJX XuPUHxxuyqcE+HBEmtmJ02SmuL00F2XNVXUX7vnKYTdIXtvufJtKrDB6wes7MB6mnykr hOpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/pwJtjaFt/x7gYBrYmmCQaGPyL5EGwqmeHPTy0UjjvY=; b=XJmXz022/t9lSi+d+3AEdoR0sA/oXQbMWkMGrrkdrd/xniRywS7PyTHeMgEstZt1pP dIHZfIdr2alr1QsUSW7Md+EO8U6iBBloNbN/3lOVw3KDoQ2kXPED13qtyGVjq/9plb5a VhMFHy9mkNhkPZDkomO2/rh/Apl/ENDey3c1tLAu5yW6a7MohMvPqFF8wlApgog4MmDr KpU/jd3fAhDiydcgsJWB7DdiaVeYT1mHyVaqaPW2/jE4fvLlGGNirpXn52uNFZxsUR3A 1p9q1ev58u909GZyro7xSFTCCmO2jH1/R334M4RpRzCRSP24+tgyNjpPsNauYGYaNAFn RXjQ== X-Gm-Message-State: AGi0PuY/WvoFkadzaARtpFZMFFhxmAuvDfL3qTa/s4nch/M6EPCKGp3t 93nFajO/DPkOKMyNoHJrNq+GZA== X-Google-Smtp-Source: APiQypL4Ps1NAATV4rN21GSHle2CmR7ieuML/tKjME8Yos3XvWbhzhKFZvS0Hh6JIGHMIzqeswxouA== X-Received: by 2002:a17:90a:210b:: with SMTP id a11mr23660522pje.31.1587980961434; Mon, 27 Apr 2020 02:49:21 -0700 (PDT) Received: from localhost.localdomain (p73a21dd7.tkyea130.ap.so-net.ne.jp. [115.162.29.215]) by smtp.gmail.com with ESMTPSA id 3sm12491031pfo.27.2020.04.27.02.49.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2020 02:49:20 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: sughosh.ganu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH 10/10] test/py: add a test for efi firmware update capsule Date: Mon, 27 Apr 2020 18:48:29 +0900 Message-Id: <20200427094829.1140-11-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.25.2 In-Reply-To: <20200427094829.1140-1-takahiro.akashi@linaro.org> References: <20200427094829.1140-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a simple FIT image capsule, CONFIG_EFI_CAPSULE_FIT_SIMPLE. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI. In addition, it will give you some idea about how a capsule should work on production system regarding firmware update. Signed-off-by: AKASHI Takahiro --- test/py/tests/test_efi_capsule/conftest.py | 73 +++++++ test/py/tests/test_efi_capsule/defs.py | 24 +++ .../test_efi_capsule/test_capsule_firmware.py | 198 ++++++++++++++++++ test/py/tests/test_efi_capsule/uboot_env.its | 25 +++ 4 files changed, 320 insertions(+) create mode 100644 test/py/tests/test_efi_capsule/conftest.py create mode 100644 test/py/tests/test_efi_capsule/defs.py create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware.py create mode 100644 test/py/tests/test_efi_capsule/uboot_env.its diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py new file mode 100644 index 000000000000..6db7aa07ba97 --- /dev/null +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -0,0 +1,73 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2020, Linaro Limited +# Author: AKASHI Takahiro + +import os +import os.path +import pytest +import re +from subprocess import call, check_call, check_output, CalledProcessError +from defs import * + +# +# Fixture for UEFI secure boot test +# +@pytest.fixture(scope='session') +def efi_capsule_data(request, u_boot_config): + """Set up a file system to be used in UEFI capsule test. + + Args: + request: Pytest request object. + u_boot_config: U-boot configuration. + + Return: + A path to disk image to be used for testing + """ + image_path = u_boot_config.persistent_data_dir + image_path = image_path + '/' + EFI_BOOTDEV_IMAGE_NAME + + try: + # create U-Boot environment storage + check_call('dd if=/dev/zero of=./spi.bin bs=1MiB count=16', shell=True) + + # create a disk/partition + check_call('dd if=/dev/zero of=%s bs=1MiB count=%d' + % (image_path, EFI_BOOTDEV_IMAGE_SIZE), shell=True) + check_call('sgdisk %s -n 1:0:+%dMiB -A 1:set:0 -t 1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B' + % (image_path, EFI_BOOTDEV_PART_SIZE), shell=True) + # create a file system + check_call('dd if=/dev/zero of=%s.tmp bs=1MiB count=%d' + % (image_path, EFI_BOOTDEV_PART_SIZE), shell=True) + check_call('mkfs -t %s %s.tmp' + % (EFI_BOOTDEV_FS_TYPE, image_path), shell=True) + check_call('dd if=%s.tmp of=%s bs=1MiB seek=1 count=%d conv=notrunc' + % (image_path, image_path, 1), shell=True) + check_call('rm %s.tmp' % image_path, shell=True) + loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' + % (EFI_BOOTDEV_PART_SIZE, image_path), + shell=True).decode() + check_call('sudo mkdir -p %s' % MNT_PNT, shell=True) + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), + shell=True) + check_call('mkdir -p %s%s' % (MNT_PNT, CAPSULE_DATA_DIR), shell=True) + check_call('mkdir -p %s%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + + # Create its for FIT image + check_call('sed -e \"s?BINFILE?%s%s/%s?\" %s/test/py/tests/test_efi_capsule/uboot_env.its > %s%s/uboot_env.its' + % (MNT_PNT, CAPSULE_DATA_DIR, FW_BIN, + u_boot_config.source_dir, + MNT_PNT, CAPSULE_DATA_DIR), shell=True) + + call('sudo umount %s' % loop_dev, shell=True) + call('sudo losetup -d %s' % loop_dev, shell=True) + + except CalledProcessError as e: + pytest.skip('Setup failed: %s' % e.cmd) + return + else: + yield image_path + finally: + call('sudo rm -rf %s' % MNT_PNT, shell=True) + call('rm -f %s' % image_path, shell=True) + call('rm -f ./spi.bin', shell=True) diff --git a/test/py/tests/test_efi_capsule/defs.py b/test/py/tests/test_efi_capsule/defs.py new file mode 100644 index 000000000000..2d6d43aea0b2 --- /dev/null +++ b/test/py/tests/test_efi_capsule/defs.py @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: GPL-2.0+ + +# Disk image name +EFI_BOOTDEV_IMAGE_NAME='test_efi_capsule.img' + +# Size in MiB +EFI_BOOTDEV_IMAGE_SIZE=16 +EFI_BOOTDEV_PART_SIZE=8 + +# Partition file system type +EFI_BOOTDEV_FS_TYPE='vfat' + +# Mount Point for set-up +MNT_PNT='/mnt/test_efi_capsule' + +# Owner guid +GUID='11111111-2222-3333-4444-123456789abc' + +# Directories +CAPSULE_DATA_DIR='/EFI/CapsuleTestData' +CAPSULE_INSTALL_DIR='/EFI/UpdateCapsule' + +# +FW_BIN='spi_sf.bin' diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware.py b/test/py/tests/test_efi_capsule/test_capsule_firmware.py new file mode 100644 index 000000000000..887a7d1906a7 --- /dev/null +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware.py @@ -0,0 +1,198 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2020, Linaro Limited +# Author: AKASHI Takahiro +# +# U-Boot UEFI: Capsule Update for Simple FIT Image Test + +""" +This test verifies capsule-on-disk firmware update +""" + +import pytest +import re +from defs import * +from subprocess import call, check_call, check_output, CalledProcessError + +# +# Setup for FMP driver +# CONFIG_EFI_CAPSULE_FIT_INTERFACE: sf +# CONFIG_EFI_CAPSULE_FIT_DEVICE: 1:1 +# +@pytest.mark.boardspec('sandbox') +@pytest.mark.buildconfigspec('efi_capsule_fit_simple') +@pytest.mark.buildconfigspec('efi_capsule_on_disk') +@pytest.mark.buildconfigspec('dfu') +@pytest.mark.buildconfigspec('dfu_sf') +@pytest.mark.buildconfigspec('dfu_tftp') +@pytest.mark.buildconfigspec('cmd_saveenv') +@pytest.mark.buildconfigspec('env_is_in_spi_flash') +@pytest.mark.buildconfigspec('cmd_efidebug') +@pytest.mark.buildconfigspec('cmd_fat') +@pytest.mark.buildconfigspec('cmd_nvedit_efi') +@pytest.mark.slow +class TestEfiCapsuleFirmwareSimple(object): + def test_efi_capsule_fw1(self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 1 - Update U-Boot environment on SPI Flash + """ + # "-T" (or "-D") is required to enable spi flash on sandbox + u_boot_console.restart_uboot_with_flags('-T') + + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 1-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add 1 TEST host 0:1 /helloworld.efi ""', + 'efidebug boot order 1', + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', + 'env set dfu_alt_info sf raw 0 0x200000', + 'env set FW_STATUS This is Old environment', + 'env print FW_STATUS', + 'env save']) + assert('Old environment' in ''.join(output)) + + output = u_boot_console.run_command_list([ + 'env set FW_STATUS This is New environment', + 'env export -c 5000000', + 'fatwrite host 0:1 5000000 %s/%s $filesize' + % (CAPSULE_DATA_DIR, FW_BIN), + 'env set -e -guid 39b68c46-f7fb-441b-b6ec-16b0f69821f3 Capsule0000', + 'fatls host 0:1 %s' % CAPSULE_DATA_DIR + ]) + assert(('%s' % FW_BIN) in ''.join(output)) + + # create a capsule file + try: + loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' + % (EFI_BOOTDEV_PART_SIZE, disk_img), + shell=True).decode() + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), shell=True) + check_call('%s/tools/mkimage -f %s%s/uboot_env.its %s%s/uboot_env.itb' + % (u_boot_config.build_dir, + MNT_PNT, CAPSULE_DATA_DIR, + MNT_PNT, CAPSULE_DATA_DIR), shell=True) + check_call('%s/tools/mkeficapsule -f %s%s/uboot_env.itb %s%s/Test01' + % (u_boot_config.build_dir, + MNT_PNT, CAPSULE_DATA_DIR, + MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('ls %s/%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('sudo umount %s' % loop_dev, shell=True) + check_call('sudo losetup -d %s' % loop_dev, shell=True) + except CalledProcessError as e: + assert('failed to create firmware capsule: %s' % e.cmd) + + # reboot + u_boot_console.restart_uboot_with_flags('-T') + + capsule_early = u_boot_config.buildconfig.get('config_efi_capsule_on_disk_early') + if not capsule_early: + with u_boot_console.log.section('Test Case 1-b, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert('Old environment' in ''.join(output)) + + output = u_boot_console.run_command('fatls host 0:1 %s' + % CAPSULE_INSTALL_DIR) + assert('Test01' in output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command('env print -e -all Capsule0000') + + # reboot again + u_boot_console.restart_uboot_with_flags('-T') + + with u_boot_console.log.section('Test Case 1-c, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert('New environment' in ''.join(output)) + + output = u_boot_console.run_command( + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + assert(not 'Test01' in output) + + def test_efi_capsule_fw2(self, u_boot_config, u_boot_console, efi_capsule_data): + """ + Test Case 2 - Update U-Boot environment on SPI Flash + but with OsIndications unset + No update should happen + """ + # "-T" (or "-D") is required to enable spi flash on sandbox + u_boot_console.restart_uboot_with_flags('-T') + + disk_img = efi_capsule_data + with u_boot_console.log.section('Test Case 2-a, before reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'efidebug boot add 1 TEST host 0:1 /helloworld.efi ""', + 'efidebug boot order 1', + 'env set -e OsIndications', + 'env set dfu_alt_info sf raw 0 0x200000', + 'env set FW_STATUS This is Old environment', + 'env print FW_STATUS', + 'env save']) + assert('Old environment' in ''.join(output)) + + output = u_boot_console.run_command_list([ + 'env set FW_STATUS This is New environment', + 'env export -c 5000000', + 'fatwrite host 0:1 5000000 %s/%s $filesize' + % (CAPSULE_DATA_DIR, FW_BIN), + 'env set -e -guid 39b68c46-f7fb-441b-b6ec-16b0f69821f3 Capsule0000', + 'fatls host 0:1 %s' % CAPSULE_DATA_DIR + ]) + assert(('%s' % FW_BIN) in ''.join(output)) + + # create a capsule file + try: + loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' + % (EFI_BOOTDEV_PART_SIZE, disk_img), + shell=True).decode() + check_call('sudo mount -t %s -o umask=000 %s %s' + % (EFI_BOOTDEV_FS_TYPE, loop_dev, MNT_PNT), shell=True) + check_call('%s/tools/mkimage -f %s%s/uboot_env.its %s%s/uboot_env.itb' + % (u_boot_config.build_dir, + MNT_PNT, CAPSULE_DATA_DIR, + MNT_PNT, CAPSULE_DATA_DIR), shell=True) + check_call('%s/tools/mkeficapsule -f %s%s/uboot_env.itb %s%s/Test01' + % (u_boot_config.build_dir, + MNT_PNT, CAPSULE_DATA_DIR, + MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('ls %s/%s' % (MNT_PNT, CAPSULE_INSTALL_DIR), shell=True) + check_call('sudo umount %s' % loop_dev, shell=True) + check_call('sudo losetup -d %s' % loop_dev, shell=True) + except CalledProcessError as e: + assert('failed to create firmware capsule: %s' % e.cmd) + + # reboot + u_boot_console.restart_uboot_with_flags('-T') + + capsule_early = u_boot_config.buildconfig.get('config_efi_capsule_on_disk_early') + if not capsule_early: + with u_boot_console.log.section('Test Case 2-b, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert('Old environment' in ''.join(output)) + + output = u_boot_console.run_command('fatls host 0:1 %s' + % CAPSULE_INSTALL_DIR) + assert('Test01' in output) + + # need to run uefi command to initiate capsule handling + output = u_boot_console.run_command('env print -e -all Capsule0000') + + # reboot again + u_boot_console.restart_uboot_with_flags('-T') + + with u_boot_console.log.section('Test Case 2-c, after reboot'): + output = u_boot_console.run_command_list([ + 'host bind 0 %s' % disk_img, + 'env print FW_STATUS']) + assert('Old environment' in ''.join(output)) + + output = u_boot_console.run_command( + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR) + assert('Test01' in output) diff --git a/test/py/tests/test_efi_capsule/uboot_env.its b/test/py/tests/test_efi_capsule/uboot_env.its new file mode 100644 index 000000000000..a4484db45834 --- /dev/null +++ b/test/py/tests/test_efi_capsule/uboot_env.its @@ -0,0 +1,25 @@ +/* + * Automatic software update for U-Boot + * Make sure the flashing addresses ('load' prop) is correct for your board! + */ + +/dts-v1/; + +/ { + description = "Automatic U-Boot environment update"; + #address-cells = <2>; + + images { + sf@0 { + description = "U-Boot environment on SPI Flash"; + data = /incbin/("BINFILE"); + compression = "none"; + type = "firmware"; + arch = "sandbox"; + load = <0>; + hash-1 { + algo = "sha1"; + }; + }; + }; +};