diff mbox series

[v2,6/9] sandbox: add config for efi capsule authentication test

Message ID 20210727091054.512050-7-takahiro.akashi@linaro.org
State Changes Requested, archived
Delegated to: Heinrich Schuchardt
Headers show
Series efi_loader: capsule: improve capsule authentication support | expand

Commit Message

AKASHI Takahiro July 27, 2021, 9:10 a.m. UTC 
This new configuration, which was derived from sandbox_defconfig, will be
used solely to run efi capsule authentication test as the test requires
a public key (esl file) to be embedded in U-Boot binary.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
 1 file changed, 307 insertions(+)
 create mode 100644 configs/sandbox_capsule_auth_defconfig

Comments

Heinrich Schuchardt July 28, 2021, 8:21 p.m. UTC | #1 
On 7/27/21 11:10 AM, AKASHI Takahiro wrote:
> This new configuration, which was derived from sandbox_defconfig, will be
> used solely to run efi capsule authentication test as the test requires
> a public key (esl file) to be embedded in U-Boot binary.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>   configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
>   1 file changed, 307 insertions(+)
>   create mode 100644 configs/sandbox_capsule_auth_defconfig
>
> diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig
> new file mode 100644
> index 000000000000..8e0ffb1a6995
> --- /dev/null
> +++ b/configs/sandbox_capsule_auth_defconfig
> @@ -0,0 +1,307 @@
> +CONFIG_SYS_TEXT_BASE=0
> +CONFIG_NR_DRAM_BANKS=1
> +CONFIG_SYS_MEMTEST_START=0x00100000
> +CONFIG_SYS_MEMTEST_END=0x00101000
> +CONFIG_ENV_SIZE=0x2000
> +CONFIG_DEFAULT_DEVICE_TREE="sandbox"
> +CONFIG_PRE_CON_BUF_ADDR=0xf0000
> +CONFIG_BOOTSTAGE_STASH_ADDR=0x0
> +CONFIG_DEBUG_UART=y
> +CONFIG_DISTRO_DEFAULTS=y
> +CONFIG_FIT=y
> +CONFIG_FIT_SIGNATURE=y
> +CONFIG_FIT_RSASSA_PSS=y
> +CONFIG_FIT_CIPHER=y
> +CONFIG_FIT_VERBOSE=y
> +CONFIG_BOOTSTAGE=y
> +CONFIG_BOOTSTAGE_REPORT=y
> +CONFIG_BOOTSTAGE_FDT=y
> +CONFIG_BOOTSTAGE_STASH=y
> +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096
> +CONFIG_CONSOLE_RECORD=y
> +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000
> +CONFIG_PRE_CONSOLE_BUFFER=y
> +CONFIG_LOG=y
> +CONFIG_DISPLAY_BOARDINFO_LATE=y
> +CONFIG_MISC_INIT_F=y
> +CONFIG_STACKPROTECTOR=y
> +CONFIG_ANDROID_AB=y
> +CONFIG_CMD_CPU=y
> +CONFIG_CMD_LICENSE=y
> +CONFIG_CMD_BOOTZ=y
> +CONFIG_CMD_BOOTEFI_HELLO=y
> +CONFIG_CMD_ABOOTIMG=y
> +# CONFIG_CMD_ELF is not set
> +CONFIG_CMD_ASKENV=y
> +CONFIG_CMD_GREPENV=y
> +CONFIG_CMD_ERASEENV=y
> +CONFIG_CMD_ENV_CALLBACK=y
> +CONFIG_CMD_ENV_FLAGS=y
> +CONFIG_CMD_NVEDIT_EFI=y
> +CONFIG_CMD_NVEDIT_INFO=y
> +CONFIG_CMD_NVEDIT_LOAD=y
> +CONFIG_CMD_NVEDIT_SELECT=y
> +CONFIG_LOOPW=y
> +CONFIG_CMD_MD5SUM=y
> +CONFIG_CMD_MEMINFO=y
> +CONFIG_CMD_MEM_SEARCH=y
> +CONFIG_CMD_MX_CYCLIC=y
> +CONFIG_CMD_MEMTEST=y
> +CONFIG_CMD_BIND=y
> +CONFIG_CMD_DEMO=y
> +CONFIG_CMD_GPIO=y
> +CONFIG_CMD_PWM=y
> +CONFIG_CMD_GPT=y
> +CONFIG_CMD_GPT_RENAME=y
> +CONFIG_CMD_IDE=y
> +CONFIG_CMD_I2C=y
> +CONFIG_CMD_LSBLK=y
> +CONFIG_CMD_MUX=y
> +CONFIG_CMD_OSD=y
> +CONFIG_CMD_PCI=y
> +CONFIG_CMD_READ=y
> +CONFIG_CMD_REMOTEPROC=y
> +CONFIG_CMD_SPI=y
> +CONFIG_CMD_USB=y
> +CONFIG_CMD_AXI=y
> +CONFIG_CMD_AB_SELECT=y
> +CONFIG_BOOTP_DNS2=y
> +CONFIG_CMD_PCAP=y
> +CONFIG_CMD_TFTPPUT=y
> +CONFIG_CMD_TFTPSRV=y
> +CONFIG_CMD_RARP=y
> +CONFIG_CMD_CDP=y
> +CONFIG_CMD_SNTP=y
> +CONFIG_CMD_DNS=y
> +CONFIG_CMD_LINK_LOCAL=y
> +CONFIG_CMD_ETHSW=y
> +CONFIG_CMD_BMP=y
> +CONFIG_CMD_BOOTCOUNT=y
> +CONFIG_CMD_EFIDEBUG=y
> +CONFIG_CMD_RTC=y
> +CONFIG_CMD_TIME=y
> +CONFIG_CMD_TIMER=y
> +CONFIG_CMD_SOUND=y
> +CONFIG_CMD_QFW=y
> +CONFIG_CMD_PSTORE=y
> +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000
> +CONFIG_CMD_BOOTSTAGE=y
> +CONFIG_CMD_PMIC=y
> +CONFIG_CMD_REGULATOR=y
> +CONFIG_CMD_AES=y
> +CONFIG_CMD_TPM=y
> +CONFIG_CMD_TPM_TEST=y
> +CONFIG_CMD_BTRFS=y
> +CONFIG_CMD_CBFS=y
> +CONFIG_CMD_CRAMFS=y
> +CONFIG_CMD_EXT4_WRITE=y
> +CONFIG_CMD_SQUASHFS=y
> +CONFIG_CMD_MTDPARTS=y
> +CONFIG_CMD_STACKPROTECTOR_TEST=y
> +CONFIG_MAC_PARTITION=y
> +CONFIG_AMIGA_PARTITION=y
> +CONFIG_OF_CONTROL=y
> +CONFIG_OF_LIVE=y
> +CONFIG_OF_HOSTFILE=y
> +CONFIG_ENV_IS_NOWHERE=y
> +CONFIG_ENV_IS_IN_EXT4=y
> +CONFIG_ENV_EXT4_INTERFACE="host"
> +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0"
> +CONFIG_ENV_IMPORT_FDT=y
> +CONFIG_BOOTP_SEND_HOSTNAME=y
> +CONFIG_NETCONSOLE=y
> +CONFIG_IP_DEFRAG=y
> +CONFIG_DM_DMA=y
> +CONFIG_REGMAP=y
> +CONFIG_SYSCON=y
> +CONFIG_DEVRES=y
> +CONFIG_DEBUG_DEVRES=y
> +CONFIG_SIMPLE_PM_BUS=y
> +CONFIG_ADC=y
> +CONFIG_ADC_SANDBOX=y
> +CONFIG_AXI=y
> +CONFIG_AXI_SANDBOX=y
> +CONFIG_BOOTCOUNT_LIMIT=y
> +CONFIG_DM_BOOTCOUNT=y
> +CONFIG_DM_BOOTCOUNT_RTC=y
> +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y
> +CONFIG_BUTTON=y
> +CONFIG_BUTTON_ADC=y
> +CONFIG_BUTTON_GPIO=y
> +CONFIG_CLK=y
> +CONFIG_CLK_COMPOSITE_CCF=y
> +CONFIG_CLK_SCMI=y
> +CONFIG_CLK_K210=y
> +CONFIG_CLK_K210_SET_RATE=y
> +CONFIG_SANDBOX_CLK_CCF=y
> +CONFIG_CPU=y
> +CONFIG_DM_DEMO=y
> +CONFIG_DM_DEMO_SIMPLE=y
> +CONFIG_DM_DEMO_SHAPE=y
> +CONFIG_DFU_SF=y
> +CONFIG_DMA=y
> +CONFIG_DMA_CHANNELS=y
> +CONFIG_SANDBOX_DMA=y
> +CONFIG_FASTBOOT_FLASH=y
> +CONFIG_FASTBOOT_FLASH_MMC_DEV=0
> +CONFIG_GPIO_HOG=y
> +CONFIG_DM_GPIO_LOOKUP_LABEL=y
> +CONFIG_PM8916_GPIO=y
> +CONFIG_SANDBOX_GPIO=y
> +CONFIG_DM_HWSPINLOCK=y
> +CONFIG_HWSPINLOCK_SANDBOX=y
> +CONFIG_I2C_CROS_EC_TUNNEL=y
> +CONFIG_I2C_CROS_EC_LDO=y
> +CONFIG_DM_I2C_GPIO=y
> +CONFIG_SYS_I2C_SANDBOX=y
> +CONFIG_I2C_MUX=y
> +CONFIG_SPL_I2C_MUX=y
> +CONFIG_I2C_ARB_GPIO_CHALLENGE=y
> +CONFIG_CROS_EC_KEYB=y
> +CONFIG_I8042_KEYB=y
> +CONFIG_LED=y
> +CONFIG_LED_BLINK=y
> +CONFIG_LED_GPIO=y
> +CONFIG_DM_MAILBOX=y
> +CONFIG_SANDBOX_MBOX=y
> +CONFIG_MISC=y
> +CONFIG_CROS_EC=y
> +CONFIG_CROS_EC_I2C=y
> +CONFIG_CROS_EC_LPC=y
> +CONFIG_CROS_EC_SANDBOX=y
> +CONFIG_CROS_EC_SPI=y
> +CONFIG_P2SB=y
> +CONFIG_PWRSEQ=y
> +CONFIG_SPL_PWRSEQ=y
> +CONFIG_I2C_EEPROM=y
> +CONFIG_MMC_PCI=y
> +CONFIG_MMC_SANDBOX=y
> +CONFIG_MMC_SDHCI=y
> +CONFIG_MTD=y
> +CONFIG_SPI_FLASH_SANDBOX=y
> +CONFIG_SPI_FLASH_ATMEL=y
> +CONFIG_SPI_FLASH_EON=y
> +CONFIG_SPI_FLASH_GIGADEVICE=y
> +CONFIG_SPI_FLASH_MACRONIX=y
> +CONFIG_SPI_FLASH_SPANSION=y
> +CONFIG_SPI_FLASH_STMICRO=y
> +CONFIG_SPI_FLASH_SST=y
> +CONFIG_SPI_FLASH_WINBOND=y
> +CONFIG_MULTIPLEXER=y
> +CONFIG_MUX_MMIO=y
> +CONFIG_DM_ETH=y
> +CONFIG_NVME=y
> +CONFIG_PCI=y
> +CONFIG_DM_PCI=y
> +CONFIG_PCI_REGION_MULTI_ENTRY=y
> +CONFIG_PCI_SANDBOX=y
> +CONFIG_PHY=y
> +CONFIG_PHY_SANDBOX=y
> +CONFIG_PINCTRL=y
> +CONFIG_PINCONF=y
> +CONFIG_PINCTRL_SANDBOX=y
> +CONFIG_PINCTRL_SINGLE=y
> +CONFIG_POWER_DOMAIN=y
> +CONFIG_SANDBOX_POWER_DOMAIN=y
> +CONFIG_DM_PMIC=y
> +CONFIG_PMIC_ACT8846=y
> +CONFIG_DM_PMIC_PFUZE100=y
> +CONFIG_DM_PMIC_MAX77686=y
> +CONFIG_DM_PMIC_MC34708=y
> +CONFIG_PMIC_PM8916=y
> +CONFIG_PMIC_RK8XX=y
> +CONFIG_PMIC_S2MPS11=y
> +CONFIG_DM_PMIC_SANDBOX=y
> +CONFIG_PMIC_S5M8767=y
> +CONFIG_PMIC_TPS65090=y
> +CONFIG_DM_REGULATOR=y
> +CONFIG_REGULATOR_ACT8846=y
> +CONFIG_DM_REGULATOR_PFUZE100=y
> +CONFIG_DM_REGULATOR_MAX77686=y
> +CONFIG_DM_REGULATOR_FIXED=y
> +CONFIG_REGULATOR_RK8XX=y
> +CONFIG_REGULATOR_S5M8767=y
> +CONFIG_DM_REGULATOR_SANDBOX=y
> +CONFIG_REGULATOR_TPS65090=y
> +CONFIG_DM_REGULATOR_SCMI=y
> +CONFIG_DM_PWM=y
> +CONFIG_PWM_CROS_EC=y
> +CONFIG_PWM_SANDBOX=y
> +CONFIG_RAM=y
> +CONFIG_REMOTEPROC_SANDBOX=y
> +CONFIG_DM_RESET=y
> +CONFIG_SANDBOX_RESET=y
> +CONFIG_RESET_SYSCON=y
> +CONFIG_RESET_SCMI=y
> +CONFIG_DM_RNG=y
> +CONFIG_DM_RTC=y
> +CONFIG_RTC_RV8803=y
> +CONFIG_SANDBOX_SERIAL=y
> +CONFIG_SMEM=y
> +CONFIG_SANDBOX_SMEM=y
> +CONFIG_SOUND=y
> +CONFIG_SOUND_DA7219=y
> +CONFIG_SOUND_MAX98357A=y
> +CONFIG_SOUND_SANDBOX=y
> +CONFIG_SOC_DEVICE=y
> +CONFIG_SANDBOX_SPI=y
> +CONFIG_SPMI=y
> +CONFIG_SPMI_SANDBOX=y
> +CONFIG_SYSINFO=y
> +CONFIG_SYSINFO_SANDBOX=y
> +CONFIG_SYSINFO_GPIO=y
> +CONFIG_SYSRESET=y
> +CONFIG_TIMER=y
> +CONFIG_TIMER_EARLY=y
> +CONFIG_SANDBOX_TIMER=y
> +CONFIG_USB=y
> +CONFIG_DM_USB=y
> +CONFIG_USB_EMUL=y
> +CONFIG_USB_KEYBOARD=y
> +CONFIG_DM_VIDEO=y
> +CONFIG_VIDEO_COPY=y
> +CONFIG_CONSOLE_ROTATION=y
> +CONFIG_CONSOLE_TRUETYPE=y
> +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y
> +CONFIG_VIDEO_SANDBOX_SDL=y
> +CONFIG_VIDEO_DSI_HOST_SANDBOX=y
> +CONFIG_OSD=y
> +CONFIG_SANDBOX_OSD=y
> +CONFIG_SPLASH_SCREEN_ALIGN=y
> +CONFIG_VIDEO_BMP_RLE8=y
> +CONFIG_W1=y
> +CONFIG_W1_GPIO=y
> +CONFIG_W1_EEPROM=y
> +CONFIG_W1_EEPROM_SANDBOX=y
> +CONFIG_WDT=y
> +CONFIG_WDT_SANDBOX=y
> +CONFIG_FS_CBFS=y
> +CONFIG_FS_CRAMFS=y
> +CONFIG_CMD_DHRYSTONE=y
> +CONFIG_TPM=y
> +CONFIG_LZ4=y
> +CONFIG_ERRNO_STR=y
> +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
> +CONFIG_EFI_CAPSULE_ON_DISK=y
> +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> +CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl"

Is this path relative to the build directory?

Will building fail if the build directory is not a direct subdirectory
of the source directory?

Best regards

Heinrich

> +CONFIG_EFI_SECURE_BOOT=y
> +CONFIG_TEST_FDTDEC=y
> +CONFIG_CRYPT_PW=y
> +CONFIG_CRYPT_PW_SHA256=y
> +CONFIG_CRYPT_PW_SHA512=y
> +CONFIG_AUTOBOOT_KEYED=y
> +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n"
> +CONFIG_AUTOBOOT_ENCRYPTION=y
> +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y
> +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9"
> +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y
> +CONFIG_AUTOBOOT_SHA256_FALLBACK=y
> +CONFIG_UNIT_TEST=y
> +CONFIG_UT_TIME=y
> +CONFIG_UT_DM=y
> +CONFIG_DM_REBOOT_MODE=y
> +CONFIG_DM_REBOOT_MODE_GPIO=y
> +CONFIG_DM_REBOOT_MODE_RTC=y
>
AKASHI Takahiro July 29, 2021, 12:39 a.m. UTC | #2 
On Wed, Jul 28, 2021 at 10:21:56PM +0200, Heinrich Schuchardt wrote:
> 
> 
> On 7/27/21 11:10 AM, AKASHI Takahiro wrote:
> > This new configuration, which was derived from sandbox_defconfig, will be
> > used solely to run efi capsule authentication test as the test requires
> > a public key (esl file) to be embedded in U-Boot binary.
> > 
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >   configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> >   1 file changed, 307 insertions(+)
> >   create mode 100644 configs/sandbox_capsule_auth_defconfig
> > 
> > diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig
> > new file mode 100644
> > index 000000000000..8e0ffb1a6995
> > --- /dev/null
> > +++ b/configs/sandbox_capsule_auth_defconfig
> > @@ -0,0 +1,307 @@
> > +CONFIG_SYS_TEXT_BASE=0
> > +CONFIG_NR_DRAM_BANKS=1
> > +CONFIG_SYS_MEMTEST_START=0x00100000
> > +CONFIG_SYS_MEMTEST_END=0x00101000
> > +CONFIG_ENV_SIZE=0x2000
> > +CONFIG_DEFAULT_DEVICE_TREE="sandbox"
> > +CONFIG_PRE_CON_BUF_ADDR=0xf0000
> > +CONFIG_BOOTSTAGE_STASH_ADDR=0x0
> > +CONFIG_DEBUG_UART=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > +CONFIG_FIT=y
> > +CONFIG_FIT_SIGNATURE=y
> > +CONFIG_FIT_RSASSA_PSS=y
> > +CONFIG_FIT_CIPHER=y
> > +CONFIG_FIT_VERBOSE=y
> > +CONFIG_BOOTSTAGE=y
> > +CONFIG_BOOTSTAGE_REPORT=y
> > +CONFIG_BOOTSTAGE_FDT=y
> > +CONFIG_BOOTSTAGE_STASH=y
> > +CONFIG_BOOTSTAGE_STASH_SIZE=0x4096
> > +CONFIG_CONSOLE_RECORD=y
> > +CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000
> > +CONFIG_PRE_CONSOLE_BUFFER=y
> > +CONFIG_LOG=y
> > +CONFIG_DISPLAY_BOARDINFO_LATE=y
> > +CONFIG_MISC_INIT_F=y
> > +CONFIG_STACKPROTECTOR=y
> > +CONFIG_ANDROID_AB=y
> > +CONFIG_CMD_CPU=y
> > +CONFIG_CMD_LICENSE=y
> > +CONFIG_CMD_BOOTZ=y
> > +CONFIG_CMD_BOOTEFI_HELLO=y
> > +CONFIG_CMD_ABOOTIMG=y
> > +# CONFIG_CMD_ELF is not set
> > +CONFIG_CMD_ASKENV=y
> > +CONFIG_CMD_GREPENV=y
> > +CONFIG_CMD_ERASEENV=y
> > +CONFIG_CMD_ENV_CALLBACK=y
> > +CONFIG_CMD_ENV_FLAGS=y
> > +CONFIG_CMD_NVEDIT_EFI=y
> > +CONFIG_CMD_NVEDIT_INFO=y
> > +CONFIG_CMD_NVEDIT_LOAD=y
> > +CONFIG_CMD_NVEDIT_SELECT=y
> > +CONFIG_LOOPW=y
> > +CONFIG_CMD_MD5SUM=y
> > +CONFIG_CMD_MEMINFO=y
> > +CONFIG_CMD_MEM_SEARCH=y
> > +CONFIG_CMD_MX_CYCLIC=y
> > +CONFIG_CMD_MEMTEST=y
> > +CONFIG_CMD_BIND=y
> > +CONFIG_CMD_DEMO=y
> > +CONFIG_CMD_GPIO=y
> > +CONFIG_CMD_PWM=y
> > +CONFIG_CMD_GPT=y
> > +CONFIG_CMD_GPT_RENAME=y
> > +CONFIG_CMD_IDE=y
> > +CONFIG_CMD_I2C=y
> > +CONFIG_CMD_LSBLK=y
> > +CONFIG_CMD_MUX=y
> > +CONFIG_CMD_OSD=y
> > +CONFIG_CMD_PCI=y
> > +CONFIG_CMD_READ=y
> > +CONFIG_CMD_REMOTEPROC=y
> > +CONFIG_CMD_SPI=y
> > +CONFIG_CMD_USB=y
> > +CONFIG_CMD_AXI=y
> > +CONFIG_CMD_AB_SELECT=y
> > +CONFIG_BOOTP_DNS2=y
> > +CONFIG_CMD_PCAP=y
> > +CONFIG_CMD_TFTPPUT=y
> > +CONFIG_CMD_TFTPSRV=y
> > +CONFIG_CMD_RARP=y
> > +CONFIG_CMD_CDP=y
> > +CONFIG_CMD_SNTP=y
> > +CONFIG_CMD_DNS=y
> > +CONFIG_CMD_LINK_LOCAL=y
> > +CONFIG_CMD_ETHSW=y
> > +CONFIG_CMD_BMP=y
> > +CONFIG_CMD_BOOTCOUNT=y
> > +CONFIG_CMD_EFIDEBUG=y
> > +CONFIG_CMD_RTC=y
> > +CONFIG_CMD_TIME=y
> > +CONFIG_CMD_TIMER=y
> > +CONFIG_CMD_SOUND=y
> > +CONFIG_CMD_QFW=y
> > +CONFIG_CMD_PSTORE=y
> > +CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000
> > +CONFIG_CMD_BOOTSTAGE=y
> > +CONFIG_CMD_PMIC=y
> > +CONFIG_CMD_REGULATOR=y
> > +CONFIG_CMD_AES=y
> > +CONFIG_CMD_TPM=y
> > +CONFIG_CMD_TPM_TEST=y
> > +CONFIG_CMD_BTRFS=y
> > +CONFIG_CMD_CBFS=y
> > +CONFIG_CMD_CRAMFS=y
> > +CONFIG_CMD_EXT4_WRITE=y
> > +CONFIG_CMD_SQUASHFS=y
> > +CONFIG_CMD_MTDPARTS=y
> > +CONFIG_CMD_STACKPROTECTOR_TEST=y
> > +CONFIG_MAC_PARTITION=y
> > +CONFIG_AMIGA_PARTITION=y
> > +CONFIG_OF_CONTROL=y
> > +CONFIG_OF_LIVE=y
> > +CONFIG_OF_HOSTFILE=y
> > +CONFIG_ENV_IS_NOWHERE=y
> > +CONFIG_ENV_IS_IN_EXT4=y
> > +CONFIG_ENV_EXT4_INTERFACE="host"
> > +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0"
> > +CONFIG_ENV_IMPORT_FDT=y
> > +CONFIG_BOOTP_SEND_HOSTNAME=y
> > +CONFIG_NETCONSOLE=y
> > +CONFIG_IP_DEFRAG=y
> > +CONFIG_DM_DMA=y
> > +CONFIG_REGMAP=y
> > +CONFIG_SYSCON=y
> > +CONFIG_DEVRES=y
> > +CONFIG_DEBUG_DEVRES=y
> > +CONFIG_SIMPLE_PM_BUS=y
> > +CONFIG_ADC=y
> > +CONFIG_ADC_SANDBOX=y
> > +CONFIG_AXI=y
> > +CONFIG_AXI_SANDBOX=y
> > +CONFIG_BOOTCOUNT_LIMIT=y
> > +CONFIG_DM_BOOTCOUNT=y
> > +CONFIG_DM_BOOTCOUNT_RTC=y
> > +CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y
> > +CONFIG_BUTTON=y
> > +CONFIG_BUTTON_ADC=y
> > +CONFIG_BUTTON_GPIO=y
> > +CONFIG_CLK=y
> > +CONFIG_CLK_COMPOSITE_CCF=y
> > +CONFIG_CLK_SCMI=y
> > +CONFIG_CLK_K210=y
> > +CONFIG_CLK_K210_SET_RATE=y
> > +CONFIG_SANDBOX_CLK_CCF=y
> > +CONFIG_CPU=y
> > +CONFIG_DM_DEMO=y
> > +CONFIG_DM_DEMO_SIMPLE=y
> > +CONFIG_DM_DEMO_SHAPE=y
> > +CONFIG_DFU_SF=y
> > +CONFIG_DMA=y
> > +CONFIG_DMA_CHANNELS=y
> > +CONFIG_SANDBOX_DMA=y
> > +CONFIG_FASTBOOT_FLASH=y
> > +CONFIG_FASTBOOT_FLASH_MMC_DEV=0
> > +CONFIG_GPIO_HOG=y
> > +CONFIG_DM_GPIO_LOOKUP_LABEL=y
> > +CONFIG_PM8916_GPIO=y
> > +CONFIG_SANDBOX_GPIO=y
> > +CONFIG_DM_HWSPINLOCK=y
> > +CONFIG_HWSPINLOCK_SANDBOX=y
> > +CONFIG_I2C_CROS_EC_TUNNEL=y
> > +CONFIG_I2C_CROS_EC_LDO=y
> > +CONFIG_DM_I2C_GPIO=y
> > +CONFIG_SYS_I2C_SANDBOX=y
> > +CONFIG_I2C_MUX=y
> > +CONFIG_SPL_I2C_MUX=y
> > +CONFIG_I2C_ARB_GPIO_CHALLENGE=y
> > +CONFIG_CROS_EC_KEYB=y
> > +CONFIG_I8042_KEYB=y
> > +CONFIG_LED=y
> > +CONFIG_LED_BLINK=y
> > +CONFIG_LED_GPIO=y
> > +CONFIG_DM_MAILBOX=y
> > +CONFIG_SANDBOX_MBOX=y
> > +CONFIG_MISC=y
> > +CONFIG_CROS_EC=y
> > +CONFIG_CROS_EC_I2C=y
> > +CONFIG_CROS_EC_LPC=y
> > +CONFIG_CROS_EC_SANDBOX=y
> > +CONFIG_CROS_EC_SPI=y
> > +CONFIG_P2SB=y
> > +CONFIG_PWRSEQ=y
> > +CONFIG_SPL_PWRSEQ=y
> > +CONFIG_I2C_EEPROM=y
> > +CONFIG_MMC_PCI=y
> > +CONFIG_MMC_SANDBOX=y
> > +CONFIG_MMC_SDHCI=y
> > +CONFIG_MTD=y
> > +CONFIG_SPI_FLASH_SANDBOX=y
> > +CONFIG_SPI_FLASH_ATMEL=y
> > +CONFIG_SPI_FLASH_EON=y
> > +CONFIG_SPI_FLASH_GIGADEVICE=y
> > +CONFIG_SPI_FLASH_MACRONIX=y
> > +CONFIG_SPI_FLASH_SPANSION=y
> > +CONFIG_SPI_FLASH_STMICRO=y
> > +CONFIG_SPI_FLASH_SST=y
> > +CONFIG_SPI_FLASH_WINBOND=y
> > +CONFIG_MULTIPLEXER=y
> > +CONFIG_MUX_MMIO=y
> > +CONFIG_DM_ETH=y
> > +CONFIG_NVME=y
> > +CONFIG_PCI=y
> > +CONFIG_DM_PCI=y
> > +CONFIG_PCI_REGION_MULTI_ENTRY=y
> > +CONFIG_PCI_SANDBOX=y
> > +CONFIG_PHY=y
> > +CONFIG_PHY_SANDBOX=y
> > +CONFIG_PINCTRL=y
> > +CONFIG_PINCONF=y
> > +CONFIG_PINCTRL_SANDBOX=y
> > +CONFIG_PINCTRL_SINGLE=y
> > +CONFIG_POWER_DOMAIN=y
> > +CONFIG_SANDBOX_POWER_DOMAIN=y
> > +CONFIG_DM_PMIC=y
> > +CONFIG_PMIC_ACT8846=y
> > +CONFIG_DM_PMIC_PFUZE100=y
> > +CONFIG_DM_PMIC_MAX77686=y
> > +CONFIG_DM_PMIC_MC34708=y
> > +CONFIG_PMIC_PM8916=y
> > +CONFIG_PMIC_RK8XX=y
> > +CONFIG_PMIC_S2MPS11=y
> > +CONFIG_DM_PMIC_SANDBOX=y
> > +CONFIG_PMIC_S5M8767=y
> > +CONFIG_PMIC_TPS65090=y
> > +CONFIG_DM_REGULATOR=y
> > +CONFIG_REGULATOR_ACT8846=y
> > +CONFIG_DM_REGULATOR_PFUZE100=y
> > +CONFIG_DM_REGULATOR_MAX77686=y
> > +CONFIG_DM_REGULATOR_FIXED=y
> > +CONFIG_REGULATOR_RK8XX=y
> > +CONFIG_REGULATOR_S5M8767=y
> > +CONFIG_DM_REGULATOR_SANDBOX=y
> > +CONFIG_REGULATOR_TPS65090=y
> > +CONFIG_DM_REGULATOR_SCMI=y
> > +CONFIG_DM_PWM=y
> > +CONFIG_PWM_CROS_EC=y
> > +CONFIG_PWM_SANDBOX=y
> > +CONFIG_RAM=y
> > +CONFIG_REMOTEPROC_SANDBOX=y
> > +CONFIG_DM_RESET=y
> > +CONFIG_SANDBOX_RESET=y
> > +CONFIG_RESET_SYSCON=y
> > +CONFIG_RESET_SCMI=y
> > +CONFIG_DM_RNG=y
> > +CONFIG_DM_RTC=y
> > +CONFIG_RTC_RV8803=y
> > +CONFIG_SANDBOX_SERIAL=y
> > +CONFIG_SMEM=y
> > +CONFIG_SANDBOX_SMEM=y
> > +CONFIG_SOUND=y
> > +CONFIG_SOUND_DA7219=y
> > +CONFIG_SOUND_MAX98357A=y
> > +CONFIG_SOUND_SANDBOX=y
> > +CONFIG_SOC_DEVICE=y
> > +CONFIG_SANDBOX_SPI=y
> > +CONFIG_SPMI=y
> > +CONFIG_SPMI_SANDBOX=y
> > +CONFIG_SYSINFO=y
> > +CONFIG_SYSINFO_SANDBOX=y
> > +CONFIG_SYSINFO_GPIO=y
> > +CONFIG_SYSRESET=y
> > +CONFIG_TIMER=y
> > +CONFIG_TIMER_EARLY=y
> > +CONFIG_SANDBOX_TIMER=y
> > +CONFIG_USB=y
> > +CONFIG_DM_USB=y
> > +CONFIG_USB_EMUL=y
> > +CONFIG_USB_KEYBOARD=y
> > +CONFIG_DM_VIDEO=y
> > +CONFIG_VIDEO_COPY=y
> > +CONFIG_CONSOLE_ROTATION=y
> > +CONFIG_CONSOLE_TRUETYPE=y
> > +CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y
> > +CONFIG_VIDEO_SANDBOX_SDL=y
> > +CONFIG_VIDEO_DSI_HOST_SANDBOX=y
> > +CONFIG_OSD=y
> > +CONFIG_SANDBOX_OSD=y
> > +CONFIG_SPLASH_SCREEN_ALIGN=y
> > +CONFIG_VIDEO_BMP_RLE8=y
> > +CONFIG_W1=y
> > +CONFIG_W1_GPIO=y
> > +CONFIG_W1_EEPROM=y
> > +CONFIG_W1_EEPROM_SANDBOX=y
> > +CONFIG_WDT=y
> > +CONFIG_WDT_SANDBOX=y
> > +CONFIG_FS_CBFS=y
> > +CONFIG_FS_CRAMFS=y
> > +CONFIG_CMD_DHRYSTONE=y
> > +CONFIG_TPM=y
> > +CONFIG_LZ4=y
> > +CONFIG_ERRNO_STR=y
> > +CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
> > +CONFIG_EFI_CAPSULE_ON_DISK=y
> > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> > +CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> > +CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl"
> 
> Is this path relative to the build directory?

No.

> Will building fail if the build directory is not a direct subdirectory
> of the source directory?

No.
"incbin" directive in assembly code works with "include directory" paths.
As "-Iinclude" is passed on to the assembler, "../" will eventually be
able to point to the source directory whatever the build directory is.

-Takahiro Akashi


> Best regards
> 
> Heinrich
> 
> > +CONFIG_EFI_SECURE_BOOT=y
> > +CONFIG_TEST_FDTDEC=y
> > +CONFIG_CRYPT_PW=y
> > +CONFIG_CRYPT_PW_SHA256=y
> > +CONFIG_CRYPT_PW_SHA512=y
> > +CONFIG_AUTOBOOT_KEYED=y
> > +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n"
> > +CONFIG_AUTOBOOT_ENCRYPTION=y
> > +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y
> > +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9"
> > +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y
> > +CONFIG_AUTOBOOT_SHA256_FALLBACK=y
> > +CONFIG_UNIT_TEST=y
> > +CONFIG_UT_TIME=y
> > +CONFIG_UT_DM=y
> > +CONFIG_DM_REBOOT_MODE=y
> > +CONFIG_DM_REBOOT_MODE_GPIO=y
> > +CONFIG_DM_REBOOT_MODE_RTC=y
> >
Simon Glass July 31, 2021, 4:59 p.m. UTC | #3 
Hi Takahiro,

On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> This new configuration, which was derived from sandbox_defconfig, will be
> used solely to run efi capsule authentication test as the test requires
> a public key (esl file) to be embedded in U-Boot binary.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
>  1 file changed, 307 insertions(+)
>  create mode 100644 configs/sandbox_capsule_auth_defconfig

NAK.

Please just add it to sandbox_defconfig. We sometimes have to create
new variants when dealing with actual build variations (e.g. SPL,
building without OF_LIVE), but here we should just enable the feature
in sandbox_defconfig.

We already covered embedding key in the binary on another thread.
Please don't do that. After that debacle I sent a patch explaining
this:

http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/

Regards,
Simon
AKASHI Takahiro Aug. 1, 2021, 4:29 a.m. UTC | #4 
Simon,

On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> Hi Takahiro,
> 
> On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > This new configuration, which was derived from sandbox_defconfig, will be
> > used solely to run efi capsule authentication test as the test requires
> > a public key (esl file) to be embedded in U-Boot binary.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> >  1 file changed, 307 insertions(+)
> >  create mode 100644 configs/sandbox_capsule_auth_defconfig
> 
> NAK.
> 
> Please just add it to sandbox_defconfig. We sometimes have to create

Unfortunately, I can't.
Look, we now have two tests, test_capsule_firmware.py and
test_capsule_firmware_signed.py, and we need U-Boot binaries,
respectively, without a key and with a key.
A single configuration cannot satisfy both.

> new variants when dealing with actual build variations (e.g. SPL,
> building without OF_LIVE), but here we should just enable the feature
> in sandbox_defconfig.
> 
> We already covered embedding key in the binary on another thread.
> Please don't do that. After that debacle I sent a patch explaining
> this:
> 
> http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/

Please discuss and make an agreement with Heinrich.
The patch for embedding a key has already been merged in -rc1.

In my personal opinion, neither approaches won't apply to production
any way.

-Takahiro Akashi

> Regards,
> Simon
Simon Glass Aug. 1, 2021, 7 p.m. UTC | #5 
Hi Takahiro,

On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> Simon,
>
> On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> > Hi Takahiro,
> >
> > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> > <takahiro.akashi@linaro.org> wrote:
> > >
> > > This new configuration, which was derived from sandbox_defconfig, will be
> > > used solely to run efi capsule authentication test as the test requires
> > > a public key (esl file) to be embedded in U-Boot binary.
> > >
> > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > ---
> > >  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> > >  1 file changed, 307 insertions(+)
> > >  create mode 100644 configs/sandbox_capsule_auth_defconfig
> >
> > NAK.
> >
> > Please just add it to sandbox_defconfig. We sometimes have to create
>
> Unfortunately, I can't.
> Look, we now have two tests, test_capsule_firmware.py and
> test_capsule_firmware_signed.py, and we need U-Boot binaries,
> respectively, without a key and with a key.
> A single configuration cannot satisfy both.
>
> > new variants when dealing with actual build variations (e.g. SPL,
> > building without OF_LIVE), but here we should just enable the feature
> > in sandbox_defconfig.
> >
> > We already covered embedding key in the binary on another thread.
> > Please don't do that. After that debacle I sent a patch explaining
> > this:
> >
> > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/
>
> Please discuss and make an agreement with Heinrich.
> The patch for embedding a key has already been merged in -rc1.

Which patch was that? I thought I pushed back on the one that did that.

> In my personal opinion, neither approaches won't apply to production
> any way.

Regards,
Simon
AKASHI Takahiro Aug. 1, 2021, 10:57 p.m. UTC | #6 
Simon,

On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote:
> Hi Takahiro,
> 
> On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > Simon,
> >
> > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> > > Hi Takahiro,
> > >
> > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> > > <takahiro.akashi@linaro.org> wrote:
> > > >
> > > > This new configuration, which was derived from sandbox_defconfig, will be
> > > > used solely to run efi capsule authentication test as the test requires
> > > > a public key (esl file) to be embedded in U-Boot binary.
> > > >
> > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > ---
> > > >  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> > > >  1 file changed, 307 insertions(+)
> > > >  create mode 100644 configs/sandbox_capsule_auth_defconfig
> > >
> > > NAK.
> > >
> > > Please just add it to sandbox_defconfig. We sometimes have to create
> >
> > Unfortunately, I can't.
> > Look, we now have two tests, test_capsule_firmware.py and
> > test_capsule_firmware_signed.py, and we need U-Boot binaries,
> > respectively, without a key and with a key.
> > A single configuration cannot satisfy both.
> >
> > > new variants when dealing with actual build variations (e.g. SPL,
> > > building without OF_LIVE), but here we should just enable the feature
> > > in sandbox_defconfig.
> > >
> > > We already covered embedding key in the binary on another thread.
> > > Please don't do that. After that debacle I sent a patch explaining
> > > this:
> > >
> > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/
> >
> > Please discuss and make an agreement with Heinrich.
> > The patch for embedding a key has already been merged in -rc1.
> 
> Which patch was that? I thought I pushed back on the one that did that.

The commit ddf67daac39d
  Author: Ilias Apalodimas <ilias.apalodimas@linaro.org>
  Date:   Sat Jul 17 17:26:44 2021 +0300

    efi_capsule: Move signature from DTB to .rodata

-Takahiro Akashi


> > In my personal opinion, neither approaches won't apply to production
> > any way.
> 
> Regards,
> Simon
Simon Glass Aug. 2, 2021, 7:19 p.m. UTC | #7 
Hi Takahiro,

On Sun, 1 Aug 2021 at 16:57, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote:
>
> Simon,
>
> On Sun, Aug 01, 2021 at 01:00:20PM -0600, Simon Glass wrote:
> > Hi Takahiro,
> >
> > On Sat, 31 Jul 2021 at 22:29, AKASHI Takahiro
> > <takahiro.akashi@linaro.org> wrote:
> > >
> > > Simon,
> > >
> > > On Sat, Jul 31, 2021 at 10:59:32AM -0600, Simon Glass wrote:
> > > > Hi Takahiro,
> > > >
> > > > On Tue, 27 Jul 2021 at 03:12, AKASHI Takahiro
> > > > <takahiro.akashi@linaro.org> wrote:
> > > > >
> > > > > This new configuration, which was derived from sandbox_defconfig, will be
> > > > > used solely to run efi capsule authentication test as the test requires
> > > > > a public key (esl file) to be embedded in U-Boot binary.
> > > > >
> > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > > ---
> > > > >  configs/sandbox_capsule_auth_defconfig | 307 +++++++++++++++++++++++++
> > > > >  1 file changed, 307 insertions(+)
> > > > >  create mode 100644 configs/sandbox_capsule_auth_defconfig
> > > >
> > > > NAK.
> > > >
> > > > Please just add it to sandbox_defconfig. We sometimes have to create
> > >
> > > Unfortunately, I can't.
> > > Look, we now have two tests, test_capsule_firmware.py and
> > > test_capsule_firmware_signed.py, and we need U-Boot binaries,
> > > respectively, without a key and with a key.
> > > A single configuration cannot satisfy both.
> > >
> > > > new variants when dealing with actual build variations (e.g. SPL,
> > > > building without OF_LIVE), but here we should just enable the feature
> > > > in sandbox_defconfig.
> > > >
> > > > We already covered embedding key in the binary on another thread.
> > > > Please don't do that. After that debacle I sent a patch explaining
> > > > this:
> > > >
> > > > http://patchwork.ozlabs.org/project/uboot/patch/20210725164400.468319-3-sjg@chromium.org/
> > >
> > > Please discuss and make an agreement with Heinrich.
> > > The patch for embedding a key has already been merged in -rc1.
> >
> > Which patch was that? I thought I pushed back on the one that did that.
>
> The commit ddf67daac39d
>   Author: Ilias Apalodimas <ilias.apalodimas@linaro.org>
>   Date:   Sat Jul 17 17:26:44 2021 +0300
>
>     efi_capsule: Move signature from DTB to .rodata

OK I sent a revert of that as you saw. Then I sent a v2 revert of
three patches when you explained that was not enough. I hope we can
figure this out quickly.

>
>
> > > In my personal opinion, neither approaches won't apply to production
> > > any way.

I have not seen any design for how EFI signing would work in
production but I am happy to review it. The existing FIT-signing
scheme is widely used in production environments. If we use similar
processes then we should be OK.

Regards,
Simon
diff mbox series

Patch

diff --git a/configs/sandbox_capsule_auth_defconfig b/configs/sandbox_capsule_auth_defconfig
new file mode 100644
index 000000000000..8e0ffb1a6995
--- /dev/null
+++ b/configs/sandbox_capsule_auth_defconfig
@@ -0,0 +1,307 @@ 
+CONFIG_SYS_TEXT_BASE=0
+CONFIG_NR_DRAM_BANKS=1
+CONFIG_SYS_MEMTEST_START=0x00100000
+CONFIG_SYS_MEMTEST_END=0x00101000
+CONFIG_ENV_SIZE=0x2000
+CONFIG_DEFAULT_DEVICE_TREE="sandbox"
+CONFIG_PRE_CON_BUF_ADDR=0xf0000
+CONFIG_BOOTSTAGE_STASH_ADDR=0x0
+CONFIG_DEBUG_UART=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_RSASSA_PSS=y
+CONFIG_FIT_CIPHER=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_BOOTSTAGE=y
+CONFIG_BOOTSTAGE_REPORT=y
+CONFIG_BOOTSTAGE_FDT=y
+CONFIG_BOOTSTAGE_STASH=y
+CONFIG_BOOTSTAGE_STASH_SIZE=0x4096
+CONFIG_CONSOLE_RECORD=y
+CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000
+CONFIG_PRE_CONSOLE_BUFFER=y
+CONFIG_LOG=y
+CONFIG_DISPLAY_BOARDINFO_LATE=y
+CONFIG_MISC_INIT_F=y
+CONFIG_STACKPROTECTOR=y
+CONFIG_ANDROID_AB=y
+CONFIG_CMD_CPU=y
+CONFIG_CMD_LICENSE=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTEFI_HELLO=y
+CONFIG_CMD_ABOOTIMG=y
+# CONFIG_CMD_ELF is not set
+CONFIG_CMD_ASKENV=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_ERASEENV=y
+CONFIG_CMD_ENV_CALLBACK=y
+CONFIG_CMD_ENV_FLAGS=y
+CONFIG_CMD_NVEDIT_EFI=y
+CONFIG_CMD_NVEDIT_INFO=y
+CONFIG_CMD_NVEDIT_LOAD=y
+CONFIG_CMD_NVEDIT_SELECT=y
+CONFIG_LOOPW=y
+CONFIG_CMD_MD5SUM=y
+CONFIG_CMD_MEMINFO=y
+CONFIG_CMD_MEM_SEARCH=y
+CONFIG_CMD_MX_CYCLIC=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_BIND=y
+CONFIG_CMD_DEMO=y
+CONFIG_CMD_GPIO=y
+CONFIG_CMD_PWM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_GPT_RENAME=y
+CONFIG_CMD_IDE=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_LSBLK=y
+CONFIG_CMD_MUX=y
+CONFIG_CMD_OSD=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_READ=y
+CONFIG_CMD_REMOTEPROC=y
+CONFIG_CMD_SPI=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_AXI=y
+CONFIG_CMD_AB_SELECT=y
+CONFIG_BOOTP_DNS2=y
+CONFIG_CMD_PCAP=y
+CONFIG_CMD_TFTPPUT=y
+CONFIG_CMD_TFTPSRV=y
+CONFIG_CMD_RARP=y
+CONFIG_CMD_CDP=y
+CONFIG_CMD_SNTP=y
+CONFIG_CMD_DNS=y
+CONFIG_CMD_LINK_LOCAL=y
+CONFIG_CMD_ETHSW=y
+CONFIG_CMD_BMP=y
+CONFIG_CMD_BOOTCOUNT=y
+CONFIG_CMD_EFIDEBUG=y
+CONFIG_CMD_RTC=y
+CONFIG_CMD_TIME=y
+CONFIG_CMD_TIMER=y
+CONFIG_CMD_SOUND=y
+CONFIG_CMD_QFW=y
+CONFIG_CMD_PSTORE=y
+CONFIG_CMD_PSTORE_MEM_ADDR=0x3000000
+CONFIG_CMD_BOOTSTAGE=y
+CONFIG_CMD_PMIC=y
+CONFIG_CMD_REGULATOR=y
+CONFIG_CMD_AES=y
+CONFIG_CMD_TPM=y
+CONFIG_CMD_TPM_TEST=y
+CONFIG_CMD_BTRFS=y
+CONFIG_CMD_CBFS=y
+CONFIG_CMD_CRAMFS=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_SQUASHFS=y
+CONFIG_CMD_MTDPARTS=y
+CONFIG_CMD_STACKPROTECTOR_TEST=y
+CONFIG_MAC_PARTITION=y
+CONFIG_AMIGA_PARTITION=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_LIVE=y
+CONFIG_OF_HOSTFILE=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_ENV_IS_IN_EXT4=y
+CONFIG_ENV_EXT4_INTERFACE="host"
+CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0"
+CONFIG_ENV_IMPORT_FDT=y
+CONFIG_BOOTP_SEND_HOSTNAME=y
+CONFIG_NETCONSOLE=y
+CONFIG_IP_DEFRAG=y
+CONFIG_DM_DMA=y
+CONFIG_REGMAP=y
+CONFIG_SYSCON=y
+CONFIG_DEVRES=y
+CONFIG_DEBUG_DEVRES=y
+CONFIG_SIMPLE_PM_BUS=y
+CONFIG_ADC=y
+CONFIG_ADC_SANDBOX=y
+CONFIG_AXI=y
+CONFIG_AXI_SANDBOX=y
+CONFIG_BOOTCOUNT_LIMIT=y
+CONFIG_DM_BOOTCOUNT=y
+CONFIG_DM_BOOTCOUNT_RTC=y
+CONFIG_DM_BOOTCOUNT_I2C_EEPROM=y
+CONFIG_BUTTON=y
+CONFIG_BUTTON_ADC=y
+CONFIG_BUTTON_GPIO=y
+CONFIG_CLK=y
+CONFIG_CLK_COMPOSITE_CCF=y
+CONFIG_CLK_SCMI=y
+CONFIG_CLK_K210=y
+CONFIG_CLK_K210_SET_RATE=y
+CONFIG_SANDBOX_CLK_CCF=y
+CONFIG_CPU=y
+CONFIG_DM_DEMO=y
+CONFIG_DM_DEMO_SIMPLE=y
+CONFIG_DM_DEMO_SHAPE=y
+CONFIG_DFU_SF=y
+CONFIG_DMA=y
+CONFIG_DMA_CHANNELS=y
+CONFIG_SANDBOX_DMA=y
+CONFIG_FASTBOOT_FLASH=y
+CONFIG_FASTBOOT_FLASH_MMC_DEV=0
+CONFIG_GPIO_HOG=y
+CONFIG_DM_GPIO_LOOKUP_LABEL=y
+CONFIG_PM8916_GPIO=y
+CONFIG_SANDBOX_GPIO=y
+CONFIG_DM_HWSPINLOCK=y
+CONFIG_HWSPINLOCK_SANDBOX=y
+CONFIG_I2C_CROS_EC_TUNNEL=y
+CONFIG_I2C_CROS_EC_LDO=y
+CONFIG_DM_I2C_GPIO=y
+CONFIG_SYS_I2C_SANDBOX=y
+CONFIG_I2C_MUX=y
+CONFIG_SPL_I2C_MUX=y
+CONFIG_I2C_ARB_GPIO_CHALLENGE=y
+CONFIG_CROS_EC_KEYB=y
+CONFIG_I8042_KEYB=y
+CONFIG_LED=y
+CONFIG_LED_BLINK=y
+CONFIG_LED_GPIO=y
+CONFIG_DM_MAILBOX=y
+CONFIG_SANDBOX_MBOX=y
+CONFIG_MISC=y
+CONFIG_CROS_EC=y
+CONFIG_CROS_EC_I2C=y
+CONFIG_CROS_EC_LPC=y
+CONFIG_CROS_EC_SANDBOX=y
+CONFIG_CROS_EC_SPI=y
+CONFIG_P2SB=y
+CONFIG_PWRSEQ=y
+CONFIG_SPL_PWRSEQ=y
+CONFIG_I2C_EEPROM=y
+CONFIG_MMC_PCI=y
+CONFIG_MMC_SANDBOX=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MTD=y
+CONFIG_SPI_FLASH_SANDBOX=y
+CONFIG_SPI_FLASH_ATMEL=y
+CONFIG_SPI_FLASH_EON=y
+CONFIG_SPI_FLASH_GIGADEVICE=y
+CONFIG_SPI_FLASH_MACRONIX=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_SST=y
+CONFIG_SPI_FLASH_WINBOND=y
+CONFIG_MULTIPLEXER=y
+CONFIG_MUX_MMIO=y
+CONFIG_DM_ETH=y
+CONFIG_NVME=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_PCI_REGION_MULTI_ENTRY=y
+CONFIG_PCI_SANDBOX=y
+CONFIG_PHY=y
+CONFIG_PHY_SANDBOX=y
+CONFIG_PINCTRL=y
+CONFIG_PINCONF=y
+CONFIG_PINCTRL_SANDBOX=y
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_SANDBOX_POWER_DOMAIN=y
+CONFIG_DM_PMIC=y
+CONFIG_PMIC_ACT8846=y
+CONFIG_DM_PMIC_PFUZE100=y
+CONFIG_DM_PMIC_MAX77686=y
+CONFIG_DM_PMIC_MC34708=y
+CONFIG_PMIC_PM8916=y
+CONFIG_PMIC_RK8XX=y
+CONFIG_PMIC_S2MPS11=y
+CONFIG_DM_PMIC_SANDBOX=y
+CONFIG_PMIC_S5M8767=y
+CONFIG_PMIC_TPS65090=y
+CONFIG_DM_REGULATOR=y
+CONFIG_REGULATOR_ACT8846=y
+CONFIG_DM_REGULATOR_PFUZE100=y
+CONFIG_DM_REGULATOR_MAX77686=y
+CONFIG_DM_REGULATOR_FIXED=y
+CONFIG_REGULATOR_RK8XX=y
+CONFIG_REGULATOR_S5M8767=y
+CONFIG_DM_REGULATOR_SANDBOX=y
+CONFIG_REGULATOR_TPS65090=y
+CONFIG_DM_REGULATOR_SCMI=y
+CONFIG_DM_PWM=y
+CONFIG_PWM_CROS_EC=y
+CONFIG_PWM_SANDBOX=y
+CONFIG_RAM=y
+CONFIG_REMOTEPROC_SANDBOX=y
+CONFIG_DM_RESET=y
+CONFIG_SANDBOX_RESET=y
+CONFIG_RESET_SYSCON=y
+CONFIG_RESET_SCMI=y
+CONFIG_DM_RNG=y
+CONFIG_DM_RTC=y
+CONFIG_RTC_RV8803=y
+CONFIG_SANDBOX_SERIAL=y
+CONFIG_SMEM=y
+CONFIG_SANDBOX_SMEM=y
+CONFIG_SOUND=y
+CONFIG_SOUND_DA7219=y
+CONFIG_SOUND_MAX98357A=y
+CONFIG_SOUND_SANDBOX=y
+CONFIG_SOC_DEVICE=y
+CONFIG_SANDBOX_SPI=y
+CONFIG_SPMI=y
+CONFIG_SPMI_SANDBOX=y
+CONFIG_SYSINFO=y
+CONFIG_SYSINFO_SANDBOX=y
+CONFIG_SYSINFO_GPIO=y
+CONFIG_SYSRESET=y
+CONFIG_TIMER=y
+CONFIG_TIMER_EARLY=y
+CONFIG_SANDBOX_TIMER=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_EMUL=y
+CONFIG_USB_KEYBOARD=y
+CONFIG_DM_VIDEO=y
+CONFIG_VIDEO_COPY=y
+CONFIG_CONSOLE_ROTATION=y
+CONFIG_CONSOLE_TRUETYPE=y
+CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y
+CONFIG_VIDEO_SANDBOX_SDL=y
+CONFIG_VIDEO_DSI_HOST_SANDBOX=y
+CONFIG_OSD=y
+CONFIG_SANDBOX_OSD=y
+CONFIG_SPLASH_SCREEN_ALIGN=y
+CONFIG_VIDEO_BMP_RLE8=y
+CONFIG_W1=y
+CONFIG_W1_GPIO=y
+CONFIG_W1_EEPROM=y
+CONFIG_W1_EEPROM_SANDBOX=y
+CONFIG_WDT=y
+CONFIG_WDT_SANDBOX=y
+CONFIG_FS_CBFS=y
+CONFIG_FS_CRAMFS=y
+CONFIG_CMD_DHRYSTONE=y
+CONFIG_TPM=y
+CONFIG_LZ4=y
+CONFIG_ERRNO_STR=y
+CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+CONFIG_EFI_CAPSULE_ON_DISK=y
+CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
+CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
+CONFIG_EFI_CAPSULE_AUTHENTICATE=y
+CONFIG_EFI_CAPSULE_KEY_PATH="../test/py/tests/test_efi_capsule/SIGNER.esl"
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_TEST_FDTDEC=y
+CONFIG_CRYPT_PW=y
+CONFIG_CRYPT_PW_SHA256=y
+CONFIG_CRYPT_PW_SHA512=y
+CONFIG_AUTOBOOT_KEYED=y
+CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n"
+CONFIG_AUTOBOOT_ENCRYPTION=y
+CONFIG_AUTOBOOT_STOP_STR_ENABLE=y
+CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9"
+CONFIG_AUTOBOOT_NEVER_TIMEOUT=y
+CONFIG_AUTOBOOT_SHA256_FALLBACK=y
+CONFIG_UNIT_TEST=y
+CONFIG_UT_TIME=y
+CONFIG_UT_DM=y
+CONFIG_DM_REBOOT_MODE=y
+CONFIG_DM_REBOOT_MODE_GPIO=y
+CONFIG_DM_REBOOT_MODE_RTC=y