From patchwork Mon Jun 15 23:16:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1309870 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=tmk6XHUn; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49m6gc3tW9z9sRW for ; Tue, 16 Jun 2020 09:17:46 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4909481E81; Tue, 16 Jun 2020 01:17:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="tmk6XHUn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5714581E87; Tue, 16 Jun 2020 01:17:33 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 13F3781E39 for ; Tue, 16 Jun 2020 01:17:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102e.google.com with SMTP id i12so547059pju.3 for ; Mon, 15 Jun 2020 16:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=iP6gndkWPwZzMSevnbGFsXqbwKB8AD07e/G3z2wjXWM=; b=tmk6XHUnh2pMHN5p0ikASzw572P44CTz7kab+2/VHE/ZzTJa92V7HdWgcWZhc0plOq 3He9FV4SXpu3RuHp6AlzeG+Wap8BpLF9nZmbCqspw4WMIvBFFiZ1GmUuAKE4dwHK/vzn /mea9QQk5+/CmPqkmDYOYpo4LOicEH1Z2cwYw22skdwa1UY36vDn9uNkx6PmFs9UdFB9 lkfm3yTRPAlIoSX7NRp15rHMzKMAt6DElgVSYI4vJhAQNM3w5Zo70679LabVXFWzS3yB qyVPtVd6v7ZKESDd7w1Qkpeq3Y+l6xN/geYtdsY/NGkapbzOzqWvONQ4S3IVKDkVBXdX U4ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=iP6gndkWPwZzMSevnbGFsXqbwKB8AD07e/G3z2wjXWM=; b=RnYacN6PeZtaJ0SlqNGOsIAWe5ho/7NPAID52glC+ZCvfIgJKlTRcD6koZiLsKjOrD 3VCAfjcu1laOXMat7HV1npJkepF771XE8Qzw6/Bt1nb3YUuFQCHegEV2c5n8uvLfDejv fAnBD6/5Dq9leQJBBFudFU3UOICBvlBCoSpDn5PDZf6H/TbVCYnDIe1bMKEp1gQetjAl LhRDZk/7wu496ralSvUca5C0xsiA9JE18iHnWpDkiLyz3f07fj1HJ5mrGfDwRU+XSjJA qUhSmsbTgRmWsWH/UDsB8DoTUJXcxlaeMUIhO+ZjsxEmm+05gFT6pHGKq8Xoe8UrYlzq r9kw== X-Gm-Message-State: AOAM533W3Fk8+B5vFrBSQgudeun+pnnY33g5jZ09W1CrA9egaF7d4d6l 0yb5ZdlJtG5TCtg3O3vDoXwAZA== X-Google-Smtp-Source: ABdhPJxI5c5tfAyzEK5u6Cav5KVgOBOM27XdO2bjGpJ8OU3zd1SyKKmjweVna3L058sm+hJoTI/JAw== X-Received: by 2002:a17:90a:950e:: with SMTP id t14mr22886pjo.99.1592263042792; Mon, 15 Jun 2020 16:17:22 -0700 (PDT) Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp. [110.66.21.100]) by smtp.gmail.com with ESMTPSA id l195sm4959339pfd.18.2020.06.15.16.17.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2020 16:17:22 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH 1/2] test/py: efi_secboot: apply autopep8 Date: Tue, 16 Jun 2020 08:16:43 +0900 Message-Id: <20200615231644.13250-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean Python's autopep8 can automatically correct some of warnings from pylint and rewrite the code in a pretty print format. So just do it. Signed-off-by: AKASHI Takahiro Suggested-by: Heinrich Schuchardt --- test/py/tests/test_efi_secboot/conftest.py | 162 ++++++++++-------- test/py/tests/test_efi_secboot/defs.py | 14 +- .../py/tests/test_efi_secboot/test_authvar.py | 1 + test/py/tests/test_efi_secboot/test_signed.py | 1 + .../tests/test_efi_secboot/test_unsigned.py | 37 ++-- 5 files changed, 118 insertions(+), 97 deletions(-) diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py index 5ac0389064e8..f74b4b109a7b 100644 --- a/test/py/tests/test_efi_secboot/conftest.py +++ b/test/py/tests/test_efi_secboot/conftest.py @@ -10,6 +10,8 @@ from subprocess import call, check_call, check_output, CalledProcessError from defs import * # from test/py/conftest.py + + def tool_is_in_path(tool): for path in os.environ["PATH"].split(os.pathsep): fn = os.path.join(path, tool) @@ -20,13 +22,15 @@ def tool_is_in_path(tool): # # Fixture for UEFI secure boot test # + + @pytest.fixture(scope='session') def efi_boot_env(request, u_boot_config): """Set up a file system to be used in UEFI secure boot test. Args: request: Pytest request object. - u_boot_config: U-boot configuration. + u_boot_config: U-boot configuration. Return: A path to disk image to be used for testing @@ -48,20 +52,21 @@ def efi_boot_env(request, u_boot_config): # create a disk/partition check_call('dd if=/dev/zero of=%s bs=1MiB count=%d' - % (image_path, image_size), shell=True) + % (image_path, image_size), shell=True) check_call('sgdisk %s -n 1:0:+%dMiB' - % (image_path, part_size), shell=True) + % (image_path, part_size), shell=True) # create a file system check_call('dd if=/dev/zero of=%s.tmp bs=1MiB count=%d' - % (image_path, part_size), shell=True) + % (image_path, part_size), shell=True) check_call('mkfs -t %s %s.tmp' % (fs_type, image_path), shell=True) check_call('dd if=%s.tmp of=%s bs=1MiB seek=1 count=%d conv=notrunc' - % (image_path, image_path, 1), shell=True) + % (image_path, image_path, 1), shell=True) check_call('rm %s.tmp' % image_path, shell=True) - loop_dev = check_output('sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' - % (part_size, image_path), shell=True).decode() + loop_dev = check_output( + 'sudo losetup -o 1MiB --sizelimit %dMiB --show -f %s | tr -d "\n"' % + (part_size, image_path), shell=True).decode() check_output('sudo mount -t %s -o umask=000 %s %s' - % (fs_type, loop_dev, mnt_point), shell=True) + % (fs_type, loop_dev, mnt_point), shell=True) # suffix # *.key: RSA private key in PEM @@ -73,75 +78,88 @@ def efi_boot_env(request, u_boot_config): # *.efi.signed: signed UEFI image # Create signature database - ## PK - check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365' - % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## PK_null for deletion - check_call('cd %s; sleep 2; touch PK_null.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' - % (mnt_point, EFITOOLS_PATH), shell=True) - ## KEK - check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365' - % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s KEK.crt KEK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## db - check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ -keyout db.key -out db.crt -nodes -days 365' - % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s db.crt db.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## db1 - check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db1/ -keyout db1.key -out db1.crt -nodes -days 365' - % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s db1.crt db1.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db1.esl db1.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## db1-update - check_call('cd %s; %ssign-efi-sig-list -a -c KEK.crt -k KEK.key db db1.esl db1-update.auth' - % (mnt_point, EFITOOLS_PATH), shell=True) - ## dbx (TEST_dbx certificate) - check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_dbx/ -keyout dbx.key -out dbx.crt -nodes -days 365' - % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s dbx.crt dbx.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## dbx_hash (digest of TEST_db certificate) - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## dbx_hash1 (digest of TEST_db1 certificate) - check_call('cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db1.crt dbx_hash1.crl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx_hash1.crl dbx_hash1.auth' - % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), - shell=True) - ## dbx_db (with TEST_db certificate) - check_call('cd %s; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx db.esl dbx_db.auth' - % (mnt_point, EFITOOLS_PATH), - shell=True) + # PK + check_call( + 'cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365' % + mnt_point, + shell=True) + check_call( + 'cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # PK_null for deletion + check_call( + 'cd %s; sleep 2; touch PK_null.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' % + (mnt_point, EFITOOLS_PATH), shell=True) + # KEK + check_call( + 'cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365' % + mnt_point, + shell=True) + check_call( + 'cd %s; %scert-to-efi-sig-list -g %s KEK.crt KEK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # db + check_call( + 'cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ -keyout db.key -out db.crt -nodes -days 365' % + mnt_point, + shell=True) + check_call( + 'cd %s; %scert-to-efi-sig-list -g %s db.crt db.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # db1 + check_call( + 'cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db1/ -keyout db1.key -out db1.crt -nodes -days 365' % + mnt_point, + shell=True) + check_call( + 'cd %s; %scert-to-efi-sig-list -g %s db1.crt db1.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db1.esl db1.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # db1-update + check_call( + 'cd %s; %ssign-efi-sig-list -a -c KEK.crt -k KEK.key db db1.esl db1-update.auth' % + (mnt_point, EFITOOLS_PATH), shell=True) + # dbx (TEST_dbx certificate) + check_call( + 'cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_dbx/ -keyout dbx.key -out dbx.crt -nodes -days 365' % + mnt_point, + shell=True) + check_call( + 'cd %s; %scert-to-efi-sig-list -g %s dbx.crt dbx.esl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # dbx_hash (digest of TEST_db certificate) + check_call( + 'cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # dbx_hash1 (digest of TEST_db1 certificate) + check_call( + 'cd %s; %scert-to-efi-hash-list -g %s -t 0 -s 256 db1.crt dbx_hash1.crl; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx dbx_hash1.crl dbx_hash1.auth' % + (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # dbx_db (with TEST_db certificate) + check_call( + 'cd %s; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx db.esl dbx_db.auth' % + (mnt_point, EFITOOLS_PATH), shell=True) # Copy image check_call('cp %s %s' % (HELLO_PATH, mnt_point), shell=True) - ## Sign image + # Sign image check_call('cd %s; sbsign --key db.key --cert db.crt helloworld.efi' - % mnt_point, shell=True) - ## Sign already-signed image with another key - check_call('cd %s; sbsign --key db1.key --cert db1.crt --output helloworld.efi.signed_2sigs helloworld.efi.signed' - % mnt_point, shell=True) - ## Digest image - check_call('cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth' - % (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), - shell=True) - check_call('cd %s; %shash-to-efi-sig-list helloworld.efi.signed db_hello_signed.hash; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db_hello_signed.hash db_hello_signed.auth' - % (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), - shell=True) - check_call('cd %s; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx db_hello_signed.hash dbx_hello_signed.auth' - % (mnt_point, EFITOOLS_PATH), - shell=True) - + % mnt_point, shell=True) + # Sign already-signed image with another key + check_call( + 'cd %s; sbsign --key db1.key --cert db1.crt --output helloworld.efi.signed_2sigs helloworld.efi.signed' % + mnt_point, + shell=True) + # Digest image + check_call( + 'cd %s; %shash-to-efi-sig-list helloworld.efi db_hello.hash; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db_hello.hash db_hello.auth' % + (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), shell=True) + check_call( + 'cd %s; %shash-to-efi-sig-list helloworld.efi.signed db_hello_signed.hash; %ssign-efi-sig-list -c KEK.crt -k KEK.key db db_hello_signed.hash db_hello_signed.auth' % + (mnt_point, EFITOOLS_PATH, EFITOOLS_PATH), shell=True) + check_call( + 'cd %s; %ssign-efi-sig-list -c KEK.crt -k KEK.key dbx db_hello_signed.hash dbx_hello_signed.auth' % + (mnt_point, EFITOOLS_PATH), shell=True) check_call('sudo umount %s' % loop_dev, shell=True) check_call('sudo losetup -d %s' % loop_dev, shell=True) diff --git a/test/py/tests/test_efi_secboot/defs.py b/test/py/tests/test_efi_secboot/defs.py index d6222809c547..099f453979ff 100644 --- a/test/py/tests/test_efi_secboot/defs.py +++ b/test/py/tests/test_efi_secboot/defs.py @@ -1,21 +1,21 @@ # SPDX-License-Identifier: GPL-2.0+ # Disk image name -EFI_SECBOOT_IMAGE_NAME='test_efi_secboot.img' +EFI_SECBOOT_IMAGE_NAME = 'test_efi_secboot.img' # Size in MiB -EFI_SECBOOT_IMAGE_SIZE=16 -EFI_SECBOOT_PART_SIZE=8 +EFI_SECBOOT_IMAGE_SIZE = 16 +EFI_SECBOOT_PART_SIZE = 8 # Partition file system type -EFI_SECBOOT_FS_TYPE='vfat' +EFI_SECBOOT_FS_TYPE = 'vfat' # Owner guid -GUID='11111111-2222-3333-4444-123456789abc' +GUID = '11111111-2222-3333-4444-123456789abc' # v1.5.1 or earlier of efitools has a bug in sha256 calculation, and # you need build a newer version on your own. -EFITOOLS_PATH='' +EFITOOLS_PATH = '' # Hello World application for sandbox -HELLO_PATH='' +HELLO_PATH = '' diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py index 148aa3123e4f..359adba4b4b7 100644 --- a/test/py/tests/test_efi_secboot/test_authvar.py +++ b/test/py/tests/test_efi_secboot/test_authvar.py @@ -11,6 +11,7 @@ This test verifies variable authentication import pytest from defs import * + @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_secure_boot') @pytest.mark.buildconfigspec('cmd_fat') diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index 441f4906c865..c100832a2375 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -11,6 +11,7 @@ This test verifies image authentication for signed images. import pytest from defs import * + @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_secure_boot') @pytest.mark.buildconfigspec('cmd_efidebug') diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py index c42c5ddc4774..3748b51ee7e9 100644 --- a/test/py/tests/test_efi_secboot/test_unsigned.py +++ b/test/py/tests/test_efi_secboot/test_unsigned.py @@ -11,6 +11,7 @@ This test verifies image authentication for unsigned images. import pytest from defs import * + @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('efi_secure_boot') @pytest.mark.buildconfigspec('cmd_efidebug') @@ -28,10 +29,10 @@ class TestEfiUnsignedImage(object): # Test Case 1 output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, - 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', - 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'fatload host 0:1 4000000 KEK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'fatload host 0:1 4000000 PK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ @@ -55,12 +56,12 @@ class TestEfiUnsignedImage(object): # Test Case 2 output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, - 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', - 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', - 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'fatload host 0:1 4000000 db_hello.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', + 'fatload host 0:1 4000000 KEK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'fatload host 0:1 4000000 PK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ @@ -79,12 +80,12 @@ class TestEfiUnsignedImage(object): # Test Case 3a, rejected by dbx output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, - 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', - 'fatload host 0:1 4000000 KEK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', - 'fatload host 0:1 4000000 PK.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) + 'fatload host 0:1 4000000 db_hello.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', + 'fatload host 0:1 4000000 KEK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', + 'fatload host 0:1 4000000 PK.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ @@ -101,8 +102,8 @@ class TestEfiUnsignedImage(object): with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ - 'fatload host 0:1 4000000 db_hello.auth', - 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) + 'fatload host 0:1 4000000 db_hello.auth', + 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) assert(not 'Failed to set EFI variable' in ''.join(output)) output = u_boot_console.run_command_list([ From patchwork Mon Jun 15 23:16:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1309871 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=gf6nkokE; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49m6h22QWSz9sRW for ; Tue, 16 Jun 2020 09:18:10 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A83D281E95; Tue, 16 Jun 2020 01:17:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="gf6nkokE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8BBC181E8F; Tue, 16 Jun 2020 01:17:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4CB6A81E8A for ; Tue, 16 Jun 2020 01:17:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pg1-x541.google.com with SMTP id e18so8304750pgn.7 for ; Mon, 15 Jun 2020 16:17:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JVKy+gPB+O6FLryRpqSXUM8Foep5B9v2DqyHR2tBlG0=; b=gf6nkokEOPbldKUOlKqrbyRuWThppzI5ouF+F22F353U2gJoQsHEZzmZiuuDdCcI+r Hs6O8jC7BJwh54XTNiz5VQXttOY5t5l+88DP9GwKAFBcbE+7gDDkC2uBk7IYxELrsL0z weXE1N50b5BRW2IR5ilEwRkkwvDkfMXm3FL09w5aML447G8LAso7XRhoT623Pb9OBej+ QK0iT5W0ZfmGVDx57hcZp3VY5CH8RJE1i9V4iGOeOaco5jV3z20pyKiJmSQOvrpNUd/L c1hIilyhU0k2OyvMIMNngY6smLVmNt6S6k1V+7Y2hiI+XM+WlPY/2PpgfBSxhBBwaGB/ QULA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JVKy+gPB+O6FLryRpqSXUM8Foep5B9v2DqyHR2tBlG0=; b=W8DWaIEhrlBAptqrij2OWHTcQWhQSlANJCQmF1KoQmn+4TKCqrvTIVdAOX1QLTr25J 90H3qK/H/GzoEhSae5smz292001uhp3myXYqu5ahC7ylCplQbUbNZx2inxpZrKGLJNbv jkxyJEKmi6cC9d/QjnpJHPFzMDDas9MMxwDeXdCxiKk7c2hPVztO4UKVaPaHxgqcRmTV 4Ppg9BodpXnpP1gh0LaPMbeJxWW70tQ9mxl+LrIQHnSpui2pjz75m4PMTfyVIYhOqN/Y 9ajrT781p7/fB1EnM9jUfYUs2lLxnSx0/pdfSo6Ri4oEZSSieEb8vadBvLzXpnBa9YDG Dtmw== X-Gm-Message-State: AOAM532c53T7UGxZf7X7O3gO+LJEp/jgNtwpBFb4OQA37uxizDCxAAUp kGeLE0nf1+uc3M0bkryZ/JEqlw== X-Google-Smtp-Source: ABdhPJxmQOO//7cltPSqZZlh8FoeStd4gqwH82HMEGHGp7RAPneoS7WK0aVnNt8MU0yoDm6hBAx2rA== X-Received: by 2002:a62:2c07:: with SMTP id s7mr7643pfs.88.1592263053911; Mon, 15 Jun 2020 16:17:33 -0700 (PDT) Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp. [110.66.21.100]) by smtp.gmail.com with ESMTPSA id l195sm4959339pfd.18.2020.06.15.16.17.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2020 16:17:33 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH 2/2] test/py: efi_secboot: more fixes against pylint Date: Tue, 16 Jun 2020 08:16:44 +0900 Message-Id: <20200615231644.13250-2-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200615231644.13250-1-takahiro.akashi@linaro.org> References: <20200615231644.13250-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean More fixes against pylint warnings that autopep8 didn't handle in the previous commit. Signed-off-by: AKASHI Takahiro --- test/py/tests/test_efi_secboot/conftest.py | 11 +-- .../py/tests/test_efi_secboot/test_authvar.py | 91 +++++++++---------- test/py/tests/test_efi_secboot/test_signed.py | 73 ++++++++------- .../tests/test_efi_secboot/test_unsigned.py | 29 +++--- 4 files changed, 100 insertions(+), 104 deletions(-) diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py index f74b4b109a7b..34abcd79ae00 100644 --- a/test/py/tests/test_efi_secboot/conftest.py +++ b/test/py/tests/test_efi_secboot/conftest.py @@ -4,9 +4,8 @@ import os import os.path -import pytest -import re from subprocess import call, check_call, check_output, CalledProcessError +import pytest from defs import * # from test/py/conftest.py @@ -14,8 +13,8 @@ from defs import * def tool_is_in_path(tool): for path in os.environ["PATH"].split(os.pathsep): - fn = os.path.join(path, tool) - if os.path.isfile(fn) and os.access(fn, os.X_OK): + full_path = os.path.join(path, tool) + if os.path.isfile(full_path) and os.access(full_path, os.X_OK): return True return False @@ -164,8 +163,8 @@ def efi_boot_env(request, u_boot_config): check_call('sudo umount %s' % loop_dev, shell=True) check_call('sudo losetup -d %s' % loop_dev, shell=True) - except CalledProcessError as e: - pytest.skip('Setup failed: %s' % e.cmd) + except CalledProcessError as exception: + pytest.skip('Setup failed: %s' % exception.cmd) return else: yield image_path diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py index 359adba4b4b7..d0c6b9035b1b 100644 --- a/test/py/tests/test_efi_secboot/test_authvar.py +++ b/test/py/tests/test_efi_secboot/test_authvar.py @@ -9,7 +9,6 @@ This test verifies variable authentication """ import pytest -from defs import * @pytest.mark.boardspec('sandbox') @@ -29,18 +28,18 @@ class TestEfiAuthVar(object): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, 'printenv -e SecureBoot']) - assert('00000000: 00' in ''.join(output)) + assert '00000000: 00' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SetupMode') - assert('00000000: 01' in output) + assert '00000000: 01' in output with u_boot_console.log.section('Test Case 1b'): # Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize PK']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 1c'): # Test Case 1c, install PK @@ -48,79 +47,79 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert('PK:' in ''.join(output)) + assert 'PK:' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SecureBoot') - assert('00000000: 01' in output) + assert '00000000: 01' in output output = u_boot_console.run_command( 'printenv -e SetupMode') - assert('00000000: 00' in output) + assert '00000000: 00' in output with u_boot_console.log.section('Test Case 1d'): # Test Case 1d, db/dbx without KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 1e'): # Test Case 1e, install KEK output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize KEK']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 KEK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'printenv -e -n KEK']) - assert('KEK:' in ''.join(output)) + assert 'KEK:' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SecureBoot') - assert('00000000: 01' in output) + assert '00000000: 01' in output with u_boot_console.log.section('Test Case 1f'): # Test Case 1f, install db output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SecureBoot') - assert('00000000: 01' in output) + assert '00000000: 01' in output with u_boot_console.log.section('Test Case 1g'): # Test Case 1g, install dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize dbx']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('dbx:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'dbx:' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SecureBoot') - assert('00000000: 01' in output) + assert '00000000: 01' in output def test_efi_var_auth2(self, u_boot_console, efi_boot_env): """ @@ -139,20 +138,20 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 2c'): # Test Case 2c, update with correct signature @@ -160,8 +159,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) def test_efi_var_auth3(self, u_boot_console, efi_boot_env): """ @@ -180,20 +179,20 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -a -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, update without correct signature output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.esl', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) - assert('Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) with u_boot_console.log.section('Test Case 3c'): # Test Case 3c, update with correct signature @@ -201,8 +200,8 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) def test_efi_var_auth4(self, u_boot_console, efi_boot_env): """ @@ -221,22 +220,22 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'db:' in ''.join(output) output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert('Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) + assert 'db:' in ''.join(output) with u_boot_console.log.section('Test Case 4b'): # Test Case 4b, update without correct signature/data output = u_boot_console.run_command_list([ 'setenv -e -nv -bs -rt -at db', 'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db']) - assert('Failed to set EFI variable' in ''.join(output)) - assert('db:' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) + assert 'db:' in ''.join(output) def test_efi_var_auth5(self, u_boot_console, efi_boot_env): """ @@ -255,15 +254,15 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'printenv -e -n PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('PK:' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert 'PK:' in ''.join(output) output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 PK_null.esl', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert('Failed to set EFI variable' in ''.join(output)) - assert('PK:' in ''.join(output)) + assert 'Failed to set EFI variable' in ''.join(output) + assert 'PK:' in ''.join(output) with u_boot_console.log.section('Test Case 5b'): # Test Case 5b, Uninstall PK with correct signature @@ -271,12 +270,12 @@ class TestEfiAuthVar(object): 'fatload host 0:1 4000000 PK_null.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK', 'printenv -e -n PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) - assert('\"PK\" not defined' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) + assert '\"PK\" not defined' in ''.join(output) output = u_boot_console.run_command( 'printenv -e SecureBoot') - assert('00000000: 00' in output) + assert '00000000: 00' in output output = u_boot_console.run_command( 'printenv -e SetupMode') - assert('00000000: 01' in output) + assert '00000000: 01' in output diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index c100832a2375..02cfa6480f26 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -9,7 +9,6 @@ This test verifies image authentication for signed images. """ import pytest -from defs import * @pytest.mark.boardspec('sandbox') @@ -32,7 +31,7 @@ class TestEfiSignedImage(object): 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) with u_boot_console.log.section('Test Case 1b'): # Test Case 1b, run unsigned image if no PK @@ -40,7 +39,7 @@ class TestEfiSignedImage(object): 'efidebug boot add 2 HELLO2 host 0:1 /helloworld.efi ""', 'efidebug boot next 2', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) def test_efi_signed_image_auth2(self, u_boot_console, efi_boot_env): """ @@ -57,35 +56,35 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO1\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO1\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 2 HELLO2 host 0:1 /helloworld.efi ""', 'efidebug boot next 2', 'efidebug test bootmgr']) - assert('\'HELLO2\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO2\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) with u_boot_console.log.section('Test Case 2b'): # Test Case 2b, authenticated by db output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 2', 'efidebug test bootmgr']) - assert('\'HELLO2\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO2\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) def test_efi_signed_image_auth3(self, u_boot_console, efi_boot_env): """ @@ -103,25 +102,25 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) def test_efi_signed_image_auth4(self, u_boot_console, efi_boot_env): """ @@ -141,13 +140,13 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) def test_efi_signed_image_auth5(self, u_boot_console, efi_boot_env): """ @@ -167,38 +166,38 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""', 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) with u_boot_console.log.section('Test Case 5b'): # Test Case 5b, authenticated if both signatures are verified output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db1.auth', 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) with u_boot_console.log.section('Test Case 5c'): # Test Case 5c, rejected if any of signatures is revoked output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_hash1.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""', 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) def test_efi_signed_image_auth6(self, u_boot_console, efi_boot_env): """ @@ -216,24 +215,24 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) with u_boot_console.log.section('Test Case 6b'): # Test Case 6b, rejected by TEST_db certificate in dbx output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 dbx_db.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) with u_boot_console.log.section('Test Case 6c'): # Test Case 6c, rejected by image's digest in dbx @@ -242,9 +241,9 @@ class TestEfiSignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db', 'fatload host 0:1 4000000 dbx_hello_signed.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) - assert('efi_start_image() returned: 26' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) + assert 'efi_start_image() returned: 26' in ''.join(output) diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py index 3748b51ee7e9..c4c3f4c2023f 100644 --- a/test/py/tests/test_efi_secboot/test_unsigned.py +++ b/test/py/tests/test_efi_secboot/test_unsigned.py @@ -9,7 +9,6 @@ This test verifies image authentication for unsigned images. """ import pytest -from defs import * @pytest.mark.boardspec('sandbox') @@ -33,18 +32,18 @@ class TestEfiUnsignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('efi_start_image() returned: 26' in ''.join(output)) - assert(not 'Hello, world!' in ''.join(output)) + assert 'efi_start_image() returned: 26' in ''.join(output) + assert 'Hello, world!' not in ''.join(output) def test_efi_unsigned_image_auth2(self, u_boot_console, efi_boot_env): """ @@ -62,13 +61,13 @@ class TestEfiUnsignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('Hello, world!' in ''.join(output)) + assert 'Hello, world!' in ''.join(output) def test_efi_unsigned_image_auth3(self, u_boot_console, efi_boot_env): """ @@ -86,33 +85,33 @@ class TestEfiUnsignedImage(object): 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK', 'fatload host 0:1 4000000 PK.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('efi_start_image() returned: 26' in ''.join(output)) - assert(not 'Hello, world!' in ''.join(output)) + assert 'efi_start_image() returned: 26' in ''.join(output) + assert 'Hello, world!' not in ''.join(output) with u_boot_console.log.section('Test Case 3b'): # Test Case 3b, rejected by dbx even if db allows output = u_boot_console.run_command_list([ 'fatload host 0:1 4000000 db_hello.auth', 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db']) - assert(not 'Failed to set EFI variable' in ''.join(output)) + assert 'Failed to set EFI variable' not in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot add 1 HELLO host 0:1 /helloworld.efi ""', 'efidebug boot next 1', 'bootefi bootmgr']) - assert('\'HELLO\' failed' in ''.join(output)) + assert '\'HELLO\' failed' in ''.join(output) output = u_boot_console.run_command_list([ 'efidebug boot next 1', 'efidebug test bootmgr']) - assert('efi_start_image() returned: 26' in ''.join(output)) - assert(not 'Hello, world!' in ''.join(output)) + assert 'efi_start_image() returned: 26' in ''.join(output) + assert 'Hello, world!' not in ''.join(output)