1
0
mirror of https://xff.cz/git/u-boot/ synced 2025-10-22 10:31:56 +02:00
Commit Graph

547 Commits

Author SHA1 Message Date
Tom Rini
776bf6a545 Merge tag 'u-boot-stm32-20211012' of https://source.denx.de/u-boot/custodians/u-boot-stm
- Disable ATAGS for STM32 MCU and MPU boards
- Disable bi_boot_params for STM32 MCU and MPU boards
- Update stm32-usbphyc node management
- Convert CONFIG_STM32_FLASH to Kconfig for STM32 MCU boards
- Convert some USB config flags to Kconfig for various boards
- Convert CONFIG_BOOTCOMMAND flag to Kconfig for STM32 F429 board
- Remove specific CONFIG_STV0991 flags
- Remove unused CONFIG_USER_LOWLEVEL_INIT flag
- Add ofdata_to_platdata() callback for stm32_spi driver
- Update for stm32f7_i2c driver
- Remove gpio_hog_probe_all() from STM32 MP1 board
- Fix bind command

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-10-12 12:01:00 -04:00
Patrice Chotard
39bd2c8e1a test/py: Add usb gadget binding test
Add a specific usb gadget binding test which check that
binding a driver without compatible string is working as expected.

the command "bind /usb@1 usb_ether" should give the following "dm tree"
command output:

[...]
 usb           0  [   ]   usb_sandbox           |-- usb@1
 usb_hub       0  [   ]   usb_hub               |   |-- hub
 usb_emul      0  [   ]   usb_sandbox_hub       |   |   `-- hub-emul
 usb_emul      1  [   ]   usb_sandbox_flash     |   |       |-- flash-stick@0
 usb_emul      2  [   ]   usb_sandbox_flash     |   |       |-- flash-stick@1
 usb_emul      3  [   ]   usb_sandbox_flash     |   |       |-- flash-stick@2
 usb_emul      4  [   ]   usb_sandbox_keyb      |   |       `-- keyb@3
 eth           4  [   ]   usb_ether             |   `-- usb@1
[...]

Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-12 14:20:04 +02:00
Simon Glass
17d1fe1c44 test: Allow tpm2 tests to run in parallel
These tests currently run in a particular sequence, with some of them
depending on the actions of earlier tests.

Add a check for sandbox and reset to a known state at the start of each
test, so that all tests can run in parallel.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-05 08:50:15 -04:00
Simon Glass
ea3164eeb0 test: Allow hush tests to run in parallel
The -z tests don't really need to be part of the main set. Separate them
out so we can drop the test setup/cleans functions and thus run all tests
in parallel.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-05 08:50:15 -04:00
Simon Glass
cfb83f3666 test: Allow vboot tests to run in parallel
Update the tests to use separate working directories, so we can run them
in parallel. It also makes it possible to see the individual output files
after the tests have completed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-05 08:50:15 -04:00
Alexandru Gagniuc
01e1e2a966 test/py: Check hashes produced by mkimage against known values
Target code and mkimage share the same hashing infrastructure. If one
is wrong, it's very likely that both are wrong in the same way. Thus
testing won't catch hash regressions. This already happened in
commit 92055e138f ("image: Drop if/elseif hash selection in
calculate_hash()"). None of the tests caught that CRC32 was broken.

Instead of testing hash_calculate() against itself, create a FIT with
containing a kernel with pre-calculated hashes. Then check the hashes
produced against the known good hashes.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-05 08:50:15 -04:00
Tom Rini
e908d20fcb Merge tag 'v2021.10-rc5' into next
Prepare v2021.10-rc5
2021-09-27 09:45:36 -04:00
T Karthik Reddy
8870daaa25 test/py: tpm2: Skip tpm pytest based on env variable
Tpm test cases relies on tpm device setup. Provide an environment
variable "env__tpm_device_test_skip = True" to skip the test case
if tpm device is not present.
Only needed will have to add variable to the py-test framework.
Test runs successfully even this variable is absent.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-24 12:09:46 -04:00
Simon Glass
2a73606668 serial: Rename SERIAL_SUPPORT to SERIAL
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-04 12:26:01 -04:00
Simon Glass
1c6608bd92 sandbox: tpm: Support extending a PCR multiple times
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.

Add support for this, using U-Boot's sha256 support.

For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Marek Behún
89795ef3b6 test/py: Improve check for mksquashfs version
Some builds of squashfs-tools append version string with "-git" or
similar. The float() conversion will fail in this case.

Improve the code to only convert to float() the string before the '-'
character.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
2021-07-28 20:46:34 -04:00
AKASHI Takahiro
67778ff83a test/py: efi_capsule: align with efidebug syntax changes
After the commit c70f44817d ("efi_loader: simplify 'printenv -e'"),
"-all" option is no longer necessary.
Just remove them in the test script.

Fixes: c70f44817d ("efi_loader: simplify 'printenv -e'")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-24 10:49:51 +02:00
Patrick Delaunay
4c60fd993a cmd: pinmux: update result of do_status
Update the result of do_status and always returns a CMD_RET_ value
(-ENOSYS was a possible result of show_pinmux).

This patch also adds pincontrol name in error messages (dev->name)
and treats correctly the status sub command when pin-controller device is
not selected.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 07:13:25 -04:00
Joao Marcos Costa
9bde9b5e29 test/py: rewrite sqfsls command test suite
Add more details to test cases by comparing each expected line with the
command's output. Add new test cases:
- sqfsls at an empty directory
- sqfsls at a sub-directory

Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
2021-07-05 15:29:12 -04:00
Joao Marcos Costa
208eb2a4dc test/py: rewrite sqfsload command test suite
The previous strategy to know if a file was correctly loaded was to
check for how many bytes were read and compare it against the file's
original size. Since this is not a good solution, replace it by
comparing the checksum of the loaded bytes against the original file's
checksum. Add more test cases: files at a sub-directory and non-existent
file.

Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
2021-07-05 15:29:10 -04:00
Joao Marcos Costa
04c9813e95 test/py: rewrite common tools for SquashFS tests
Remove the previous OOP approach, which was confusing and incomplete.
Add more test cases by making SquashFS images with various options,
concerning file fragmentation and its compression. Add comments to
properly document the code.

Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
2021-07-05 15:28:33 -04:00
Alper Nebi Yasak
99f5303c8b test/py: Wait for guestmount worker to exit after running guestunmount
Some filesystem tests are failing when their image is prepared with
guestmount, but succeeding if loop mounts are used instead. The reason
seems to be a race condition the guestmount(1) manual page explains:

    When guestunmount(1)/fusermount(1) exits, guestmount may still be
    running and cleaning up the mountpoint.  The disk image will not be
    fully finalized.

    This means that scripts like the following have a nasty race condition:

     guestmount -a disk.img -i /mnt
     # copy things into /mnt
     guestunmount /mnt
     # immediately try to use 'disk.img' ** UNSAFE **

    The solution is to use the --pid-file option to write the guestmount
    PID to a file, then after guestunmount spin waiting for this PID to
    exit.

The Python standard library has an os.waitpid() function for waiting a
child to terminate, but it cannot wait on non-child processes. Implement
a utility function that can do this by polling the process repeatedly
for a given duration, optionally killing the process if it won't
terminate on its own. Apply the suggested solution with this utility
function, which makes the failing tests succeed again.

Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-05 15:28:32 -04:00
Alper Nebi Yasak
8f5f5d3a45 test/py: Use loop mounts if guestmount fails in filesystem tests
If guestmount isn't available on the system, filesystem test setup falls
back to using loop mounts to prepare its disk images. If guestmount is
available but fails to work, the tests are immediately skipped. Instead
of giving up on a guestmount failure, try using loop mounts as an
attempt to keep tests running.

Also stop checking if guestmount is in PATH, as trying to run a missing
guestmount can now follow the same failure codepath and fall back to
loop mounts anyway.

Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2021-07-05 15:28:32 -04:00
Andy Shevchenko
b2710faf82 test: Include /sbin to the PATH when creating file system
On some distributions the mkfs is under /sbin and /sbin is not set
for mere users. Include /sbin to the PATH when creating file system,
so that users won't get a scary traceback from Python.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-06-23 08:45:03 -04:00
Alper Nebi Yasak
77bfaad048 test: Fix filesystem tests always being skipped
Commit 1ba21bb06b ("test: Don't unmount not (yet) mounted system")
fixes an issue in the filesystem tests where the test setup may fail
to mount an image and still attempt to unmount it. However, the commit
unintentionally breaks the test setups in two ways.

The newly created unmounted filesystem images are being immediately
deleted due to some cleanup steps being misplaced into finally blocks,
which makes them always run instead of only on failures. The mount calls
always fail since the images never exist, causing the tests to be always
skipped. This patch moves these cleanup calls into the except blocks to
fix this and makes the tests run again.

There are also unmount calls misplaced into finally blocks, making them
run after the tests instead of before the tests. These unmount calls
make the filesystem image file consistent with the changes made to it as
part of the test setup, and this misplacement is making a number of
tests fail unexpectedly.

The unmount calls must be run before the tests use the image, meaning
before the yield call and not in the finally block. They must also be
run as a cleanup step when the filesystem setup fails, so they can't be
placed as the final call in the try blocks since they would be skipped
on such failures. For these reasons, this patch places the unmount calls
both in the except blocks and the else blocks of the final setup step.
This makes the unexpectedly failing tests to succeed again.

Furthermore, this isolates the mount calls to their own try-except
statement to avoid reintroducing the original issue of unmounting a
not-mounted image while fixing the unmount misplacement.

After these fixes, running "make tests" with guestmount available results
in two test failures not related to the mentioned commit. If the
guestmount executables are unavailable, the mounts fallback to using
sudo and result in no failures.

Fixes: 1ba21bb06b ("test: Don't unmount not (yet) mounted system")
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-05-26 17:26:07 -04:00
Marek Behún
6f243e25e6 test/py: improve regular expression for ut subtest symbol matcher
Improve the regular expression that matches unittest symbols in
u-boot.sym.

Currently we do not enforce no prefix in symbol string, but with the
soon to come change in linker lists declaring lists and entries with the
__ADDRESSABLE macro (because of LTO), the symbol file will contain for
every symbol of the form
  _u_boot_list_2_ut_X_2_Y
also symbol
  __UNIQUE_ID___addressable__u_boot_list_2_ut_X_2_YN,
(where N at the end is some number).

In order to avoid matching these additional symbols, ensure that the
character before "_u_boot_list_2_ut" is not a symbol name character.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-24 14:21:30 -04:00
Kory Maincent
95300f203f pytest: add sandbox test for "extension" command
This commit extends the sandbox to implement a dummy
extension_board_scan() function and enables the extension command in
the sandbox configuration. It then adds a test that checks the proper
functionality of the extension command by applying two Device Tree
overlays to the sandbox Device Tree.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[trini: Limit to running on sandbox]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-05-13 13:09:09 -04:00
Tom Rini
5f0d23cf3c tests: patman: Add requests to the module list
The patman tests require the requests module, add it.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-29 03:23:39 -07:00
Tom Rini
e1333435af test/py: Bump py to 1.10.0 for CVE-2020-29651
Bump our py version to 1.10.0 to address CVE-2020-29651.

Reported-by: GitHub dependabot
Reported-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-24 13:31:36 -04:00
Ilias Apalodimas
ce62b0f8f4 test/py: Fix efidebug related tests
commit cbea241e935e("efidebug: add multiple device path instances on Boot####")
slightly tweaked the efidebug syntax adding -b, -i and -s for the boot
image, initrd and optional data.
The pytests using this command were adapted as well. However I completely
missed the last "" argument, which at the time indicated the optional data
and needed conversion as well.  This patch is adding the missing -s flag
and the tests are back to normal.

Fixes: cbea241e935e("efidebug: add multiple device path instances on Boot####")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Joel Peshkin
4e9bce1243 Add support for stack-protector
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector

Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>

Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-20 07:31:12 -04:00
Alexandru Gagniuc
78015263b9 test/py: ecdsa: Use mkimage keyfile instead of keydir argument
Originally, the ECDSA code path used 'keydir' as the key filename.
mkimage has since been updated to include a new 'keyfile' argument.
Use the new argument for passing in the key.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f91de329ab test/py: ecdsa: Add test for mkimage ECDSA signing
Add a test to make sure that the ECDSA signatures generated by
mkimage can be verified successfully. pyCryptodomex was chosen as the
crypto library because it integrates much better with python code.
Using openssl would have been unnecessarily painful.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
a4515f0ff7 test/py: Add pycryptodomex to list of required pakages
We wish to use pycryptodomex to verify code paths involving ECDSA
signatures. Add it to requirements.txt so that they get picked up
automatically .gitlab and .azure tasks

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:22:59 -04:00
Asherah Connor
69512551aa test: qemu: add qfw sandbox driver, dm tests, qemu tests
A sandbox driver and test are added for the qfw uclass, and a test in
QEMU added for qfw functionality to confirm it doesn't break in real
world use.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:45:39 -04:00
Tom Rini
978a4daba1 pytest: Lower pygit2 requirement
The latest versions of pygit2 are not available in practically any
distribution at this time.  Furthermore, we don't need the latest in
order to run all of our testsuites.  Reduce this version requirement to
something older that meets our needs while still supporting running our
tests on older hosts (and so, test labs).

Reported-by: Tom Warren <twarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-07 11:13:54 -04:00
Tom Rini
90eba245a6 Merge branch 'next' 2021-04-05 11:29:57 -04:00
Andy Shevchenko
1ba21bb06b test: Don't unmount not (yet) mounted system
When test suite tries to create a file for a new filesystem test case and fails,
the clean up of the exception tries to unmount the image, that has not yet been
mounted. When it happens, the fuse_mounted global variable is set to False and
inconveniently the test case tries to use sudo, so without this change the
admin of the machine gets an (annoying) email:

  Subject: *** SECURITY information for example.com ***

  example.com : Feb  5 19:43:47 : ... COMMAND=/bin/umount .../build-sandbox/persistent-data/mnt

and second run of the test cases on uncleaned build folder will ask for sudo
which is not what expected.

Besides that there is a double unmount calls during successfully run test case.

All of these due to over engineered Python try-except clause and people didn't
get it properly at all. The rule of thumb is that don't use more keywords than
try-except in the exception handling code. Nevertheless, here we adjust code
to be less intrusive to the initial logic behind that complex and unclear
constructions in the test case, although it adds a lot of lines of the code,
i.e. splits one exception handler to three, so on each step we know what
cleanup shall perform.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-31 07:50:17 -04:00
Tom Rini
1057b1be75 Merge tag 'v2021.04-rc5' into next
Prepare v2021.04-rc5
2021-03-29 18:00:21 -04:00
Jose Marinho
de489d82e3 test: test the ESRT creation
This commit slightly extends test_efi_capsule_fw3.

 In order to run the test the following must be added to
 sandbox_defconfig:
  +CONFIG_CMD_SF=y
  +CONFIG_CMD_MEMORY=y
  +CONFIG_CMD_FAT=y
  +CONFIG_DFU=y

 The ESRT is printed in the u-boot shell by calling efidebug esrt.
 The test ensures that, after the capsule is installed, the  ESRT
 contains entries with the GUIDs:
  - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID;
  - EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;

test invocation:
 sudo ./test/py/test.py --bd sandbox -k capsule_fw3 -l --build

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:19:42 +01:00
Ilias Apalodimas
cbea241e93 efidebug: add multiple device path instances on Boot####
The UEFI spec allows a packed array of UEFI device paths in the
FilePathList[] of an EFI_LOAD_OPTION. The first file path must
describe the loaded image but the rest are OS specific.

Previous patches parse the device path and try to use the second
member of the array as an initrd. So let's modify efidebug slightly
and install the second file described in the command line as the
initrd device path.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:14:26 +01:00
Andy Shevchenko
9262fe1559 test: Include /sbin to the PATH when creating ext4 disk image
On some distributions the mkfs.ext4 is under /sbin and /sbin is not set
for mere users. Include /sbin to the PATH when creating ext4 disk image,
so that users won't get a scary traceback from Python.

Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-17 12:50:19 -04:00
Tom Rini
22fc991daf Merge tag 'v2021.04-rc4' into next
Prepare v2021.04-rc4
2021-03-15 12:15:38 -04:00
Igor Opaniuk
7f047b4f5b test: py: add initial coverage for scp03 cmd
Add initial test coverage for SCP03 command.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-14 11:50:16 -04:00
Simon Glass
2a2814d5f2 test: Rename all linker lists to have a ut_ prefix
At present each test suite has its own portion of the linker_list section
of the image, but other lists are interspersed. This makes it hard to
enumerate all the available tests without knowing the suites that each one
is in.

Place all tests together in a single contiguous list by giving them
common prefix not used elsewhere in U-Boot. This makes it possible to find
the start and end of all tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:30 -05:00
Simon Glass
a353e76da9 test: Re-enable test_ofplatdata
This was inadvertently disabled after a recent change. Re-enable it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:29 -05:00
Simon Glass
bef1b28335 sandbox: Drop the 'starting...' message
This message is annoying since it is only useful for testing. Drop it and
update the test to cope.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:29 -05:00
Heinrich Schuchardt
7d3eff3412 efi_loader: correct uboot_bin_env.its file format
Up to now the EFI capsule Python tests were always skipped. The reason is
that mkimage fails with:

uboot_bin_env.its:13.21-23.5: Warning (unit_address_vs_reg):
/images/u-boot-bin@100000: node has a unit name, but no reg property
uboot_bin_env.its:24.21-34.5: Warning (unit_address_vs_reg):
/images/u-boot-env@150000: node has a unit name, but no reg property

If a unit in a device-tree has an address, a reg property must be provided.
But adding a reg property is not the solution here.

Since 2017 unit addresses are disallowed for FIT,
cf. common/image-fit.c:1624.

So remove the unit addresses in uboot_bin_env.its.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:26 +01:00
Igor Opaniuk
f4a60b0363 test: py: add pygit2 and pyelftools to requirements.txt
Add pygit2 and pyelftools to the list of packages for virtualenv
needed to run all sets of pytests.This fixes warnings like:

binman.elf_test.TestElf.testDecodeElf (subunit.RemotedTestCase):
Python elftools not available

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-16 11:48:20 -05:00
Simon Glass
3f04db891a image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:54 -05:00
Simon Glass
124c255731 libfdt: Check for multiple/invalid root nodes
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
d5f3aadacb test: Add tests for the 'evil' vboot attacks
Add tests to check that these two attacks are mitigated by recent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:33 -05:00
Simon Glass
fafafacb47 test: Add vboot_evil implementation
Add a library which performs two different attacks on a FIT.

Signed-off-by: Julien Lenoir <julien.lenoir@intel.com>
Signed-off-by: Bruce Monroe <bruce.monroe@intel.com>
Signed-off-by: Arie Haenel <arie.haenel@intel.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-02-15 19:17:29 -05:00
Simon Glass
79af75f777 fit: Don't allow verification of images with @ nodes
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:25 -05:00
Stephen Warren
372497572b test/py: fix runtest wrapper for pytest 6
The implementation of pytest_runtest_protocol() must call
pytest_runtest_logstart() and pytest_runtest_logfinish(). This appears to
be necessary even in pytest 5.2.1 judging by the default version of
pytest_runtest_protocol(), but evidently some form of code reorganization
in pytest only made this have a practical effect in the newer version. I'd
previously been under the impression that 100% of the required work of
pytest_runtest_protocol() was handled by the fact it called
runtestprotocol() as its implementation. However, it appears that custom
implementations do need to do a little more than this.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Stephen Warren <swarren@wwwdotorg.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-01 16:33:02 -05:00