diff mbox series

[03/14] oe-selftest: fitimage drop test-mkimage-wrapper

Message ID 20240704071013.2982700-4-adrian.freihofer@gmail.com
State New
Headers show
Series Use the kernel from sstate when building fitImages | expand

Commit Message

Adrian Freihofer July 4, 2024, 7:09 a.m. UTC 
From: Adrian Freihofer <adrian.freihofer@siemens.com>

Rather than writing hints into log files and verify the hints can be
found, the tests should verify that the artifacts in the deploy folder
are correctly signed. This is a much better test.
u-boot-tools provide a utility fit_check_sign which can verify the
signatures in fit images. Lets use it.

grepping in temp/run. or temp/log. files also does not work if the tasks
runs from sstate and the corresponding run file is not even generated.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 .../classes/test-mkimage-wrapper.bbclass      |  19 ---
 meta/lib/oeqa/selftest/cases/fitimage.py      | 118 ++++++++++++------
 2 files changed, 77 insertions(+), 60 deletions(-)
 delete mode 100644 meta-selftest/classes/test-mkimage-wrapper.bbclass
diff mbox series

Patch

diff --git a/meta-selftest/classes/test-mkimage-wrapper.bbclass b/meta-selftest/classes/test-mkimage-wrapper.bbclass
deleted file mode 100644
index 7c98d7b71e4..00000000000
--- a/meta-selftest/classes/test-mkimage-wrapper.bbclass
+++ /dev/null
@@ -1,19 +0,0 @@ 
-# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
-# (in conjunction with kernel-fitimage.bbclass)
-#
-# SPDX-License-Identifier: MIT
-#
-
-UBOOT_MKIMAGE = "test_mkimage_wrapper"
-UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
-
-test_mkimage_wrapper() {
-    echo "### uboot-mkimage wrapper message"
-    uboot-mkimage "$@"
-}
-
-test_mkimage_signing_wrapper() {
-    echo "### uboot-mkimage signing wrapper message"
-    uboot-mkimage "$@"
-}
-
diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py
index 15baf3b2392..4891ac8010b 100644
--- a/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -16,6 +16,46 @@  class FitImageTests(OESelftestTestCase):
         bitbake("u-boot-tools-native -c addto_recipe_sysroot")
         return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
 
+    def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
+        """Verify the signature of a fit contfiguration
+
+        The fit_check_sign utility from u-boot-tools-native is called.
+        uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
+        """
+        fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
+        cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
+        if conf_name:
+            cmd += ' -c %s' % conf_name
+        result = runCmd(cmd)
+        self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
+        self.assertIn("Signature check OK", result.output)
+
+    @staticmethod
+    def _find_string_in_bin_file(file_path, search_string):
+        """find stings in a binary file
+
+        Shell equivalent: strings "$1" | grep "$2" | wc -l
+        return number of matches
+        """
+        found_positions = 0
+        with open(file_path, 'rb') as file:
+            byte = file.read(1)
+            current_position = 0
+            current_match = 0
+            while byte:
+                char = byte.decode('ascii', errors='ignore')
+                if char == search_string[current_match]:
+                    current_match += 1
+                    if current_match == len(search_string):
+                        found_positions += 1
+                        current_match = 0
+                else:
+                    current_match = 0
+                current_position += 1
+                byte = file.read(1)
+        return found_positions
+
+
     def test_fit_image(self):
         """
         Summary:     Check if FIT image and Image Tree Source (its) are built
@@ -113,19 +153,21 @@  FIT_DESC = "A model description"
         Author:      Paul Eggleton <paul.eggleton@microsoft.com> based upon
                      work by Usama Arif <usama.arif@arm.com>
         """
+        a_comment = "a smart comment"
         config = """
 # Enable creation of fitImage
 MACHINE = "beaglebone-yocto"
 KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper "
+KERNEL_CLASSES = " kernel-fitimage "
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
 UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
 UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
 FIT_SIGN_INDIVIDUAL = "1"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
-"""
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
+""" % a_comment
+
         self.write_config(config)
 
         # fitImage is created as part of linux recipe
@@ -227,17 +269,15 @@  UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
             value = values.get('Sign value', None)
             self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
 
-        # Check for UBOOT_MKIMAGE_SIGN_ARGS
-        result = runCmd('bitbake -e virtual/kernel | grep ^T=')
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
-        result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
+        # Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
+        # Looks like mkimage supports to add a comment but does not support to read it back.
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+        self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
 
-        # Check for evidence of test-mkimage-wrapper class
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
+        # Verify the signature for all configurations = DTBs
+        for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
+            self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+                                             os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
 
     def test_uboot_fit_image(self):
         """
@@ -354,7 +394,6 @@  UBOOT_ENTRYPOINT = "0x80080000"
 UBOOT_FIT_DESC = "A model description"
 KERNEL_IMAGETYPES += " fitImage "
 KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -428,6 +467,7 @@  UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
                      work by Paul Eggleton <paul.eggleton@microsoft.com> and
                      Usama Arif <usama.arif@arm.com>
         """
+        a_comment = "a smart U-Boot comment"
         config = """
 # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
 # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -437,7 +477,6 @@  SPL_BINARY = "MLO"
 # The kernel-fitimage class is a dependency even if we're only
 # creating/signing the U-Boot fitImage
 KERNEL_CLASSES = " kernel-fitimage"
-INHERIT += "test-mkimage-wrapper"
 # Enable creation and signing of the U-Boot fitImage
 UBOOT_FITIMAGE_ENABLE = "1"
 SPL_SIGN_ENABLE = "1"
@@ -449,17 +488,17 @@  UBOOT_LOADADDRESS = "0x80000000"
 UBOOT_DTB_LOADADDRESS = "0x82000000"
 UBOOT_ARCH = "arm"
 SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
+SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
 UBOOT_EXTLINUX = "0"
 UBOOT_FIT_GENERATE_KEYS = "1"
 UBOOT_FIT_HASH_ALG = "sha256"
-"""
+""" % a_comment
+
         self.write_config(config)
 
         # The U-Boot fitImage is created as part of the U-Boot recipe
         bitbake("virtual/bootloader")
 
-        image_type = "core-image-minimal"
         deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
         machine = get_bb_var('MACHINE')
         fitimage_its_path = os.path.join(deploy_dir_image,
@@ -543,16 +582,14 @@  UBOOT_FIT_HASH_ALG = "sha256"
             self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
 
         # Check for SPL_MKIMAGE_SIGN_ARGS
-        result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
-        result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
+        # Looks like mkimage supports to add a comment but does not support to read it back.
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+        self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
+
+        # Verify the signature
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+                                         os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
 
-        # Check for evidence of test-mkimage-wrapper class
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
 
     def test_sign_cascaded_uboot_fit_image(self):
         """
@@ -574,6 +611,7 @@  UBOOT_FIT_HASH_ALG = "sha256"
                      work by Paul Eggleton <paul.eggleton@microsoft.com> and
                      Usama Arif <usama.arif@arm.com>
         """
+        a_comment = "a smart cascaded U-Boot comment"
         config = """
 # There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
 # least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -589,7 +627,7 @@  UBOOT_DTB_BINARY = "u-boot.dtb"
 UBOOT_ENTRYPOINT  = "0x80000000"
 UBOOT_LOADADDRESS = "0x80000000"
 UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
 UBOOT_DTB_LOADADDRESS = "0x82000000"
 UBOOT_ARCH = "arm"
 SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@@ -599,20 +637,18 @@  UBOOT_FIT_GENERATE_KEYS = "1"
 UBOOT_FIT_HASH_ALG = "sha256"
 KERNEL_IMAGETYPES += " fitImage "
 KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
 UBOOT_SIGN_ENABLE = "1"
 FIT_GENERATE_KEYS = "1"
 UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
 UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
 UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
 FIT_SIGN_INDIVIDUAL = "1"
-"""
+""" % a_comment
         self.write_config(config)
 
         # The U-Boot fitImage is created as part of the U-Boot recipe
         bitbake("virtual/bootloader")
 
-        image_type = "core-image-minimal"
         deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
         machine = get_bb_var('MACHINE')
         fitimage_its_path = os.path.join(deploy_dir_image,
@@ -696,17 +732,13 @@  FIT_SIGN_INDIVIDUAL = "1"
             self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
 
         # Check for SPL_MKIMAGE_SIGN_ARGS
-        result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
-        tempdir = result.output.split('=', 1)[1].strip().strip('')
-        result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
-
-        # Check for evidence of test-mkimage-wrapper class
-        result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
-        result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
-        self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
+        # Looks like mkimage supports to add a comment but does not support to read it back.
+        found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+        self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
 
+        # Verify the signature
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+                                         os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
 
 
     def test_initramfs_bundle(self):
@@ -843,3 +875,7 @@  FIT_HASH_ALG = "sha256"
 
             test_passed = True
             self.assertTrue(test_passed == True,"Initramfs bundle test success")
+
+        # Verify the signature
+        uboot_tools_sysroot_native = self._setup_uboot_tools_native()
+        self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))