deleted file mode 100644
@@ -1,19 +0,0 @@
-# Class to test UBOOT_MKIMAGE and UBOOT_MKIMAGE_SIGN
-# (in conjunction with kernel-fitimage.bbclass)
-#
-# SPDX-License-Identifier: MIT
-#
-
-UBOOT_MKIMAGE = "test_mkimage_wrapper"
-UBOOT_MKIMAGE_SIGN = "test_mkimage_signing_wrapper"
-
-test_mkimage_wrapper() {
- echo "### uboot-mkimage wrapper message"
- uboot-mkimage "$@"
-}
-
-test_mkimage_signing_wrapper() {
- echo "### uboot-mkimage signing wrapper message"
- uboot-mkimage "$@"
-}
-
@@ -16,6 +16,46 @@ class FitImageTests(OESelftestTestCase):
bitbake("u-boot-tools-native -c addto_recipe_sysroot")
return get_bb_var('RECIPE_SYSROOT_NATIVE', 'u-boot-tools-native')
+ def _verify_fit_image_signature(self, uboot_tools_sysroot_native, fitimage_path, dtb_path, conf_name=None):
+ """Verify the signature of a fit contfiguration
+
+ The fit_check_sign utility from u-boot-tools-native is called.
+ uboot-fit_check_sign -f fitImage -k $dtb_name -c conf-$dtb_name
+ """
+ fit_check_sign_path = os.path.join(uboot_tools_sysroot_native, 'usr', 'bin', 'uboot-fit_check_sign')
+ cmd = '%s -f %s -k %s' % (fit_check_sign_path, fitimage_path, dtb_path)
+ if conf_name:
+ cmd += ' -c %s' % conf_name
+ result = runCmd(cmd)
+ self.logger.debug("%s\nreturned: %s\n%s", cmd, str(result.status), result.output)
+ self.assertIn("Signature check OK", result.output)
+
+ @staticmethod
+ def _find_string_in_bin_file(file_path, search_string):
+ """find stings in a binary file
+
+ Shell equivalent: strings "$1" | grep "$2" | wc -l
+ return number of matches
+ """
+ found_positions = 0
+ with open(file_path, 'rb') as file:
+ byte = file.read(1)
+ current_position = 0
+ current_match = 0
+ while byte:
+ char = byte.decode('ascii', errors='ignore')
+ if char == search_string[current_match]:
+ current_match += 1
+ if current_match == len(search_string):
+ found_positions += 1
+ current_match = 0
+ else:
+ current_match = 0
+ current_position += 1
+ byte = file.read(1)
+ return found_positions
+
+
def test_fit_image(self):
"""
Summary: Check if FIT image and Image Tree Source (its) are built
@@ -113,19 +153,21 @@ FIT_DESC = "A model description"
Author: Paul Eggleton <paul.eggleton@microsoft.com> based upon
work by Usama Arif <usama.arif@arm.com>
"""
+ a_comment = "a smart comment"
config = """
# Enable creation of fitImage
MACHINE = "beaglebone-yocto"
KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage test-mkimage-wrapper "
+KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
-"""
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
+""" % a_comment
+
self.write_config(config)
# fitImage is created as part of linux recipe
@@ -227,17 +269,15 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'"
value = values.get('Sign value', None)
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
- # Check for UBOOT_MKIMAGE_SIGN_ARGS
- result = runCmd('bitbake -e virtual/kernel | grep ^T=')
- tempdir = result.output.split('=', 1)[1].strip().strip('')
- result = runCmd('grep "a smart comment" %s/run.do_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN_ARGS value did not get used')
+ # Search for the string passed to mkimage: 1 kernel + 3 DTBs + config per DTB = 7 sections
+ # Looks like mkimage supports to add a comment but does not support to read it back.
+ found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+ self.assertEqual(found_comments, 7, "Expected 7 signed and commented section in the fitImage.")
- # Check for evidence of test-mkimage-wrapper class
- result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
- result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
+ # Verify the signature for all configurations = DTBs
+ for dtb in ['am335x-bone.dtb', 'am335x-boneblack.dtb', 'am335x-bonegreen.dtb']:
+ self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+ os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], dtb), 'conf-' + dtb)
def test_uboot_fit_image(self):
"""
@@ -354,7 +394,6 @@ UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
@@ -428,6 +467,7 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com>
"""
+ a_comment = "a smart U-Boot comment"
config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -437,7 +477,6 @@ SPL_BINARY = "MLO"
# The kernel-fitimage class is a dependency even if we're only
# creating/signing the U-Boot fitImage
KERNEL_CLASSES = " kernel-fitimage"
-INHERIT += "test-mkimage-wrapper"
# Enable creation and signing of the U-Boot fitImage
UBOOT_FITIMAGE_ENABLE = "1"
SPL_SIGN_ENABLE = "1"
@@ -449,17 +488,17 @@ UBOOT_LOADADDRESS = "0x80000000"
UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-SPL_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
+SPL_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_EXTLINUX = "0"
UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256"
-"""
+""" % a_comment
+
self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader")
- image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image,
@@ -543,16 +582,14 @@ UBOOT_FIT_HASH_ALG = "sha256"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS
- result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
- tempdir = result.output.split('=', 1)[1].strip().strip('')
- result = runCmd('grep "a smart U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
+ # Looks like mkimage supports to add a comment but does not support to read it back.
+ found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+ self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
+
+ # Verify the signature
+ self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+ os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
- # Check for evidence of test-mkimage-wrapper class
- result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
- result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
def test_sign_cascaded_uboot_fit_image(self):
"""
@@ -574,6 +611,7 @@ UBOOT_FIT_HASH_ALG = "sha256"
work by Paul Eggleton <paul.eggleton@microsoft.com> and
Usama Arif <usama.arif@arm.com>
"""
+ a_comment = "a smart cascaded U-Boot comment"
config = """
# There's no U-boot deconfig with CONFIG_FIT_SIGNATURE yet, so we need at
# least CONFIG_SPL_LOAD_FIT and CONFIG_SPL_OF_CONTROL set
@@ -589,7 +627,7 @@ UBOOT_DTB_BINARY = "u-boot.dtb"
UBOOT_ENTRYPOINT = "0x80000000"
UBOOT_LOADADDRESS = "0x80000000"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
-UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart cascaded Kernel comment'"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c '%s'"
UBOOT_DTB_LOADADDRESS = "0x82000000"
UBOOT_ARCH = "arm"
SPL_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
@@ -599,20 +637,18 @@ UBOOT_FIT_GENERATE_KEYS = "1"
UBOOT_FIT_HASH_ALG = "sha256"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage "
-INHERIT += "test-mkimage-wrapper"
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
-"""
+""" % a_comment
self.write_config(config)
# The U-Boot fitImage is created as part of the U-Boot recipe
bitbake("virtual/bootloader")
- image_type = "core-image-minimal"
deploy_dir_image = get_bb_var('DEPLOY_DIR_IMAGE')
machine = get_bb_var('MACHINE')
fitimage_its_path = os.path.join(deploy_dir_image,
@@ -696,17 +732,13 @@ FIT_SIGN_INDIVIDUAL = "1"
self.assertEqual(len(value), 512, 'Signature value for section %s not expected length' % signed_section)
# Check for SPL_MKIMAGE_SIGN_ARGS
- result = runCmd('bitbake -e virtual/bootloader | grep ^T=')
- tempdir = result.output.split('=', 1)[1].strip().strip('')
- result = runCmd('grep "a smart cascaded U-Boot comment" %s/run.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'SPL_MKIMAGE_SIGN_ARGS value did not get used')
-
- # Check for evidence of test-mkimage-wrapper class
- result = runCmd('grep "### uboot-mkimage wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE did not work')
- result = runCmd('grep "### uboot-mkimage signing wrapper message" %s/log.do_uboot_assemble_fitimage' % tempdir, ignore_status=True)
- self.assertEqual(result.status, 0, 'UBOOT_MKIMAGE_SIGN did not work')
+ # Looks like mkimage supports to add a comment but does not support to read it back.
+ found_comments = FitImageTests._find_string_in_bin_file(fitimage_path, a_comment)
+ self.assertEqual(found_comments, 2, "Expected 2 signed and commented section in the fitImage.")
+ # Verify the signature
+ self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path,
+ os.path.join(deploy_dir_image, 'u-boot-spl.dtb'))
def test_initramfs_bundle(self):
@@ -843,3 +875,7 @@ FIT_HASH_ALG = "sha256"
test_passed = True
self.assertTrue(test_passed == True,"Initramfs bundle test success")
+
+ # Verify the signature
+ uboot_tools_sysroot_native = self._setup_uboot_tools_native()
+ self._verify_fit_image_signature(uboot_tools_sysroot_native, fitimage_path, os.path.join(deploy_dir_image, 'am335x-bone.dtb'))