Hi Takahiro, On Sun, 7 Nov 2021 at 21:15, AKASHI Takahiro <takahiro.aka...@linaro.org> wrote: > > On Fri, Nov 05, 2021 at 10:12:20AM -0600, Simon Glass wrote: > > Hi Takahiro, > > > > On Thu, 4 Nov 2021 at 21:24, AKASHI Takahiro <takahiro.aka...@linaro.org> > > wrote: > > > > > > On Thu, Nov 04, 2021 at 08:02:37PM -0600, Simon Glass wrote: > > > > Hi Takahiro, > > > > > > > > On Thu, 4 Nov 2021 at 19:21, AKASHI Takahiro > > > > <takahiro.aka...@linaro.org> wrote: > > > > > > > > > > On Wed, Nov 03, 2021 at 08:49:04PM -0600, Simon Glass wrote: > > > > > > Hi Takahiro, > > > > > > > > > > > > On Wed, 3 Nov 2021 at 20:04, AKASHI Takahiro > > > > > > <takahiro.aka...@linaro.org> wrote: > > > > > > > > > > > > > > On Tue, Nov 02, 2021 at 08:58:15AM -0600, Simon Glass wrote: > > > > > > > > Hi Takahiro, > > > > > > > > > > > > > > > > On Thu, 28 Oct 2021 at 23:25, AKASHI Takahiro > > > > > > > > <takahiro.aka...@linaro.org> wrote: > > > > > > > > > > > > > > > > > > On Thu, Oct 28, 2021 at 09:17:49PM -0600, Simon Glass wrote: > > > > > > > > > > Hi Takahiro, > > > > > > > > > > > > > > > > > > > > On Thu, 28 Oct 2021 at 00:25, AKASHI Takahiro > > > > > > > > > > <takahiro.aka...@linaro.org> wrote: > > > > > > > > > > > > > > > > > > > > > > Add a couple of test cases against capsule image > > > > > > > > > > > authentication > > > > > > > > > > > for capsule-on-disk, where only a signed capsule file > > > > > > > > > > > with the verified > > > > > > > > > > > signature will be applied to the system. > > > > > > > > > > > > > > > > > > > > > > Due to the difficulty of embedding a public key (esl > > > > > > > > > > > file) in U-Boot > > > > > > > > > > > binary during pytest setup time, all the > > > > > > > > > > > keys/certificates are pre-created. > > > > > > > > > > > > > > > > > > > > > > Signed-off-by: AKASHI Takahiro > > > > > > > > > > > <takahiro.aka...@linaro.org> > > > > > > > > > > > --- > > > > > > > > > > > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > > > > > > > > > > > test/py/tests/test_efi_capsule/conftest.py | 35 ++- > > > > > > > > > > > test/py/tests/test_efi_capsule/signature.dts | 10 + > > > > > > > > > > > .../test_capsule_firmware_signed.py | 233 > > > > > > > > > > > ++++++++++++++++++ > > > > > > > > > > > 4 files changed, 280 insertions(+), 3 deletions(-) > > > > > > > > > > > create mode 100644 > > > > > > > > > > > test/py/tests/test_efi_capsule/signature.dts > > > > > > > > > > > create mode 100644 > > > > > > > > > > > test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > > > > > > > > > > > > > > > > > > > > > diff --git > > > > > > > > > > > a/test/py/tests/test_efi_capsule/capsule_defs.py > > > > > > > > > > > b/test/py/tests/test_efi_capsule/capsule_defs.py > > > > > > > > > > > index 4fd6353c2040..aa9bf5eee3aa 100644 > > > > > > > > > > > --- a/test/py/tests/test_efi_capsule/capsule_defs.py > > > > > > > > > > > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py > > > > > > > > > > > @@ -3,3 +3,8 @@ > > > > > > > > > > > # Directories > > > > > > > > > > > CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' > > > > > > > > > > > CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule' > > > > > > > > > > > + > > > > > > > > > > > +# v1.5.1 or earlier of efitools has a bug in sha256 > > > > > > > > > > > calculation, and > > > > > > > > > > > +# you need build a newer version on your own. > > > > > > > > > > > +# The path must terminate with '/'. > > > > > > > > > > > +EFITOOLS_PATH = '' > > > > > > > > > > > diff --git a/test/py/tests/test_efi_capsule/conftest.py > > > > > > > > > > > b/test/py/tests/test_efi_capsule/conftest.py > > > > > > > > > > > index 6ad5608cd71c..b0e84dec4931 100644 > > > > > > > > > > > --- a/test/py/tests/test_efi_capsule/conftest.py > > > > > > > > > > > +++ b/test/py/tests/test_efi_capsule/conftest.py > > > > > > > > > > > @@ -10,13 +10,13 @@ import pytest > > > > > > > > > > > from capsule_defs import * > > > > > > > > > > > > > > > > > > > > > > # > > > > > > > > > > > -# Fixture for UEFI secure boot test > > > > > > > > > > > +# Fixture for UEFI capsule test > > > > > > > > > > > # > > > > > > > > > > > > > > > > > > > > > > - > > > > > > > > > > > @pytest.fixture(scope='session') > > > > > > > > > > > def efi_capsule_data(request, u_boot_config): > > > > > > > > > > > - """Set up a file system to be used in UEFI capsule > > > > > > > > > > > test. > > > > > > > > > > > + """Set up a file system to be used in UEFI capsule > > > > > > > > > > > and > > > > > > > > > > > + authentication test. > > > > > > > > > > > > > > > > > > > > > > Args: > > > > > > > > > > > request: Pytest request object. > > > > > > > > > > > @@ -40,6 +40,26 @@ def efi_capsule_data(request, > > > > > > > > > > > u_boot_config): > > > > > > > > > > > check_call('mkdir -p %s' % data_dir, shell=True) > > > > > > > > > > > check_call('mkdir -p %s' % install_dir, > > > > > > > > > > > shell=True) > > > > > > > > > > > > > > > > > > > > > > + capsule_auth_enabled = > > > > > > > > > > > u_boot_config.buildconfig.get( > > > > > > > > > > > + 'config_efi_capsule_authenticate') > > > > > > > > > > > + if capsule_auth_enabled: > > > > > > > > > > > + # Create private key (SIGNER.key) and > > > > > > > > > > > certificate (SIGNER.crt) > > > > > > > > > > > + check_call('cd %s; openssl req -x509 -sha256 > > > > > > > > > > > -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout > > > > > > > > > > > SIGNER.key -out SIGNER.crt -nodes -days 365' > > > > > > > > > > > + % data_dir, shell=True) > > > > > > > > > > > > > > > > > > > > run_and_log()? > > > > > > > > > > > > > > > > > > I have always used this style of coding in this file as well > > > > > > > > > as > > > > > > > > > other my pytests in test/py/tests (filesystem and secure > > > > > > > > > boot). > > > > > > > > > > > > > > > > > > So, at least in this patch, I don't want to have mixed styles. > > > > > > > > > > > > > > > > I don't mind about the style. > > > > > > > > > > > > > > > > Does the command appear in the test log? > > > > > > > > > > > > > > I don't think so as it is invoked in conftest.py. > > > > > > > If the command fails, the tests will skip, and if it generates > > > > > > > a improper signature, the tests will fail. > > > > > > > > > > > > Well that is what I am getting at. Can you check? > > > > > > > > > > Yes. > > > > > > > > > > > The test log is supposed to show everything that happened. It does > > > > > > that with other tests > > > > > > > > > > It does? > > > > > (I don't think so.) > > > > > > > > > > > and I worry that using this function to run > > > > > > things will mean that no one will be able to debug your test in CI. > > > > > > > > > > What is missing in general is that confest.py doesn't generate > > > > > line-by-line trace logs if needed. > > > > > It's not my test specific. > > > > > > > > Can you try checking test-log.html ? > > > > > > > > Here is an example with a vboot test. See the lines with 'openssl' and > > > > 'dtc' ? That is what I am talking about. > > > > > > > > Do you see this output with the command you are using? > > > > > > No. In your case, openssl and dtc are called in a test function, > > > while my tool is invoked as part of fixture in confest.py. > > > > > > What I requested is that command executions in fixtures be logged as well. > > > > OK, so it isn't possible to call run_and_log() in fixtures? > > My fixtures are declared with the scope "session", and so we can't > use u_boot_console which has the scope "function". > Any workaround?
I'm really not sure. It sounds like it might be tricky... Reviewed-by: Simon Glass <s...@chromium.org> Regards, Simon