test/py: Add test case for mkimage -o argument

Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]

diff --git a/scripts/pylint.base b/scripts/pylint.base
index 7e25108..e84ae52 100644 (file)
--- a/scripts/pylint.base
+++ b/scripts/pylint.base
@@ -66,7 +66,7 @@ test_tests_test_tpm2.py 8.51
 test_tests_test_ums.py 6.32
 test_tests_test_unknown_cmd.py 5.00
 test_tests_test_ut.py 7.06
-test_tests_test_vboot.py 6.08
+test_tests_test_vboot.py 6.01
 test_tests_vboot_evil.py 8.95
 test_tests_vboot_forge.py 9.22
 test_u_boot_console_base.py 7.08

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index b080d48..ac8ed9f 100644 (file)
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -35,18 +35,19 @@ import vboot_evil
 # Only run the full suite on a few combinations, since it doesn't add any more
 # test coverage.
 TESTDATA = [
-    ['sha1-basic', 'sha1', '', None, False, True],
-    ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False],
-    ['sha1-pss', 'sha1', '-pss', None, False, False],
-    ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False],
-    ['sha256-basic', 'sha256', '', None, False, False],
-    ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False],
-    ['sha256-pss', 'sha256', '-pss', None, False, False],
-    ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False],
-    ['sha256-pss-required', 'sha256', '-pss', None, True, False],
-    ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True],
-    ['sha384-basic', 'sha384', '', None, False, False],
-    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False],
+    ['sha1-basic', 'sha1', '', None, False, True, False],
+    ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False],
+    ['sha1-pss', 'sha1', '-pss', None, False, False, False],
+    ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False],
+    ['sha256-basic', 'sha256', '', None, False, False, False],
+    ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False],
+    ['sha256-pss', 'sha256', '-pss', None, False, False, False],
+    ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False],
+    ['sha256-pss-required', 'sha256', '-pss', None, True, False, False],
+    ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False],
+    ['sha384-basic', 'sha384', '', None, False, False, False],
+    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False],
+    ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True],
 ]
 
 @pytest.mark.boardspec('sandbox')
@@ -55,10 +56,10 @@ TESTDATA = [
 @pytest.mark.requiredtool('fdtget')
 @pytest.mark.requiredtool('fdtput')
 @pytest.mark.requiredtool('openssl')
-@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test",
+@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg",
                          TESTDATA)
 def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
-               full_test):
+               full_test, algo_arg):
     """Test verified boot signing with mkimage and verification with 'bootm'.
 
     This works using sandbox only as it needs to update the device tree used
@@ -219,7 +220,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
         # Build the FIT, but don't sign anything yet
         cons.log.action('%s: Test FIT with signed images' % sha_algo)
         make_fit('sign-images-%s%s.its' % (sha_algo, padding))
-        run_bootm(sha_algo, 'unsigned images', 'dev-', True)
+        run_bootm(sha_algo, 'unsigned images', ' - OK' if algo_arg else 'dev-', True)
 
         # Sign images with our dev keys
         sign_fit(sha_algo, sign_options)
@@ -230,7 +231,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
 
         cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
         make_fit('sign-configs-%s%s.its' % (sha_algo, padding))
-        run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
+        run_bootm(sha_algo, 'unsigned config', '%s+ OK' % ('sha256' if algo_arg else sha_algo), True)
 
         # Sign images with our dev keys
         sign_fit(sha_algo, sign_options)

diff --git a/test/py/tests/vboot/sign-configs-algo-arg.its b/test/py/tests/vboot/sign-configs-algo-arg.its
new file mode 100644 (file)
index 0000000..3a5bb6d
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-algo-arg.its
@@ -0,0 +1,44 @@
+/dts-v1/;
+
+/ {
+       description = "Chrome OS kernel image with one or more FDT blobs";
+       #address-cells = <1>;
+
+       images {
+               kernel {
+                       data = /incbin/("test-kernel.bin");
+                       type = "kernel_noload";
+                       arch = "sandbox";
+                       os = "linux";
+                       compression = "none";
+                       load = <0x4>;
+                       entry = <0x8>;
+                       kernel-version = <1>;
+                       hash-1 {
+                               algo = "sha256";
+                       };
+               };
+               fdt-1 {
+                       description = "snow";
+                       data = /incbin/("sandbox-kernel.dtb");
+                       type = "flat_dt";
+                       arch = "sandbox";
+                       compression = "none";
+                       fdt-version = <1>;
+                       hash-1 {
+                               algo = "sha256";
+                       };
+               };
+       };
+       configurations {
+               default = "conf-1";
+               conf-1 {
+                       kernel = "kernel";
+                       fdt = "fdt-1";
+                       signature {
+                               key-name-hint = "dev";
+                               sign-images = "fdt", "kernel";
+                       };
+               };
+       };
+};

diff --git a/test/py/tests/vboot/sign-images-algo-arg.its b/test/py/tests/vboot/sign-images-algo-arg.its
new file mode 100644 (file)
index 0000000..9144c8b
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-algo-arg.its
@@ -0,0 +1,40 @@
+/dts-v1/;
+
+/ {
+       description = "Chrome OS kernel image with one or more FDT blobs";
+       #address-cells = <1>;
+
+       images {
+               kernel {
+                       data = /incbin/("test-kernel.bin");
+                       type = "kernel_noload";
+                       arch = "sandbox";
+                       os = "linux";
+                       compression = "none";
+                       load = <0x4>;
+                       entry = <0x8>;
+                       kernel-version = <1>;
+                       signature {
+                               key-name-hint = "dev";
+                       };
+               };
+               fdt-1 {
+                       description = "snow";
+                       data = /incbin/("sandbox-kernel.dtb");
+                       type = "flat_dt";
+                       arch = "sandbox";
+                       compression = "none";
+                       fdt-version = <1>;
+                       signature {
+                               key-name-hint = "dev";
+                       };
+               };
+       };
+       configurations {
+               default = "conf-1";
+               conf-1 {
+                       kernel = "kernel";
+                       fdt = "fdt-1";
+               };
+       };
+};