From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1A27EC433EF for ; Mon, 14 Feb 2022 00:43:21 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 58F4382F73; Mon, 14 Feb 2022 01:43:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dSrFP4UR"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0665083025; Mon, 14 Feb 2022 01:43:18 +0100 (CET) Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 279BA80F94 for ; Mon, 14 Feb 2022 01:43:13 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x102d.google.com with SMTP id d9-20020a17090a498900b001b8bb1d00e7so14204472pjh.3 for ; Sun, 13 Feb 2022 16:43:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=nJHlx2xPqKvq6zfphAgaXi/mxipfrxHIRx5E9dRLZzs=; b=dSrFP4UR5Y0eYVmFoLBOFygGSP58VHBmW1yY4dY7VN2mATDgBrLPrs3pTVPx/k1oeA AktZbDZc8rB1w5Q6p8N8mZ41OZl/yZam8hkRP+/8PSLdVDMSI/AyGwFhkPpIKUoSifC6 nSoljIqBh14zFW8INi+OC3NwuLaHmJryY0W7rjh/ob9GHNWU2bPTpQMOvF3mNWoqfqXg ILo4vfGadX3v2NImOOSdWalcjcKuqCwpslro1bGvkgMOjJhZTZlbvhS1sgzRwTEm9Dh6 tFSO4zAcjXhZnZVIlvWecdcZ9YXkE7d5xSz0uHrN6EG0TUrXOhzs15Z5dYRH6SZT3/lP L6tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=nJHlx2xPqKvq6zfphAgaXi/mxipfrxHIRx5E9dRLZzs=; b=J80aU++CY8q2Xh32ot2foCthUg09nV92rM7Xk4cQXPD1aK+Mws6S8Vq/FmHHbeXo3A +XK8JVUy7t703FLa6j/PhAMMgCS9K/EJSnpYxirl+0/hgg83s5zpggsNi4hzVBWKipnN N07fLmUq6wYpD3+UEhWh8XM6bXJPTZRQdR0tqUnXzFk3pelsf6BC9AuAF42M/YJfEzqW w0NBzVkBXa49C7Vf4oCGZg8iVkBfZkJJ7JajiTAl/3H8PTPB0LN6Dwd0GPDjj6u47HSL xtGIgRcJVw0Y6j0MhOUTS1odp+G47A1F5LjX1Z3XiHhKWyWpHrgLA+sd8+jwY3+4rMgS iJAA== X-Gm-Message-State: AOAM530oCO4cbsWGy8SXGOimaYWbjxSCNvdLHWwmnCgZFqcZH9GrzN5N PWZJ0jUrcRy+7GdONe/6imoCjA== X-Google-Smtp-Source: ABdhPJzRlSD8MA3H46LX+Jb19hh/B1DF0TQXYw8esHIZlOgBoM+TNgQ5GIWPKymaidD7uz6nBOu0Kg== X-Received: by 2002:a17:90a:eb17:: with SMTP id j23mr12132337pjz.76.1644799391185; Sun, 13 Feb 2022 16:43:11 -0800 (PST) Received: from laputa ([2400:4050:c3e1:100:c11:cd20:ca66:ba1d]) by smtp.gmail.com with ESMTPSA id k16sm23846417pgh.45.2022.02.13.16.43.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Feb 2022 16:43:10 -0800 (PST) Date: Mon, 14 Feb 2022 09:43:06 +0900 From: AKASHI Takahiro To: Heinrich Schuchardt Cc: sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, mark.kettenis@xs4all.nl, u-boot@lists.denx.de Subject: Re: [PATCH v11 5/9] test/py: efi_capsule: add image authentication test Message-ID: <20220214004306.GA39639@laputa> Mail-Followup-To: AKASHI Takahiro , Heinrich Schuchardt , sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, mark.kettenis@xs4all.nl, u-boot@lists.denx.de References: <20220209101042.78036-1-takahiro.akashi@linaro.org> <20220209101042.78036-6-takahiro.akashi@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Heinrich, On Fri, Feb 11, 2022 at 08:25:15PM +0100, Heinrich Schuchardt wrote: > On 2/9/22 11:10, AKASHI Takahiro wrote: > > Add a couple of test cases against capsule image authentication > > for capsule-on-disk, where only a signed capsule file with the verified > > signature will be applied to the system. > > > > Due to the difficulty of embedding a public key (esl file) in U-Boot > > binary during pytest setup time, all the keys/certificates are pre-created. > > > > Signed-off-by: AKASHI Takahiro > > Reviewed-by: Simon Glass > > Acked-by: Ilias Apalodimas > > The test is not executed on Gitlab: > > test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py sss > > SKIPPED [3] /builds/u-boot/custodians/u-boot-efi/test/py/conftest.py:490: > .config feature "efi_capsule_authenticate" not enabled > > Please, provide a defconfig with CONFIG_EFI_CAPSULE_AUTHENTICATE=y in a > follow-up patch. This is somehow intentional. I don't remember quite well, but when I tried to add another defconfig file for sandbox to initiate some test in the past, you or Simon (sorry if I remember incorrectly here) opposed it. Please also note that adding CONFIG_EFI_CAPSULE_AUTHENTICATE to sandbox_defconfig doesn't make sense as it makes non-signed capsule tests (test_capsule_firmware.py) meaningless. -Takahiro Akashi > Best regards > > Heinrich > > > > --- > > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > > test/py/tests/test_efi_capsule/conftest.py | 52 +++- > > test/py/tests/test_efi_capsule/signature.dts | 10 + > > .../test_capsule_firmware_signed.py | 254 ++++++++++++++++++ > > 4 files changed, 318 insertions(+), 3 deletions(-) > > create mode 100644 test/py/tests/test_efi_capsule/signature.dts > > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > > > diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/tests/test_efi_capsule/capsule_defs.py > > index 4fd6353c2040..59b40f11bd1d 100644 > > --- a/test/py/tests/test_efi_capsule/capsule_defs.py > > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py > > @@ -3,3 +3,8 @@ > > # Directories > > CAPSULE_DATA_DIR = '/EFI/CapsuleTestData' > > CAPSULE_INSTALL_DIR = '/EFI/UpdateCapsule' > > + > > +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and > > +# you need build a newer version on your own. > > +# The path must terminate with '/' if it is not null. > > +EFITOOLS_PATH = '' > > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py > > index 6ad5608cd71c..27c05971ca32 100644 > > --- a/test/py/tests/test_efi_capsule/conftest.py > > +++ b/test/py/tests/test_efi_capsule/conftest.py > > @@ -10,13 +10,13 @@ import pytest > > from capsule_defs import * > > > > # > > -# Fixture for UEFI secure boot test > > +# Fixture for UEFI capsule test > > # > > > > - > > @pytest.fixture(scope='session') > > def efi_capsule_data(request, u_boot_config): > > - """Set up a file system to be used in UEFI capsule test. > > + """Set up a file system to be used in UEFI capsule and > > + authentication test. > > > > Args: > > request: Pytest request object. > > @@ -40,6 +40,36 @@ def efi_capsule_data(request, u_boot_config): > > check_call('mkdir -p %s' % data_dir, shell=True) > > check_call('mkdir -p %s' % install_dir, shell=True) > > > > + capsule_auth_enabled = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_authenticate') > > + if capsule_auth_enabled: > > + # Create private key (SIGNER.key) and certificate (SIGNER.crt) > > + check_call('cd %s; ' > > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > > + '-subj /CN=TEST_SIGNER/ -keyout SIGNER.key ' > > + '-out SIGNER.crt -nodes -days 365' > > + % data_dir, shell=True) > > + check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER.esl' > > + % (data_dir, EFITOOLS_PATH), shell=True) > > + > > + # Update dtb adding capsule certificate > > + check_call('cd %s; ' > > + 'cp %s/test/py/tests/test_efi_capsule/signature.dts .' > > + % (data_dir, u_boot_config.source_dir), shell=True) > > + check_call('cd %s; ' > > + 'dtc -@ -I dts -O dtb -o signature.dtbo signature.dts; ' > > + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' > > + '-o test_sig.dtb signature.dtbo' > > + % (data_dir, u_boot_config.build_dir), shell=True) > > + > > + # Create *malicious* private key (SIGNER2.key) and certificate > > + # (SIGNER2.crt) > > + check_call('cd %s; ' > > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > > + '-subj /CN=TEST_SIGNER/ -keyout SIGNER2.key ' > > + '-out SIGNER2.crt -nodes -days 365' > > + % data_dir, shell=True) > > + > > # Create capsule files > > # two regions: one for u-boot.bin and the other for u-boot.env > > check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; echo -n u-boot-env:New > u-boot.env.new' % data_dir, > > @@ -56,6 +86,22 @@ def efi_capsule_data(request, u_boot_config): > > check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new --index 1 Test02' % > > (data_dir, u_boot_config.build_dir), > > shell=True) > > + if capsule_auth_enabled: > > + # firmware signed with proper key > > + check_call('cd %s; ' > > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > > + '--private-key SIGNER.key --certificate SIGNER.crt ' > > + '--raw u-boot.bin.new Test11' > > + % (data_dir, u_boot_config.build_dir), > > + shell=True) > > + # firmware signed with *mal* key > > + check_call('cd %s; ' > > + '%s/tools/mkeficapsule --index 1 --monotonic-count 1 ' > > + '--private-key SIGNER2.key ' > > + '--certificate SIGNER2.crt ' > > + '--raw u-boot.bin.new Test12' > > + % (data_dir, u_boot_config.build_dir), > > + shell=True) > > > > # Create a disk image with EFI system partition > > check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % > > diff --git a/test/py/tests/test_efi_capsule/signature.dts b/test/py/tests/test_efi_capsule/signature.dts > > new file mode 100644 > > index 000000000000..078cfc76c93c > > --- /dev/null > > +++ b/test/py/tests/test_efi_capsule/signature.dts > > @@ -0,0 +1,10 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > + > > +/dts-v1/; > > +/plugin/; > > + > > +&{/} { > > + signature { > > + capsule-key = /incbin/("SIGNER.esl"); > > + }; > > +}; > > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > new file mode 100644 > > index 000000000000..593b032e9015 > > --- /dev/null > > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > > @@ -0,0 +1,254 @@ > > +# SPDX-License-Identifier: GPL-2.0+ > > +# Copyright (c) 2021, Linaro Limited > > +# Author: AKASHI Takahiro > > +# > > +# U-Boot UEFI: Firmware Update (Signed capsule) Test > > + > > +""" > > +This test verifies capsule-on-disk firmware update > > +with signed capsule files > > +""" > > + > > +import pytest > > +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR > > + > > +@pytest.mark.boardspec('sandbox') > > +@pytest.mark.buildconfigspec('efi_capsule_firmware_raw') > > +@pytest.mark.buildconfigspec('efi_capsule_authenticate') > > +@pytest.mark.buildconfigspec('dfu') > > +@pytest.mark.buildconfigspec('dfu_sf') > > +@pytest.mark.buildconfigspec('cmd_efidebug') > > +@pytest.mark.buildconfigspec('cmd_fat') > > +@pytest.mark.buildconfigspec('cmd_memory') > > +@pytest.mark.buildconfigspec('cmd_nvedit_efi') > > +@pytest.mark.buildconfigspec('cmd_sf') > > +@pytest.mark.slow > > +class TestEfiCapsuleFirmwareSigned(object): > > + def test_efi_capsule_auth1( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 1 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is properly signed, the authentication > > + should pass and the firmware be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 1-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test11 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 1-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test11' not in ''.join(output) > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:New' in ''.join(output) > > + > > + def test_efi_capsule_auth2( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 2 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is signed but with an invalid key, > > + the authentication should fail and the firmware > > + not be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 2-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test12 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 2-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + # deleted any way > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test12' not in ''.join(output) > > + > > + # TODO: check CapsuleStatus in CapsuleXXXX > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:Old' in ''.join(output) > > + > > + def test_efi_capsule_auth3( > > + self, u_boot_config, u_boot_console, efi_capsule_data): > > + """ > > + Test Case 3 - Update U-Boot on SPI Flash, raw image format > > + 0x100000-0x150000: U-Boot binary (but dummy) > > + > > + If the capsule is not signed, the authentication > > + should fail and the firmware not be updated. > > + """ > > + disk_img = efi_capsule_data > > + with u_boot_console.log.section('Test Case 3-a, before reboot'): > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > > + 'efidebug boot order 1', > > + 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'env save']) > > + > > + # initialize content > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > > + % CAPSULE_DATA_DIR, > > + 'sf write 4000000 100000 10', > > + 'sf read 5000000 100000 10', > > + 'md.b 5000000 10']) > > + assert 'Old' in ''.join(output) > > + > > + # place a capsule file > > + output = u_boot_console.run_command_list([ > > + 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR, > > + 'fatwrite host 0:1 4000000 %s/Test02 $filesize' > > + % CAPSULE_INSTALL_DIR, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' in ''.join(output) > > + > > + # reboot > > + mnt_point = u_boot_config.persistent_data_dir + '/test_efi_capsule' > > + u_boot_console.config.dtb = mnt_point + CAPSULE_DATA_DIR \ > > + + '/test_sig.dtb' > > + u_boot_console.restart_uboot() > > + > > + capsule_early = u_boot_config.buildconfig.get( > > + 'config_efi_capsule_on_disk_early') > > + with u_boot_console.log.section('Test Case 3-b, after reboot'): > > + if not capsule_early: > > + # make sure that dfu_alt_info exists even persistent variables > > + # are not available. > > + output = u_boot_console.run_command_list([ > > + 'env set dfu_alt_info ' > > + '"sf 0:0=u-boot-bin raw 0x100000 ' > > + '0x50000;u-boot-env raw 0x150000 0x200000"', > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' in ''.join(output) > > + > > + # need to run uefi command to initiate capsule handling > > + output = u_boot_console.run_command( > > + 'env print -e Capsule0000') > > + > > + # deleted any way > > + output = u_boot_console.run_command_list([ > > + 'host bind 0 %s' % disk_img, > > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > > + assert 'Test02' not in ''.join(output) > > + > > + # TODO: check CapsuleStatus in CapsuleXXXX > > + > > + output = u_boot_console.run_command_list([ > > + 'sf probe 0:0', > > + 'sf read 4000000 100000 10', > > + 'md.b 4000000 10']) > > + assert 'u-boot:Old' in ''.join(output) >