From mboxrd@z Thu Jan  1 00:00:00 1970
From: Simon Glass <sjg@chromium.org>
Date: Tue, 11 May 2021 09:27:21 -0600
Subject: [PATCH v2 3/7] common: integrate crypt-based passwords
In-Reply-To: <39dc05ec-6d9b-359c-a983-4fd5a3ed6f32@eyet-services.de>
References: <20210510061916.3388626-1-jaeckel-floss@eyet-services.de>
 <20210510061916.3388626-4-jaeckel-floss@eyet-services.de>
 <CAPnjgZ1X=XtNi3uoUGCsexTmSBvCB2dRqsvn9osD3aTXjaCsUg@mail.gmail.com>
 <665efe80-e61d-6750-ac0f-6801439c65df@eyet-services.de>
 <CAPnjgZ2F2UjnKcgCnm=x9WzHRfE6N6iBVmP=CLsTJbxmy2md7Q@mail.gmail.com>
 <460701e4-3684-9de8-73fa-4229db6a089a@eyet-services.de>
 <CAPnjgZ3MYAn5jc0AGrkUH=O41_Xz05Lcc+7FJsygq8jnpi8=-w@mail.gmail.com>
 <ab6edb6b-ce45-e17d-9217-b5c68b4a896b@eyet-services.de>
 <CAPnjgZ3B2Q4YerQj0N03N+sedfASfzYyhoynoaffHMBmqXxkzg@mail.gmail.com>
 <39dc05ec-6d9b-359c-a983-4fd5a3ed6f32@eyet-services.de>
Message-ID: <CAPnjgZ3HCQTWnasDy8AoYwAviDQsmHh+QOh1giUNvambu0S+vg@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Hi Steffen,

On Tue, 11 May 2021 at 09:02, Steffen Jaeckel
<jaeckel-floss@eyet-services.de> wrote:
>
> Hi Simon,
>
> On 5/10/21 10:45 PM, Simon Glass wrote:
> > On Mon, 10 May 2021 at 13:37, Steffen Jaeckel
> > <jaeckel-floss@eyet-services.de> wrote:
>
> [snip]
>
> >> diff --git a/common/autoboot.c b/common/autoboot.c
> >> index 50ab9281e7..6f55abe388 100644
> >> --- a/common/autoboot.c
> >> +++ b/common/autoboot.c
> >> @@ -316,3 +316,4 @@ static int abortboot_key_sequence(int bootdelay)
> >>         if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
> >> -               if (IS_ENABLED(CONFIG_CRYPT_PW))
> >> +               if (IS_ENABLED(CONFIG_CRYPT_PW) &&
> >> +                   env_get_yesno("bootstopusesha256") != 1)
> >>                         abort = passwd_abort_crypt(etime);
> >
> > Yes, and then you can enable both in sandbox and potentially have a
> > test for your code within the standard sandbox build.
>
> What kind of tests do you want to have added? Python based or C based ones?
>
> TBH I don't see an easy way (yet) to add more tests than the ones I
> already added, as enabling AUTOBOOT_KEYED (which is required for both,
> crypt and sha256) would change the startup behavior of the sandbox...

Here is my idea...we have console monitoring, like this:

console_record_reset();
run_command("acpi dump rdst", 0);
ut_assert_nextline("Table 'RDST' not found");
ut_assert_console_end();

What is needed is the ability to inject console input. We have
gd->console_in (in console.c) but there is currently no function to
add input to it. Something similar to console_record_puts() is needed,
perhaps called console_write_in(), which does a
membuff_put(&gd->console_in, ...) with some input data (the hash).
That way the input can be read by sandbox.

Then I think you could write a test like this:

console_record_reset();
console_write_in(hash_string, strlen(hash_string));
ut_assertok(autoboot_command(""));
ut_assert_nextline("whatever indicates success");
ut_assert_console_end();

Regards,
SImon