From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E7A71C433EF for ; Wed, 16 Feb 2022 08:41:11 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8D5F483003; Wed, 16 Feb 2022 09:41:08 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="EUYf+Dig"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B9597834E4; Wed, 16 Feb 2022 09:41:06 +0100 (CET) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B14C5820F0 for ; Wed, 16 Feb 2022 09:41:02 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1645000861; bh=P1R5QtNWip6iZ1e2Qb4nuGDZEPN71Qw1TR2kPsQj+7Q=; h=X-UI-Sender-Class:Date:Subject:To:References:From:Cc:In-Reply-To; b=EUYf+DigQ+aPxwxbjNc9Xl9Mfu3tJNyy2cZJehz2/wkp98PHpZyaoLAAiwIk1tGXc 5WTmeqi7tJt2ihCiK0hhKcR8+kWtUVhm2hbakn2ZaqmCqZAqD/3T1h4W/RKhKZWwOf aa7IFbK0tbFRiihK4HihsFBv/t59wNfA+0GaDcPI= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.94] ([88.152.144.107]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M72sJ-1nMA4Y2YNL-008Y5V; Wed, 16 Feb 2022 09:41:01 +0100 Message-ID: Date: Wed, 16 Feb 2022 09:40:57 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: [PATCH v11 5/9] test/py: efi_capsule: add image authentication test Content-Language: en-US To: AKASHI Takahiro References: <20220209101042.78036-1-takahiro.akashi@linaro.org> <20220209101042.78036-6-takahiro.akashi@linaro.org> <20220214004306.GA39639@laputa> From: Heinrich Schuchardt Cc: sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, u-boot@lists.denx.de, mark.kettenis@xs4all.nl In-Reply-To: <20220214004306.GA39639@laputa> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:ebwhaAW9asjkxxEF/8h0Uh8ER82AbGpM9SeIDI30xe7Mc6ncqnd 400rTTgrogG0q6nkm7lzqQuVancoZjniGeGmoWZi/92/MB627wWEXDV98fwxXcaerzI966Q iVYAoV6ut4JL1p9Ni+5vyRC843X2m0LVreyuUYbokA19sMzhSTd8lMIbBTPuxha5OzrPT8d jtgDFtZqXgtkDQqmqCq/g== X-UI-Out-Filterresults: notjunk:1;V03:K0:v8fxoH0VbeM=:5G0lTVmXSMBk9VGMJZaX/u CUs7Ik5Hup68dpwkl4Q447zzbol2ddDNngUlbF0cErP+7KkpB/zcm5BOobo6EasRz908RgAK4 BxrYP5WSpfFVFmjWbQQXgNe/Y3QtcwHz6FSGjvTN6GMojXs71ZfR1rIofMsOuQ00OVmvSuOWW VnSXHOafT3EQWUonZ1wE9aCaU2GPr9D+AWbElWMSCPBHnvGYGzsp5fTJnaXLedZLcy9oZXxAe sIMBgWKsy+wwmbVF8RdKu86fH2R2D6ciI2cfw8QY0eyPBZKmGSVBe2tMMpERsV8imV6YzJuiq DGoVFCz4TlLi+viKEZyfkIM9Qa4u1bYFhKkwnvBnpUFFUQwCSLk1F+ZR4+bH1fmhiio/jfXy8 tFvl+Knrd3P7xN2VR6VjhFHQ74yiWBV1/5NnXC90xFpiayCeXtl6gL61unAnK6F4MY6o5r1aX Z5NwN4s0LuylBfBsrOYsxQEtdSh25BIYS9D2kry3xBpo6H7Xhh+0kq0RJJu+O4F8NiAKbYrRN KZ9pLYs7cle+4/PxEItsLXjkvFpTsjcTz0FiIJbeONeRBvsaT2caMjQiE+qDTjql/Z2zXA9Tt CNidsCsuVlmm1BlYX93oN9XLCXiL8q4QzAvIh5K3aH+m7TXmK4yk4WJekl7IFelW8QMuDnCyP GqGO3JFH1vR/07J1G6yhxWJWeorlZzpKp7BHFQSpOMM366uLh5xDlcgRNPUznmJajwCUMpdro wlPl69/hjH1JKSi5NRe9bs+acjL8X25bOWzU/8kGeqgT8E3MGrYycelKpttRJ8zyDB7b8IOh5 8Vlaf69yCNhMucEiLuJ6a3bbfd8lO7G3MuRAjqbFMDx4SKRyx4kAg3egfQrpM0b4SCrX03zGD 3Aol4QT1bgUI65o3lH/H8VoBIvVtejVwzDyhH1LWdwAdRG2guUyzQOjrYMRUwV3G8ZC6/WdGE H50eDbI3scEvevNTfH5Oxgu760M9SWmbAtjb7C5vY7vNNhOyzirvG2pv4tw3C2N6nWrWy0cN4 1Jhwkvo2raaz67EfTOLUZ4NaXXnojnKGyVhuS9lG83pZzqWwWOYY0Y9Hww9ZCKO0o6zDEGC7y GwE44tMp9AFWxI= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 2/14/22 01:43, AKASHI Takahiro wrote: > Heinrich, > > On Fri, Feb 11, 2022 at 08:25:15PM +0100, Heinrich Schuchardt wrote: >> On 2/9/22 11:10, AKASHI Takahiro wrote: >>> Add a couple of test cases against capsule image authentication >>> for capsule-on-disk, where only a signed capsule file with the verifie= d >>> signature will be applied to the system. >>> >>> Due to the difficulty of embedding a public key (esl file) in U-Boot >>> binary during pytest setup time, all the keys/certificates are pre-cre= ated. >>> >>> Signed-off-by: AKASHI Takahiro >>> Reviewed-by: Simon Glass >>> Acked-by: Ilias Apalodimas >> >> The test is not executed on Gitlab: >> >> test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py sss >> >> SKIPPED [3] /builds/u-boot/custodians/u-boot-efi/test/py/conftest.py:49= 0: >> .config feature "efi_capsule_authenticate" not enabled >> >> Please, provide a defconfig with CONFIG_EFI_CAPSULE_AUTHENTICATE=3Dy in= a >> follow-up patch. > > This is somehow intentional. > I don't remember quite well, but when I tried to add another defconfig f= ile > for sandbox to initiate some test in the past, you or Simon (sorry if I > remember incorrectly here) opposed it. > > Please also note that adding CONFIG_EFI_CAPSULE_AUTHENTICATE to > sandbox_defconfig doesn't make sense as it makes non-signed capsule > tests (test_capsule_firmware.py) meaningless. This function really should be tested in Gitlab. How about adding the setting to sandbox_spl_defconfig? You will have to change test/run line 31 for the test to be run on sandbox_spl. Best regards Heinrich > > -Takahiro Akashi