From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C61ADC433F5 for ; Fri, 11 Feb 2022 19:25:25 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 26E4F83B77; Fri, 11 Feb 2022 20:25:23 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="SJKr0EPn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8937A83B7D; Fri, 11 Feb 2022 20:25:21 +0100 (CET) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 92EA483881 for ; Fri, 11 Feb 2022 20:25:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1644607516; bh=0T1gL4l5uWNZKu6FYmvGNPEy0L5cZ/a1yyuyjuLbe4o=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=SJKr0EPn5/cap9Ammbig1KYpmusjsY1aMEFM15Lwc94+ZIrwf/5NfTDHTbsFRce8b SC2yGKIq9MHt3JiJ3297yR4LdKcPgJOMVQw3IKEQrS1HJC+QJ90OmZIQu2DqXyi5EO rx3360aFGjADB/xybJ54GnZA/AVwZq5AgI5YLhZs= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.55] ([88.152.144.107]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M8ykW-1nLLMQ1SmE-0067Ej; Fri, 11 Feb 2022 20:25:16 +0100 Message-ID: Date: Fri, 11 Feb 2022 20:25:15 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1 Subject: Re: [PATCH v11 5/9] test/py: efi_capsule: add image authentication test Content-Language: en-US To: AKASHI Takahiro Cc: sjg@chromium.org, ilias.apalodimas@linaro.org, sughosh.ganu@linaro.org, masami.hiramatsu@linaro.org, mark.kettenis@xs4all.nl, u-boot@lists.denx.de References: <20220209101042.78036-1-takahiro.akashi@linaro.org> <20220209101042.78036-6-takahiro.akashi@linaro.org> From: Heinrich Schuchardt In-Reply-To: <20220209101042.78036-6-takahiro.akashi@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:DoJVx2TCuF3sCpRVw/S18iSW4gDCGd13AZrEwzL/sXDVpjxo0rL 9CjO/kFhIiqRqF6/DsE/hy9F0bFgy5s8DVKOKD/pwx+tZ9pLlILa8vabC94T8EoYzaAD58w yfaVjBdNjz8LLEmtwQgFo80up3tG77xCZf3lt7E9BDHWCbs6ZBHfcuTWnZymkeWA0SVYlkb gIEoGGv8i8lSZDW14PeMA== X-UI-Out-Filterresults: notjunk:1;V03:K0:3WCiWC4fLfA=:6Ywj4DJrlJBwOref8oqyd0 GmUXNjwiiV14F3AV3qYjLD+F8MHkwZ05dsTB+FpuJl62aopRviistolqmAhyOlSt2IFJOIDAO ZNwjbh5HaPIiPjBogOWwj1AGRROfhPiqx/8mT6AZyOayHWNPoiL/u7arOYJMvaZlKXgAPhFYb JZrTJnOvuNQHxHzCqDInzy2F0sT5DfWJxPICWEZkCE29GDFhiXYD5n/h2OwcoPwfVB7VezYg1 c7xdjgqIQHe0fJfdT7zx2xYjkwkjVCP9kM230ukm1yltYzbervyl472XalA33P5gs6ADOthwb tOauukI6ZW2bZ4aTcDU0vyAauymoFhsDSUqJhI3rzm1tvRA1LfF7bK5IULH3QzB+V2Gkwq50N O2xoDflfXhZOa9E1hXwWdyzRqWQhBleMUSPK5I83gwwMxldmlPdnB9l/TcY1t/RpA5VBZU9xI aWNGIkGhyx1ixG5ux6+4wF12FbWbUD57/f2G1iqBahjNxSz8nlJEUyEI26u+zGaY3/Pkyfc6O MWlatAWLEQv3S9aXpnW7mfu4BCr+OEtG6QDcWwwwigdRxFzfAR56Bd+Ae/vRh44pqn3SwNqVm oyd4WkREraGU2Pnr8EgbKAzXTVf9q5Zw2uV12+1F6bttiU2pvxiFarcue1d/Mu5vPVjsUdtir ObSabxJm8zb8K/X/4fkPO8BmCquc+PN/wIGAJhbUzpyrIttDWd76Zy33b/Rnf+7BavSlWyotp 0uB/fKzv6VIVdJwUvwacemKgFqCCGqXBB8U51CqsPrEqPgjvW6zOVp0bDfLZTm0Et/Hm4bsko uB5VyU2iWGbRyQif/RN1Wob4Wo8emF3+Oss2yALMpmO2HSECMyx3iPk9XLQOP7UpEWJJ+DH2B X+ePQamMtOsyCo3CQZdlTkhml/cQiNgi0olz+fgJJVc3eBYsu9uXcXExDAePK+7dS0FU36S5r fKikCOcmNBTCy8ZIw5JyzIP4Vkl7nPCOTNvENUCQ/6Y4If3ho/wmA4T841XHYEqM/Nf6Zbjcs eJZqSfdH2flMMneA/RHif5tYS21nFYDC/AgN9E1BDRNfcFtcM64DcQ7fJIE12434sYOZRLrBB 9cy6pXFIDwv+NM= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 2/9/22 11:10, AKASHI Takahiro wrote: > Add a couple of test cases against capsule image authentication > for capsule-on-disk, where only a signed capsule file with the verified > signature will be applied to the system. > > Due to the difficulty of embedding a public key (esl file) in U-Boot > binary during pytest setup time, all the keys/certificates are pre-creat= ed. > > Signed-off-by: AKASHI Takahiro > Reviewed-by: Simon Glass > Acked-by: Ilias Apalodimas The test is not executed on Gitlab: test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py sss SKIPPED [3] /builds/u-boot/custodians/u-boot-efi/test/py/conftest.py:490: .config feature "efi_capsule_authenticate" not enabled Please, provide a defconfig with CONFIG_EFI_CAPSULE_AUTHENTICATE=3Dy in a follow-up patch. Best regards Heinrich > --- > .../py/tests/test_efi_capsule/capsule_defs.py | 5 + > test/py/tests/test_efi_capsule/conftest.py | 52 +++- > test/py/tests/test_efi_capsule/signature.dts | 10 + > .../test_capsule_firmware_signed.py | 254 ++++++++++++++++++ > 4 files changed, 318 insertions(+), 3 deletions(-) > create mode 100644 test/py/tests/test_efi_capsule/signature.dts > create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmwar= e_signed.py > > diff --git a/test/py/tests/test_efi_capsule/capsule_defs.py b/test/py/te= sts/test_efi_capsule/capsule_defs.py > index 4fd6353c2040..59b40f11bd1d 100644 > --- a/test/py/tests/test_efi_capsule/capsule_defs.py > +++ b/test/py/tests/test_efi_capsule/capsule_defs.py > @@ -3,3 +3,8 @@ > # Directories > CAPSULE_DATA_DIR =3D '/EFI/CapsuleTestData' > CAPSULE_INSTALL_DIR =3D '/EFI/UpdateCapsule' > + > +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and > +# you need build a newer version on your own. > +# The path must terminate with '/' if it is not null. > +EFITOOLS_PATH =3D '' > diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/= test_efi_capsule/conftest.py > index 6ad5608cd71c..27c05971ca32 100644 > --- a/test/py/tests/test_efi_capsule/conftest.py > +++ b/test/py/tests/test_efi_capsule/conftest.py > @@ -10,13 +10,13 @@ import pytest > from capsule_defs import * > > # > -# Fixture for UEFI secure boot test > +# Fixture for UEFI capsule test > # > > - > @pytest.fixture(scope=3D'session') > def efi_capsule_data(request, u_boot_config): > - """Set up a file system to be used in UEFI capsule test. > + """Set up a file system to be used in UEFI capsule and > + authentication test. > > Args: > request: Pytest request object. > @@ -40,6 +40,36 @@ def efi_capsule_data(request, u_boot_config): > check_call('mkdir -p %s' % data_dir, shell=3DTrue) > check_call('mkdir -p %s' % install_dir, shell=3DTrue) > > + capsule_auth_enabled =3D u_boot_config.buildconfig.get( > + 'config_efi_capsule_authenticate') > + if capsule_auth_enabled: > + # Create private key (SIGNER.key) and certificate (SIGNER.c= rt) > + check_call('cd %s; ' > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > + '-subj /CN=3DTEST_SIGNER/ -keyout SIGNER.ke= y ' > + '-out SIGNER.crt -nodes -days 365' > + % data_dir, shell=3DTrue) > + check_call('cd %s; %scert-to-efi-sig-list SIGNER.crt SIGNER= .esl' > + % (data_dir, EFITOOLS_PATH), shell=3DTrue) > + > + # Update dtb adding capsule certificate > + check_call('cd %s; ' > + 'cp %s/test/py/tests/test_efi_capsule/signature.= dts .' > + % (data_dir, u_boot_config.source_dir), shell=3D= True) > + check_call('cd %s; ' > + 'dtc -@ -I dts -O dtb -o signature.dtbo signatur= e.dts; ' > + 'fdtoverlay -i %s/arch/sandbox/dts/test.dtb ' > + '-o test_sig.dtb signature.dtbo' > + % (data_dir, u_boot_config.build_dir), shell=3DT= rue) > + > + # Create *malicious* private key (SIGNER2.key) and certific= ate > + # (SIGNER2.crt) > + check_call('cd %s; ' > + 'openssl req -x509 -sha256 -newkey rsa:2048 ' > + '-subj /CN=3DTEST_SIGNER/ -keyout SIGNER2.k= ey ' > + '-out SIGNER2.crt -nodes -days 365' > + % data_dir, shell=3DTrue) > + > # Create capsule files > # two regions: one for u-boot.bin and the other for u-boot.env > check_call('cd %s; echo -n u-boot:Old > u-boot.bin.old; echo -= n u-boot:New > u-boot.bin.new; echo -n u-boot-env:Old -> u-boot.env.old; e= cho -n u-boot-env:New > u-boot.env.new' % data_dir, > @@ -56,6 +86,22 @@ def efi_capsule_data(request, u_boot_config): > check_call('cd %s; %s/tools/mkeficapsule --raw u-boot.bin.new = --index 1 Test02' % > (data_dir, u_boot_config.build_dir), > shell=3DTrue) > + if capsule_auth_enabled: > + # firmware signed with proper key > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-cou= nt 1 ' > + '--private-key SIGNER.key --certificate SIG= NER.crt ' > + '--raw u-boot.bin.new Test11' > + % (data_dir, u_boot_config.build_dir), > + shell=3DTrue) > + # firmware signed with *mal* key > + check_call('cd %s; ' > + '%s/tools/mkeficapsule --index 1 --monotonic-cou= nt 1 ' > + '--private-key SIGNER2.key ' > + '--certificate SIGNER2.crt ' > + '--raw u-boot.bin.new Test12' > + % (data_dir, u_boot_config.build_dir), > + shell=3DTrue) > > # Create a disk image with EFI system partition > check_call('virt-make-fs --partition=3Dgpt --size=3D+1M --type= =3Dvfat %s %s' % > diff --git a/test/py/tests/test_efi_capsule/signature.dts b/test/py/test= s/test_efi_capsule/signature.dts > new file mode 100644 > index 000000000000..078cfc76c93c > --- /dev/null > +++ b/test/py/tests/test_efi_capsule/signature.dts > @@ -0,0 +1,10 @@ > +// SPDX-License-Identifier: GPL-2.0+ > + > +/dts-v1/; > +/plugin/; > + > +&{/} { > + signature { > + capsule-key =3D /incbin/("SIGNER.esl"); > + }; > +}; > diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed= .py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > new file mode 100644 > index 000000000000..593b032e9015 > --- /dev/null > +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py > @@ -0,0 +1,254 @@ > +# SPDX-License-Identifier: GPL-2.0+ > +# Copyright (c) 2021, Linaro Limited > +# Author: AKASHI Takahiro > +# > +# U-Boot UEFI: Firmware Update (Signed capsule) Test > + > +""" > +This test verifies capsule-on-disk firmware update > +with signed capsule files > +""" > + > +import pytest > +from capsule_defs import CAPSULE_DATA_DIR, CAPSULE_INSTALL_DIR > + > +@pytest.mark.boardspec('sandbox') > +@pytest.mark.buildconfigspec('efi_capsule_firmware_raw') > +@pytest.mark.buildconfigspec('efi_capsule_authenticate') > +@pytest.mark.buildconfigspec('dfu') > +@pytest.mark.buildconfigspec('dfu_sf') > +@pytest.mark.buildconfigspec('cmd_efidebug') > +@pytest.mark.buildconfigspec('cmd_fat') > +@pytest.mark.buildconfigspec('cmd_memory') > +@pytest.mark.buildconfigspec('cmd_nvedit_efi') > +@pytest.mark.buildconfigspec('cmd_sf') > +@pytest.mark.slow > +class TestEfiCapsuleFirmwareSigned(object): > + def test_efi_capsule_auth1( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 1 - Update U-Boot on SPI Flash, raw image format > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is properly signed, the authentica= tion > + should pass and the firmware be updated. > + """ > + disk_img =3D efi_capsule_data > + with u_boot_console.log.section('Test Case 1-a, before reboot')= : > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =3D0x000000000000= 0004', > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output =3D u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test11' % CAPSULE_DATA_DIR= , > + 'fatwrite host 0:1 4000000 %s/Test11 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test11' in ''.join(output) > + > + # reboot > + mnt_point =3D u_boot_config.persistent_data_dir + '/test_efi_ca= psule' > + u_boot_console.config.dtb =3D mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early =3D u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 1-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent va= riables > + # are not available. > + output =3D u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"'= , > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test11' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output =3D u_boot_console.run_command( > + 'env print -e Capsule0000') > + > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test11' not in ''.join(output) > + > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:New' in ''.join(output) > + > + def test_efi_capsule_auth2( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 2 - Update U-Boot on SPI Flash, raw image format > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is signed but with an invalid key, > + the authentication should fail and the firmware > + not be updated. > + """ > + disk_img =3D efi_capsule_data > + with u_boot_console.log.section('Test Case 2-a, before reboot')= : > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =3D0x000000000000= 0004', > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output =3D u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test12' % CAPSULE_DATA_DIR= , > + 'fatwrite host 0:1 4000000 %s/Test12 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test12' in ''.join(output) > + > + # reboot > + mnt_point =3D u_boot_config.persistent_data_dir + '/test_efi_ca= psule' > + u_boot_console.config.dtb =3D mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early =3D u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 2-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent va= riables > + # are not available. > + output =3D u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test12' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output =3D u_boot_console.run_command( > + 'env print -e Capsule0000') > + > + # deleted any way > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test12' not in ''.join(output) > + > + # TODO: check CapsuleStatus in CapsuleXXXX > + > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output) > + > + def test_efi_capsule_auth3( > + self, u_boot_config, u_boot_console, efi_capsule_data): > + """ > + Test Case 3 - Update U-Boot on SPI Flash, raw image format > + 0x100000-0x150000: U-Boot binary (but dummy) > + > + If the capsule is not signed, the authentication > + should fail and the firmware not be updated. > + """ > + disk_img =3D efi_capsule_data > + with u_boot_console.log.section('Test Case 3-a, before reboot')= : > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', > + 'efidebug boot order 1', > + 'env set -e -nv -bs -rt OsIndications =3D0x000000000000= 0004', > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"', > + 'env save']) > + > + # initialize content > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'fatload host 0:1 4000000 %s/u-boot.bin.old' > + % CAPSULE_DATA_DIR, > + 'sf write 4000000 100000 10', > + 'sf read 5000000 100000 10', > + 'md.b 5000000 10']) > + assert 'Old' in ''.join(output) > + > + # place a capsule file > + output =3D u_boot_console.run_command_list([ > + 'fatload host 0:1 4000000 %s/Test02' % CAPSULE_DATA_DIR= , > + 'fatwrite host 0:1 4000000 %s/Test02 $filesize' > + % CAPSULE_INSTALL_DIR, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test02' in ''.join(output) > + > + # reboot > + mnt_point =3D u_boot_config.persistent_data_dir + '/test_efi_ca= psule' > + u_boot_console.config.dtb =3D mnt_point + CAPSULE_DATA_DIR \ > + + '/test_sig.dtb' > + u_boot_console.restart_uboot() > + > + capsule_early =3D u_boot_config.buildconfig.get( > + 'config_efi_capsule_on_disk_early') > + with u_boot_console.log.section('Test Case 3-b, after reboot'): > + if not capsule_early: > + # make sure that dfu_alt_info exists even persistent va= riables > + # are not available. > + output =3D u_boot_console.run_command_list([ > + 'env set dfu_alt_info ' > + '"sf 0:0=3Du-boot-bin raw 0x100000 ' > + '0x50000;u-boot-env raw 0x150000 0x200000"'= , > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test02' in ''.join(output) > + > + # need to run uefi command to initiate capsule handling > + output =3D u_boot_console.run_command( > + 'env print -e Capsule0000') > + > + # deleted any way > + output =3D u_boot_console.run_command_list([ > + 'host bind 0 %s' % disk_img, > + 'fatls host 0:1 %s' % CAPSULE_INSTALL_DIR]) > + assert 'Test02' not in ''.join(output) > + > + # TODO: check CapsuleStatus in CapsuleXXXX > + > + output =3D u_boot_console.run_command_list([ > + 'sf probe 0:0', > + 'sf read 4000000 100000 10', > + 'md.b 4000000 10']) > + assert 'u-boot:Old' in ''.join(output)