[PATCH v3 07/11] CI: capsule: Setup the files needed for capsule update testing

Sughosh Ganu Sun, 09 Jul 2023 06:35:13 -0700

Support has being added through earlier commits to build capsules
and embed the public key needed for capsule authentication as part of
u-boot build.


>From the testing point-of-view, this means the input files needed for
generating the above have to be setup before invoking the build. Set
this up in the CI configuration files for testing the capsule update
feature.

Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org>
---
Changes since V2:
* New patch setting up the capsule files needed for CI run

 .azure-pipelines.yml | 21 +++++++++++++++++++++
 .gitlab-ci.yml       | 19 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
index 96b2ab4d75..75075bbd07 100644
--- a/.azure-pipelines.yml
+++ b/.azure-pipelines.yml
@@ -398,6 +398,17 @@ stages:
               wget -O - 
https://github.com/riscv/opensbi/releases/download/v0.9/opensbi-0.9-rv-bin.tar.xz
 | tar -C /tmp -xJ;
               export 
OPENSBI=/tmp/opensbi-0.9-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin;
           fi
+          mkdir -p /tmp/capsules/;
+          echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
+          echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
+          echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
+          echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+          if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == 
"sandbox_flattree" ]]; then
+              openssl req -x509 -sha256 -newkey rsa:2048 -subj 
/CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt 
-nodes -days 365;
+              openssl req -x509 -sha256 -newkey rsa:2048 -subj 
/CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out 
/tmp/capsules/SIGNER2.crt -nodes -days 365;
+              cert-to-efi-sig-list /tmp/capsules/SIGNER.crt 
/tmp/capsules/SIGNER.esl;
+          fi
+
           # the below corresponds to .gitlab-ci.yml "script"
           cd ${WORK_DIR}
           export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD};
@@ -582,6 +593,16 @@ stages:
           cd ${WORK_DIR}
           # make environment variables available as tests are running inside a 
container
           export BUILDMAN="${BUILDMAN}"
+          if [[ "${BUILDMAN}" == "sandbox" ]] || [[ "${BUILDMAN}" == "sandbox 
x86" ]]; then
+              if [ ! -d "/tmp/capsules/" ]; then
+                  mkdir -p /tmp/capsules/;
+                  openssl req -x509 -sha256 -newkey rsa:2048 -subj 
/CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt 
-n
+odes -days 365;
+                  openssl req -x509 -sha256 -newkey rsa:2048 -subj 
/CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out 
/tmp/capsules/SIGNER2.crt
+-nodes -days 365;
+                  cert-to-efi-sig-list /tmp/capsules/SIGNER.crt 
/tmp/capsules/SIGNER.esl;
+              fi
+          fi
           git config --global --add safe.directory ${WORK_DIR}
           EOF
           cat << "EOF" >> build.sh
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e6c6ab3586..577eebd678 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,6 +37,17 @@ stages:
         export 
OPENSBI=/tmp/opensbi-0.9-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin;
       fi
 
+    - mkdir -p /tmp/capsules/;
+    - echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
+    - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
+    - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
+    - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
+    - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == 
"sandbox_flattree" ]]; then
+       openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ 
-keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
+       openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ 
-keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 
365;
+       cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
+      fi
+
   after_script:
     - cp -v /tmp/${TEST_PY_BD}/*.{html,css} .
     - rm -rf /tmp/uboot-test-hooks /tmp/venv
@@ -131,6 +142,14 @@ build all other platforms:
   stage: world build
   script:
     - ret=0;
+      if [ ! -d "/tmp/capsules/" ]; then
+        mkdir -p /tmp/capsules/;
+        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ 
-keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days
+ 365;
+        openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ 
-keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -da
+ys 365;
+        cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
+      fi
       git config --global --add safe.directory "${CI_PROJECT_DIR}";
       ./tools/buildman/buildman -o /tmp -PEWM -x arm,powerpc || ret=$?;
       if [[ $ret -ne 0 ]]; then
-- 
2.34.1

[PATCH v3 07/11] CI: capsule: Setup the files needed for capsule update testing

Reply via email to