[PATCH v3 10/11] binman: ftest: Add test for xilinx_fsbl_auth etype

Tue, 18 Jul 2023 04:55:23 -0700 

From: Lukas Funke <lukas.fu...@weidmueller.com>

Add test for the 'xilinx_fsbl_auth' etype

Signed-off-by: Lukas Funke <lukas.fu...@weidmueller.com>

---

Changes in v3:
- Improved test coverage for xilinx-fsbl-auth etype

Changes in v2:
- Fixed typo in dts name

 tools/binman/ftest.py                         | 61 +++++++++++++++++++
 tools/binman/test/280_xilinx_fsbl_auth.dts    | 21 +++++++
 .../binman/test/280_xilinx_fsbl_auth_enc.dts  | 23 +++++++
 3 files changed, 105 insertions(+)
 create mode 100644 tools/binman/test/280_xilinx_fsbl_auth.dts
 create mode 100644 tools/binman/test/280_xilinx_fsbl_auth_enc.dts

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 959c760792..fd01eb2030 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -6686,6 +6686,67 @@ fdt         fdtmap                Extract the devicetree 
blob from the fdtmap
                                 ['fit'])
         self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception))
 
+    def testXilinxFsblAuth(self):
+        """Test xilinx_fsbl_auth etype"""
+        data = tools.read_file(self.TestFile("key.key"))
+        self._MakeInputFile("psk.pem", data)
+        self._MakeInputFile("ssk.pem", data)
+        self._SetupPmuFwlElf()
+        self._SetupSplElf()
+        self._DoReadFileRealDtb('280_xilinx_fsbl_auth.dts')
+        image_fname = tools.get_output_filename('image.bin')
+        bootgen = bintool.Bintool.create('bootgen')
+
+        # Read partition header table and check if authentication is enabled
+        bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+                                      "-read", image_fname, "pht").splitlines()
+        attributes = {"authentication": None,
+                      "core": None,
+                      "encryption": None}
+
+        for l in bootgen_out:
+            for a in attributes.keys():
+                if a in l:
+                   m = re.match(fr".*{a} \[([^]]+)\]", l)
+                   attributes[a] = m.group(1)
+
+        self.assertTrue(attributes['authentication'] == "rsa")
+        self.assertTrue(attributes['core'] == "a53-0")
+        self.assertTrue(attributes['encryption'] == "no")
+
+    def testXilinxFsblAuthAndEncryption(self):
+        """Test xilinx_fsbl_auth etype"""
+        data = tools.read_file(self.TestFile("key.key"))
+        self._MakeInputFile("psk.pem", data)
+        self._MakeInputFile("ssk.pem", data)
+        self._SetupPmuFwlElf()
+        self._SetupSplElf()
+        self._DoReadFileRealDtb('280_xilinx_fsbl_auth_enc.dts')
+        image_fname = tools.get_output_filename('image.bin')
+        bootgen = bintool.Bintool.create('bootgen')
+
+        # Read boot header in order to verify encryption source and
+        # encryption parameter
+        bootgen_out = bootgen.run_cmd("-arch", "zynqmp",
+                                      "-read", image_fname, "bh").splitlines()
+        attributes = {"auth_only":
+                        {"re": r".*auth_only \[([^]]+)\]", "value": None},
+                      "encryption_keystore":
+                        {"re": r" *encryption_keystore \(0x28\) : (.*)",
+                            "value": None},
+                     }
+
+        for l in bootgen_out:
+            for a in attributes.keys():
+                if a in l:
+                   m = re.match(attributes[a]['re'], l)
+                   attributes[a] = m.group(1)
+
+        # Check if fsbl-attribute is set correctly
+        self.assertTrue(attributes['auth_only'] == "true")
+        # Check if key is stored in efuse
+        self.assertTrue(attributes['encryption_keystore'] == "0xa5c3c5a3")
+
 
     def testSplPubkeyDtb(self):
          """Test u_boot_spl_pubkey_dtb etype"""
diff --git a/tools/binman/test/280_xilinx_fsbl_auth.dts 
b/tools/binman/test/280_xilinx_fsbl_auth.dts
new file mode 100644
index 0000000000..71b19edf44
--- /dev/null
+++ b/tools/binman/test/280_xilinx_fsbl_auth.dts
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+       #address-cells = <1>;
+       #size-cells = <1>;
+
+       binman {
+               xilinx-fsbl-auth {
+                       psk-key-name-hint = "psk";
+                       ssk-key-name-hint = "ssk";
+                       auth-params = "ppk_select=0", "spk_id=0x00000000";
+
+                       u-boot-spl-nodtb {
+                       };
+                       u-boot-spl-dtb {
+                       };
+               };
+       };
+};
diff --git a/tools/binman/test/280_xilinx_fsbl_auth_enc.dts 
b/tools/binman/test/280_xilinx_fsbl_auth_enc.dts
new file mode 100644
index 0000000000..4889ab4c27
--- /dev/null
+++ b/tools/binman/test/280_xilinx_fsbl_auth_enc.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+       #address-cells = <1>;
+       #size-cells = <1>;
+
+       binman {
+               xilinx-fsbl-auth {
+                       psk-key-name-hint = "psk";
+                       ssk-key-name-hint = "ssk";
+                       auth-params = "ppk_select=0", "spk_id=0x00000000";
+                       fsbl-config = "auth_only";
+                       keysrc-enc = "efuse_red_key";
+
+                       u-boot-spl-nodtb {
+                       };
+                       u-boot-spl-dtb {
+                       };
+               };
+       };
+};
-- 
2.30.2

Reply via email to