From: Paul HENRYS Date: Mon, 24 Feb 2025 21:20:55 +0000 (+0100) Subject: binman: Authenticate the image when testing the preload signature X-Git-Tag: v2025.07-rc1~18^2~69^2 X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9b87d01efc496d18bbc17c58c552d54a06ef6ba;p=pandora-u-boot.git binman: Authenticate the image when testing the preload signature Use preload_check_sign to authenticate the generated image when testing the preload signature in testPreLoad(). Signed-off-by: Paul HENRYS --- diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index a553ca9e564..8cf867fd3fe 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -762,6 +762,16 @@ class TestFunctional(unittest.TestCase): return False return True + def _CheckPreload(self, image, key, algo="sha256,rsa2048", + padding="pkcs-1.5"): + try: + tools.run('preload_check_sign', '-k', key, '-a', algo, '-p', + padding, '-f', image) + except: + self.fail('Expected image signed with a pre-load') + return False + return True + def testRun(self): """Test a basic run with valid args""" result = self._RunBinman('-h') @@ -5781,9 +5791,14 @@ fdt fdtmap Extract the devicetree blob from the fdtmap data = self._DoReadFileDtb( '230_pre_load.dts', entry_args=entry_args, extra_indirs=[os.path.join(self._binman_dir, 'test')])[0] + + image_fname = tools.get_output_filename('image.bin') + is_signed = self._CheckPreload(image_fname, self.TestFile("dev.key")) + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)]) self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)]) + self.assertEqual(is_signed, True) def testPreLoadNoKey(self): """Test an image with a pre-load heade0r with missing key"""