From: Heinrich Schuchardt Date: Fri, 10 Oct 2025 20:29:26 +0000 (+0200) Subject: test: uninstall PK after secboot tests X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ede1186f2094f5709f4c4cd081a388873680139d;p=pandora-u-boot.git test: uninstall PK after secboot tests The EFI secure boot tests install a security data base. Other EFI tests assume that secure boot is not enabled. Add the missing tear-down at the end of each secboot test sequence. Reported-by: Tom Rini Signed-off-by: Heinrich Schuchardt Tested-by: Tom Rini --- diff --git a/test/py/tests/test_efi_secboot/conftest.py b/test/py/tests/test_efi_secboot/conftest.py index aa9a3536296..76b8f9fa0a3 100644 --- a/test/py/tests/test_efi_secboot/conftest.py +++ b/test/py/tests/test_efi_secboot/conftest.py @@ -162,9 +162,12 @@ def efi_boot_env_intca(request, ubman): # PK check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365' % mnt_point, shell=True) - check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth' + check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -t "2020-04-01" -c PK.crt -k PK.key PK PK.esl PK.auth' % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), shell=True) + # PK_null for deletion + check_call('cd %s; touch PK_null.esl; %ssign-efi-sig-list -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' + % (mnt_point, EFITOOLS_PATH), shell=True) # KEK check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365' % mnt_point, shell=True) diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py index e8aaef7090c..9e6d3fdf8d8 100644 --- a/test/py/tests/test_efi_secboot/test_signed.py +++ b/test/py/tests/test_efi_secboot/test_signed.py @@ -369,3 +369,12 @@ class TestEfiSignedImage(object): assert(not 'hELLO, world!' in ''.join(output)) assert('\'HELLO1\' failed' in ''.join(output)) assert('efi_bootmgr_load() returned: 26' in ''.join(output)) + + with ubman.log.section('Test Case 8c'): + # Test Case 8c, Uninstall PK + output = ubman.run_command_list([ + 'fatload host 0:1 4000000 PK_null.auth', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', + 'printenv -e -n PK']) + assert 'Failed to set EFI variable' not in ''.join(output) + assert '\"PK\" not defined' in ''.join(output) diff --git a/test/py/tests/test_efi_secboot/test_signed_intca.py b/test/py/tests/test_efi_secboot/test_signed_intca.py index 58f7be03b8b..06d86baef19 100644 --- a/test/py/tests/test_efi_secboot/test_signed_intca.py +++ b/test/py/tests/test_efi_secboot/test_signed_intca.py @@ -133,3 +133,12 @@ class TestEfiSignedImageIntca(object): 'efidebug test bootmgr']) assert '\'HELLO_abc\' failed' in ''.join(output) assert 'efi_bootmgr_load() returned: 26' in ''.join(output) + + with ubman.log.section('Test Case 3c'): + # Test Case 3c, Uninstall PK + output = ubman.run_command_list([ + 'fatload host 0:1 4000000 PK_null.auth', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', + 'printenv -e -n PK']) + assert 'Failed to set EFI variable' not in ''.join(output) + assert '\"PK\" not defined' in ''.join(output) diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py index bd6e1b2dadd..2b86dc44cff 100644 --- a/test/py/tests/test_efi_secboot/test_unsigned.py +++ b/test/py/tests/test_efi_secboot/test_unsigned.py @@ -115,3 +115,12 @@ class TestEfiUnsignedImage(object): 'efidebug test bootmgr']) assert 'efi_bootmgr_load() returned: 26' in ''.join(output) assert 'Hello, world!' not in ''.join(output) + + with ubman.log.section('Test Case 3c'): + # Test Case 3c, Uninstall PK + output = ubman.run_command_list([ + 'fatload host 0:1 4000000 PK_null.auth', + 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK', + 'printenv -e -n PK']) + assert 'Failed to set EFI variable' not in ''.join(output) + assert '\"PK\" not defined' in ''.join(output)