Merge tag 'efi-2020-10-rc3-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc3 (3)
The following bug fixes are contained in this pull-request:
* ResetSystem() should no hang if not implemented.
* Device paths in Bootxxxx variables should be verified.
* Use ':' as separator for command setenv -e -i instead of ','.
* Correct comments for functions.
* Update UEFI documentation.
diff --git a/cmd/bootefi.c b/cmd/bootefi.c
index fbfed54..06563d2 100644
--- a/cmd/bootefi.c
+++ b/cmd/bootefi.c
@@ -304,7 +304,11 @@
/**
* do_bootefi_exec() - execute EFI binary
*
+ * The image indicated by @handle is started. When it returns the allocated
+ * memory for the @load_options is freed.
+ *
* @handle: handle of loaded image
+ * @load_options: load options
* Return: status code
*
* Load the EFI binary into a newly assigned memory unwinding the relocation
diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c
index 8e31f43..094c0e8 100644
--- a/cmd/nvedit_efi.c
+++ b/cmd/nvedit_efi.c
@@ -473,7 +473,7 @@
argc--;
argv++;
addr = simple_strtoul(argv[0], &ep, 16);
- if (*ep != ',')
+ if (*ep != ':')
return CMD_RET_USAGE;
/* 0 should be allowed for delete */
diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst
index a72e729..07eb3f0 100644
--- a/doc/uefi/uefi.rst
+++ b/doc/uefi/uefi.rst
@@ -59,6 +59,10 @@
120832 bytes read in 7 ms (16.5 MiB/s)
=> bootefi ${kernel_addr_r} ${fdt_addr_r}
+The bootefi command uses the device, the file name, and the file size
+(environment variable 'filesize') of the most recently loaded file when setting
+up the binary for execution. So the UEFI binary should be loaded last.
+
The environment variable 'bootargs' is passed as load options in the UEFI system
table. The Linux kernel EFI stub uses the load options as command line
arguments.
@@ -169,11 +173,11 @@
Now in U-Boot install the keys on your board::
fatload mmc 0:1 <tmpaddr> PK.auth
- setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize PK
+ setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize PK
fatload mmc 0:1 <tmpaddr> KEK.auth
- setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize KEK
+ setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize KEK
fatload mmc 0:1 <tmpaddr> db.auth
- setenv -e -nv -bs -rt -at -i <tmpaddr>,$filesize db
+ setenv -e -nv -bs -rt -at -i <tmpaddr>:$filesize db
Set up boot parameters on your board::
@@ -217,13 +221,13 @@
Executing the boot manager
~~~~~~~~~~~~~~~~~~~~~~~~~~
-The UEFI specification foresees to define boot entries and boot sequence via UEFI
-variables. Booting according to these variables is possible via::
+The UEFI specification foresees to define boot entries and boot sequence via
+UEFI variables. Booting according to these variables is possible via::
bootefi bootmgr [fdt address]
-As of U-Boot v2018.03 UEFI variables are not persisted and cannot be set at
-runtime.
+As of U-Boot v2020.10 UEFI variables cannot be set at runtime. The U-Boot
+command 'efidebug' can be used to set the variables.
Executing the built in hello world application
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 50a17a3..0baa1d2 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -631,6 +631,8 @@
const char *path,
struct efi_device_path **device,
struct efi_device_path **file);
+ssize_t efi_dp_check_length(const struct efi_device_path *dp,
+ const size_t maxlen);
#define EFI_DP_TYPE(_dp, _type, _subtype) \
(((_dp)->type == DEVICE_PATH_TYPE_##_type) && \
diff --git a/include/efi_variable.h b/include/efi_variable.h
index 60491cb..4704a3c 100644
--- a/include/efi_variable.h
+++ b/include/efi_variable.h
@@ -274,7 +274,6 @@
* @data: buffer to which the variable value is copied
* @timep: authentication time (seconds since start of epoch)
* Return: status code
-
*/
efi_status_t __efi_runtime
efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes,
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index b88c210..3e71d61 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -19,6 +19,9 @@
#ifndef SIZE_MAX
#define SIZE_MAX (~(size_t)0)
#endif
+#ifndef SSIZE_MAX
+#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1))
+#endif
#define U8_MAX ((u8)~0U)
#define S8_MAX ((s8)(U8_MAX>>1))
diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
index 1e06e60..61dc72a 100644
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -105,10 +105,8 @@
if (*size < len)
return EFI_INVALID_PARAMETER;
lo->file_path = (struct efi_device_path *)data;
- /*
- * TODO: validate device path. There should be an end node within
- * the indicated file_path_length.
- */
+ if (efi_dp_check_length(lo->file_path, len) < 0)
+ return EFI_INVALID_PARAMETER;
data += len;
*size -= len;
diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c
index 7ae14f3..8a5c13c 100644
--- a/lib/efi_loader/efi_device_path.c
+++ b/lib/efi_loader/efi_device_path.c
@@ -1127,3 +1127,36 @@
return EFI_SUCCESS;
}
+
+/**
+ * efi_dp_check_length() - check length of a device path
+ *
+ * @dp: pointer to device path
+ * @maxlen: maximum length of the device path
+ * Return:
+ * * length of the device path if it is less or equal @maxlen
+ * * -1 if the device path is longer then @maxlen
+ * * -1 if a device path node has a length of less than 4
+ * * -EINVAL if maxlen exceeds SSIZE_MAX
+ */
+ssize_t efi_dp_check_length(const struct efi_device_path *dp,
+ const size_t maxlen)
+{
+ ssize_t ret = 0;
+ u16 len;
+
+ if (maxlen > SSIZE_MAX)
+ return -EINVAL;
+ for (;;) {
+ len = dp->length;
+ if (len < 4)
+ return -1;
+ ret += len;
+ if (ret > maxlen)
+ return -1;
+ if (dp->type == DEVICE_PATH_TYPE_END &&
+ dp->sub_type == DEVICE_PATH_SUB_TYPE_END)
+ return ret;
+ dp = (const struct efi_device_path *)((const u8 *)dp + len);
+ }
+}
diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c
index 78fd801..dea2b4e 100644
--- a/lib/efi_loader/efi_runtime.c
+++ b/lib/efi_loader/efi_runtime.c
@@ -365,7 +365,9 @@
* efi_reset_system() - reset system
*
* This function implements the ResetSystem() runtime service after
- * SetVirtualAddressMap() is called. It only executes an endless loop.
+ * SetVirtualAddressMap() is called. As this placeholder cannot reset the
+ * system it simply return to the caller.
+ *
* Boards may override the helpers below to implement reset functionality.
*
* See the Unified Extensible Firmware Interface (UEFI) specification for
@@ -381,8 +383,7 @@
efi_status_t reset_status,
unsigned long data_size, void *reset_data)
{
- /* Nothing we can do */
- while (1) { }
+ return;
}
/**
diff --git a/lib/efi_selftest/Makefile b/lib/efi_selftest/Makefile
index 45ce685..85fe8e1 100644
--- a/lib/efi_selftest/Makefile
+++ b/lib/efi_selftest/Makefile
@@ -31,6 +31,7 @@
efi_selftest_memory.o \
efi_selftest_open_protocol.o \
efi_selftest_register_notify.o \
+efi_selftest_reset.o \
efi_selftest_set_virtual_address_map.o \
efi_selftest_textinput.o \
efi_selftest_textinputex.o \
diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c
index 5b01610..6eec8ae 100644
--- a/lib/efi_selftest/efi_selftest.c
+++ b/lib/efi_selftest/efi_selftest.c
@@ -5,6 +5,7 @@
* Copyright (c) 2017 Heinrich Schuchardt <xypron.glpk@gmx.de>
*/
+#include <command.h>
#include <efi_selftest.h>
#include <vsprintf.h>
@@ -309,8 +310,13 @@
/* Reset system */
efi_st_printf("Preparing for reset. Press any key...\n");
efi_st_get_key();
- runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY,
- sizeof(reset_message), reset_message);
+
+ if (IS_ENABLED(CONFIG_EFI_HAVE_RUNTIME_RESET))
+ runtime->reset_system(EFI_RESET_WARM, EFI_NOT_READY,
+ sizeof(reset_message), reset_message);
+ else
+ do_reset(NULL, 0, 0, NULL);
+
efi_st_printf("\n");
efi_st_error("Reset failed\n");
diff --git a/lib/efi_selftest/efi_selftest_reset.c b/lib/efi_selftest/efi_selftest_reset.c
new file mode 100644
index 0000000..8b6ac24
--- /dev/null
+++ b/lib/efi_selftest/efi_selftest_reset.c
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * efi_selftest_reset
+ *
+ * Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
+ *
+ * This test checks the following service at boot time or runtime:
+ * ResetSystem()
+ */
+
+#include <efi_selftest.h>
+
+static struct efi_runtime_services *runtime;
+
+/*
+ * Setup unit test.
+ *
+ * @handle: handle of the loaded image
+ * @systable: system table
+ * @return: EFI_ST_SUCCESS for success
+ */
+static int setup(const efi_handle_t handle,
+ const struct efi_system_table *systable)
+{
+ runtime = systable->runtime;
+ return EFI_ST_SUCCESS;
+}
+
+/*
+ * Execute unit test.
+ *
+ * @return: EFI_ST_SUCCESS for success
+ */
+static int execute(void)
+{
+ u16 reset_data[] = L"Reset by selftest";
+
+ runtime->reset_system(EFI_RESET_COLD, EFI_SUCCESS,
+ sizeof(reset_data), reset_data);
+ efi_st_error("Reset failed.\n");
+ return EFI_ST_FAILURE;
+}
+
+EFI_UNIT_TEST(reset) = {
+ .name = "reset system",
+ .phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
+ .setup = setup,
+ .execute = execute,
+ .on_request = true,
+};
+
+EFI_UNIT_TEST(resetrt) = {
+ .name = "reset system runtime",
+ .phase = EFI_SETUP_BEFORE_BOOTTIME_EXIT,
+ .setup = setup,
+ .execute = execute,
+ .on_request = true,
+};
diff --git a/test/lib/Makefile b/test/lib/Makefile
index b6a0a20..ada62fe 100644
--- a/test/lib/Makefile
+++ b/test/lib/Makefile
@@ -3,6 +3,7 @@
# (C) Copyright 2018
# Mario Six, Guntermann & Drunck GmbH, mario.six@gdsys.cc
obj-y += cmd_ut_lib.o
+obj-$(CONFIG_EFI_LOADER) += efi_device_path.o
obj-$(CONFIG_EFI_SECURE_BOOT) += efi_image_region.o
obj-y += hexdump.o
obj-y += lmb.o
diff --git a/test/lib/efi_device_path.c b/test/lib/efi_device_path.c
new file mode 100644
index 0000000..24e2f23
--- /dev/null
+++ b/test/lib/efi_device_path.c
@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Test device path functions
+ *
+ * Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
+ */
+
+#include <common.h>
+#include <efi_loader.h>
+#include <test/lib.h>
+#include <test/test.h>
+#include <test/ut.h>
+
+static int lib_test_efi_dp_check_length(struct unit_test_state *uts)
+{
+ /* end of device path */
+ u8 d1[] __aligned(2) = {
+ 0x7f, 0xff, 0x04, 0x00 };
+ /* device path node with length less then 4 */
+ u8 d2[] __aligned(2) = {
+ 0x01, 0x02, 0x02, 0x00, 0x04, 0x00, 0x7f, 0xff, 0x04, 0x00 };
+ /* well formed device path */
+ u8 d3[] __aligned(2) = {
+ 0x03, 0x02, 0x08, 0x00, 0x01, 0x00, 0x01, 0x00,
+ 0x7f, 0xff, 0x04, 0x00 };
+
+ struct efi_device_path *p1 = (struct efi_device_path *)d1;
+ struct efi_device_path *p2 = (struct efi_device_path *)d2;
+ struct efi_device_path *p3 = (struct efi_device_path *)d3;
+
+ ut_asserteq((ssize_t)-EINVAL, efi_dp_check_length(p1, SIZE_MAX));
+ ut_asserteq((ssize_t)sizeof(d1), efi_dp_check_length(p1, sizeof(d1)));
+ ut_asserteq((ssize_t)sizeof(d1),
+ efi_dp_check_length(p1, sizeof(d1) + 4));
+ ut_asserteq((ssize_t)-1, efi_dp_check_length(p1, sizeof(d1) - 1));
+
+ ut_asserteq((ssize_t)-1, efi_dp_check_length(p2, sizeof(d2)));
+
+ ut_asserteq((ssize_t)-1, efi_dp_check_length(p3, sizeof(d3) - 1));
+ ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, sizeof(d3)));
+ ut_asserteq((ssize_t)sizeof(d3), efi_dp_check_length(p3, SSIZE_MAX));
+ ut_asserteq((ssize_t)-EINVAL,
+ efi_dp_check_length(p3, (size_t)SSIZE_MAX + 1));
+ ut_asserteq((ssize_t)sizeof(d3),
+ efi_dp_check_length(p3, sizeof(d3) + 4));
+
+ return 0;
+}
+
+LIB_TEST(lib_test_efi_dp_check_length, 0);
diff --git a/test/py/tests/test_efi_secboot/test_authvar.py b/test/py/tests/test_efi_secboot/test_authvar.py
index d0c6b90..f99b827 100644
--- a/test/py/tests/test_efi_secboot/test_authvar.py
+++ b/test/py/tests/test_efi_secboot/test_authvar.py
@@ -38,14 +38,14 @@
# Test Case 1b, PK without AUTHENTICATED_WRITE_ACCESS
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1c'):
# Test Case 1c, install PK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'PK:' in ''.join(output)
@@ -60,24 +60,24 @@
# Test Case 1d, db/dbx without KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 1e'):
# Test Case 1e, install KEK
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -i 4000000,$filesize KEK'])
+ 'setenv -e -nv -bs -rt -i 4000000:$filesize KEK'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'printenv -e -n KEK'])
assert 'KEK:' in ''.join(output)
@@ -89,12 +89,12 @@
# Test Case 1f, install db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -107,12 +107,12 @@
# Test Case 1g, install dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
- 'setenv -e -nv -bs -rt -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'dbx:' in ''.join(output)
@@ -132,32 +132,32 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
- 'setenv -e -nv -bs -rt -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2b'):
# Test Case 2b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 2c'):
# Test Case 2c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -173,32 +173,32 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
- 'setenv -e -nv -bs -rt -a -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3b'):
# Test Case 3b, update without correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.esl',
- 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' in ''.join(output)
with u_boot_console.log.section('Test Case 3c'):
# Test Case 3c, update with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
- 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -214,11 +214,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f db'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'db:' in ''.join(output)
@@ -248,18 +248,18 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert 'PK:' in ''.join(output)
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.esl',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' in ''.join(output)
assert 'PK:' in ''.join(output)
@@ -268,7 +268,7 @@
# Test Case 5b, Uninstall PK with correct signature
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 PK_null.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK',
'printenv -e -n PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
assert '\"PK\" not defined' in ''.join(output)
diff --git a/test/py/tests/test_efi_secboot/test_signed.py b/test/py/tests/test_efi_secboot/test_signed.py
index 1443ba7..863685e 100644
--- a/test/py/tests/test_efi_secboot/test_signed.py
+++ b/test/py/tests/test_efi_secboot/test_signed.py
@@ -53,9 +53,9 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO1 host 0:1 /helloworld.efi.signed ""',
@@ -74,7 +74,7 @@
# Test Case 2b, authenticated by db
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 2',
@@ -97,11 +97,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -114,7 +114,7 @@
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -133,13 +133,13 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_hash.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -162,11 +162,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed_2sigs ""',
@@ -178,7 +178,7 @@
# Test Case 5b, authenticated if both signatures are verified
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db1.auth',
- 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -190,7 +190,7 @@
# certificate) is revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -201,7 +201,7 @@
# Test Case 5d, rejected if both of signatures are revoked
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_hash1.auth',
- 'setenv -e -nv -bs -rt -at -a -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -220,11 +220,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello_signed.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot add 1 HELLO host 0:1 /helloworld.efi.signed ""',
@@ -236,7 +236,7 @@
# Test Case 6b, rejected by TEST_db certificate in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
@@ -248,9 +248,9 @@
# Test Case 6c, rejected by image's digest in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 dbx_hello_signed.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
'efidebug boot next 1',
diff --git a/test/py/tests/test_efi_secboot/test_signed_intca.py b/test/py/tests/test_efi_secboot/test_signed_intca.py
index 1e5f4d0..70d6be0 100644
--- a/test/py/tests/test_efi_secboot/test_signed_intca.py
+++ b/test/py/tests/test_efi_secboot/test_signed_intca.py
@@ -31,11 +31,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_c.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -64,9 +64,9 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -80,7 +80,7 @@
# Test Case 2b, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_b.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
@@ -90,7 +90,7 @@
# Test Case 2c, signed and authenticated by root CA
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_c.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert 'Hello, world!' in ''.join(output)
@@ -106,13 +106,13 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 dbx_b.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 db_c.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -128,7 +128,7 @@
# Test Case 3b, revoked by root CA in dbx
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 dbx_c.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'efidebug boot next 1',
'efidebug test bootmgr'])
assert '\'HELLO_abc\' failed' in ''.join(output)
diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py b/test/py/tests/test_efi_secboot/test_unsigned.py
index c4c3f4c..56f56e1 100644
--- a/test/py/tests/test_efi_secboot/test_unsigned.py
+++ b/test/py/tests/test_efi_secboot/test_unsigned.py
@@ -29,9 +29,9 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -56,11 +56,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -80,11 +80,11 @@
output = u_boot_console.run_command_list([
'host bind 0 %s' % disk_img,
'fatload host 0:1 4000000 db_hello.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize dbx',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
'fatload host 0:1 4000000 KEK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize KEK',
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize KEK',
'fatload host 0:1 4000000 PK.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize PK'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([
@@ -102,7 +102,7 @@
# Test Case 3b, rejected by dbx even if db allows
output = u_boot_console.run_command_list([
'fatload host 0:1 4000000 db_hello.auth',
- 'setenv -e -nv -bs -rt -at -i 4000000,$filesize db'])
+ 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
assert 'Failed to set EFI variable' not in ''.join(output)
output = u_boot_console.run_command_list([