Commit graph

18 commits

Author SHA1 Message Date
James Bottomley
6c2b07fa1c Tests: Add intermediate certificate tests to the sign-verify cases
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2020-06-05 18:34:55 -07:00
Guy Lunardi
704d2c2506 Fix Fedora Build
Of course, Fedora puts gnu-efi in yet another different, non-standard place

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2018-02-20 15:36:19 -05:00
James Bottomley
f065bb5705 tests: Fix up to work on arbitrary architectures
The current test infrastructure is tied to x86/amd64.  This means the
tests always fail on a non-x86 architecture (like aarch64).  Fix this
by generating the efi binary directly from C code and removing the
architectural restrictions in the Makefile.am.  One of the
consequences of this is that we no longer test ia32 on x86_64, but the
difficulty of detecting which architectures can support 32 bit
variants and generating them correctly from EFI c code is too great.

We also need to exclude tests involving objdump from aarch64 since its
bfd still doesn't have an efi_app_aarch64 target.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:58 -07:00
James Bottomley
cbbafe244b tests/detach-remove.sh: fix for i386 pecoff size problems
pecoff for i386 can be too short, so it gets padded for an accurate
signature.  Make sure the size comparison takes this into account to
avoid spurious failures.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:58 -07:00
James Bottomley
bc6ff99d36 tests: fix up the generation of the test pecoff binary for gcc-7.2
newer versions of gcc have contained an efi target for a while so use
it instead of hacking a linker script.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:58 -07:00
James Bottomley
5b79ed2179 tests: fix signature resign/reattach test problems
The original tests to warn about overwriting signatures have never
worked after the multiple signature code was added (because we add a
new signature instead of overwriting the old one) update the tests to
check instead for the signature addition.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:58 -07:00
James Bottomley
73a261f238 make check: fix test environment problem
autotest is very finicky.  The environment can't be set up in
SH_LOG_COMPILER, but have to be done in AM_TESTS_ENVIRONMENT instead,
so fix this.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:57 -07:00
Jeremy Kerr
c7ee585439 Move sources to src/ subdirectory
We have a number of source files now, so move them from the top level to
src/

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
5466f381dd image: Use size of image data when writing images
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.

When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
1187df3459 tests: run tests for each arch
Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.

We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 13:14:09 +08:00
Jeremy Kerr
d27647ba69 image: add functions to add and remove signatures
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:

 image_add_signature(image, sig, sigsize);
 image_remove_signature(image);

And warn when a signature is to be overwritten.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-03 10:03:14 +08:00
Jeremy Kerr
36e79114d2 sbattach: fix --detach
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.

This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.

Bug report & initial patch from from Steve Langasek.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-02 16:47:14 +08:00
Jeremy Kerr
1614a6e0f1 tests: Add test for PE/COFF cert table header validity
Add a test to check the validity of the certificate table header,
ensuring that parsing the header gives us the valid certificate.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 14:23:45 +08:00
Ivan Hu
4d892eb723 tests: Add a test to check invalid PKCS7 signature attaching
Add a test for the invalid PKCS7 signature attaching. This test
generates 1K of zero bytes as an invalid signature to attach.

Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-19 17:11:25 +08:00
Jeremy Kerr
0568983fab tests: Add tests for missing image, cert & key files
Currently causes a segfault in verify-missing-image.sh.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:30:31 +08:00
Jeremy Kerr
b3edb1fb72 tests: Execute tests in a clean (temporary) directory
Instead of executing in the current (build) directory, create a
temporary directory and change into it before running any tests. This
ensures that tests aren't relying on left-overs from previous test runs.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 16:56:28 +08:00
Jeremy Kerr
1be14f0c9b tests: Use COMPILE.S for assembing test object
Currently, ASFLAGS is not used, as we call $(AS) directly. Use
$(COMPILE.S) instead.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 16:23:00 +08:00
Jeremy Kerr
b05afccde0 tests: Add a few simple tests
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:23:26 +08:00