The current test infrastructure is tied to x86/amd64. This means the
tests always fail on a non-x86 architecture (like aarch64). Fix this
by generating the efi binary directly from C code and removing the
architectural restrictions in the Makefile.am. One of the
consequences of this is that we no longer test ia32 on x86_64, but the
difficulty of detecting which architectures can support 32 bit
variants and generating them correctly from EFI c code is too great.
We also need to exclude tests involving objdump from aarch64 since its
bfd still doesn't have an efi_app_aarch64 target.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
pecoff for i386 can be too short, so it gets padded for an accurate
signature. Make sure the size comparison takes this into account to
avoid spurious failures.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
newer versions of gcc have contained an efi target for a while so use
it instead of hacking a linker script.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
The original tests to warn about overwriting signatures have never
worked after the multiple signature code was added (because we add a
new signature instead of overwriting the old one) update the tests to
check instead for the signature addition.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
autotest is very finicky. The environment can't be set up in
SH_LOG_COMPILER, but have to be done in AM_TESTS_ENVIRONMENT instead,
so fix this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.
When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.
We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:
image_add_signature(image, sig, sigsize);
image_remove_signature(image);
And warn when a signature is to be overwritten.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.
This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.
Bug report & initial patch from from Steve Langasek.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test to check the validity of the certificate table header,
ensuring that parsing the header gives us the valid certificate.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test for the invalid PKCS7 signature attaching. This test
generates 1K of zero bytes as an invalid signature to attach.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Instead of executing in the current (build) directory, create a
temporary directory and change into it before running any tests. This
ensures that tests aren't relying on left-overs from previous test runs.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
