Checkbox Provider - Base

Merge ~sylvain-pineau/plainbox-provider-checkbox:more_lk_fixes into plainbox-provider-checkbox:master

  1. Git
  2. lp:~sylvain-pineau/plainbox-provider-checkbox
  3. more_lk_fixes
  4. Merge into master
Proposed by Sylvain Pineau
Status: Merged
Approved by: Sylvain Pineau
Approved revision: 19c434669c4fd00d56199c9f49c6a244a6fbfdaa
Merged at revision: 44a10949afe1292195982fdec77e0e0db16c8dbe
Proposed branch: ~sylvain-pineau/plainbox-provider-checkbox:more_lk_fixes
Merge into: plainbox-provider-checkbox:master
Diff against target: 172 lines (+62/-11)
4 files modified
bin/boot_mode_test_snappy.py (+58/-8)
bin/booted_kernel_tests.py (+1/-1)
units/kernel-snap/jobs.pxu (+2/-2)
units/miscellanea/jobs.pxu (+1/-0)
Reviewer Review Type Date Requested Status
Sylvain Pineau (community) Approve
Review via email: mp+374056@code.launchpad.net

Description of the change

Add lk support to kernel snap tests

To post a comment you must log in.
Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

self-approved

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/bin/boot_mode_test_snappy.py b/bin/boot_mode_test_snappy.py
2index 46bed92..864be29 100755
3--- a/bin/boot_mode_test_snappy.py
4+++ b/bin/boot_mode_test_snappy.py
5@@ -1,16 +1,22 @@
6 #!/usr/bin/env python3
7-# Copyright 2018 Canonical Ltd.
8+# Copyright 2018-2019 Canonical Ltd.
9 # Written by:
10 # Jonathan Cave <jonathan.cave@canonical.com>
11+# Sylvain Pineau <sylvain.pineau@canonical.com>
12
13 import io
14 import os
15 import re
16+import shutil
17 import sys
18 import subprocess as sp
19+import tempfile
20
21 import yaml
22
23+from checkbox_support.parsers.kernel_cmdline import parse_kernel_cmdline
24+from checkbox_support.snap_utils.system import get_lk_bootimg_path
25+
26
27 def fitdumpimage(filename):
28 cmd = 'dumpimage -l {}'.format(filename)
29@@ -26,8 +32,9 @@ def fitdumpimage(filename):
30
31 # from then on should get blocks of text describing the objects that were
32 # combined in to the FIT image e.g. kernel, ramdisk, device tree
33- image_re = re.compile(r'(?:^\ Image)\ \d+\ \((\S+)\)$')
34- config_re = re.compile(r'^\ Default Configuration|^\ Configuration')
35+ image_config_re = re.compile(
36+ r'(?:^\ Image|Configuration)\ \d+\ \((\S+)\)$')
37+ configuration_re = re.compile(r'^\ Default Configuration')
38 objects = {}
39 name = ''
40 while True:
41@@ -36,16 +43,16 @@ def fitdumpimage(filename):
42 if line == '':
43 break
44 # interested in storing image information
45- match = image_re.search(line)
46+ match = image_config_re.search(line)
47 if match:
48 name = match.group(1)
49 objects[name] = {}
50 continue
51- # not interested in configurations
52- if config_re.search(line):
53+ # not interested in the default configuration
54+ if configuration_re.search(line):
55 name = ''
56 continue
57- # while in an image section store the info
58+ # while in an image/config section store the info
59 if name != '':
60 entries = [s.strip() for s in line.split(':', 1)]
61 objects[name][entries[0]] = entries[1]
62@@ -71,7 +78,7 @@ def main():
63 if not bootloader:
64 raise SystemExit('ERROR: could not find name of bootloader')
65
66- if bootloader not in ('u-boot', 'grub'):
67+ if bootloader not in ('u-boot', 'grub', 'lk'):
68 raise SystemExit(
69 'ERROR: Unexpected bootloader name {}'.format(bootloader))
70 print('Bootloader is {}\n'.format(bootloader))
71@@ -86,6 +93,8 @@ def main():
72 boot_objects = fitdumpimage(boot_kernel)
73
74 for obj, attrs in boot_objects.items():
75+ if obj == 'conf':
76+ continue
77 print('Checking object {}'.format(obj))
78 if 'Sign value' not in attrs:
79 raise SystemExit('ERROR: no sign value found for object')
80@@ -110,6 +119,47 @@ def main():
81
82 print('Secure Boot appears to be enabled on this system')
83
84+ if bootloader == 'lk':
85+ bootimg_path = get_lk_bootimg_path()
86+ if bootimg_path == 'unknown':
87+ raise SystemExit('ERROR: lk-boot-env not found')
88+
89+ # XXX: Assuming FIT format
90+ bootimg = os.path.basename(bootimg_path)
91+ print('Parsing FIT image information ({})...\n'.format(bootimg))
92+
93+ with tempfile.TemporaryDirectory() as tmpdirname:
94+ shutil.copy2(bootimg_path, tmpdirname)
95+ boot_kernel = os.path.join(tmpdirname, bootimg)
96+ boot_objects = fitdumpimage(boot_kernel)
97+
98+ for obj, attrs in boot_objects.items():
99+ if obj != 'conf':
100+ continue
101+ print('Checking object {}'.format(obj))
102+ if 'Sign value' not in attrs:
103+ raise SystemExit('ERROR: no sign value found for object')
104+ print('Found "Sign value"')
105+ if len(attrs['Sign value']) != 512:
106+ raise SystemExit('ERROR: unexpected sign value size')
107+ if all(s in attrs['Sign algo'] for s in ['sha256', 'rsa2048']):
108+ print('Found expected signing algorithms')
109+ else:
110+ raise SystemExit(
111+ 'ERROR: unexpected signing algorithms {}'.format(
112+ attrs['Sign algo']))
113+ print()
114+
115+ # check that all parts of the fit image have
116+ snap_kernel = '/snap/{}/current/boot.img'.format(kernel)
117+ snap_objects = fitdumpimage(snap_kernel)
118+ if snap_objects != boot_objects:
119+ raise SystemExit(
120+ 'ERROR: boot kernel and current snap kernel do not match')
121+ print('Kernel images in current snap and lk snapbootsel match\n')
122+
123+ print('Secure Boot appears to be enabled on this system')
124+
125 if bootloader == 'grub':
126 cmd = 'mokutil --sb-state'
127 print('+', cmd, flush=True)
128diff --git a/bin/booted_kernel_tests.py b/bin/booted_kernel_tests.py
129index 9109aa0..bff9ff9 100755
130--- a/bin/booted_kernel_tests.py
131+++ b/bin/booted_kernel_tests.py
132@@ -50,7 +50,7 @@ def kernel_matches_current(booted_kernel_image):
133
134 if __name__ == '__main__':
135 if len(sys.argv) != 2:
136- raise SystemExit('ERROR: please specify the path to booted kerenl')
137+ raise SystemExit('ERROR: please specify the path to booted kernel')
138 booted_kernel_image = sys.argv[1]
139
140 print('Supplied booted kernel image: {}'.format(booted_kernel_image))
141diff --git a/units/kernel-snap/jobs.pxu b/units/kernel-snap/jobs.pxu
142index 3ccb687..151fd98 100644
143--- a/units/kernel-snap/jobs.pxu
144+++ b/units/kernel-snap/jobs.pxu
145@@ -20,14 +20,14 @@ id: kernel-snap/booted-kernel-matches-current-{name}
146 category_id: kernel-snap
147 _summary: The booted kernel image matches image in current kernel snap
148 _description:
149- On some Ubuntu Core deviecs it is necessary for the kernel image to be
150+ On some Ubuntu Core devices it is necessary for the kernel image to be
151 extracted from the kernel snap and placed in the boot partition (notably
152 device using full disk encryption). This checks the images are in sync.
153 plugin: shell
154 user: root
155 estimated_duration: 2.0
156 command:
157- booted_kernel_tests.py {booted-kernel-path}
158+ booted_kernel_tests.py {booted_kernel_path}
159 imports:
160 from com.canonical.certification import ubuntu_core_features
161 requires:
162diff --git a/units/miscellanea/jobs.pxu b/units/miscellanea/jobs.pxu
163index 1641790..41c9253 100644
164--- a/units/miscellanea/jobs.pxu
165+++ b/units/miscellanea/jobs.pxu
166@@ -160,6 +160,7 @@ id: miscellanea/secure_boot_mode_{gadget}
167 _summary: Test that {gadget} Ubuntu Core system booted with Secure Boot active
168 _description:
169 Test to verify that the system booted with Secure Boot active.
170+user:root
171 command:
172 boot_mode_test_snappy.py {gadget} {kernel}
173

Subscribers

People subscribed via source and target branches