diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py index 8a3eb7f8c1..fcba28b7b7 100644 --- a/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/meta/lib/oeqa/selftest/cases/fitimage.py @@ -760,8 +760,7 @@ PREFERRED_PROVIDER_virtual/dtb = "bbb-dtbs-as-ext" and the configuration nodes are signed correctly. Expected: 1) its and FIT image are built successfully 2) Scanning the its file indicates signing is enabled - as requested by UBOOT_SIGN_ENABLE (using 1 key - generated by the test not via FIT_GENERATE_KEYS) + as requested by UBOOT_SIGN_ENABLE 3) Dumping the FIT image indicates signature values are present (only for the configuration nodes as FIT_SIGN_INDIVIDUAL is disabled) @@ -792,10 +791,7 @@ FIT_CONF_DEFAULT_DTB = "am335x-bonegreen.dtb" 'UBOOT_SIGN_KEYDIR', ]) - # Do not use the random keys generated by FIT_GENERATE_KEYS. - # Using a static key is probably a more realistic scenario. self._gen_signing_key(bb_vars) - self._test_fitimage(bb_vars) def test_sign_fit_image_individual(self): @@ -804,11 +800,11 @@ FIT_CONF_DEFAULT_DTB = "am335x-bonegreen.dtb" and all nodes are signed correctly. Expected: 1) its and FIT image are built successfully 2) Scanning the its file indicates signing is enabled - as requested by UBOOT_SIGN_ENABLE (using 2 keys - generated via FIT_GENERATE_KEYS) + as requested by UBOOT_SIGN_ENABLE 3) Dumping the FIT image indicates signature values are present (including for images as enabled via FIT_SIGN_INDIVIDUAL) + This also implies that FIT_GENERATE_KEYS = "1" works. 4) Verify the FIT image contains the comments passed via UBOOT_MKIMAGE_SIGN_ARGS once per image and per configuration node. @@ -837,6 +833,10 @@ UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart comment'" config = self._config_add_uboot_env(config) self.write_config(config) bb_vars = self._fit_get_bb_vars() + + # Ensure new keys are generated and FIT_GENERATE_KEYS = "1" is tested + bitbake("kernel-signing-keys-native -c cleansstate") + self._test_fitimage(bb_vars) def test_fit_image_sign_initramfs(self): @@ -875,7 +875,6 @@ UBOOT_ARCH = "arm" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_MKIMAGE_KERNEL_TYPE = "kernel" UBOOT_EXTLINUX = "0" -FIT_GENERATE_KEYS = "1" KERNEL_IMAGETYPE_REPLACEMENT = "zImage" FIT_KERNEL_COMP_ALG = "none" FIT_HASH_ALG = "sha256" @@ -892,10 +891,7 @@ FIT_HASH_ALG = "sha256" 'UBOOT_SIGN_KEYDIR', ]) - # Do not use the random keys generated by FIT_GENERATE_KEYS. - # Using a static key is probably a more realistic scenario. self._gen_signing_key(bb_vars) - self._test_fitimage(bb_vars) def test_fit_image_sign_initramfs_bundle(self): @@ -933,7 +929,6 @@ UBOOT_ARCH = "arm" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_MKIMAGE_KERNEL_TYPE = "kernel" UBOOT_EXTLINUX = "0" -FIT_GENERATE_KEYS = "1" KERNEL_IMAGETYPE_REPLACEMENT = "zImage" FIT_KERNEL_COMP_ALG = "none" FIT_HASH_ALG = "sha256" @@ -941,6 +936,7 @@ FIT_HASH_ALG = "sha256" config = self._config_add_uboot_env(config) self.write_config(config) bb_vars = self._fit_get_bb_vars() + self._gen_signing_key(bb_vars) self._test_fitimage(bb_vars) @@ -1345,9 +1341,7 @@ UBOOT_SIGN_KEYNAME = "cfg-oe-selftest" self.write_config(config) bb_vars = self._fit_get_bb_vars() - # Using a static key. FIT_GENERATE_KEYS = "1" does not work without kernel-fitimage.bbclass self._gen_signing_key(bb_vars) - self._test_fitimage(bb_vars) self._check_kernel_dtb(bb_vars) @@ -1508,8 +1502,6 @@ FIT_SIGN_INDIVIDUAL = "1" """ self.write_config(config) bb_vars = self._fit_get_bb_vars() - - # Using a static key. FIT_GENERATE_KEYS = "1" does not work without kernel-fitimage.bbclass self._gen_signing_key(bb_vars) bitbake("virtual/bootloader")