diff --git a/binaries/fpgadiag/opae/diag/fecmode.py b/binaries/fpgadiag/opae/diag/fecmode.py index d8840672ce0c..03a173326f99 100644 --- a/binaries/fpgadiag/opae/diag/fecmode.py +++ b/binaries/fpgadiag/opae/diag/fecmode.py @@ -1,5 +1,5 @@ #! /usr/bin/env python3 -# Copyright(c) 2020, Intel Corporation +# Copyright(c) 2020-2023, Intel Corporation # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: @@ -42,8 +42,8 @@ CONF_FILE = '/etc/modprobe.d/dfl-fme.conf' OPTION_LINE = 'options dfl_n3000_nios fec_mode=' DRV_MODE = '/sys/module/dfl_n3000_nios/parameters/fec_mode' -REMOVE_MOD = 'rmmod dfl_n3000_nios' -PROBE_MOD = 'modprobe dfl_n3000_nios' +REMOVE_MOD = ['rmmod', 'dfl_n3000_nios'] +PROBE_MOD = ['modprobe', 'dfl_n3000_nios'] def get_fpga_sysfs_path(sbdf): @@ -85,14 +85,11 @@ def do_rsu(sbdf, debug): return None try: - cmd = "rsu bmcimg {}".format(sbdf) + cmd = ['rsu', 'bmcimg', sbdf] if debug: + cmd.append('-d') print(cmd) - cmd += ' -d' - rc = subprocess.call(cmd, shell=True) - if rc != 0: - print("failed to '{}'".format(cmd)) - return None + subprocess.run(cmd, check=True) except subprocess.CalledProcessError as e: print('failed call') return None @@ -145,10 +142,7 @@ def reload_driver(fec_mode, debug): try: if debug: print(REMOVE_MOD) - rc = subprocess.call(REMOVE_MOD, shell=True) - if rc != 0: - print("failed to '{}'".format(REMOVE_MOD)) - return rc + subprocess.run(REMOVE_MOD, check=True) except subprocess.CalledProcessError as e: print('failed call') return 2 @@ -158,10 +152,7 @@ def reload_driver(fec_mode, debug): try: if debug: print(PROBE_MOD) - rc = subprocess.call(PROBE_MOD, shell=True) - if rc != 0: - print("failed to '{}'".format(PROBE_MOD)) - return rc + subprocess.run(PROBE_MOD, check=True) except subprocess.CalledProcessError as e: print(e) return 2 diff --git a/binaries/fpgadiag/opae/diag/fpgadiag.py b/binaries/fpgadiag/opae/diag/fpgadiag.py index c4509d3a4581..60e70423a32e 100755 --- a/binaries/fpgadiag/opae/diag/fpgadiag.py +++ b/binaries/fpgadiag/opae/diag/fpgadiag.py @@ -1,5 +1,5 @@ #! /usr/bin/env python3 -# Copyright(c) 2017-2020 Intel Corporation +# Copyright(c) 2017-2023 Intel Corporation # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: @@ -67,10 +67,9 @@ def main(): cmdline[0] = os.path.join(cwd, cmdline[0]) cmdline = cmdline + ['-t', args.target] + leftover - cmdline = ' '.join(cmdline) try: - subprocess.check_call(cmdline, shell=True) + subprocess.run(cmdline, check=True) except CalledProcessError as e: exit(e.returncode) diff --git a/binaries/fpgadiag/opae/diag/fpgastats.py b/binaries/fpgadiag/opae/diag/fpgastats.py index 82fc7c9c8d40..87815e35c311 100755 --- a/binaries/fpgadiag/opae/diag/fpgastats.py +++ b/binaries/fpgadiag/opae/diag/fpgastats.py @@ -1,5 +1,5 @@ #! /usr/bin/env python3 -# Copyright(c) 2018-2019, Intel Corporation +# Copyright(c) 2018-2023, Intel Corporation # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: @@ -372,15 +372,13 @@ def eth_stats(self): print("Ethernet Interface Name:", eth_name[1]) print("------------------------------") try: - cmd = "ethtool {}".format(eth_name[1]) + cmd = ['ethtool', eth_name[1]] print(cmd) - rc = subprocess.call(cmd, shell=True) - cmd = "ethtool -S {}".format(eth_name[1]) + subprocess.run(cmd, check=True) + + cmd = ['ethtool', '-S', eth_name[1]] print(cmd) - rc = subprocess.call(cmd, shell=True) - if rc != 0: - print("failed to '{}'".format(cmd)) - return None + subprocess.run(cmd, check=True) except subprocess.CalledProcessError as e: print('failed call') return None diff --git a/platforms/scripts/platmgr/tools/rtl_src_config.py b/platforms/scripts/platmgr/tools/rtl_src_config.py index d354a12b2663..d8f87716d952 100755 --- a/platforms/scripts/platmgr/tools/rtl_src_config.py +++ b/platforms/scripts/platmgr/tools/rtl_src_config.py @@ -299,18 +299,16 @@ def addDefaultFpgaFamily(opts): if ('OPAE_PLATFORM_FPGA_FAMILY' not in os.environ): try: # Get the FPGA technology tag using afu_platform_info - cmd = 'afu_platform_info --key=fpga-family ' + cmd = ['afu_platform_info', '--key=fpga-family'] # What's the platform name? plat_class_file = os.path.join(getHWLibPath(opts), 'fme-platform-class.txt') with open(plat_class_file) as f: - cmd += f.read().strip() + cmd.append(f.read().strip()) - proc = subprocess.Popen(cmd, shell=True, - stdout=subprocess.PIPE) - for line in proc.stdout: - line = line.decode('ascii').strip() + proc = subprocess.run(cmd, check=True, capture_output=True, encoding='ascii') + for line in proc.stdout.split('\n'): os.environ['OPAE_PLATFORM_FPGA_FAMILY'] = line errcode = proc.wait() if (errcode): @@ -333,11 +331,10 @@ def getQuartusVersion(opts): 'QUARTUS_VERSION_MAJOR' not in os.environ): try: # Get the Quartus major version number - proc = subprocess.Popen('quartus_sh --version', shell=True, - stdout=subprocess.PIPE) + cmd = ['quartus_sh', '--version'] + proc = subprocess.run(cmd, check=True, capture_output=True, encoding='ascii') ok = False - for line in proc.stdout: - line = line.decode('ascii').strip() + for line in proc.stdout.split('\n'): if (line[:7] == 'Version'): ok = True diff --git a/python/pacsign/ReadMe.txt b/python/pacsign/ReadMe.txt index ca3891eff8a5..f76b7b74dc4e 100755 --- a/python/pacsign/ReadMe.txt +++ b/python/pacsign/ReadMe.txt @@ -2,7 +2,11 @@ This is standalone signing tool You need to have Python 3.5/3.6 (tested) to run the script -You can run test.py to fully execute all the available operation +You can run pacsign-tests.sh to fully execute all the available operation + + $ python3 -m virtualenv pacsign-venv + $ source ./pacsign-venv/bin/activate + $ pip3 install ./opae-sdk/python/pacsign + $ ./opae-sdk/python/pacsign/pacsign-tests.sh + $ deactivate - python test.py - \ No newline at end of file diff --git a/python/pacsign/pacsign/common_util.py b/python/pacsign/pacsign/common_util.py index 53d2896e3b9e..4114718e4dc3 100755 --- a/python/pacsign/pacsign/common_util.py +++ b/python/pacsign/pacsign/common_util.py @@ -96,22 +96,20 @@ def exception_handler(etype, value, tb): def run_command(command, printed_cmd=None, return_code=0, allow_error=False): - if printed_cmd is None: printed_cmd = command - p = subprocess.Popen( - command, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - encoding="utf8", - ) - returnmsg = p.communicate()[0] - assert p.returncode == 0 or allow_error, ( - 'Fail to run command "%s", error code %d =>\n%s' - % (printed_cmd, p.returncode, returnmsg) - ) - return (p.returncode, returnmsg) + + if isinstance(command, str): + command = command.split() + + try: + p = subprocess.run(command, check=True, capture_output=True, encoding='ascii') + except subprocess.CalledProcessError: + assert allow_error, ( + 'Fail to run command "%s", error code %d =>\n%s' + % (printed_cmd, p.returncode, p.stderr) + ) + return (p.returncode, p.stdout) def assert_in_error(boolean, string, *arg): diff --git a/python/pacsign/test.py b/python/pacsign/test.py deleted file mode 100755 index 435143809be2..000000000000 --- a/python/pacsign/test.py +++ /dev/null @@ -1,254 +0,0 @@ -# Copyright(c) 2019, Intel Corporation -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# * Neither the name of Intel Corporation nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -import os - -assert os.system("rm -rf test") == 0 -assert os.system("mkdir test") == 0 -# print ("Generate two pairs of private/public key") -assert ( - os.system( - ( - "python -m pacsign --operation=make_private_pem " - + "--curve=secp384r1 --no_passphrase test/pri1.pem -k key_manager" - ) - ) - != 0 -) -assert ( - os.system( - ( - "python -m pacsign --operation=make_private_pem " - + "--curve=secp384r1 --no_passphrase test/pri2.pem -k key_manager" - ) - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_private_pem " - + "--curve=secp256r1 --no_passphrase test/pri3.pem -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_private_pem " - + "--curve=secp384r1 --no_passphrase test/pri4.pem -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_public_pem " - + "test/pri1.pem test/pub1.pem -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_public_pem " - + "test/pri2.pem test/pub2.pem -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_public_pem " - + "test/pri3.pem test/pub3.pem -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_public_pem " - + "test/pri4.pem test/pub4.pem -k key_manager" - ) - == 0 -) -print("Generate root keychain") -assert ( - os.system( - "python -m pacsign --operation=make_root test/pub1.pem " - + "test/root.qky -k key_manager" - ) - == 0 -) -print("Append new key to root keychain to generate new keychain") -assert ( - os.system( - "python -m pacsign --operation=append_key --permission=-1 " + - "--cancel=0 --previous_qky=test/root.qky --previous_pem=test/pri1.pem " + - "test/pub2.pem test/key.qky -k key_manager") == 0) -print( - "Append new key to root keychain to generate new keychain " + - "(negative test)") -assert ( - os.system( - "python -m pacsign --operation=append_key --permission=-1 " + - "--cancel=0 --previous_qky=test/key.qky --previous_pem=test/pri2.pem " + - "test/pub4.pem test/negative.qky -k key_manager") != 0) -assert ( - os.system( - "python -m pacsign --operation=append_key --permission=-1 " + - "--cancel=0 --previous_qky=test/root.qky --previous_pem=test/pri1.pem " + - "test/pub3.pem test/negative.qky -k key_manager") != 0) -print("Insert Block0/Block1 into raw data and sign") -assert ( - os.system( - "python -m pacsign FIM -t update -H openssl_manager --yes " - + "-i hello_mem_afu.gbs -o s_PACSign.py " - + "-r d:/keys/darby/darby_dev_fim_root_public_256.pem " - + "-k d:/keys/darby/darby_dev_fim_csk0_public_256.pem -vv" - ) - == 0 -) -print("************************Insert Block0/Block1 into raw data and sign") -assert ( - os.system( - "python -m pacsign FIM -t update -H openssl_manager -i PACSign.py " - + "-o us_PACSign.py -vv -y" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign FIM -t update -H pkcs11_manager -k csk0 -r root_key " - + "-i PACSign.py -o us_pkcs11_PACSign.py -C PKCS11_config.json -y -vvv" - ) - == 0 -) -print("Insert Block0/Block1 into raw data and sign (negative test)") -assert ( - os.system( - "python -m pacsign --operation=insert_data_and_sign --type=FIM " - + "--qky=test/root.qky --pem=test/pri1.pem data.bin " - + "test/negative.bin -k key_manager -x update" - ) - != 0 -) -print("Insert Block0/Block1 into raw data, the output is unsigned data") -assert ( - os.system( - "python -m pacsign --operation=insert_data --type=BMC_FW data.bin " - + "test/unsigned_data.bin -k key_manager -x update" - ) - == 0 -) -print("Sign the unsigned data") -assert ( - os.system( - "python -m pacsign --operation=sign --qky=test/key.qky " - + "--pem=test/pri2.pem test/unsigned_data.bin test/data2sign.bin " - + "-k key_manager -x update" - ) - == 0 -) -print("Read Root Key Hash") -assert ( - os.system( - "python -m pacsign --operation=root_key_hash test/root.qky " - + "test/root.txt -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=root_key_hash test/key.qky " - + "test/key.txt -k key_manager" - ) - == 0 -) -print("Check file integrity") -assert ( - os.system( - "python -m pacsign --operation=check_integrity test/unsigned_data.bin" - + " > test/unsigned_data.bin.txt -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=check_integrity test/data1sign.bin " - + "> test/data1sign.bin.txt -k key_manager" - ) - == 0 -) -assert ( - os.system( - "python -m pacsign --operation=check_integrity test/data2sign.bin " - + "> test/data2sign.bin.txt -k key_manager" - ) - == 0 -) -print("Make and sign cancellation cert") -assert ( - os.system( - "python -m pacsign --operation=make_and_sign_cancellation_cert " - + "--type=FIM --qky=test/root.qky --pem=test/pri1.pem " - + "--cancel=1 test/cancel.cert -k key_manager" - ) - == 0 -) -print("Make and sign cancellation cert (negative test)") -assert ( - os.system( - "python -m pacsign --operation=make_and_sign_cancellation_cert " - + "--type=FIM --qky=test/root.qky --pem=test/pri1.pem " - + "--cancel=189 test/cancel.cert -k key_manager" - ) - != 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_and_sign_cancellation_cert " - + "--type=FIM --qky=test/key.qky --pem=test/pri2.pem " - + "--cancel=1 test/negative.cert -k key_manager" - ) - != 0 -) -assert ( - os.system( - "python -m pacsign --operation=make_and_sign_cancellation_cert " - + "--type=FIM --qky=test/key.qky --pem=test/pri2.pem " - + "--cancel=1 test/negative.bin -k key_manager" - ) - != 0 -) -print("Check cancellation cert integrity") -assert ( - os.system( - "python -m pacsign --operation=check_integrity test/cancel.cert " - + "> test/cancel.cert.txt -k key_manager" - ) - == 0 -) -assert not os.path.exists("test/negative.qky") -assert not os.path.exists("test/negative.bin") -assert not os.path.exists("test/negative.cert") -print("Misc") -assert os.system("python -m pacsign --help > test/help.txt") == 0 -assert os.system( - "python -m pacsign --help --operation=sign > test/ohelp.txt") == 0