From: Simon Glass <sjg@chromium.org>
Date: Tue, 5 May 2026 18:12:55 +0000 (-0600)
Subject: binman: Use bintool wrappers for PKCS#11 tools in tests
X-Git-Tag: v2026.07-rc2~1^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=08bcf962c5fe1d2690ac3ff6dd75d3963325476b;p=thirdparty%2Fu-boot.git

binman: Use bintool wrappers for PKCS#11 tools in tests

The PKCS#11 signing tests in ftest.py call tools.run('softhsm2-util', ...)
directly (and the equivalent for pkcs11-tool and p11-kit), even though
the test setup has already constructed the corresponding Bintool
instances. As Quentin Schulz observed on v1, the bintool wrapper for
these tools is currently used only as an "is this installed?" probe.

Route the eight remaining call sites in ftest.py through
<bintool>.run_cmd(...), which the Bintool base class already provides.
The change is test-side only; no production binman code calls these
tools.

Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
---

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index da8325f820a..9a3811c1732 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -7581,7 +7581,7 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         self._CheckBintool(p11_kit)
 
         p11_kit_config = configparser.ConfigParser()
-        out = tools.run('p11-kit', 'print-config')
+        out = p11_kit.run_cmd('print-config')
         p11_kit_config.read_string(out)
         softhsm2_lib = p11_kit_config.get('softhsm2', 'module',
                                            fallback=None)
@@ -7590,16 +7590,16 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf,
                                        'PKCS11_MODULE_PATH': softhsm2_lib}):
-                tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                          'U-Boot token', '--pin', '1111', '--so-pin',
-                          '222222')
-                tools.run('pkcs11-tool', '--module', softhsm2_lib,
-                          '--write-object', cert_file, '--pin', '1111',
-                          '--type', 'cert', '--id', '999999', '--label',
-                          'test_cert', '--login')
-                tools.run('softhsm2-util', '--import', private_key, '--token',
-                          'U-Boot token', '--label', 'test_key', '--id', '999999',
-                          '--pin', '1111')
+                softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                      'U-Boot token', '--pin', '1111',
+                                      '--so-pin', '222222')
+                pkcs11_tool.run_cmd('--module', softhsm2_lib,
+                                    '--write-object', cert_file, '--pin', '1111',
+                                    '--type', 'cert', '--id', '999999', '--label',
+                                    'test_cert', '--login')
+                softhsm2_util.run_cmd('--import', private_key, '--token',
+                                      'U-Boot token', '--label', 'test_key',
+                                      '--id', '999999', '--pin', '1111')
                 data = self._DoReadFile('capsule/signed_pkcs11.dts')
 
         self._CheckCapsule(data, signed_capsule=True)
@@ -8251,12 +8251,12 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
 
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf}):
-            tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                      'U-Boot token', '--pin', '1111', '--so-pin',
-                      '222222')
-            tools.run('softhsm2-util', '--import', private_key, '--token',
-                      'U-Boot token', '--label', 'test_key', '--id', '999999',
-                      '--pin', '1111')
+            softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                  'U-Boot token', '--pin', '1111',
+                                  '--so-pin', '222222')
+            softhsm2_util.run_cmd('--import', private_key, '--token',
+                                  'U-Boot token', '--label', 'test_key',
+                                  '--id', '999999', '--pin', '1111')
 
         # Make sure the private key can only be accessed through the engine
         os.remove(private_key)
@@ -8326,12 +8326,12 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
 
         with unittest.mock.patch.dict('os.environ',
                                       {'SOFTHSM2_CONF': softhsm2_conf}):
-            tools.run('softhsm2-util', '--init-token', '--free', '--label',
-                      'U-Boot prod token', '--pin', '1234', '--so-pin',
-                      '222222')
-            tools.run('softhsm2-util', '--import', private_key, '--token',
-                      'U-Boot prod token', '--label', 'prod', '--id', '999999',
-                      '--pin', '1234')
+            softhsm2_util.run_cmd('--init-token', '--free', '--label',
+                                  'U-Boot prod token', '--pin', '1234',
+                                  '--so-pin', '222222')
+            softhsm2_util.run_cmd('--import', private_key, '--token',
+                                  'U-Boot prod token', '--label', 'prod',
+                                  '--id', '999999', '--pin', '1234')
 
         # Make sure the private key can only be accessed through the engine
         os.remove(private_key)