@@ -163,34 +163,31 @@ jobs:
163163 ./tools/keytools/sign --ed25519 --sha256 test.bin wolfboot_signing_private_key.der 1
164164
165165 make test-lib SIGN=ED25519 HASH=SHA256
166- set +e
166+
167+ # test-lib (hal/library.c) always returns 0; success vs failure is
168+ # signalled by stdout: "Firmware Valid" on the golden path,
169+ # "Failure %d: Hdr %d, Hash %d, Sig %d" when verification rejects
170+ # the image. Assert on output, not on exit status.
171+
167172 success_output=$(./test-lib test_v1_signed.bin 2>&1)
168- success_status=$?
169- set -e
170173 printf '%s\n' "$success_output"
171- if [ "$success_status" -ne 0 ] ; then
172- echo "Expected success, but test-lib failed "
174+ if ! printf '%s\n' "$success_output" | grep -qF "Firmware Valid" ; then
175+ echo "Expected golden-path success, but test-lib did not print \"Firmware Valid\" "
173176 exit 1
174177 fi
175- printf '%s\n' "$success_output" | grep -F "Firmware Valid" >/dev/null
176178
177179 truncate -s -1 test_v1_signed.bin
178180 printf 'A' >> test_v1_signed.bin
179181
180- set +e
181- output=$(./test-lib test_v1_signed.bin 2>&1)
182- status=$?
183- set -e
184-
185- printf '%s\n' "$output"
186-
187- if [ "$status" -eq 0 ]; then
188- echo "Expected failure, but test-lib succeeded"
182+ tamper_output=$(./test-lib test_v1_signed.bin 2>&1)
183+ printf '%s\n' "$tamper_output"
184+ if printf '%s\n' "$tamper_output" | grep -qF "Firmware Valid"; then
185+ echo "Expected tamper rejection, but test-lib reported \"Firmware Valid\""
189186 exit 1
190187 fi
191-
192- if ! printf '%s\n' "$output" | grep -F "Failure" >/dev/null; then
193- echo "test-lib failed as expected, but did not print the legacy \"Failure\" marker"
188+ if ! printf '%s\n' "$tamper_output" | grep -qE "^Failure -?[0-9]+: Hdr [0-9]+, Hash [0-9]+, Sig [0-9]+"; then
189+ echo "Expected tamper rejection marker (\ "Failure N: Hdr X, Hash Y, Sig Z\"), but test-lib output did not contain it"
190+ exit 1
194191 fi
195192
196193renode_multimem_smallstack :
0 commit comments