blob: 570bd2439c1705025d24f902a48247ecf027cc69 [file] [log] [blame]
Love Kumarb32a3d22024-01-19 15:31:29 +05301# SPDX-License-Identifier: GPL-2.0
2# (C) Copyright 2023, Advanced Micro Devices, Inc.
3
4import pytest
5import re
6import u_boot_utils
7import test_net
8
9"""
10This test verifies different type of secure boot images loaded at the DDR for
11AMD's ZynqMP SoC.
12
13Note: This test relies on boardenv_* containing configuration values to define
14the files to be used for testing. Without this, this test will be automatically
15skipped. It also relies on dhcp or setup_static net test to support tftp to
16load files from a TFTP server.
17
18For example:
19
20# Details regarding the files that may be read from a TFTP server. This
21# variable may be omitted or set to None if zynqmp secure testing is not
22# possible or desired.
23env__zynqmp_secure_readable_file = {
24 'fn': 'auth_bhdr_ppk1.bin',
25 'enckupfn': 'auth_bhdr_enc_kup_load.bin',
26 'addr': 0x1000000,
27 'keyaddr': 0x100000,
28 'keyfn': 'aes.txt',
29}
30"""
31
32@pytest.mark.buildconfigspec('cmd_zynqmp')
33def test_zynqmp_secure_boot_image(u_boot_console):
34 """This test verifies secure boot image at the DDR address for
35 authentication only case.
36 """
37
38 f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None)
39 if not f:
40 pytest.skip('No TFTP readable file for zynqmp secure cases to read')
41
42 test_net.test_net_dhcp(u_boot_console)
43 if not test_net.net_set_up:
44 test_net.test_net_setup_static(u_boot_console)
45
46 addr = f.get('addr', None)
47 if not addr:
48 addr = u_boot_utils.find_ram_base(u_boot_console)
49
50 expected_tftp = 'Bytes transferred = '
51 fn = f['fn']
52 output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn))
53 assert expected_tftp in output
54
55 output = u_boot_console.run_command('zynqmp secure %x $filesize' % (addr))
56 assert 'Verified image at' in output
57 ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1)
58 output = u_boot_console.run_command('echo $?')
59 assert output.endswith('0')
60 output = u_boot_console.run_command('print zynqmp_verified_img_addr')
61 assert f'zynqmp_verified_img_addr={ver_addr}' in output
62 assert 'Error' not in output
63
64
65@pytest.mark.buildconfigspec('cmd_zynqmp')
66def test_zynqmp_secure_boot_img_kup(u_boot_console):
67 """This test verifies secure boot image at the DDR address for encryption
68 with kup key case.
69 """
70
71 f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None)
72 if not f:
73 pytest.skip('No TFTP readable file for zynqmp secure cases to read')
74
75 test_net.test_net_dhcp(u_boot_console)
76 if not test_net.net_set_up:
77 test_net.test_net_setup_static(u_boot_console)
78
79 keyaddr = f.get('keyaddr', None)
80 if not keyaddr:
81 addr = u_boot_utils.find_ram_base(u_boot_console)
82 expected_tftp = 'Bytes transferred = '
83 keyfn = f['keyfn']
84 output = u_boot_console.run_command('tftpboot %x %s' % (keyaddr, keyfn))
85 assert expected_tftp in output
86
87 addr = f.get('addr', None)
88 if not addr:
89 addr = u_boot_utils.find_ram_base(u_boot_console)
90 expected_tftp = 'Bytes transferred = '
91 fn = f['enckupfn']
92 output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn))
93 assert expected_tftp in output
94
95 output = u_boot_console.run_command(
96 'zynqmp secure %x $filesize %x' % (addr, keyaddr)
97 )
98 assert 'Verified image at' in output
99 ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1)
100 output = u_boot_console.run_command('echo $?')
101 assert output.endswith('0')
102 output = u_boot_console.run_command('print zynqmp_verified_img_addr')
103 assert f'zynqmp_verified_img_addr={ver_addr}' in output
104 assert 'Error' not in output