Love Kumar | b32a3d2 | 2024-01-19 15:31:29 +0530 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0 |
| 2 | # (C) Copyright 2023, Advanced Micro Devices, Inc. |
| 3 | |
| 4 | import pytest |
| 5 | import re |
| 6 | import u_boot_utils |
| 7 | import test_net |
| 8 | |
| 9 | """ |
| 10 | This test verifies different type of secure boot images loaded at the DDR for |
| 11 | AMD's ZynqMP SoC. |
| 12 | |
| 13 | Note: This test relies on boardenv_* containing configuration values to define |
| 14 | the files to be used for testing. Without this, this test will be automatically |
| 15 | skipped. It also relies on dhcp or setup_static net test to support tftp to |
| 16 | load files from a TFTP server. |
| 17 | |
| 18 | For example: |
| 19 | |
| 20 | # Details regarding the files that may be read from a TFTP server. This |
| 21 | # variable may be omitted or set to None if zynqmp secure testing is not |
| 22 | # possible or desired. |
| 23 | env__zynqmp_secure_readable_file = { |
| 24 | 'fn': 'auth_bhdr_ppk1.bin', |
| 25 | 'enckupfn': 'auth_bhdr_enc_kup_load.bin', |
| 26 | 'addr': 0x1000000, |
| 27 | 'keyaddr': 0x100000, |
| 28 | 'keyfn': 'aes.txt', |
| 29 | } |
| 30 | """ |
| 31 | |
| 32 | @pytest.mark.buildconfigspec('cmd_zynqmp') |
| 33 | def test_zynqmp_secure_boot_image(u_boot_console): |
| 34 | """This test verifies secure boot image at the DDR address for |
| 35 | authentication only case. |
| 36 | """ |
| 37 | |
| 38 | f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None) |
| 39 | if not f: |
| 40 | pytest.skip('No TFTP readable file for zynqmp secure cases to read') |
| 41 | |
| 42 | test_net.test_net_dhcp(u_boot_console) |
| 43 | if not test_net.net_set_up: |
| 44 | test_net.test_net_setup_static(u_boot_console) |
| 45 | |
| 46 | addr = f.get('addr', None) |
| 47 | if not addr: |
| 48 | addr = u_boot_utils.find_ram_base(u_boot_console) |
| 49 | |
| 50 | expected_tftp = 'Bytes transferred = ' |
| 51 | fn = f['fn'] |
| 52 | output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn)) |
| 53 | assert expected_tftp in output |
| 54 | |
| 55 | output = u_boot_console.run_command('zynqmp secure %x $filesize' % (addr)) |
| 56 | assert 'Verified image at' in output |
| 57 | ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1) |
| 58 | output = u_boot_console.run_command('echo $?') |
| 59 | assert output.endswith('0') |
| 60 | output = u_boot_console.run_command('print zynqmp_verified_img_addr') |
| 61 | assert f'zynqmp_verified_img_addr={ver_addr}' in output |
| 62 | assert 'Error' not in output |
| 63 | |
| 64 | |
| 65 | @pytest.mark.buildconfigspec('cmd_zynqmp') |
| 66 | def test_zynqmp_secure_boot_img_kup(u_boot_console): |
| 67 | """This test verifies secure boot image at the DDR address for encryption |
| 68 | with kup key case. |
| 69 | """ |
| 70 | |
| 71 | f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None) |
| 72 | if not f: |
| 73 | pytest.skip('No TFTP readable file for zynqmp secure cases to read') |
| 74 | |
| 75 | test_net.test_net_dhcp(u_boot_console) |
| 76 | if not test_net.net_set_up: |
| 77 | test_net.test_net_setup_static(u_boot_console) |
| 78 | |
| 79 | keyaddr = f.get('keyaddr', None) |
| 80 | if not keyaddr: |
| 81 | addr = u_boot_utils.find_ram_base(u_boot_console) |
| 82 | expected_tftp = 'Bytes transferred = ' |
| 83 | keyfn = f['keyfn'] |
| 84 | output = u_boot_console.run_command('tftpboot %x %s' % (keyaddr, keyfn)) |
| 85 | assert expected_tftp in output |
| 86 | |
| 87 | addr = f.get('addr', None) |
| 88 | if not addr: |
| 89 | addr = u_boot_utils.find_ram_base(u_boot_console) |
| 90 | expected_tftp = 'Bytes transferred = ' |
| 91 | fn = f['enckupfn'] |
| 92 | output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn)) |
| 93 | assert expected_tftp in output |
| 94 | |
| 95 | output = u_boot_console.run_command( |
| 96 | 'zynqmp secure %x $filesize %x' % (addr, keyaddr) |
| 97 | ) |
| 98 | assert 'Verified image at' in output |
| 99 | ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1) |
| 100 | output = u_boot_console.run_command('echo $?') |
| 101 | assert output.endswith('0') |
| 102 | output = u_boot_console.run_command('print zynqmp_verified_img_addr') |
| 103 | assert f'zynqmp_verified_img_addr={ver_addr}' in output |
| 104 | assert 'Error' not in output |