diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-11-09 14:07:45 -0600 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-11-15 15:12:28 -0500 |
| commit | eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c (patch) | |
| tree | 4c1b59cf3f0f347871c711505e47fb7f8bdabfa2 | |
| parent | 27fe0afaf8f13c2636fc33535a56e5912dc8e12c (diff) | |
| download | talos-hostboot-eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c.tar.gz talos-hostboot-eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c.zip | |
Create new test only PNOR section to test secure Load/Unloads
Created a test PNOR section called TESTLOAD that only exists in
standalone solely for the purpose of testing loadSecureSection
and unloadSecureSection functions of secure boot.
Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f
RTC:181598
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
| -rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 9 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 1 | ||||
| -rwxr-xr-x | src/build/mkrules/hbfw/img/makefile | 5 | ||||
| -rw-r--r-- | src/include/usr/pnor/pnor_const.H | 1 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 4 | ||||
| -rw-r--r-- | src/usr/pnor/test/pnorrptest.H | 200 |
6 files changed, 110 insertions, 110 deletions
diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index 85db37ae0..6c2357b7e 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -279,4 +279,13 @@ Layout Description <sha512Version/> <ecc/> </section> + <section> + <description>Secureboot Test Load (12K)</description> + <eyeCatch>TESTLOAD</eyeCatch> + <physicalOffset>0x39DB000</physicalOffset> + <physicalRegionSize>0x3000</physicalRegionSize> + <side>sideless</side> + <sha512Version/> + <ecc/> + </section> </pnor> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 06d624c6e..841d9f216 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -575,6 +575,7 @@ sub manipulateImages $isNormalSecure ||= ($eyeCatch eq "WOFDATA"); $isNormalSecure ||= ($eyeCatch eq "IMA_CATALOG"); $isNormalSecure ||= ($eyeCatch eq "TESTRO"); + $isNormalSecure ||= ($eyeCatch eq "TESTLOAD"); my $isSpecialSecure = ($eyeCatch eq "HBB"); $isSpecialSecure ||= ($eyeCatch eq "HBD"); diff --git a/src/build/mkrules/hbfw/img/makefile b/src/build/mkrules/hbfw/img/makefile index dcc74ab4e..69846a142 100755 --- a/src/build/mkrules/hbfw/img/makefile +++ b/src/build/mkrules/hbfw/img/makefile @@ -106,6 +106,7 @@ HBI_FINAL_IMG = HBI.bin HBRT_FINAL_IMG = HBRT.bin TEST_FINAL_IMG = TEST.bin TESTRO_FINAL_IMG = TESTRO.bin +TESTLOAD_FINAL_IMG = TESTLOAD.bin HBEL_FINAL_IMG = HBEL.bin GUARD_FINAL_IMG = GUARD.bin GLOBAL_FINAL_IMG = GLOBAL.bin @@ -196,7 +197,7 @@ BUILD_TYPE_PARAMS = --build-type fspbuild .if(${FAKEPNOR} == "") # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. .if(${DEFAULT_PNOR} == 1) - GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},TEST=EMPTY,TESTRO=EMPTY,HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,PAYLOAD=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY,FIRDATA=EMPTY,MEMD=${MEMD_IMG} + GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},TEST=EMPTY,TESTRO=EMPTY,TESTLOAD=EMPTY,HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,PAYLOAD=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY,FIRDATA=EMPTY,MEMD=${MEMD_IMG} .else GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY,MEMD=${MEMD_IMG} .endif @@ -410,7 +411,7 @@ gen_system_specific_images: build_sbe_partitions .PMAKE @${MAKE:T:R} gen_system_specific_images_bypass_cache .if(${DEFAULT_PNOR} == 1) - HOSTBOOT_DEFAULT_SECTIONS = HBBL=${HBBL_FINAL_IMG},HBB=${HBB_FINAL_IMG},HBI=${HBI_FINAL_IMG},HBRT=${HBRT_FINAL_IMG},TEST=${TEST_FINAL_IMG},TESTRO=${TESTRO_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},GUARD=${GUARD_FINAL_IMG},GLOBAL=${GLOBAL_FINAL_IMG},PAYLOAD=${PAYLOAD_FINAL_IMG},CVPD=${CVPD_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},RINGOVD=${RINGOVD_FINAL_IMG},SBKT=${SBKT_FINAL_IMG},FIRDATA=${FIRDATA_FINAL_IMG},MEMD=${MEMD_FINAL_IMG} + HOSTBOOT_DEFAULT_SECTIONS = HBBL=${HBBL_FINAL_IMG},HBB=${HBB_FINAL_IMG},HBI=${HBI_FINAL_IMG},HBRT=${HBRT_FINAL_IMG},TEST=${TEST_FINAL_IMG},TESTRO=${TESTRO_FINAL_IMG},TESTLOAD=${TESTLOAD_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},GUARD=${GUARD_FINAL_IMG},GLOBAL=${GLOBAL_FINAL_IMG},PAYLOAD=${PAYLOAD_FINAL_IMG},CVPD=${CVPD_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},RINGOVD=${RINGOVD_FINAL_IMG},SBKT=${SBKT_FINAL_IMG},FIRDATA=${FIRDATA_FINAL_IMG},MEMD=${MEMD_FINAL_IMG} NIMBUS_SECT = HBD=${NIMBUS_HBD_FINAL_IMG},SBE=${NIMBUS_SBE_FINAL_IMG},HCODE=${NIMBUS_HCODE_FINAL_IMG},OCC=${NIMBUS_OCC_FINAL_IMG},WOFDATA=${ZZ_WOFDATA_FINAL_IMG} CUMULUS_SECT = HBD=${CUMULUS_HBD_FINAL_IMG},SBE=${CUMULUS_SBE_FINAL_IMG},HCODE=${CUMULUS_HCODE_FINAL_IMG},OCC=${CUMULUS_OCC_FINAL_IMG},WOFDATA=${ZEPPELIN_WOFDATA_FINAL_IMG} .else diff --git a/src/include/usr/pnor/pnor_const.H b/src/include/usr/pnor/pnor_const.H index 37316e87d..e820bdac6 100644 --- a/src/include/usr/pnor/pnor_const.H +++ b/src/include/usr/pnor/pnor_const.H @@ -72,6 +72,7 @@ enum SectionId SBKT, /**< SecureBoot Key Transition */ HB_VOLATILE, /**< Semi volatile partition for reconfig */ MEMD, /**< Memory configuration data */ + TESTLOAD, /**< Secureboot test load */ #endif NUM_SECTIONS, /**< Number of defined sections */ diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index dc94c56e2..8108f0077 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -395,7 +395,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) i_section == HB_RUNTIME || i_section == WOFDATA || i_section == MEMD || - i_section == CAPP; + i_section == CAPP || + i_section == TESTLOAD; #endif #else return false; @@ -463,6 +464,7 @@ const char * PNOR::SectionIdToString( uint32_t i_secIdIndex ) "SBKT", /**< PNOR::SBKT : SecureBoot Key Transition */ "HB_VOLATILE", /**< PNOR::HB_VOLATILE : Semi volatile partition */ "MEMD", /**< PNOR::MEMD : Memory configuration data */ + "TESTLOAD", /**< PNOR::TESTLOAD : Secureboot Test Load */ #endif }; diff --git a/src/usr/pnor/test/pnorrptest.H b/src/usr/pnor/test/pnorrptest.H index 5f1db820a..a8701e140 100644 --- a/src/usr/pnor/test/pnorrptest.H +++ b/src/usr/pnor/test/pnorrptest.H @@ -820,113 +820,99 @@ class PnorRpTest : public CxxTest::TestSuite /** * @brief Tests loading and unloading a secure section */ - // TODO RTC: 181598 Test case cannot used MEMD to test loads and unloads. - // This test should use its own special pnor section to test this functionality. -// void test_loadUnloadSecureSection() -// { -// // @RTC 156118 Right now these tests just ensure the -// // APIs are callable; they should return success always -// // until 156118 implements the real support. At that time -// // this testcase should be updated. -// #ifdef CONFIG_SECUREBOOT -// errlHndl_t pError=NULL; -// do { -// -// if (!PNOR::isEnforcedSecureSection(PNOR::MEMD)) -// { -// break; -// } -// -// pError = PNOR::loadSecureSection(PNOR::MEMD); -// if(pError != NULL) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error"); -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError != NULL) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection returned an error"); -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// // try loading MEMD a few times -// for (int i=0; i<10; i++) -// { -// pError = PNOR::loadSecureSection(PNOR::MEMD); -// if(pError != nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error on MEMD section load attempt %i",i); -// break; -// } -// } -// if (pError != nullptr) -// { -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// -// // try unloading MEMD the exact same number of times we loaded it -// for (int i=0; i<10; i++) -// { -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError != nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error on MEMD section unload attempt %i", i); -// break; -// } -// } -// if (pError != nullptr) -// { -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// // TODO RTC 181272 -// // In order for the below test to work, we need to make sure that -// // MEMD is never actually being loaded or unloaded during this test. -// // Since all of the tests run in parallel, we can't really -// // guarantee this completely if someone decides to write a test for -// // MEMD, so ideally we would need some kind of mutex to prevent this. -// -// // Try to unload the secure section one extra time -// // We expect to see an error log -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError == nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection failed to return error on extra invoke"); -// break; -// } -// else -// { -// if(pError->reasonCode() != PNOR::RC_EXTERNAL_ERROR || -// pError->moduleId() != PNOR::MOD_PNORRP_LOADUNLOADSECURESECTION) -// { -// ERRORLOG::errlCommit(pError, PNOR_COMP_ID); -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection return an unexpected error"); -// break; -// } -// else -// { -// // passed the test -// delete pError; -// pError = nullptr; -// } -// } -// -// } while (0); -// #endif -// } + void test_loadUnloadSecureSection() + { +#ifdef CONFIG_SECUREBOOT + errlHndl_t pError=NULL; + do { + + if (!PNOR::isEnforcedSecureSection(PNOR::TESTLOAD)) + { + break; + } + + pError = PNOR::loadSecureSection(PNOR::TESTLOAD); + if(pError != NULL) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error"); + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError != NULL) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection returned an error"); + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // try loading the TESTLOAD section a few times + for (int i=0; i<10; i++) + { + pError = PNOR::loadSecureSection(PNOR::TESTLOAD); + if(pError != nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error on TESTLOAD section load attempt %i",i); + break; + } + } + if (pError != nullptr) + { + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // try unloading TESTLOAD the exact same number of times we loaded it + for (int i=0; i<10; i++) + { + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError != nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error on TESTLOAD section unload attempt %i", i); + break; + } + } + if (pError != nullptr) + { + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // Try to unload the secure section one extra time + // We expect to see an error log + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError == nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection failed to return error on extra invoke"); + break; + } + else + { + if(pError->reasonCode() != PNOR::RC_EXTERNAL_ERROR || + pError->moduleId() != PNOR::MOD_PNORRP_LOADUNLOADSECURESECTION) + { + ERRORLOG::errlCommit(pError, PNOR_COMP_ID); + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection return an unexpected error"); + break; + } + else + { + // passed the test + delete pError; + pError = nullptr; + } + } + + } while (0); +#endif + } }; |
