diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-11-09 14:07:45 -0600 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-11-15 15:12:28 -0500 |
| commit | eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c (patch) | |
| tree | 4c1b59cf3f0f347871c711505e47fb7f8bdabfa2 /src/usr/pnor | |
| parent | 27fe0afaf8f13c2636fc33535a56e5912dc8e12c (diff) | |
| download | talos-hostboot-eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c.tar.gz talos-hostboot-eaf4ca605f7b0e23fe72188b3e2f30aa9879d41c.zip | |
Create new test only PNOR section to test secure Load/Unloads
Created a test PNOR section called TESTLOAD that only exists in
standalone solely for the purpose of testing loadSecureSection
and unloadSecureSection functions of secure boot.
Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f
RTC:181598
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/pnor')
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 4 | ||||
| -rw-r--r-- | src/usr/pnor/test/pnorrptest.H | 200 |
2 files changed, 96 insertions, 108 deletions
diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index dc94c56e2..8108f0077 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -395,7 +395,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) i_section == HB_RUNTIME || i_section == WOFDATA || i_section == MEMD || - i_section == CAPP; + i_section == CAPP || + i_section == TESTLOAD; #endif #else return false; @@ -463,6 +464,7 @@ const char * PNOR::SectionIdToString( uint32_t i_secIdIndex ) "SBKT", /**< PNOR::SBKT : SecureBoot Key Transition */ "HB_VOLATILE", /**< PNOR::HB_VOLATILE : Semi volatile partition */ "MEMD", /**< PNOR::MEMD : Memory configuration data */ + "TESTLOAD", /**< PNOR::TESTLOAD : Secureboot Test Load */ #endif }; diff --git a/src/usr/pnor/test/pnorrptest.H b/src/usr/pnor/test/pnorrptest.H index 5f1db820a..a8701e140 100644 --- a/src/usr/pnor/test/pnorrptest.H +++ b/src/usr/pnor/test/pnorrptest.H @@ -820,113 +820,99 @@ class PnorRpTest : public CxxTest::TestSuite /** * @brief Tests loading and unloading a secure section */ - // TODO RTC: 181598 Test case cannot used MEMD to test loads and unloads. - // This test should use its own special pnor section to test this functionality. -// void test_loadUnloadSecureSection() -// { -// // @RTC 156118 Right now these tests just ensure the -// // APIs are callable; they should return success always -// // until 156118 implements the real support. At that time -// // this testcase should be updated. -// #ifdef CONFIG_SECUREBOOT -// errlHndl_t pError=NULL; -// do { -// -// if (!PNOR::isEnforcedSecureSection(PNOR::MEMD)) -// { -// break; -// } -// -// pError = PNOR::loadSecureSection(PNOR::MEMD); -// if(pError != NULL) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error"); -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError != NULL) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection returned an error"); -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// // try loading MEMD a few times -// for (int i=0; i<10; i++) -// { -// pError = PNOR::loadSecureSection(PNOR::MEMD); -// if(pError != nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error on MEMD section load attempt %i",i); -// break; -// } -// } -// if (pError != nullptr) -// { -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// -// // try unloading MEMD the exact same number of times we loaded it -// for (int i=0; i<10; i++) -// { -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError != nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "loadSecureSection returned an error on MEMD section unload attempt %i", i); -// break; -// } -// } -// if (pError != nullptr) -// { -// ERRORLOG::errlCommit(pError,PNOR_COMP_ID); -// break; -// } -// -// // TODO RTC 181272 -// // In order for the below test to work, we need to make sure that -// // MEMD is never actually being loaded or unloaded during this test. -// // Since all of the tests run in parallel, we can't really -// // guarantee this completely if someone decides to write a test for -// // MEMD, so ideally we would need some kind of mutex to prevent this. -// -// // Try to unload the secure section one extra time -// // We expect to see an error log -// pError = PNOR::unloadSecureSection(PNOR::MEMD); -// if(pError == nullptr) -// { -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection failed to return error on extra invoke"); -// break; -// } -// else -// { -// if(pError->reasonCode() != PNOR::RC_EXTERNAL_ERROR || -// pError->moduleId() != PNOR::MOD_PNORRP_LOADUNLOADSECURESECTION) -// { -// ERRORLOG::errlCommit(pError, PNOR_COMP_ID); -// TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " -// "unloadSecureSection return an unexpected error"); -// break; -// } -// else -// { -// // passed the test -// delete pError; -// pError = nullptr; -// } -// } -// -// } while (0); -// #endif -// } + void test_loadUnloadSecureSection() + { +#ifdef CONFIG_SECUREBOOT + errlHndl_t pError=NULL; + do { + + if (!PNOR::isEnforcedSecureSection(PNOR::TESTLOAD)) + { + break; + } + + pError = PNOR::loadSecureSection(PNOR::TESTLOAD); + if(pError != NULL) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error"); + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError != NULL) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection returned an error"); + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // try loading the TESTLOAD section a few times + for (int i=0; i<10; i++) + { + pError = PNOR::loadSecureSection(PNOR::TESTLOAD); + if(pError != nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error on TESTLOAD section load attempt %i",i); + break; + } + } + if (pError != nullptr) + { + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // try unloading TESTLOAD the exact same number of times we loaded it + for (int i=0; i<10; i++) + { + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError != nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "loadSecureSection returned an error on TESTLOAD section unload attempt %i", i); + break; + } + } + if (pError != nullptr) + { + ERRORLOG::errlCommit(pError,PNOR_COMP_ID); + break; + } + + // Try to unload the secure section one extra time + // We expect to see an error log + pError = PNOR::unloadSecureSection(PNOR::TESTLOAD); + if(pError == nullptr) + { + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection failed to return error on extra invoke"); + break; + } + else + { + if(pError->reasonCode() != PNOR::RC_EXTERNAL_ERROR || + pError->moduleId() != PNOR::MOD_PNORRP_LOADUNLOADSECURESECTION) + { + ERRORLOG::errlCommit(pError, PNOR_COMP_ID); + TS_FAIL("PnorRpTest::test_loadUnloadSecureSection: " + "unloadSecureSection return an unexpected error"); + break; + } + else + { + // passed the test + delete pError; + pError = nullptr; + } + } + + } while (0); +#endif + } }; |
