1# SPDX-License-Identifier: GPL-2.0
2# (C) Copyright 2023, Advanced Micro Devices, Inc.
3
4import pytest
5import re
6import u_boot_utils
7import test_net
8
9"""
10This test verifies different type of secure boot images to authentication and
11decryption using AES and RSA features for AMD's Zynq SoC.
12
13Note: This test relies on boardenv_* containing configuration values to define
14the network available and files to be used for testing. Without this, this test
15will be automatically skipped. It also relies on dhcp or setup_static net test
16to support tftp to load files from a TFTP server.
17
18For example:
19
20# Details regarding the files that may be read from a TFTP server and addresses
21# and size for aes and rsa cases respectively. This variable may be omitted or
22# set to None if zynqmp secure testing is not possible or desired.
23env__zynq_aes_readable_file = {
24    'fn': 'zynq_aes_image.bin',
25    'fnbit': 'zynq_aes_bit.bin',
26    'fnpbit': 'zynq_aes_par_bit.bin',
27    'srcaddr': 0x1000000,
28    'dstaddr': 0x2000000,
29    'dstlen': 0x1000000,
30}
31
32env__zynq_rsa_readable_file = {
33    'fn': 'zynq_rsa_image.bin',
34    'fninvalid': 'zynq_rsa_image_invalid.bin',
35    'srcaddr': 0x1000000,
36}
37"""
38
39def zynq_secure_pre_commands(u_boot_console):
40    output = u_boot_console.run_command('print modeboot')
41    if not 'modeboot=' in output:
42        pytest.skip('bootmode cannnot be determined')
43    m = re.search('modeboot=(.+?)boot', output)
44    if not m:
45        pytest.skip('bootmode cannnot be determined')
46    bootmode = m.group(1)
47    if bootmode == 'jtag':
48        pytest.skip('skipping due to jtag bootmode')
49
50@pytest.mark.buildconfigspec('cmd_zynq_aes')
51def test_zynq_aes_image(u_boot_console):
52    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
53    if not f:
54        pytest.skip('No TFTP readable file for zynq secure aes case to read')
55
56    dstaddr = f.get('dstaddr', None)
57    if not dstaddr:
58        pytest.skip('No dstaddr specified in env file to read')
59
60    dstsize = f.get('dstlen', None)
61    if not dstsize:
62        pytest.skip('No dstlen specified in env file to read')
63
64    zynq_secure_pre_commands(u_boot_console)
65    test_net.test_net_dhcp(u_boot_console)
66    if not test_net.net_set_up:
67        test_net.test_net_setup_static(u_boot_console)
68
69    srcaddr = f.get('srcaddr', None)
70    if not srcaddr:
71        addr = u_boot_utils.find_ram_base(u_boot_console)
72
73    expected_tftp = 'Bytes transferred = '
74    fn = f['fn']
75    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
76    assert expected_tftp in output
77
78    expected_op = 'zynq aes [operation type] <srcaddr>'
79    output = u_boot_console.run_command(
80        'zynq aes %x $filesize %x %x' % (srcaddr, dstaddr, dstsize)
81    )
82    assert expected_op not in output
83    output = u_boot_console.run_command('echo $?')
84    assert output.endswith('0')
85
86@pytest.mark.buildconfigspec('cmd_zynq_aes')
87def test_zynq_aes_bitstream(u_boot_console):
88    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
89    if not f:
90        pytest.skip('No TFTP readable file for zynq secure aes case to read')
91
92    zynq_secure_pre_commands(u_boot_console)
93    test_net.test_net_dhcp(u_boot_console)
94    if not test_net.net_set_up:
95        test_net.test_net_setup_static(u_boot_console)
96
97    srcaddr = f.get('srcaddr', None)
98    if not srcaddr:
99        addr = u_boot_utils.find_ram_base(u_boot_console)
100
101    expected_tftp = 'Bytes transferred = '
102    fn = f['fnbit']
103    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
104    assert expected_tftp in output
105
106    expected_op = 'zynq aes [operation type] <srcaddr>'
107    output = u_boot_console.run_command(
108        'zynq aes load %x $filesize' % (srcaddr)
109    )
110    assert expected_op not in output
111    output = u_boot_console.run_command('echo $?')
112    assert output.endswith('0')
113
114@pytest.mark.buildconfigspec('cmd_zynq_aes')
115def test_zynq_aes_partial_bitstream(u_boot_console):
116    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
117    if not f:
118        pytest.skip('No TFTP readable file for zynq secure aes case to read')
119
120    zynq_secure_pre_commands(u_boot_console)
121    test_net.test_net_dhcp(u_boot_console)
122    if not test_net.net_set_up:
123        test_net.test_net_setup_static(u_boot_console)
124
125    srcaddr = f.get('srcaddr', None)
126    if not srcaddr:
127        addr = u_boot_utils.find_ram_base(u_boot_console)
128
129    expected_tftp = 'Bytes transferred = '
130    fn = f['fnpbit']
131    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
132    assert expected_tftp in output
133
134    expected_op = 'zynq aes [operation type] <srcaddr>'
135    output = u_boot_console.run_command('zynq aes loadp %x $filesize' % (srcaddr))
136    assert expected_op not in output
137    output = u_boot_console.run_command('echo $?')
138    assert output.endswith('0')
139
140@pytest.mark.buildconfigspec('cmd_zynq_rsa')
141def test_zynq_rsa_image(u_boot_console):
142    f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
143    if not f:
144        pytest.skip('No TFTP readable file for zynq secure rsa case to read')
145
146    zynq_secure_pre_commands(u_boot_console)
147    test_net.test_net_dhcp(u_boot_console)
148    if not test_net.net_set_up:
149        test_net.test_net_setup_static(u_boot_console)
150
151    srcaddr = f.get('srcaddr', None)
152    if not srcaddr:
153        addr = u_boot_utils.find_ram_base(u_boot_console)
154
155    expected_tftp = 'Bytes transferred = '
156    fn = f['fn']
157    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
158    assert expected_tftp in output
159
160    expected_op = 'zynq rsa <baseaddr>'
161    output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
162    assert expected_op not in output
163    output = u_boot_console.run_command('echo $?')
164    assert output.endswith('0')
165
166@pytest.mark.buildconfigspec('cmd_zynq_rsa')
167def test_zynq_rsa_image_invalid(u_boot_console):
168    f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
169    if not f:
170        pytest.skip('No TFTP readable file for zynq secure rsa case to read')
171
172    zynq_secure_pre_commands(u_boot_console)
173    test_net.test_net_dhcp(u_boot_console)
174    if not test_net.net_set_up:
175        test_net.test_net_setup_static(u_boot_console)
176
177    srcaddr = f.get('srcaddr', None)
178    if not srcaddr:
179        addr = u_boot_utils.find_ram_base(u_boot_console)
180
181    expected_tftp = 'Bytes transferred = '
182    fninvalid = f['fninvalid']
183    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fninvalid))
184    assert expected_tftp in output
185
186    expected_op = 'zynq rsa <baseaddr>'
187    output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
188    assert expected_op in output
189    output = u_boot_console.run_command('echo $?')
190    assert not output.endswith('0')
191