1# SPDX-License-Identifier: GPL-2.0 2# (C) Copyright 2023, Advanced Micro Devices, Inc. 3 4import pytest 5import re 6import u_boot_utils 7import test_net 8 9""" 10This test verifies different type of secure boot images loaded at the DDR for 11AMD's ZynqMP SoC. 12 13Note: This test relies on boardenv_* containing configuration values to define 14the files to be used for testing. Without this, this test will be automatically 15skipped. It also relies on dhcp or setup_static net test to support tftp to 16load files from a TFTP server. 17 18For example: 19 20# Details regarding the files that may be read from a TFTP server. This 21# variable may be omitted or set to None if zynqmp secure testing is not 22# possible or desired. 23env__zynqmp_secure_readable_file = { 24 'fn': 'auth_bhdr_ppk1.bin', 25 'enckupfn': 'auth_bhdr_enc_kup_load.bin', 26 'addr': 0x1000000, 27 'keyaddr': 0x100000, 28 'keyfn': 'aes.txt', 29} 30""" 31 32@pytest.mark.buildconfigspec('cmd_zynqmp') 33def test_zynqmp_secure_boot_image(u_boot_console): 34 """This test verifies secure boot image at the DDR address for 35 authentication only case. 36 """ 37 38 f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None) 39 if not f: 40 pytest.skip('No TFTP readable file for zynqmp secure cases to read') 41 42 test_net.test_net_dhcp(u_boot_console) 43 if not test_net.net_set_up: 44 test_net.test_net_setup_static(u_boot_console) 45 46 addr = f.get('addr', None) 47 if not addr: 48 addr = u_boot_utils.find_ram_base(u_boot_console) 49 50 expected_tftp = 'Bytes transferred = ' 51 fn = f['fn'] 52 output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn)) 53 assert expected_tftp in output 54 55 output = u_boot_console.run_command('zynqmp secure %x $filesize' % (addr)) 56 assert 'Verified image at' in output 57 ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1) 58 output = u_boot_console.run_command('echo $?') 59 assert output.endswith('0') 60 output = u_boot_console.run_command('print zynqmp_verified_img_addr') 61 assert f'zynqmp_verified_img_addr={ver_addr}' in output 62 assert 'Error' not in output 63 64 65@pytest.mark.buildconfigspec('cmd_zynqmp') 66def test_zynqmp_secure_boot_img_kup(u_boot_console): 67 """This test verifies secure boot image at the DDR address for encryption 68 with kup key case. 69 """ 70 71 f = u_boot_console.config.env.get('env__zynqmp_secure_readable_file', None) 72 if not f: 73 pytest.skip('No TFTP readable file for zynqmp secure cases to read') 74 75 test_net.test_net_dhcp(u_boot_console) 76 if not test_net.net_set_up: 77 test_net.test_net_setup_static(u_boot_console) 78 79 keyaddr = f.get('keyaddr', None) 80 if not keyaddr: 81 addr = u_boot_utils.find_ram_base(u_boot_console) 82 expected_tftp = 'Bytes transferred = ' 83 keyfn = f['keyfn'] 84 output = u_boot_console.run_command('tftpboot %x %s' % (keyaddr, keyfn)) 85 assert expected_tftp in output 86 87 addr = f.get('addr', None) 88 if not addr: 89 addr = u_boot_utils.find_ram_base(u_boot_console) 90 expected_tftp = 'Bytes transferred = ' 91 fn = f['enckupfn'] 92 output = u_boot_console.run_command('tftpboot %x %s' % (addr, fn)) 93 assert expected_tftp in output 94 95 output = u_boot_console.run_command( 96 'zynqmp secure %x $filesize %x' % (addr, keyaddr) 97 ) 98 assert 'Verified image at' in output 99 ver_addr = re.search(r'Verified image at 0x(.+)', output).group(1) 100 output = u_boot_console.run_command('echo $?') 101 assert output.endswith('0') 102 output = u_boot_console.run_command('print zynqmp_verified_img_addr') 103 assert f'zynqmp_verified_img_addr={ver_addr}' in output 104 assert 'Error' not in output 105