1 # SPDX-License-Identifier: GPL-2.0
2 # (C) Copyright 2023, Advanced Micro Devices, Inc.
10 This test verifies different type of secure boot images to authentication and
11 decryption using AES and RSA features for AMD's Zynq SoC.
13 Note: This test relies on boardenv_* containing configuration values to define
14 the network available and files to be used for testing. Without this, this test
15 will be automatically skipped. It also relies on dhcp or setup_static net test
16 to support tftp to load files from a TFTP server.
20 # Details regarding the files that may be read from a TFTP server and addresses
21 # and size for aes and rsa cases respectively. This variable may be omitted or
22 # set to None if zynqmp secure testing is not possible or desired.
23 env__zynq_aes_readable_file = {
24 'fn': 'zynq_aes_image.bin',
25 'fnbit': 'zynq_aes_bit.bin',
26 'fnpbit': 'zynq_aes_par_bit.bin',
32 env__zynq_rsa_readable_file = {
33 'fn': 'zynq_rsa_image.bin',
34 'fninvalid': 'zynq_rsa_image_invalid.bin',
39 def zynq_secure_pre_commands(u_boot_console):
40 output = u_boot_console.run_command('print modeboot')
41 if not 'modeboot=' in output:
42 pytest.skip('bootmode cannnot be determined')
43 m = re.search('modeboot=(.+?)boot', output)
45 pytest.skip('bootmode cannnot be determined')
47 if bootmode == 'jtag':
48 pytest.skip('skipping due to jtag bootmode')
50 @pytest.mark.buildconfigspec('cmd_zynq_aes')
51 def test_zynq_aes_image(u_boot_console):
52 f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
54 pytest.skip('No TFTP readable file for zynq secure aes case to read')
56 dstaddr = f.get('dstaddr', None)
58 pytest.skip('No dstaddr specified in env file to read')
60 dstsize = f.get('dstlen', None)
62 pytest.skip('No dstlen specified in env file to read')
64 zynq_secure_pre_commands(u_boot_console)
65 test_net.test_net_dhcp(u_boot_console)
66 if not test_net.net_set_up:
67 test_net.test_net_setup_static(u_boot_console)
69 srcaddr = f.get('srcaddr', None)
71 addr = u_boot_utils.find_ram_base(u_boot_console)
73 expected_tftp = 'Bytes transferred = '
75 output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
76 assert expected_tftp in output
78 expected_op = 'zynq aes [operation type] <srcaddr>'
79 output = u_boot_console.run_command(
80 'zynq aes %x $filesize %x %x' % (srcaddr, dstaddr, dstsize)
82 assert expected_op not in output
83 output = u_boot_console.run_command('echo $?')
84 assert output.endswith('0')
86 @pytest.mark.buildconfigspec('cmd_zynq_aes')
87 def test_zynq_aes_bitstream(u_boot_console):
88 f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
90 pytest.skip('No TFTP readable file for zynq secure aes case to read')
92 zynq_secure_pre_commands(u_boot_console)
93 test_net.test_net_dhcp(u_boot_console)
94 if not test_net.net_set_up:
95 test_net.test_net_setup_static(u_boot_console)
97 srcaddr = f.get('srcaddr', None)
99 addr = u_boot_utils.find_ram_base(u_boot_console)
101 expected_tftp = 'Bytes transferred = '
103 output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
104 assert expected_tftp in output
106 expected_op = 'zynq aes [operation type] <srcaddr>'
107 output = u_boot_console.run_command(
108 'zynq aes load %x $filesize' % (srcaddr)
110 assert expected_op not in output
111 output = u_boot_console.run_command('echo $?')
112 assert output.endswith('0')
114 @pytest.mark.buildconfigspec('cmd_zynq_aes')
115 def test_zynq_aes_partial_bitstream(u_boot_console):
116 f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
118 pytest.skip('No TFTP readable file for zynq secure aes case to read')
120 zynq_secure_pre_commands(u_boot_console)
121 test_net.test_net_dhcp(u_boot_console)
122 if not test_net.net_set_up:
123 test_net.test_net_setup_static(u_boot_console)
125 srcaddr = f.get('srcaddr', None)
127 addr = u_boot_utils.find_ram_base(u_boot_console)
129 expected_tftp = 'Bytes transferred = '
131 output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
132 assert expected_tftp in output
134 expected_op = 'zynq aes [operation type] <srcaddr>'
135 output = u_boot_console.run_command('zynq aes loadp %x $filesize' % (srcaddr))
136 assert expected_op not in output
137 output = u_boot_console.run_command('echo $?')
138 assert output.endswith('0')
140 @pytest.mark.buildconfigspec('cmd_zynq_rsa')
141 def test_zynq_rsa_image(u_boot_console):
142 f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
144 pytest.skip('No TFTP readable file for zynq secure rsa case to read')
146 zynq_secure_pre_commands(u_boot_console)
147 test_net.test_net_dhcp(u_boot_console)
148 if not test_net.net_set_up:
149 test_net.test_net_setup_static(u_boot_console)
151 srcaddr = f.get('srcaddr', None)
153 addr = u_boot_utils.find_ram_base(u_boot_console)
155 expected_tftp = 'Bytes transferred = '
157 output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
158 assert expected_tftp in output
160 expected_op = 'zynq rsa <baseaddr>'
161 output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
162 assert expected_op not in output
163 output = u_boot_console.run_command('echo $?')
164 assert output.endswith('0')
166 @pytest.mark.buildconfigspec('cmd_zynq_rsa')
167 def test_zynq_rsa_image_invalid(u_boot_console):
168 f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
170 pytest.skip('No TFTP readable file for zynq secure rsa case to read')
172 zynq_secure_pre_commands(u_boot_console)
173 test_net.test_net_dhcp(u_boot_console)
174 if not test_net.net_set_up:
175 test_net.test_net_setup_static(u_boot_console)
177 srcaddr = f.get('srcaddr', None)
179 addr = u_boot_utils.find_ram_base(u_boot_console)
181 expected_tftp = 'Bytes transferred = '
182 fninvalid = f['fninvalid']
183 output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fninvalid))
184 assert expected_tftp in output
186 expected_op = 'zynq rsa <baseaddr>'
187 output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
188 assert expected_op in output
189 output = u_boot_console.run_command('echo $?')
190 assert not output.endswith('0')