diff --git a/sim/src/image.rs b/sim/src/image.rs index e8aacc14..568cf0ae 100644 --- a/sim/src/image.rs +++ b/sim/src/image.rs @@ -291,6 +291,29 @@ impl ImagesBuilder { } } + pub fn make_oversized_secondary_slot_image(self) -> Images { + let mut bad_flash = self.flash; + let ram = self.ram.clone(); // TODO: Avoid this clone. + let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| { + let dep = BoringDep::new(image_num, &NO_DEPS); + let primaries = install_image(&mut bad_flash, &slots[0], + maximal(32784), &ram, &dep, false); + let upgrades = install_image(&mut bad_flash, &slots[1], + ImageSize::Oversized, &ram, &dep, false); + OneImage { + slots, + primaries, + upgrades, + }}).collect(); + Images { + flash: bad_flash, + areadesc: self.areadesc, + images, + total_count: None, + ram: self.ram, + } + } + pub fn make_erased_secondary_image(self) -> Images { let mut flash = self.flash; let ram = self.ram.clone(); // TODO: Avoid this clone. @@ -779,6 +802,53 @@ impl Images { fails > 0 } + // Test taht too big upgrade image will be rejected + pub fn run_oversizefail_upgrade(&self) -> bool { + let mut flash = self.flash.clone(); + let mut fails = 0; + + info!("Try upgrade image with to big size"); + + // Only perform this test if an upgrade is expected to happen. + if !Caps::modifies_flash() { + info!("Skipping upgrade image with bad signature"); + return false; + } + + self.mark_upgrades(&mut flash, 0); + self.mark_permanent_upgrades(&mut flash, 0); + self.mark_upgrades(&mut flash, 1); + + if !self.verify_trailers(&flash, 0, BOOT_MAGIC_GOOD, + BOOT_FLAG_SET, BOOT_FLAG_UNSET) { + warn!("1. Mismatched trailer for the primary slot"); + fails += 1; + } + + // Run the bootloader... + if !c::boot_go(&mut flash, &self.areadesc, None, None, false).success() { + warn!("Failed first boot"); + fails += 1; + } + + // State should not have changed + if !self.verify_images(&flash, 0, 0) { + warn!("Failed image verification"); + fails += 1; + } + if !self.verify_trailers(&flash, 0, BOOT_MAGIC_GOOD, + BOOT_FLAG_SET, BOOT_FLAG_UNSET) { + warn!("2. Mismatched trailer for the primary slot"); + fails += 1; + } + + if fails > 0 { + error!("Expected an upgrade failure when image has to big size"); + } + + fails > 0 + } + // Test that an upgrade is rejected. Assumes that the image was build // such that the upgrade is instead a downgrade. pub fn run_nodowngrade(&self) -> bool { diff --git a/sim/tests/core.rs b/sim/tests/core.rs index 03d0fa66..50e0bba5 100644 --- a/sim/tests/core.rs +++ b/sim/tests/core.rs @@ -56,6 +56,10 @@ sim_test!(revert_with_fails, make_image(&NO_DEPS, false), run_revert_with_fails( sim_test!(perm_with_fails, make_image(&NO_DEPS, true), run_perm_with_fails()); sim_test!(perm_with_random_fails, make_image(&NO_DEPS, true), run_perm_with_random_fails(5)); sim_test!(norevert, make_image(&NO_DEPS, true), run_norevert()); + +#[cfg(not(feature = "max-align-32"))] +sim_test!(oversized_secondary_slot, make_oversized_secondary_slot_image(), run_oversizefail_upgrade()); + sim_test!(status_write_fails_complete, make_image(&NO_DEPS, true), run_with_status_fails_complete()); sim_test!(status_write_fails_with_reset, make_image(&NO_DEPS, true), run_with_status_fails_with_reset()); sim_test!(downgrade_prevention, make_image(&REV_DEPS, true), run_nodowngrade());