Zephyr: Document testplan

This document describes the manual testing done on Zephyr. It uses a bunch of git patches to make modifications to the code, where each is then tried and then backed out. Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-27 10:40:42 -06:00 · 2017-07-27 10:40:42 -06:00 · 9a95b9691f
parent 8ae61c05a5
commit 9a95b9691f
10 changed files with 666 additions and 0 deletions
--- a/doc/testplan-zephyr.rst
+++ b/doc/testplan-zephyr.rst
@ -0,0 +1,164 @@
+Zephyr Test Plan
+================
+
+The following roughly describes how mcuboot is tested on Zephyr.  The
+testing is done with the code in ``samples/zephyr``.  These examples
+were written using the FRDM-K64F, but other boards should be similar.
+At this time, however, the partitions are hardcoded in the Makefile
+targets to flash.
+
+Note that at the time of release of 0.9.0-rc2, the change `MPU flash
+write`_ had not been merged.  This change fixes a problem interaction
+between the MPU and the flash drivers.  Without this change, if the
+MPU is enabled (the default), the bootloader will abort immediately on
+boot, generally before printing any messages.
+
+.. _MPU flash write: https://github.com/zephyrproject-rtos/zephyr/pull/654
+
+At this time, most of the test variants are done by modifying either
+the code or Makefiles.  A future goal is to automate this testing.
+
+Sanity Check
+------------
+
+Begin by running make in ``samples/zephyr``::
+
+    $ make clean
+    $ make all
+
+This will result in three binaries: ``mcuboot.bin``,
+``signed-hello1.bin``, and ``signed-hello2.bin``.
+
+The second file is marked as an "upgrade" by the image tool, so
+has an appended image trailer.
+
+Begin by doing a full erase, and programming the first image::
+
+    $ pyocd-flashtool -ce
+    $ make flash_boot
+
+After it resets, look for "main: Starting bootloader", a few debug
+messages, and lastly: "main: Unable to find bootable image".
+
+Then, load hello1::
+
+    $ make flash_hello1
+
+This should print "main: Jumping to the first image slot", and you
+should get an image "Hello World number 1!".
+
+For kicks, program slot 2's image into slot one.  This has to be done
+manually, and it is good to verify these addresses in the Makefile::
+
+    $ pyocd-flashtool -a 0x20000 signed-hello1.bin
+
+This should boot, printing "Upgraded hello!".
+
+Now put back image 1, and put image 2 in as the upgrade::
+
+    $ make flash_hello1
+    $ make flash_hello2
+
+This should print a message: "boot_swap_type: Swap type: test", and
+you should see "Upgraded hello!".
+
+Now reset the target::
+
+    $ pyocd-tool reset
+
+And you should see a revert and "Hello world number 1" running.
+
+Repeat this, to make sure we can mark the image as OK, and that a
+revert doesn't happen::
+
+    $ make flash_hello1
+    $ make flash_hello2
+
+We should have just booted the Upgraded hello.  Mark this as OK::
+
+    $ pyocd-flashtool -a 0x7ffe8 image_ok.bin
+    $ pyocd-tool reset
+
+And make sure this stays in the "Upgraded hello" image.
+
+Other Signature Combinations
+----------------------------
+
+.. note:: Make sure you don't have changes in your tree, as the
+          following step will undo them.
+
+As part of the above sanity check, we have tested the RSA signature
+algorithm, along with the new RSA-PSS signature algorithm.  To test
+other configurations, we need to make some modifications to the code.
+This is easiest to do by applying some patches (in
+``testplan/zephyr``).  For each of these patches, perform something
+along the lines of::
+
+   $ cd ../..
+   $ git apply testplan/zephyr/0001-try-rsa-pkcs1-v15.patch
+   $ cd samples/zephyr
+   $ make clean
+   $ make all
+   $ pyocd-flashtool -ce
+   $ make flash_boot
+   $ make flash_hello1
+
+Make sure image one boots if it is supposed to (and doesn't if it is
+not supposed to).  Then try the upgrade::
+
+   $ make flash_hello2
+
+After this, make sure that the the image does or doesn't perform the
+upgrade (see test table below).
+
+After the upgrade runs, reset to make sure the revert works (or
+doesn't for the noted cases below)::
+
+   $ pyocd-tool reset
+
+Then undo the change::
+
+   $ cd ../..
+   $ git checkout -- .
+
+and repeat the above steps for each patch.
+
+The following patches are available:
+
+.. list-table:: Test configurations
+   :header-rows: 1
+
+   * - Patch
+     - hello1 boot?
+     - Upgrade?
+   * - 0001-bad-old-rsa-in-boot-not-in-image.patch
+     - no
+     - no
+   * - 0001-bad-old-RSA-no-slot0-check.patch
+     - yes
+     - no
+   * - 0001-good-rsa-pkcs-v1.5-good.patch
+     - yes
+     - yes
+   * - 0001-bad-ECDSA-P256-bootloader-not-in-images.patch
+     - no
+     - no
+   * - 0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch
+     - yes
+     - no
+   * - 0001-good-ECDSA-P256-bootloader-images-signed.patch
+     - yes
+     - yes
+   * - 0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch
+     - no
+     - yes[1]_
+   * - 0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch
+     - yes
+     - no
+   * - 0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch
+     - no
+     - yes[1]_
+
+.. [1] These tests with hello1 bad should perform an upgrade when
+       hello2 is flashed, but they should not revert the image
+       afterwards.
--- a/testplan/zephyr/0001-bad-ECDSA-P256-bootloader-not-in-images.patch
+++ b/testplan/zephyr/0001-bad-ECDSA-P256-bootloader-not-in-images.patch
@ -0,0 +1,39 @@
+From 66f6f44bcea43ac991aa025d634fb98de964be05 Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] bad: ECDSA P256 bootloader, not in images
+
+This configures the bootloader to require an ECDSA P256 signature, but
+does not sign the images with it.  Neither should boot.
+---
+ Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..b0adf05 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,16 +9,16 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-bad-old-RSA-no-slot0-check.patch
+++ b/testplan/zephyr/0001-bad-old-RSA-no-slot0-check.patch
@ -0,0 +1,37 @@
+From a170ab0b596e480445a9b9e2fca6ca937034192c Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 09:56:30 -0600
+Subject: [PATCH] bad: old RSA no slot0 check
+
+This builds the bootloader with the old RSA signature type, but not the
+images.  It also disables verification of slot 0, so the image in slot 0
+should boot, but it should not perform an upgrade.
+---
+ Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..d6e5876 100644
+--- a/Makefile
+++ b/Makefile
+@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+-#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+ #CONF_FILE = boot/zephyr/prj-p256.conf
+@@ -23,7 +23,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+ # verification only happens on upgrade.
+-CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
+# CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
+ 
+ # Enabling this option uses newer flash map APIs. This saves RAM and
+ # avoids deprecated API usage.
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-bad-old-rsa-in-boot-not-in-image.patch
+++ b/testplan/zephyr/0001-bad-old-rsa-in-boot-not-in-image.patch
@ -0,0 +1,28 @@
+From 8f3c2f2fe9ade9ff6fe2a37b39318b0186d08efb Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 09:50:48 -0600
+Subject: [PATCH] bad: old rsa in boot, not in image
+
+This patch makes the bootloader use the old signature style, but does
+not modify the images.  Neither image should boot.
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..db97832 100644
+--- a/Makefile
+++ b/Makefile
+@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+-#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+ #CONF_FILE = boot/zephyr/prj-p256.conf
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch
+++ b/testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch
@ -0,0 +1,62 @@
+From 5c9fd9690623165c3d1be4d3d219bb0d0c57647d Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] good: ECDSA P256 bootloader, images signed
+
+This configures the bootloader to require an ECDSA P256 signature, and
+both images signed properly.  Both should work.
+---
+ Makefile                | 8 ++++----
+ samples/zephyr/Makefile | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..b0adf05 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,16 +9,16 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..1b90b7e 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -102,7 +102,7 @@ clean_boot: check
+ hello1: check
+ 	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+@@ -121,7 +121,7 @@ clean_hello1: check
+ hello2: check
+ 	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-good-rsa-pkcs-v1.5-good.patch
+++ b/testplan/zephyr/0001-good-rsa-pkcs-v1.5-good.patch
@ -0,0 +1,48 @@
+From 950796d68430c2a2778689ee00560d2f455937d4 Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:01:23 -0600
+Subject: [PATCH] good: rsa pkcs v1.5 good
+
+This builds the bootloader and each image with the older PKCS v1.5
+signature format.  Both the image and the upgrade should work.
+---
+ Makefile                | 2 +-
+ samples/zephyr/Makefile | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..db97832 100644
+--- a/Makefile
+++ b/Makefile
+@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+-#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+ #CONF_FILE = boot/zephyr/prj-p256.conf
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..07bb71c 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -106,6 +106,7 @@ hello1: check
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+		--rsa-pkcs1-15 \
+ 		--included-header \
+ 		hello1/outdir/$(BOARD)/zephyr.bin \
+ 		signed-hello1.bin
+@@ -125,6 +126,7 @@ hello2: check
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+		--rsa-pkcs1-15 \
+ 		--included-header \
+ 		--pad 0x60000 \
+ 		hello2/outdir/$(BOARD)/zephyr.bin \
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch
+++ b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch
@ -0,0 +1,76 @@
+From 26115ff2752b40a5727bc9cf5c76300b30e04d09 Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] partial: ECDSA P256 bootloader, slot 0 bad sig
+
+This configures the bootloader to require an ECDSA P256 signature, with
+hello1 having an invalid signature.  Slot 0 should fail to boot, but the
+upgrade should work.
+---
+ Makefile                | 8 ++++----
+ bad-ec-p256.pem         | 5 +++++
+ samples/zephyr/Makefile | 4 ++--
+ 3 files changed, 11 insertions(+), 6 deletions(-)
+ create mode 100644 bad-ec-p256.pem
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..b0adf05 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,16 +9,16 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
+new file mode 100644
+index 0000000..333f41f
+--- /dev/null
+++ b/bad-ec-p256.pem
+@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
+-----END EC PRIVATE KEY-----
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..f84314d 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -102,7 +102,7 @@ clean_boot: check
+ hello1: check
+ 	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../bad-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+@@ -121,7 +121,7 @@ clean_hello1: check
+ hello2: check
+ 	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch
+++ b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch
@ -0,0 +1,76 @@
+From f261e0e1c7e0876094ed688f5f0923590aca3739 Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] partial: ECDSA P256 bootloader, slot 1 bad sig
+
+This configures the bootloader to require an ECDSA P256 signature, with
+hello2 having an invalid signature.  Slot 0 should boot, but the upgrade
+should not work.
+---
+ Makefile                | 8 ++++----
+ bad-ec-p256.pem         | 5 +++++
+ samples/zephyr/Makefile | 4 ++--
+ 3 files changed, 11 insertions(+), 6 deletions(-)
+ create mode 100644 bad-ec-p256.pem
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..b0adf05 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,16 +9,16 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
+new file mode 100644
+index 0000000..333f41f
+--- /dev/null
+++ b/bad-ec-p256.pem
+@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
+-----END EC PRIVATE KEY-----
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..02a54da 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -102,7 +102,7 @@ clean_boot: check
+ hello1: check
+ 	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+@@ -121,7 +121,7 @@ clean_hello1: check
+ hello2: check
+ 	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../bad-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch
+++ b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch
@ -0,0 +1,54 @@
+From 86f857cafbdd40d1ba158028e142c8cdf5c56e0d Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] partial: ECDSA P256 bootloader, slot0 ok slot1 bad
+
+This configures the bootloader to require an ECDSA P256 signature, and
+the slot 0 image as good.  This should boot slot 0, but not perform the
+upgrade in slot 1.
+---
+ Makefile                | 8 ++++----
+ samples/zephyr/Makefile | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..b0adf05 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,16 +9,16 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..b62e966 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -102,7 +102,7 @@ clean_boot: check
+ hello1: check
+ 	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+-- 
+2.11.0
+
--- a/testplan/zephyr/0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch
+++ b/testplan/zephyr/0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch
@ -0,0 +1,82 @@
+From b2d9560f05fabdcfdff549ccc361d9dfbe74735b Mon Sep 17 00:00:00 2001
+From: David Brown <david.brown@linaro.org>
+Date: Thu, 27 Jul 2017 10:05:47 -0600
+Subject: [PATCH] partial ECDSA P256 slot 0 bad, no verification
+
+This has a badly signed image in slot 0, which should boot because
+checking is off.  It should perform the upgrade in slot 1, and not
+revert, because the old image is not valid.
+---
+ Makefile                | 10 +++++-----
+ bad-ec-p256.pem         |  5 +++++
+ samples/zephyr/Makefile |  4 ++--
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+ create mode 100644 bad-ec-p256.pem
+
+diff --git a/Makefile b/Makefile
+index 1e9ec42..3f875a2 100644
+--- a/Makefile
+++ b/Makefile
+@@ -9,21 +9,21 @@
+ # lines there, and comment out any other blocks.
+ 
+ # RSA
+-CONF_FILE = boot/zephyr/prj.conf
+-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+#CONF_FILE = boot/zephyr/prj.conf
+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+ 
+ # Newer uses should use the RSA-PSS signature algorithm.  This define
+ # enables (and requires) this type of signature.
+ #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
+ 
+ # ECDSA P-256
+-#CONF_FILE = boot/zephyr/prj-p256.conf
+-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+ 
+ # Enable this option to have the bootloader verify the signature of
+ # the primary image upon every boot.  Without it, signature
+ # verification only happens on upgrade.
+-CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
+#CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
+ 
+ # Enabling this option uses newer flash map APIs. This saves RAM and
+ # avoids deprecated API usage.
+diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
+new file mode 100644
+index 0000000..333f41f
+--- /dev/null
+++ b/bad-ec-p256.pem
+@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
+-----END EC PRIVATE KEY-----
+diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
+index 7678615..f84314d 100644
+--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
+@@ -102,7 +102,7 @@ clean_boot: check
+ hello1: check
+ 	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../bad-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+@@ -121,7 +121,7 @@ clean_hello1: check
+ hello2: check
+ 	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
+ 	$(IMGTOOL) sign \
+-		--key $(SIGNING_KEY) \
+		--key ../../root-ec-p256.pem \
+ 		--header-size $(BOOT_HEADER_LEN) \
+ 		--align $(FLASH_ALIGNMENT) \
+ 		--version 1.2 \
+-- 
+2.11.0
+