The scripts for fih tests install and run where running different
versions of the docker images, since the install specified a version and
not version was specified for run, defaulting to `latest`.
This commits adds a new file for specifying the docker image to be used.
Signed-off-by: Fabio Utzig <utzig@apache.org>
(cherry picked from commit 4619da5660)
This reverts commit 0fa46270c0.
This breaks:
samples/synchronization/sample.kernel.synchronization on
b_u585i_iot02a/stm32u585xx/ns error
as this TF-M configuration uses its own keys. This change is an API
change that needs to be coordinated with TF-M changes.
Before this revert, compiling this test results in:
.../encrypted.c:447: undefined reference to
`boot_enc_retrieve_private_key`
Signed-off-by: David Brown <david.brown@linaro.org>
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
Match version with what is now used in upstream Mynewt. Also add
ARM CMSIS which is now taken from original repo.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Add ECDSA verification tests to the CI using the PSA Crypto API
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I904c8929f355ec791ff28ac7c3e0ca3832b2403d
Update the script for cloning and installing Espressif IDF needed
for building MCUboot Espressif's port on CI.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Mynewt used to have copy of nrfx.
Now nrfx is taken from original repository and since some CI
targets want to build for NRF MCUs nrfx repository nees to be
downloaded.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Switch from toml to tomllib when supported, Python 3.11+, and fallback to
using tomli instead of toml otherwise.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Try a merge commit if no parameters are passed, otherwise accept the
first parameter as the oldest SHA to check.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Modify the FIH CI job to fail in case successful boot happens
below a certain treshold. CI should fail if a successful boot
is achieved by bypassing one or two instructions as it would
defeat the purpose of the FIH mechanisms.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If1703d57e3ba87e5fd73d4ba954bfd38ed1c0cc6
So far the FIH CI job was fetching a WIP change from
TF-M Gerrit to align the MCUboot and TF-M from the FIH
library point of view. This change is replacing to fetch
the final version instead of the WIP change.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Add jobs for testing build ESP32-XX within more features:
Serial Recovery, Multi Image and Multi Boot
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.
Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.
Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.
Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.
when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.
variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.
some others parts of the code have been hardenned (eg. loop on images)
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
packaging >= 22 dropped support for LegacyVersion, which was the usual
result of an invalid version number being parsed. Now it is PEP-440
strict and throws an exception on fails. This fixes the script to work
with both older and newer releases.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.
Made respectively changes for build system and documentation.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
This enables using "espressif_run.sh" locally for a quick validation
that the build passes for multiple Espressif targets.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Use version 0.0.2 of the FIH docker image, which is just a rebuild with
upgraded packages. This should fix the SSL issues cloning the tf-m-tests
repo from the docker run.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Force use of string comparison to avoid issues comparing strings that
include specific characters like `[` and `]`, which are special symbols
and break the bash test.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add workflows to run FIH tests using GH actions. Update scripts to add
parsing of FIH parameters from a env matrix and disable docker caching
when running on GH.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Change the log level of TF-M so that the message that the CI is looking
for appears in the output.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Change-Id: I763ccef4aaf6158ed578b230096f595a1e5cbfd9
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
The running test was generating an YAML output with the following line:
```
last_line: ' Description: 'ECDSA signature test of attest token''
```
This string comes from the test with the single quotes, and using single
quotes twice break the YAML format, so this commit changes the string
after last_line to be enclosed in the double quotes.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This reverts commit 34f68ed67c.
Re-enable certificate checking when downloading the Arm toolchain.
Although, this is probably not all that great of a risk, the certificate
issue was transient, and was fixed shortly after it was noticed.
Signed-off-by: David Brown <david.brown@linaro.org>
Disable certificate verification for developer.arm.com to avoid
certificate issues when installing arm embedded tools to build Mynewt.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Addresses issues when running signed-off-by checks on the Zephyr fork
due to GH rebases done on UX rewriting the commit with the primary email
instead of whatever email was used originally.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
To fix a regression caused by f68473814f,
where an older TF-M version was used that didn't support the bootutil
cmake.
Signed-off-by: Raef Coles <raef.coles@arm.com>
To help determine where time is being spent in tests, add a 'time'
command to the test invocation script. In addition, split the test
invocation into a separate build and run stage. This can be useful with
another change to ptest that logs all test outputs instead of just
failures.
Signed-off-by: David Brown <david.brown@linaro.org>
Update volume maps so local directories in the Travis VM map correctly
to the Docker expected PATH for script running. Misc cleanups.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Update install script to avoid building a docker image and instead pull;
also add proper caching for re-runs.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Update Dockerfile to only build a distro and required tooling, avoiding
adding source repositories, including tfm and mcuboot, so that it can be
reused without the need to rebuild all the time.
This should allow pushing the image under mcuboot/fih-test and
pulling+caching in Travis.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
To avoid problems where the latest master of tf-m-tests is incompatible
with the fixed version used by the FIH test. Bump the version of TF-M
used slightly to a commit that allows the version of tf-m-tests to be
easily overridden.
Signed-off-by: Raef Coles <raef.coles@arm.com>
To a version which uses the new bootutil cmake, allowing the bootutil
files to be moved/renamed without breaking the FIH test.
Signed-off-by: Raef Coles <raef.coles@arm.com>
Add scripts that can run instruction skip FIH tests on QEMU.
Co-authored-by: Raef Coles <raef.coles@arm.com>
Change-Id: Ia6da00174115e1dabaf84fdfc0e40476dc1b7a10
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Build MCUBoot with TF-M build system for AN521 platform, and run it in
QEMU. The result of the test run is not evaluated yet.
Change-Id: I5fbfef8e6d8dec99a8e3e00d659a07ccfcaf0b5b
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Fabio Utzig