163 lines
4.2 KiB
Markdown
163 lines
4.2 KiB
Markdown
## MCUboot test plan
|
|
|
|
The current target for running the tests is the Freedom K64F board.
|
|
|
|
### Basic sign support (RSA/EC/EC256)
|
|
|
|
For each supported signing algorithm, check that non-signed, and signed
|
|
with wrong key images are not swapped to, and image signed with correct key
|
|
is swapped to.
|
|
|
|
For the 3 algorithms supported, rsa, ec and ec256, two files are provided:
|
|
key_<sign-algo>.pem, key_<sign-algo>_2.pem. And a keys file with the C public
|
|
key data for key_<sign-algo>.pem.
|
|
|
|
Build and load MCUboot:
|
|
|
|
* `newt build k64f_boot_<sign-algo>`
|
|
* `newt load k64f_boot_<sign-algo>`
|
|
|
|
Build and load good image in slot 0:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1 key_<sign-algo>.pem`
|
|
* `newt load k64f_blinky`
|
|
|
|
---
|
|
***Note***
|
|
|
|
*If testing RSA/PSS `newt create-image` needs to be passed in the extra*
|
|
*flag `--rsa-pss` eg:*
|
|
|
|
`newt create-image k64f_blinky 1.0.1 key_rsa.pem --rsa-pss`
|
|
|
|
---
|
|
|
|
Build and load image in slot 1 with no signing, signed with
|
|
key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as
|
|
test image and check that swap only happens for image signed with
|
|
key_<sign-algo>.pem. Both others should be erased.
|
|
|
|
* `newt create-image k64f_blinky2 1.0.2 <one-of-the-sign-keys-or-none>`
|
|
* `newtmgr image upload k64f_blinky2`
|
|
* `newtmgr image list`
|
|
* `newtmgr image test <hash of slot 1>`
|
|
|
|
### Image signed with more than one key
|
|
|
|
FIXME: this is currently not functional, skip this section!
|
|
|
|
Build and load MCUboot:
|
|
|
|
* `newt build k64f_boot_rsa_ec`
|
|
* `newt load k64f_boot_rsa_ec`
|
|
|
|
Build and load good image in slot 0:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1 key_rsa.pem`
|
|
* `newt load k64f_blinky`
|
|
|
|
Build and load image in slot 1 with no signing, signed with
|
|
key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as
|
|
test image and check that swap only happens for image signed with
|
|
key_<sign-algo>.pem. Both others should be erased.
|
|
|
|
Use all of this options:
|
|
|
|
* `newt create-image k64f_blinky2 1.0.2`
|
|
|
|
And load
|
|
|
|
* `newtmgr image upload k64f_blinky2`
|
|
* `newtmgr image list`
|
|
* `newtmgr image test <hash of slot 1>`
|
|
|
|
### Overwrite only functionality
|
|
|
|
Build/load MCUboot:
|
|
|
|
* `newt build k64f_boot_rsa_noswap`
|
|
* `newt load k64f_boot_rsa_noswap`
|
|
|
|
Build/load blinky to slot 0:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1 key_rsa.pem`
|
|
* `newt load k64f_blinky`
|
|
|
|
Build/load blinky2 both with bad and good key, followed by a permanent swap
|
|
request:
|
|
|
|
* `newt create-image k64f_blinky2 1.0.2 <bad and good rsa keys>.pem`
|
|
* `newtmgr image upload k64f_blinky2`
|
|
* `newtmgr image list`
|
|
* `newtmgr image confirm <hash of slot 1>`
|
|
|
|
This should not swap and delete the image in slot 1 when signed with the wrong
|
|
key, otherwise the image in slot 1 should be *moved* to slot 0 and slot 1 should
|
|
be empty.
|
|
|
|
### Validate slot 0 option
|
|
|
|
Build/load MCUboot:
|
|
|
|
* `newt build k64f_boot_rsa_validate0`
|
|
* `newt load k64f_boot_rsa_validate0`
|
|
|
|
Build non-signed image:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1`
|
|
* `newt load k64f_blinky`
|
|
* Reset and no image should be run
|
|
|
|
Build signed image with invalid key:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1 key_rsa_2.pem`
|
|
* `newt load k64f_blinky`
|
|
* Reset and no image should be run
|
|
|
|
Build signed image with *valid* key:
|
|
|
|
* `newt create-image k64f_blinky 1.0.1 key_rsa.pem`
|
|
* `newt load k64f_blinky`
|
|
* Reset and image *should* run
|
|
|
|
### Swap with random failures
|
|
|
|
DISCLAIMER: be careful with copy/paste of commands, this test uses another
|
|
target/app!
|
|
|
|
Build/load MCUboot:
|
|
|
|
* `newt build k64f_boot_rsa`
|
|
* `newt load k64f_boot_rsa`
|
|
|
|
Build/load slinky to slot 0:
|
|
|
|
* `newt create-image k64f_slinky 1.0.1 key_rsa.pem`
|
|
* `newt load k64f_slinky`
|
|
|
|
Build/load slinky2 to slot 1:
|
|
|
|
* `newt create-image k64f_slinky2 1.0.2 key_rsa.pem`
|
|
* `newtmgr image upload k64f_slinky2`
|
|
|
|
Confirm that both images are installed, request a permanent request to the
|
|
image in slot 1 and check that it works.
|
|
|
|
* `newtmgr image list`
|
|
* `newtmgr image confirm <hash of slot 1>`
|
|
|
|
If everything works, now proceed with requests for permanent swap to the image
|
|
in slot 1 and do random swaps (as much as you like!). When the swap finishes
|
|
confirm that the swap was finished with the previous slot 1 image now in
|
|
slot 0 and vice-versa.
|
|
|
|
### Help
|
|
|
|
* Mass erase MCU
|
|
|
|
$ pyocd erase --chip
|
|
|
|
* Flashing image in slot 1:
|
|
|
|
$ pyocd flash -e sector -a 0x80000 ${IMG_FILE} bin
|