From 9c257c4f0ba80990cf39ef0c33d3bb8e336482f2 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Tue, 2 Sep 2025 12:06:55 +0530 Subject: [PATCH] test: add test case for secure update with FE case --- .../pytest_signed_app_no_secure_boot.py | 11 +++++- .../sdkconfig.ci.secure_update_with_fe | 4 ++ .../secure_boot_signing_key.pem | 39 +++++++++++++++++++ 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.ci.secure_update_with_fe create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/secure_boot_signing_key.pem diff --git a/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py b/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py index 9a73e10e26..dedbc9b8da 100644 --- a/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py +++ b/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py @@ -1,5 +1,6 @@ # SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Unlicense OR CC0-1.0 + import pytest from pytest_embedded import Dut from pytest_embedded_idf.utils import idf_parametrize @@ -9,6 +10,14 @@ from pytest_embedded_idf.utils import idf_parametrize @idf_parametrize('target', ['esp32c2', 'esp32c3'], indirect=['target']) def test_examples_security_on_update_no_secure_boot(dut: Dut) -> None: dut.expect( - "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", + "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", # noqa : E501 timeout=10, ) + + +@pytest.mark.host_test +@pytest.mark.qemu +@pytest.mark.parametrize('config', ['secure_update_with_fe'], indirect=True) +@idf_parametrize('target', ['esp32c3'], indirect=['target']) +def test_examples_secure_update_with_fe_qemu(dut: Dut) -> None: + dut.expect('Example for secured signed with no secure boot', timeout=60) diff --git a/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.ci.secure_update_with_fe b/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.ci.secure_update_with_fe new file mode 100644 index 0000000000..8bddc8f2eb --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.ci.secure_update_with_fe @@ -0,0 +1,4 @@ +CONFIG_SECURE_FLASH_ENC_ENABLED=y +CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y +CONFIG_PARTITION_TABLE_OFFSET=0xc000 +CONFIG_NVS_ENCRYPTION=n diff --git a/tools/test_apps/security/signed_app_no_secure_boot/secure_boot_signing_key.pem b/tools/test_apps/security/signed_app_no_secure_boot/secure_boot_signing_key.pem new file mode 100644 index 0000000000..b69b91c5c3 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/secure_boot_signing_key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA5sRBdVlob0RWwRsBYrGrMmdhIbam45boFbD/1skxb7lRhJjE +pStZ5DVhtQWVAsqTKkY/QH0zzRBBSfdnsneBAc3yFBTBrMPBQitOvg2UK5rx3jJ2 +dD3hpFG5QZPzmB48ZBmsnmMILLgSMwraAPwkbA4qU2TAeCkAE5WVH3w2m1n95sze +gbxZamLbaPj5DedT5yqIjWK4NecTlr7VXFTXWzzAfb+hQtzBN1RmemvbhCgSksAS +4huoLAZ6iwpEyuACj4pNmFMyQJQ4PPr54mUkL+btMSTbkOZdMbIrXR/FePvFU/Ug +zu9u3QvGm/u2tmpp2Lo/hDgJOhcS4bQjLk7R6Ynq+pi6zQuqpRSCoMEuSzth+yQr +rMCox8lvHgALpc/G8ZbI1bZN0UybmqBBQ5p5FVf9xfNwnt/tuyFV4QDjaRrCcJ1y +FTrMG/+aSM8de4TuxWC3dImfCrVQf/ncB+Y5rL+h3lo9Viozd+bBy79jACjpkwbY +o9GINr26F3GcK/ShAgMBAAECggGADvNsIkQ2pe7RiBVN060bIFreSibhTSF7y9v5 +11qVn11sUKDtLJ5QZp6mw+mmq9WgDz8Z3f2+m2yQLlCfIUroyssjAfYOTjkojjbs +FRggH2scfH7cec+AjPrWe88wGwzqcLnRGznjT7JlS3VKhoHPgkiwqVJ/vck6PgqU +7MNJbms4Lfnb+J/RUzkwae6nhCUWpIV272IT+ToNZNjcTe0ZPsoC1qLRudk/k2we +b5QJVtiZy3QyRP/xt1h8HAIATvyQTmcdubE3cC0waEINI1jJdGJwJQ66LPJpx5ov +s+ldjDdkJi/E8fNrnrn/WIWKwAXctg8VaIHj++WVJ0f9hmZ/bBNRJbFh4LpVKRY5 +oU1XCC9b2edbQbhWLsG19E0XJ+c5i8UY8uIH6DC9QCK28I/eYxA1RoDUt1st06CW +hZT3INFqQ+1mbbff3pm0+kDNxne/PhR7bNApzF/3Fa33v9d0iEfKviEUhCtM4rzD +SVMGTGOAXuAS5RCBAYzTEPrp8UCBAoHBAPluD2o33eEQ5MOm9WoTYLFKKLS/l91B +wHmwY9m53YiMBxLgYrJ9oQOTEApAY5B4G1BxidvhehAMd51iK03W/YkZhy3ZhUTJ +DC29upFPCsS1On1kUC9doyuSgILt3zLZVW98RX6PM7LCLR+jSJPYJQ13xlBRe2Dc +pHpkr0vwtUR35D1EKV2cXFJZLDzj1xAIFNqiv6591J7xzehzBEyP56lar/oeqsvv +w7SWsU4rF6E8Os3gvlTRV5QgnBZEUTTZaQKBwQDs2Fio7NYofSQeI5Q+FPDiV4U1 +rkOZzXJFsf6dQl3GaqgXmuJsfYbRDcAvSBcfo6RFu+ZHEa0U9yEQKK4OSeXTrD8U +0wLCfVmlzQf/l0Iutxv1qGTkB0NnZ7nKCSmdoGErXWTVdz4pHPmU6nUNZ3ih02oP +2nA6CjVtsJVUGWwi6k8bX2mRvLpmjjfJP82EmRXbkKh4xseddWd7Xf/G9hJcXaXt +piE8dmyBQP1u2WluffDT1VNGt3k5O8TIvqlfYnkCgcEA66MfKvB2S35jL7bV2A1Q +ZoyxoffyZxML26pY2kKt16a5tAqJEyh96VuQZq7noH7nBvsMCs6bOvgcNHGeiV3W +jSOxwg3hydbJC5lW3Jm4iZbQF8+htO2YDbzMbWR9XJNXFAhpuqNcar7oVCA0m38x +meSSVCR2E06+j+X4eRyAkptU4tA25/mkeiNGGIwCC2InGVlxDk5PhIzZQoUOBapZ +Z3OGFhvMrPbogv1tqXQqUacNwptUE9rlCso3yw1lTjEpAoHBAJ2CQ3QUDVhf4OUq +RCwFQS1FhxFsEwj12EkBVpK+0B5kT+Vi27HKyR2+R1EqYDZqXZUCoOIinziSISrd +4uMdwfpDUrBGpE8zjar175vKu/jVTYLRukbrjaf3E1eJQGPThMuSELzl0DEHU/P0 ++GMxrMfyEVb5rijrIR0Rkj2bqo6NxI4vpcWF/XC2o+Lyy3qjVCXwzhmEGLxel7Mz +kCaA/zTuEqs5EGFlYEOVNPXDIJqaps450Gf3HGczmGroYTtOAQKBwCzmQn+pONYM +zg8FGbRafACNucw4vuiVgMvWtREgZuGFyQ9UKiaPLjvQl6xR/1jZXA0nD8ApjZwK +KOoKgzZD1XfiGjpuA6Ift2UuPDdq4NnI8orPfFCZRXmqBFzpByFx7XZLtKEtYm5w +r4WHCqQMLSYufS77FClcuWOfyx08iaqONLNQLLps1HJ0ydCPWKObhL+iKlzapEMh +6aAMN/0YR2Fw3+5Cz4Zsn+pe/N6/rqoCVMxS5vsgbmIAZ6537ENMwA== +-----END RSA PRIVATE KEY-----