From 66bbe8c1567cab6b07654b7fab912713588e6ea3 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Thu, 31 Aug 2023 11:18:20 +0530 Subject: [PATCH] fix: Fix esptool usage in the secure boot test application --- .../test_apps/security/secure_boot/README.md | 2 +- .../security/secure_boot/conftest.py | 183 ++++++------------ .../secure_boot/pytest_secure_boot.py | 25 ++- 3 files changed, 75 insertions(+), 135 deletions(-) diff --git a/tools/test_apps/security/secure_boot/README.md b/tools/test_apps/security/secure_boot/README.md index 70190ea2ff..95a83e2834 100644 --- a/tools/test_apps/security/secure_boot/README.md +++ b/tools/test_apps/security/secure_boot/README.md @@ -65,7 +65,7 @@ See the Getting Started Guide for full steps to configure and use ESP-IDF to bui # Secure Boot tests (For internal use only) -Purpose of the example test cases (`example_test.py`) is to test the secure boot implementation and detect if it is broken. It consists of positive and negative test cases. +Purpose of the test case (`pytest_secure_boot.py`) is to test the secure boot implementation and detect if it is broken. It consists of positive and negative test cases. ### Hardware required diff --git a/tools/test_apps/security/secure_boot/conftest.py b/tools/test_apps/security/secure_boot/conftest.py index aaa1e3ce6a..f0007f639c 100644 --- a/tools/test_apps/security/secure_boot/conftest.py +++ b/tools/test_apps/security/secure_boot/conftest.py @@ -2,49 +2,35 @@ # SPDX-License-Identifier: Apache-2.0 # pylint: disable=W0621 # redefined-outer-name - -import collections import os -import tempfile +import subprocess +import sys import time -import espefuse -import espsecure import pytest import serial from _pytest.fixtures import FixtureRequest from _pytest.monkeypatch import MonkeyPatch -from pytest_embedded_idf.app import FlashFile from pytest_embedded_idf.dut import IdfDut from pytest_embedded_idf.serial import IdfSerial from pytest_embedded_serial_esp.serial import EspSerial efuse_reset_port = os.getenv('EFUSEPORT') +esp_port = os.getenv('ESPPORT') # This is a custom Serial Class for the FPGA class FpgaSerial(IdfSerial): def __init__(self, *args, **kwargs) -> None: # type: ignore super().__init__(*args, **kwargs) + self.efuse_reset_port = efuse_reset_port if self.efuse_reset_port is None: raise RuntimeError('EFUSEPORT not specified') - self.secure_boot_en = self.app.sdkconfig.get('CONFIG_SECURE_BOOT') and \ - not self.app.sdkconfig.get('CONFIG_EFUSE_VIRTUAL') - - self.efuses = None - self.efuse_operations = None - - @EspSerial.use_esptool(hard_reset_after=False, no_stub=True) - def enable_efuses(self) -> None: - # We use an extra COM port to reset the efuses on FPGA. - # Connect DTR pin of the COM port to the efuse reset pin on daughter board - # Set EFUSEPORT env variable to the extra COM port - if self.efuse_reset_port is None: - raise RuntimeError('EFUSEPORT not specified') - - self.efuses, self.efuse_operations = espefuse.get_efuses(self.esp, False, False, True) + self.esp_port = esp_port + if self.esp_port is None: + raise RuntimeError('ESPPORT not specified') @EspSerial.use_esptool(hard_reset_after=False, no_stub=True) def bootloader_flash(self, bootloader_path: str) -> None: @@ -54,87 +40,72 @@ class FpgaSerial(IdfSerial): :return: None """ offs = int(self.app.sdkconfig.get('BOOTLOADER_OFFSET_IN_FLASH', 0)) - prev_flash_files = self.app.flash_files - flash_files = [] - flash_files.append( - FlashFile( - offs, - bootloader_path, - False, - ) - ) - self.app.flash_files = flash_files - self.app.flash_settings['encrypt'] = False - self.app.flash_settings['no_stub'] = True - self.app.flash_settings['force'] = True - self.flash() - # Restore self.app.flash files to original value - self.app.flash_files = prev_flash_files + if subprocess.run( + f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {bootloader_path} --force'.split() + ).returncode != 0: + raise RuntimeError('Flashing the bootloader binary failed') @EspSerial.use_esptool(hard_reset_after=False, no_stub=True) + def partition_table_flash(self, partition_table_path: str) -> None: + """ + Flash Partition Table. + + :return: None + """ + offs = int(self.app.flash_args['partition-table']['offset'], 16) + if subprocess.run( + f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {partition_table_path}'.split() + ).returncode != 0: + raise RuntimeError('Flashing the patition table binary failed') + + @EspSerial.use_esptool(hard_reset_after=True, no_stub=True) def app_flash(self, app_path: str) -> None: """ Flash App. :return: None """ - offs = self.app.flash_args['app']['offset'] - prev_flash_files = self.app.flash_files - flash_files = [] - flash_files.append( - FlashFile( - offs, - app_path, - False, - ) - ) - self.app.flash_files = flash_files - self.app.flash_settings['encrypt'] = False - self.app.flash_settings['no_stub'] = True - self.flash() - # Restore self.app.flash files to original value - self.app.flash_files = prev_flash_files + offs = int(self.app.flash_args['app']['offset'], 16) + if subprocess.run( + f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {app_path}'.split() + ).returncode != 0: + raise RuntimeError('Flashing the app binary failed') + + def erase_app_header(self) -> None: + """ + Erase app header + + :return None + """ + if not os.path.exists('erase_app_header.bin'): + binstr = b'\xff' * 4096 + with open('erase_app_header.bin', 'wb') as f: + f.write(binstr) + + self.app_flash('erase_app_header.bin') @EspSerial.use_esptool(hard_reset_after=True, no_stub=True) def burn_efuse_key_digest(self, key: str, purpose: str, block: str) -> None: - if self.efuse_operations is None: - self.enable_efuses() - BurnDigestArgs = collections.namedtuple('BurnDigestArgs', - ['keyfile', 'keypurpose', 'block', - 'force_write_always', 'no_write_protect', 'no_read_protect']) - args = BurnDigestArgs([open(key, 'rb')], - [purpose], - [block], - False, False, True) - - self.efuse_operations.burn_key_digest(self.esp, self.efuses, args) # type: ignore + if subprocess.run( + f'{sys.executable} -m espefuse --port {self.esp_port} burn_key_digest {block} {key} {purpose} --do-not-confirm'.split() + ).returncode != 0: + raise RuntimeError('Burning the key digest for the key {key} into the efuse block {block} failed') @EspSerial.use_esptool(hard_reset_after=False, no_stub=True) def burn_efuse(self, field: str, val: int) -> None: - if self.efuse_operations is None: - self.enable_efuses() - BurnEfuseArgs = collections.namedtuple('BurnEfuseArgs', ['do_not_confirm', 'name_value_pairs']) - args = BurnEfuseArgs(True, {field: val}) - - self.efuse_operations.burn_efuse(self.esp, self.efuses, args) # type: ignore + if subprocess.run( + f'{sys.executable} -m espefuse --port {self.esp_port} burn_efuse {field} {str(val)} --do-not-confirm'.split() + ).returncode != 0: + raise RuntimeError(f'Burning the {field} efuse failed') @EspSerial.use_esptool(hard_reset_after=False, no_stub=True) def burn_efuse_key(self, key: str, purpose: str, block: str) -> None: - if self.efuse_operations is None: - self.enable_efuses() - BurnKeyArgs = collections.namedtuple('BurnKeyArgs', - ['keyfile', 'keypurpose', 'block', - 'force_write_always', 'no_write_protect', 'no_read_protect']) - args = BurnKeyArgs([key], - [purpose], - [block], - False, False, False) - - self.efuse_operations.burn_key(self.esp, self.efuses, args) # type: ignore + if subprocess.run( + f'{sys.executable} -m espefuse --port {self.esp_port} burn_key {block} {key} {purpose} --do-not-confirm'.split() + ).returncode != 0: + raise RuntimeError('Burning the key {key} into the efuse block {block} failed.') def reset_efuses(self) -> None: - if self.efuse_reset_port is None: - raise RuntimeError('EFUSEPORT not specified') with serial.Serial(self.efuse_reset_port) as efuseport: print('Resetting efuses') efuseport.dtr = 0 @@ -146,41 +117,17 @@ class FpgaSerial(IdfSerial): self.proc.setRTS(0) efuseport.dtr = 0 - self.efuse_operations = None - self.efuses = None - class FpgaDut(IdfDut): - ERASE_NVS = True - FLASH_ENCRYPT_SCHEME = None # type: str - FLASH_ENCRYPT_CNT_KEY = None # type: str - FLASH_ENCRYPT_CNT_VAL = 0 - FLASH_ENCRYPT_PURPOSE = None # type: str SECURE_BOOT_EN_KEY = None # type: str SECURE_BOOT_EN_VAL = 0 - FLASH_SECTOR_SIZE = 4096 def __init__(self, *args, **kwargs) -> None: # type: ignore super().__init__(*args, **kwargs) - self.efuses = None - self.efuse_operations = None self.efuse_reset_port = efuse_reset_port - def sign_data(self, data_file: str, key_files: str, version: str, append_signature: int = 0) -> bytes: - SignDataArgs = collections.namedtuple('SignDataArgs', - ['datafile','keyfile','output', 'version', 'append_signatures']) - with tempfile.NamedTemporaryFile() as outfile: - args = SignDataArgs(data_file, key_files, outfile.name, str(version), append_signature) - espsecure.sign_data(args) - outfile.seek(0) - return outfile.read() - class Esp32c3FpgaDut(FpgaDut): - FLASH_ENCRYPT_SCHEME = 'AES-XTS' - FLASH_ENCRYPT_CNT_KEY = 'SPI_BOOT_CRYPT_CNT' - FLASH_ENCRYPT_CNT_VAL = 1 - FLASH_ENCRYPT_PURPOSE = 'XTS_AES_128_KEY' SECURE_BOOT_EN_KEY = 'SECURE_BOOT_EN' SECURE_BOOT_EN_VAL = 1 WAFER_VERSION = 'WAFER_VERSION_MINOR_LO' @@ -189,15 +136,6 @@ class Esp32c3FpgaDut(FpgaDut): def burn_wafer_version(self) -> None: self.serial.burn_efuse(self.WAFER_VERSION, self.WAFER_VERSION_VAL) - def flash_encrypt_burn_cnt(self) -> None: - self.serial.burn_efuse(self.FLASH_ENCRYPT_CNT_KEY, self.FLASH_ENCRYPT_CNT_VAL) - - def flash_encrypt_burn_key(self, key: str, block: int = 0) -> None: - self.serial.burn_efuse_key(key, self.FLASH_ENCRYPT_PURPOSE, 'BLOCK_KEY%d' % block) - - def flash_encrypt_get_scheme(self) -> str: - return self.FLASH_ENCRYPT_SCHEME - def secure_boot_burn_en_bit(self) -> None: self.serial.burn_efuse(self.SECURE_BOOT_EN_KEY, self.SECURE_BOOT_EN_VAL) @@ -206,10 +144,6 @@ class Esp32c3FpgaDut(FpgaDut): class Esp32s3FpgaDut(FpgaDut): - FLASH_ENCRYPT_SCHEME = 'AES-XTS' - FLASH_ENCRYPT_CNT_KEY = 'SPI_BOOT_CRYPT_CNT' - FLASH_ENCRYPT_CNT_VAL = 1 - FLASH_ENCRYPT_PURPOSE = 'XTS_AES_128_KEY' SECURE_BOOT_EN_KEY = 'SECURE_BOOT_EN' SECURE_BOOT_EN_VAL = 1 WAFER_VERSION = 'WAFER_VERSION_MINOR_LO' @@ -218,15 +152,6 @@ class Esp32s3FpgaDut(FpgaDut): def burn_wafer_version(self) -> None: self.serial.burn_efuse(self.WAFER_VERSION, self.WAFER_VERSION_VAL) - def flash_encrypt_burn_cnt(self) -> None: - self.serial.burn_efuse(self.FLASH_ENCRYPT_CNT_KEY, self.FLASH_ENCRYPT_CNT_VAL) - - def flash_encrypt_burn_key(self, key: str, block: int = 0) -> None: - self.serial.burn_efuse_key(key, self.FLASH_ENCRYPT_PURPOSE, 'BLOCK_KEY%d' % block) - - def flash_encrypt_get_scheme(self) -> str: - return self.FLASH_ENCRYPT_SCHEME - def secure_boot_burn_en_bit(self) -> None: self.serial.burn_efuse(self.SECURE_BOOT_EN_KEY, self.SECURE_BOOT_EN_VAL) diff --git a/tools/test_apps/security/secure_boot/pytest_secure_boot.py b/tools/test_apps/security/secure_boot/pytest_secure_boot.py index 3075c91036..6dedf31ca3 100644 --- a/tools/test_apps/security/secure_boot/pytest_secure_boot.py +++ b/tools/test_apps/security/secure_boot/pytest_secure_boot.py @@ -68,13 +68,13 @@ def corrupt_sig_block(sig_block, seed=0, corrupt_sig=True, corrupt_crc=False): def dut_start_secure_app(dut: Dut) -> None: - dut.serial.erase_flash() + dut.serial.erase_app_header() dut.serial.reset_efuses() dut.burn_wafer_version() - bootloader_path = os.path.join(dut.app.binary_path, 'bootloader/bootloader.bin') - dut.serial.bootloader_flash(bootloader_path) - dut.serial.flash() + dut.serial.bootloader_flash(os.path.join(dut.app.binary_path, 'bootloader/bootloader.bin')) + dut.serial.partition_table_flash(os.path.join(dut.app.binary_path, 'partition_table/partition-table.bin')) + dut.serial.app_flash(os.path.join(dut.app.binary_path, 'secure_boot.bin')) # Test secure boot flow. @@ -85,23 +85,28 @@ def test_examples_security_secure_boot(dut: Dut) -> None: dut_start_secure_app(dut) dut.expect('Secure Boot is enabled', timeout=10) dut.serial.reset_efuses() + dut.burn_wafer_version() # Test efuse key index and key block combination. # Any key index can be written to any key block and should work @pytest.mark.esp32c3 @pytest.mark.esp32s3 +# Increasing the test timeout to 1200s as the test runs for 18 iterations +# and thus the default 600s timeout is not sufficient +@pytest.mark.timeout(1200) def test_examples_security_secure_boot_key_combo(dut: Dut) -> None: dut_start_secure_app(dut) dut.expect('Secure Boot is enabled', timeout=10) for index in range(3): - print(index) for block in range(6): dut.serial.reset_efuses() dut.burn_wafer_version() dut.secure_boot_burn_en_bit() dut.secure_boot_burn_digest('test_rsa_3072_key.pem', index, block) dut.expect('Secure Boot is enabled', timeout=10) + dut.serial.reset_efuses() + dut.burn_wafer_version() # Test secure boot key revoke. @@ -118,12 +123,17 @@ def test_examples_security_secure_boot_key_revoke(dut: Dut) -> None: dut.serial.burn_efuse('SECURE_BOOT_KEY_REVOKE%d' % index, 1) dut.secure_boot_burn_digest('test_rsa_3072_key.pem', index, 0) dut.expect('secure boot verification failed', timeout=5) + dut.serial.reset_efuses() + dut.burn_wafer_version() # Test bootloader signature corruption. # Corrupt one byte at a time of bootloader signature and test that the verification fails @pytest.mark.esp32c3 @pytest.mark.esp32s3 +@pytest.mark.timeout(18000) +# Increasing the test timeout to 18000s as the test runs for 384 iterations +# and thus the default 600s timeout is not sufficient def test_examples_security_secure_boot_corrupt_bl_sig(dut: Dut) -> None: dut_start_secure_app(dut) dut.expect('Secure Boot is enabled', timeout=10) @@ -149,12 +159,17 @@ def test_examples_security_secure_boot_corrupt_bl_sig(dut: Dut) -> None: # if we flash bootlader before burning en bit, even with no_stub = True # it still calls run_stub() and throws an error as it fails to start stub. dut.expect('Signature Check Failed', timeout=10) + dut.serial.reset_efuses() + dut.burn_wafer_version() # Test app signature corruption. # Corrupt app signature, one byte at a time, and test that the verification fails @pytest.mark.esp32c3 @pytest.mark.esp32s3 +@pytest.mark.timeout(18000) +# Increasing the test timeout to 18000s as the test runs for 385 iterations +# and thus the default 600s timeout is not sufficient def test_examples_security_secure_boot_corrupt_app_sig(dut: Dut) -> None: dut_start_secure_app(dut) dut.expect('Secure Boot is enabled', timeout=10)