Merge branch 'fix/secure_boot_test_app' into 'master'

fix: Fix espefuse usage in the secure boot test application See merge request espressif/esp-idf!25668
2023-09-13 22:08:24 +08:00
parent 18244f936b 66bbe8c156
commit 11bbe9c533
3 changed files with 75 additions and 135 deletions
--- a/tools/test_apps/security/secure_boot/README.md
+++ b/tools/test_apps/security/secure_boot/README.md
@@ -65,7 +65,7 @@ See the Getting Started Guide for full steps to configure and use ESP-IDF to bui
 # Secure Boot tests (For internal use only)
-Purpose of the example test cases (`example_test.py`) is to test the secure boot implementation and detect if it is broken. It consists of positive and negative test cases.
+Purpose of the test case (`pytest_secure_boot.py`) is to test the secure boot implementation and detect if it is broken. It consists of positive and negative test cases.
 ### Hardware required
--- a/tools/test_apps/security/secure_boot/conftest.py
+++ b/tools/test_apps/security/secure_boot/conftest.py
@@ -2,49 +2,35 @@
 # SPDX-License-Identifier: Apache-2.0
 # pylint: disable=W0621  # redefined-outer-name
 import collections
 import os
-import tempfile
+import subprocess
 import sys
 import time
 import espefuse
 import espsecure
 import pytest
 import serial
 from _pytest.fixtures import FixtureRequest
 from _pytest.monkeypatch import MonkeyPatch
 from pytest_embedded_idf.app import FlashFile
 from pytest_embedded_idf.dut import IdfDut
 from pytest_embedded_idf.serial import IdfSerial
 from pytest_embedded_serial_esp.serial import EspSerial
 efuse_reset_port = os.getenv('EFUSEPORT')
 esp_port = os.getenv('ESPPORT')
 # This is a custom Serial Class for the FPGA
 class FpgaSerial(IdfSerial):
    def __init__(self, *args, **kwargs) -> None:  # type: ignore
        super().__init__(*args, **kwargs)
        self.efuse_reset_port = efuse_reset_port
        if self.efuse_reset_port is None:
            raise RuntimeError('EFUSEPORT not specified')
-        self.secure_boot_en = self.app.sdkconfig.get('CONFIG_SECURE_BOOT') and \
+        self.esp_port = esp_port
-            not self.app.sdkconfig.get('CONFIG_EFUSE_VIRTUAL')
+        if self.esp_port is None:
-
+            raise RuntimeError('ESPPORT not specified')
        self.efuses = None
        self.efuse_operations = None
    @EspSerial.use_esptool(hard_reset_after=False, no_stub=True)
    def enable_efuses(self) -> None:
        # We use an extra COM port to reset the efuses on FPGA.
        # Connect DTR pin of the COM port to the efuse reset pin on daughter board
        # Set EFUSEPORT env variable to the extra COM port
        if self.efuse_reset_port is None:
            raise RuntimeError('EFUSEPORT not specified')
        self.efuses, self.efuse_operations = espefuse.get_efuses(self.esp, False, False, True)
    @EspSerial.use_esptool(hard_reset_after=False, no_stub=True)
    def bootloader_flash(self, bootloader_path: str) -> None:
@@ -54,87 +40,72 @@ class FpgaSerial(IdfSerial):
        :return: None
        """
        offs = int(self.app.sdkconfig.get('BOOTLOADER_OFFSET_IN_FLASH', 0))
-        prev_flash_files = self.app.flash_files
+        if subprocess.run(
-        flash_files = []
+            f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {bootloader_path} --force'.split()
-        flash_files.append(
+        ).returncode != 0:
-            FlashFile(
+            raise RuntimeError('Flashing the bootloader binary failed')
                offs,
                bootloader_path,
                False,
            )
        )
        self.app.flash_files = flash_files
        self.app.flash_settings['encrypt'] = False
        self.app.flash_settings['no_stub'] = True
        self.app.flash_settings['force'] = True
        self.flash()
        # Restore self.app.flash files to original value
        self.app.flash_files = prev_flash_files
    @EspSerial.use_esptool(hard_reset_after=False, no_stub=True)
    def partition_table_flash(self, partition_table_path: str) -> None:
        """
        Flash Partition Table.
        :return: None
        """
        offs = int(self.app.flash_args['partition-table']['offset'], 16)
        if subprocess.run(
            f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {partition_table_path}'.split()
        ).returncode != 0:
            raise RuntimeError('Flashing the patition table binary failed')
    @EspSerial.use_esptool(hard_reset_after=True, no_stub=True)
    def app_flash(self, app_path: str) -> None:
        """
        Flash App.
        :return: None
        """
-        offs = self.app.flash_args['app']['offset']
+        offs = int(self.app.flash_args['app']['offset'], 16)
-        prev_flash_files = self.app.flash_files
+        if subprocess.run(
-        flash_files = []
+            f'{sys.executable} -m esptool --port {self.esp_port} --no-stub write_flash {str(offs)} {app_path}'.split()
-        flash_files.append(
+        ).returncode != 0:
-            FlashFile(
+            raise RuntimeError('Flashing the app binary failed')
-                offs,
+
-                app_path,
+    def erase_app_header(self) -> None:
-                False,
+        """
-            )
+        Erase app header
-        )
+
-        self.app.flash_files = flash_files
+        :return None
-        self.app.flash_settings['encrypt'] = False
+        """
-        self.app.flash_settings['no_stub'] = True
+        if not os.path.exists('erase_app_header.bin'):
-        self.flash()
+            binstr = b'\xff' * 4096
-        # Restore self.app.flash files to original value
+            with open('erase_app_header.bin', 'wb') as f:
-        self.app.flash_files = prev_flash_files
+                f.write(binstr)
        self.app_flash('erase_app_header.bin')
    @EspSerial.use_esptool(hard_reset_after=True, no_stub=True)
    def burn_efuse_key_digest(self, key: str, purpose: str, block: str) -> None:
-        if self.efuse_operations is None:
+        if subprocess.run(
-            self.enable_efuses()
+            f'{sys.executable} -m espefuse --port {self.esp_port} burn_key_digest {block} {key} {purpose} --do-not-confirm'.split()
-        BurnDigestArgs = collections.namedtuple('BurnDigestArgs',
+        ).returncode != 0:
-                                                ['keyfile', 'keypurpose', 'block',
+            raise RuntimeError('Burning the key digest for the key {key} into the efuse block {block} failed')
                                                 'force_write_always', 'no_write_protect', 'no_read_protect'])
        args = BurnDigestArgs([open(key, 'rb')],
                              [purpose],
                              [block],
                              False, False, True)
        self.efuse_operations.burn_key_digest(self.esp, self.efuses, args)   # type: ignore
    @EspSerial.use_esptool(hard_reset_after=False, no_stub=True)
    def burn_efuse(self, field: str, val: int) -> None:
-        if self.efuse_operations is None:
+        if subprocess.run(
-            self.enable_efuses()
+            f'{sys.executable} -m espefuse --port {self.esp_port} burn_efuse {field} {str(val)} --do-not-confirm'.split()
-        BurnEfuseArgs = collections.namedtuple('BurnEfuseArgs', ['do_not_confirm', 'name_value_pairs'])
+        ).returncode != 0:
-        args = BurnEfuseArgs(True, {field: val})
+            raise RuntimeError(f'Burning the {field} efuse failed')
        self.efuse_operations.burn_efuse(self.esp, self.efuses, args)   # type: ignore
    @EspSerial.use_esptool(hard_reset_after=False, no_stub=True)
    def burn_efuse_key(self, key: str, purpose: str, block: str) -> None:
-        if self.efuse_operations is None:
+        if subprocess.run(
-            self.enable_efuses()
+            f'{sys.executable} -m espefuse --port {self.esp_port} burn_key {block} {key} {purpose} --do-not-confirm'.split()
-        BurnKeyArgs = collections.namedtuple('BurnKeyArgs',
+        ).returncode != 0:
-                                             ['keyfile', 'keypurpose', 'block',
+            raise RuntimeError('Burning the key {key} into the efuse block {block} failed.')
                                              'force_write_always', 'no_write_protect', 'no_read_protect'])
        args = BurnKeyArgs([key],
                           [purpose],
                           [block],
                           False, False, False)
        self.efuse_operations.burn_key(self.esp, self.efuses, args)   # type: ignore
    def reset_efuses(self) -> None:
        if self.efuse_reset_port is None:
            raise RuntimeError('EFUSEPORT not specified')
        with serial.Serial(self.efuse_reset_port) as efuseport:
            print('Resetting efuses')
            efuseport.dtr = 0
@@ -146,41 +117,17 @@ class FpgaSerial(IdfSerial):
            self.proc.setRTS(0)
            efuseport.dtr = 0
            self.efuse_operations = None
            self.efuses = None
 class FpgaDut(IdfDut):
    ERASE_NVS = True
    FLASH_ENCRYPT_SCHEME = None             # type: str
    FLASH_ENCRYPT_CNT_KEY = None            # type: str
    FLASH_ENCRYPT_CNT_VAL = 0
    FLASH_ENCRYPT_PURPOSE = None            # type: str
    SECURE_BOOT_EN_KEY = None               # type: str
    SECURE_BOOT_EN_VAL = 0
    FLASH_SECTOR_SIZE = 4096
    def __init__(self, *args, **kwargs) -> None:  # type: ignore
        super().__init__(*args, **kwargs)
        self.efuses = None
        self.efuse_operations = None
        self.efuse_reset_port = efuse_reset_port
    def sign_data(self, data_file: str, key_files: str, version: str, append_signature: int = 0) -> bytes:
        SignDataArgs = collections.namedtuple('SignDataArgs',
                                              ['datafile','keyfile','output', 'version', 'append_signatures'])
        with tempfile.NamedTemporaryFile() as outfile:
            args = SignDataArgs(data_file, key_files, outfile.name, str(version), append_signature)
            espsecure.sign_data(args)
            outfile.seek(0)
            return outfile.read()
 class Esp32c3FpgaDut(FpgaDut):
    FLASH_ENCRYPT_SCHEME = 'AES-XTS'
    FLASH_ENCRYPT_CNT_KEY = 'SPI_BOOT_CRYPT_CNT'
    FLASH_ENCRYPT_CNT_VAL = 1
    FLASH_ENCRYPT_PURPOSE = 'XTS_AES_128_KEY'
    SECURE_BOOT_EN_KEY = 'SECURE_BOOT_EN'
    SECURE_BOOT_EN_VAL = 1
    WAFER_VERSION = 'WAFER_VERSION_MINOR_LO'
@@ -189,15 +136,6 @@ class Esp32c3FpgaDut(FpgaDut):
    def burn_wafer_version(self) -> None:
        self.serial.burn_efuse(self.WAFER_VERSION, self.WAFER_VERSION_VAL)
    def flash_encrypt_burn_cnt(self) -> None:
        self.serial.burn_efuse(self.FLASH_ENCRYPT_CNT_KEY, self.FLASH_ENCRYPT_CNT_VAL)
    def flash_encrypt_burn_key(self, key: str, block: int = 0) -> None:
        self.serial.burn_efuse_key(key, self.FLASH_ENCRYPT_PURPOSE, 'BLOCK_KEY%d' % block)
    def flash_encrypt_get_scheme(self) -> str:
        return self.FLASH_ENCRYPT_SCHEME
    def secure_boot_burn_en_bit(self) -> None:
        self.serial.burn_efuse(self.SECURE_BOOT_EN_KEY, self.SECURE_BOOT_EN_VAL)
@@ -206,10 +144,6 @@ class Esp32c3FpgaDut(FpgaDut):
 class Esp32s3FpgaDut(FpgaDut):
    FLASH_ENCRYPT_SCHEME = 'AES-XTS'
    FLASH_ENCRYPT_CNT_KEY = 'SPI_BOOT_CRYPT_CNT'
    FLASH_ENCRYPT_CNT_VAL = 1
    FLASH_ENCRYPT_PURPOSE = 'XTS_AES_128_KEY'
    SECURE_BOOT_EN_KEY = 'SECURE_BOOT_EN'
    SECURE_BOOT_EN_VAL = 1
    WAFER_VERSION = 'WAFER_VERSION_MINOR_LO'
@@ -218,15 +152,6 @@ class Esp32s3FpgaDut(FpgaDut):
    def burn_wafer_version(self) -> None:
        self.serial.burn_efuse(self.WAFER_VERSION, self.WAFER_VERSION_VAL)
    def flash_encrypt_burn_cnt(self) -> None:
        self.serial.burn_efuse(self.FLASH_ENCRYPT_CNT_KEY, self.FLASH_ENCRYPT_CNT_VAL)
    def flash_encrypt_burn_key(self, key: str, block: int = 0) -> None:
        self.serial.burn_efuse_key(key, self.FLASH_ENCRYPT_PURPOSE, 'BLOCK_KEY%d' % block)
    def flash_encrypt_get_scheme(self) -> str:
        return self.FLASH_ENCRYPT_SCHEME
    def secure_boot_burn_en_bit(self) -> None:
        self.serial.burn_efuse(self.SECURE_BOOT_EN_KEY, self.SECURE_BOOT_EN_VAL)
--- a/tools/test_apps/security/secure_boot/pytest_secure_boot.py
+++ b/tools/test_apps/security/secure_boot/pytest_secure_boot.py
@@ -68,13 +68,13 @@ def corrupt_sig_block(sig_block, seed=0, corrupt_sig=True, corrupt_crc=False):
 def dut_start_secure_app(dut: Dut) -> None:
-    dut.serial.erase_flash()
+    dut.serial.erase_app_header()
    dut.serial.reset_efuses()
    dut.burn_wafer_version()
-    bootloader_path = os.path.join(dut.app.binary_path, 'bootloader/bootloader.bin')
+    dut.serial.bootloader_flash(os.path.join(dut.app.binary_path, 'bootloader/bootloader.bin'))
-    dut.serial.bootloader_flash(bootloader_path)
+    dut.serial.partition_table_flash(os.path.join(dut.app.binary_path, 'partition_table/partition-table.bin'))
-    dut.serial.flash()
+    dut.serial.app_flash(os.path.join(dut.app.binary_path, 'secure_boot.bin'))
 # Test secure boot flow.
@@ -85,23 +85,28 @@ def test_examples_security_secure_boot(dut: Dut) -> None:
    dut_start_secure_app(dut)
    dut.expect('Secure Boot is enabled', timeout=10)
    dut.serial.reset_efuses()
    dut.burn_wafer_version()
 # Test efuse key index and key block combination.
 # Any key index can be written to any key block and should work
@pytest.mark.esp32c3
@pytest.mark.esp32s3
 # Increasing the test timeout to 1200s as the test runs for 18 iterations
 # and thus the default 600s timeout is not sufficient
@pytest.mark.timeout(1200)
 def test_examples_security_secure_boot_key_combo(dut: Dut) -> None:
    dut_start_secure_app(dut)
    dut.expect('Secure Boot is enabled', timeout=10)
    for index in range(3):
        print(index)
        for block in range(6):
            dut.serial.reset_efuses()
            dut.burn_wafer_version()
            dut.secure_boot_burn_en_bit()
            dut.secure_boot_burn_digest('test_rsa_3072_key.pem', index, block)
            dut.expect('Secure Boot is enabled', timeout=10)
    dut.serial.reset_efuses()
    dut.burn_wafer_version()
 # Test secure boot key revoke.
@@ -118,12 +123,17 @@ def test_examples_security_secure_boot_key_revoke(dut: Dut) -> None:
        dut.serial.burn_efuse('SECURE_BOOT_KEY_REVOKE%d' % index, 1)
        dut.secure_boot_burn_digest('test_rsa_3072_key.pem', index, 0)
        dut.expect('secure boot verification failed', timeout=5)
    dut.serial.reset_efuses()
    dut.burn_wafer_version()
 # Test bootloader signature corruption.
 # Corrupt one byte at a time of bootloader signature and test that the verification fails
@pytest.mark.esp32c3
@pytest.mark.esp32s3
@pytest.mark.timeout(18000)
 # Increasing the test timeout to 18000s as the test runs for 384 iterations
 # and thus the default 600s timeout is not sufficient
 def test_examples_security_secure_boot_corrupt_bl_sig(dut: Dut) -> None:
    dut_start_secure_app(dut)
    dut.expect('Secure Boot is enabled', timeout=10)
@@ -149,12 +159,17 @@ def test_examples_security_secure_boot_corrupt_bl_sig(dut: Dut) -> None:
        # if we flash bootlader before burning en bit, even with no_stub = True
        # it still calls run_stub() and throws an error as it fails to start stub.
        dut.expect('Signature Check Failed', timeout=10)
    dut.serial.reset_efuses()
    dut.burn_wafer_version()
 # Test app signature corruption.
 # Corrupt app signature, one byte at a time, and test that the verification fails
@pytest.mark.esp32c3
@pytest.mark.esp32s3
@pytest.mark.timeout(18000)
 # Increasing the test timeout to 18000s as the test runs for 385 iterations
 # and thus the default 600s timeout is not sufficient
 def test_examples_security_secure_boot_corrupt_app_sig(dut: Dut) -> None:
    dut_start_secure_app(dut)
    dut.expect('Secure Boot is enabled', timeout=10)