From d99a715568a49022e38f404fdf2023163849d52b Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Wed, 21 Feb 2024 10:30:06 +0530 Subject: [PATCH] test: add encrypted flash write test for dangerous regions --- .../flash_encryption/main/test_flash_encryption.c | 13 ++++++++++++- .../test_apps/flash_encryption/sdkconfig.defaults | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c b/components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c index a84305c20c..6ebfa46b52 100644 --- a/components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c +++ b/components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -20,6 +20,7 @@ #include "test_utils.h" #include "ccomp_timer.h" #include "test_flash_utils.h" +#include "sdkconfig.h" /*-------------------- For running this test, some configurations are necessary -------------------*/ /* ESP32 | CONFIG_SECURE_FLASH_ENC_ENABLED | SET */ @@ -371,4 +372,14 @@ TEST_CASE("test read & write encrypted data with large buffer in ram", "[flash_e free(buf); } +TEST_CASE("test encrypted writes to dangerous regions like bootloader", "[flash_encryption]") +{ + TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, 4*4096)); + TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_PARTITION_TABLE_OFFSET, 4096)); + char buffer[32] = {0xa5}; + // Encrypted writes to bootloader region not allowed + TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, buffer, sizeof(buffer))); + // Encrypted writes to partition table region not allowed + TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(NULL, CONFIG_PARTITION_TABLE_OFFSET, buffer, sizeof(buffer))); +} #endif // CONFIG_SECURE_FLASH_ENC_ENABLED diff --git a/components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults b/components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults index 5caa7b2107..d0ef86b66c 100644 --- a/components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults +++ b/components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults @@ -9,3 +9,4 @@ CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y +CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS=y