From fdac9bb814af4e6e9993a98971bccb3a4490f33d Mon Sep 17 00:00:00 2001 From: Konstantin Kondrashov Date: Fri, 20 Sep 2024 11:26:57 +0300 Subject: [PATCH] fix(examples): Fix SB and FE tests for C5 and C61 --- .../system/efuse/pytest_system_efuse_example.py | 14 ++++++++++---- .../efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 | 2 +- .../efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 | 2 +- .../efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 | 2 +- .../sdkconfig.ci.virt_secure_boot_v2.esp32c61 | 2 +- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/examples/system/efuse/pytest_system_efuse_example.py b/examples/system/efuse/pytest_system_efuse_example.py index 7045ad7605..7f69124846 100644 --- a/examples/system/efuse/pytest_system_efuse_example.py +++ b/examples/system/efuse/pytest_system_efuse_example.py @@ -185,7 +185,10 @@ def test_examples_efuse_with_virt_flash_enc_pre_loaded(dut: Dut) -> None: else: # offset of this eFuse is taken from components/efuse/{target}/esp_efuse_table.csv print(' - Flash emul_efuse with pre-loaded efuses (SPI_BOOT_CRYPT_CNT 1 -> 0)') - SPI_BOOT_CRYPT_CNT = 82 + if dut.app.target == 'esp32c61': + SPI_BOOT_CRYPT_CNT = 55 + else: + SPI_BOOT_CRYPT_CNT = 82 # Resets eFuse, which enables Flash encryption feature dut.serial.erase_field_on_emul_efuse([SPI_BOOT_CRYPT_CNT]) @@ -594,7 +597,7 @@ def test_examples_efuse_with_virt_secure_boot_v2_esp32xx(dut: Dut) -> None: dut.expect('Verifying image signature...') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') - if dut.app.target == 'esp32c2': + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): signed_scheme = 'ECDSA' else: signed_scheme = 'RSA-PSS' @@ -687,7 +690,7 @@ def test_example_efuse_with_virt_secure_boot_v2_esp32xx_pre_loaded(dut: Dut) -> dut.expect('Loading virtual efuse blocks from flash') dut.expect('Verifying image signature...') - if dut.app.target == 'esp32c2': + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): signed_scheme = 'ECDSA' else: signed_scheme = 'RSA-PSS' @@ -981,7 +984,10 @@ def test_examples_efuse_with_virt_sb_v2_and_fe_esp32xx(dut: Dut) -> None: dut.expect('Verifying image signature...') dut.expect('secure_boot_v2: Secure boot V2 is not enabled yet and eFuse digest keys are not set') - signed_scheme = 'ECDSA' if dut.app.target == 'esp32c2' else 'RSA-PSS' + if dut.app.sdkconfig.get('SECURE_SIGNED_APPS_ECDSA_V2_SCHEME'): + signed_scheme = 'ECDSA' + else: + signed_scheme = 'RSA-PSS' dut.expect('secure_boot_v2: Verifying with %s...' % signed_scheme) dut.expect('secure_boot_v2: Signature verified successfully!') diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 index d8ca4c9b68..9b3f48228f 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 +++ b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c5 @@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT_V2_ENABLED=y -CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" +CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem" CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y CONFIG_SECURE_FLASH_ENC_ENABLED=y diff --git a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 index 7b20f08885..3f64d4614e 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 +++ b/examples/system/efuse/sdkconfig.ci.virt_sb_v2_and_fe.esp32c61 @@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT_V2_ENABLED=y -CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" +CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem" CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE=y CONFIG_SECURE_FLASH_ENC_ENABLED=y diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 index 1b3297a399..08ebca9f6b 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 +++ b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c5 @@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT_V2_ENABLED=y -CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" +CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem" CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y # IMPORTANT: ONLY VIRTUAL eFuse MODE! diff --git a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61 b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61 index afc034365b..adeb362d9e 100644 --- a/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61 +++ b/examples/system/efuse/sdkconfig.ci.virt_secure_boot_v2.esp32c61 @@ -8,7 +8,7 @@ CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="test/partitions_efuse_emul.csv" CONFIG_SECURE_BOOT=y CONFIG_SECURE_BOOT_V2_ENABLED=y -CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key.pem" +CONFIG_SECURE_BOOT_SIGNING_KEY="test/secure_boot_signing_key_ecdsa_nistp256.pem" CONFIG_SECURE_INSECURE_ALLOW_DL_MODE=y # IMPORTANT: ONLY VIRTUAL eFuse MODE!