From 977b6e8975addd986a52fc005cbebd4b017405a0 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Mon, 23 Dec 2019 13:34:24 +0100
Subject: [PATCH 1/2] Fixed CS pin pullup release

---
 hal/spi/spi_drv_stm32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hal/spi/spi_drv_stm32.c b/hal/spi/spi_drv_stm32.c
index c92ab05b..65a9ff71 100644
--- a/hal/spi/spi_drv_stm32.c
+++ b/hal/spi/spi_drv_stm32.c
@@ -112,7 +112,7 @@ static void spi_pins_release(void)
 
     /* Release CS */
     SPI_PIO_CS_MODE &= ~ (0x03 << (SPI_CS_FLASH * 2));
-    SPI_PIO_CS_PUPD &= ~ (0x03 <<  (SPI_CS_TPM * 2));
+    SPI_PIO_CS_PUPD &= ~ (0x03 <<  (SPI_CS_FLASH * 2));
 
 }
 

From 8e24b472fdb72e7fa5dd49d23d2b2cd46bf124a5 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Mon, 23 Dec 2019 13:34:50 +0100
Subject: [PATCH 2/2] Added tests for TPM, RSA. New testbed with shared SPI
 bus.

---
 lib/wolfssl                                   |  2 +-
 .../test-expect-version/test-expect-version.c |  2 +-
 tools/test.mk                                 | 62 +++++++++++++++++--
 3 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/lib/wolfssl b/lib/wolfssl
index 45d55c8f..e8380b3f 160000
--- a/lib/wolfssl
+++ b/lib/wolfssl
@@ -1 +1 @@
-Subproject commit 45d55c8f38b9e3a68fe7b2221b51bb5c060dfb4d
+Subproject commit e8380b3f8f4ade7b8893692eb2ba8d75dad46f6a
diff --git a/tools/test-expect-version/test-expect-version.c b/tools/test-expect-version/test-expect-version.c
index 3ff37867..5387ecde 100644
--- a/tools/test-expect-version/test-expect-version.c
+++ b/tools/test-expect-version/test-expect-version.c
@@ -87,7 +87,7 @@ int main(int argc, char** argv)
     tty.c_cc[VTIME] = 5;
     tcsetattr(serialfd, TCSANOW, &tty);
 
-    alarm(30);
+    alarm(60);
 
     while (i >= 0) {
         char c;
diff --git a/tools/test.mk b/tools/test.mk
index 8a5fec5e..bac44ae4 100644
--- a/tools/test.mk
+++ b/tools/test.mk
@@ -14,6 +14,10 @@ ifeq ($(SIGN),ECC256)
   SIGN_TOOL=tools/keytools/sign.py --ecc256
 endif
 
+ifeq ($(SIGN),RSA2048)
+  SIGN_TOOL=tools/keytools/sign.py --rsa2048
+endif
+
 
 $(EXPVER):
 	make -C tools/test-expect-version
@@ -21,8 +25,22 @@ $(EXPVER):
 # Testbed actions
 #
 #
+#
+testbed-on: FORCE
+	@if ! (test -d /sys/class/gpio/gpio4); then echo "4" > /sys/class/gpio/export || true; fi
+	@echo "out" >/sys/class/gpio/gpio4/direction
+	@echo "0" >/sys/class/gpio/gpio4/value || true
+	@echo "Testbed on."
+
+testbed-off: FORCE
+	@if ! (test -d /sys/class/gpio/gpio4); then echo "4" > /sys/class/gpio/export || true; fi
+	@echo "out" >/sys/class/gpio/gpio4/direction
+	@echo "1" >/sys/class/gpio/gpio4/value || true
+	@echo "Testbed off."
 
 test-spi-on: FORCE
+	@make testbed-off
+	@echo "7" >/sys/class/gpio/unexport || true
 	@echo "8" >/sys/class/gpio/unexport || true
 	@echo "9" >/sys/class/gpio/unexport || true
 	@echo "10" >/sys/class/gpio/unexport || true
@@ -33,6 +51,7 @@ test-spi-on: FORCE
 test-spi-off: FORCE
 	@rmmod spi_bcm2835
 	@rmmod spidev
+	@echo "7" >/sys/class/gpio/export
 	@echo "8" >/sys/class/gpio/export
 	@echo "9" >/sys/class/gpio/export
 	@echo "10" >/sys/class/gpio/export
@@ -41,6 +60,16 @@ test-spi-off: FORCE
 	@echo "in" >/sys/class/gpio/gpio9/direction
 	@echo "in" >/sys/class/gpio/gpio10/direction
 	@echo "in" >/sys/class/gpio/gpio11/direction
+	@make testbed-on
+
+test-tpm-off: FORCE
+	@if ! (test -d /sys/class/gpio/gpio7); then echo "7" > /sys/class/gpio/export || true; fi
+	@echo "out" >/sys/class/gpio/gpio7/direction
+	@echo "1" >/sys/class/gpio/gpio7/value || true
+
+test-tpm-on: FORCE
+	@echo "7" >/sys/class/gpio/unexport || true
+
 
 test-update: test-app/image.bin FORCE
 	@dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-update.bin
@@ -78,6 +107,7 @@ test-update-ext: test-app/image.bin FORCE
 	@make test-spi-on
 	flashrom -c $(SPI_CHIP) -p linux_spi:dev=/dev/spidev0.0 -w test-update.rom
 	@make test-spi-off
+	@make test-tpm-off
 	@make test-reset
 	@sleep 2
 	@make clean
@@ -93,17 +123,21 @@ test-erase-ext: FORCE
 	@echo Mass-erasing the external SPI flash:
 	flashrom -c $(SPI_CHIP) -p linux_spi:dev=/dev/spidev0.0 -E
 	@make test-spi-off
+	@make test-tpm-off
 
 
 test-factory: factory.bin
 	@make test-reset
 	@sleep 2
 	@st-flash --reset write factory.bin 0x08000000 || \
-		(make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000) || \
-		(make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000)
+		((make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000) || \
+		(make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000))&
+
+test-resetold: FORCE
+	@$$(sleep 1 && st-info --reset) &
 
 test-reset: FORCE
-	@$$(sleep 1 && st-info --reset) &
+	@$$(sleep 1 && make testbed-off && sleep 1 && make testbed-on) &
 
 
 
@@ -237,8 +271,28 @@ test-34-forward-self-update: $(EXPVER) FORCE
 test-44-forward-self-update-ECC: $(EXPVER) FORCE
 	@make test-34-forward-self-update SIGN=ECC256
 
+test-51-forward-update-no-downgrade-RSA: $(EXPVER) FORCE
+	@make test-01-forward-update-no-downgrade SIGN=RSA2048
+
+test-53-rollback-RSA: $(EXPVER) FORCE
+	@make test-03-rollback SIGN=RSA2048
+
+test-61-forward-update-no-downgrade-TPM: $(EXPVER) FORCE
+	@make test-tpm-on
+	@make test-01-forward-update-no-downgrade SIGN=ECC256 WOLFTPM=1
+	@make test-tpm-off
+
+test-63-rollback-TPM: $(EXPVER) FORCE
+	@make test-tpm-on
+	@make test-03-rollback SIGN=ECC256 WOLFTPM=1
+	@make test-tpm-off
+
 
 test-all: clean test-01-forward-update-no-downgrade test-02-forward-update-allow-downgrade test-03-rollback \
 	test-11-forward-update-no-downgrade-ECC test-13-rollback-ECC test-21-forward-update-no-downgrade-SPI test-23-rollback-SPI \
 	test-34-forward-self-update \
-	test-44-forward-self-update-ECC
+	test-44-forward-self-update-ECC \
+	test-51-forward-update-no-downgrade-RSA \
+	test-53-rollback-RSA \
+	test-61-forward-update-no-downgrade-TPM \
+	test-63-rollback-TPM