mirror of https://github.com/wolfSSL/wolfBoot.git
367 lines
12 KiB
Makefile
367 lines
12 KiB
Makefile
TEST_UPDATE_VERSION?=2
|
|
WOLFBOOT_VERSION?=0
|
|
EXPVER=tools/test-expect-version/test-expect-version
|
|
SPI_CHIP=SST25VF080B
|
|
SPI_OPTIONS=SPI_FLASH=1 WOLFBOOT_PARTITION_SIZE=0x80000 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000 WOLFBOOT_PARTITION_SWAP_ADDRESS=0x80000
|
|
SIGN_ARGS=
|
|
|
|
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen)","")
|
|
KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen
|
|
else
|
|
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","")
|
|
KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe
|
|
else
|
|
KEYGEN_TOOL=python3 $(WOLFBOOT_ROOT)/tools/keytools/keygen.py
|
|
endif
|
|
endif
|
|
|
|
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign)","")
|
|
SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign
|
|
else
|
|
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","")
|
|
SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe
|
|
else
|
|
SIGN_TOOL=python3 $(WOLFBOOT_ROOT)/tools/keytools/sign.py
|
|
endif
|
|
endif
|
|
|
|
ifeq ($(SIGN),ED25519)
|
|
SIGN_ARGS+= --ed25519
|
|
endif
|
|
|
|
ifeq ($(SIGN),ECC256)
|
|
SIGN_ARGS+= --ecc256
|
|
endif
|
|
|
|
ifeq ($(SIGN),RSA2048)
|
|
SIGN_ARGS+= --rsa2048
|
|
endif
|
|
|
|
ifeq ($(SIGN),RSA4096)
|
|
SIGN_ARGS+= --rsa4096
|
|
endif
|
|
|
|
ifeq ($(HASH),SHA256)
|
|
SIGN_ARGS+= --sha256
|
|
endif
|
|
ifeq ($(HASH),SHA3)
|
|
SIGN_ARGS+= --sha3
|
|
endif
|
|
|
|
$(EXPVER):
|
|
make -C tools/test-expect-version
|
|
|
|
# Testbed actions
|
|
#
|
|
#
|
|
# tpm-mute mode is the default
|
|
#
|
|
tpm-mute:
|
|
@if ! (test -d /sys/class/gpio/gpio7); then echo "7" > /sys/class/gpio/export || true; fi
|
|
@echo "out" >/sys/class/gpio/gpio7/direction
|
|
@echo "1" >/sys/class/gpio/gpio7/value || true
|
|
|
|
tpm-unmute:
|
|
@if ! (test -d /sys/class/gpio/gpio7); then echo "7" > /sys/class/gpio/export || true; fi
|
|
@echo "in" >/sys/class/gpio/gpio7/direction
|
|
|
|
testbed-on: FORCE
|
|
@if ! (test -d /sys/class/gpio/gpio4); then echo "4" > /sys/class/gpio/export || true; fi
|
|
@echo "out" >/sys/class/gpio/gpio4/direction
|
|
@echo "0" >/sys/class/gpio/gpio4/value || true
|
|
@make tpm-mute
|
|
@echo "Testbed on."
|
|
|
|
testbed-off: FORCE
|
|
@make tpm-mute
|
|
@if ! (test -d /sys/class/gpio/gpio4); then echo "4" > /sys/class/gpio/export || true; fi
|
|
@echo "out" >/sys/class/gpio/gpio4/direction
|
|
@echo "1" >/sys/class/gpio/gpio4/value || true
|
|
@echo "Testbed off."
|
|
|
|
|
|
test-reset: FORCE
|
|
@(sleep 1 && st-flash reset && sleep 1)&
|
|
|
|
test-spi-on: FORCE
|
|
@make testbed-off
|
|
@echo "8" >/sys/class/gpio/unexport || true
|
|
@echo "9" >/sys/class/gpio/unexport || true
|
|
@echo "10" >/sys/class/gpio/unexport || true
|
|
@echo "11" >/sys/class/gpio/unexport || true
|
|
@modprobe spi_bcm2835
|
|
@modprobe spidev
|
|
|
|
test-spi-off: FORCE
|
|
@rmmod spi_bcm2835 || true
|
|
@rmmod spidev || true
|
|
@echo "8" >/sys/class/gpio/export || true
|
|
@echo "9" >/sys/class/gpio/export || true
|
|
@echo "10" >/sys/class/gpio/export || true
|
|
@echo "11" >/sys/class/gpio/export || true
|
|
@echo "in" >/sys/class/gpio/gpio8/direction
|
|
@echo "in" >/sys/class/gpio/gpio9/direction
|
|
@echo "in" >/sys/class/gpio/gpio10/direction
|
|
@echo "in" >/sys/class/gpio/gpio11/direction
|
|
@make testbed-on
|
|
|
|
test-update: test-app/image.bin FORCE
|
|
@dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-update.bin
|
|
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
|
|
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc
|
|
@printf "pBOOT" >> test-update.bin
|
|
@make test-reset
|
|
@sleep 2
|
|
@st-flash --reset write test-update.bin 0x08040000 || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-update.bin 0x08040000) || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-update.bin 0x08040000)
|
|
|
|
test-self-update: wolfboot.bin test-app/image.bin FORCE
|
|
@mv $(PRIVATE_KEY) private_key.old
|
|
@make clean
|
|
@rm src/*_pub_key.c
|
|
@make factory.bin RAM_CODE=1 WOLFBOOT_VERSION=$(WOLFBOOT_VERSION) SIGN=$(SIGN)
|
|
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
|
|
@st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000)
|
|
@dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-self-update.bin
|
|
@$(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION)
|
|
@dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc
|
|
@printf "pBOOT" >> test-self-update.bin
|
|
@st-flash --reset write test-self-update.bin 0x08040000 || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000) || \
|
|
(make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000)
|
|
|
|
test-update-ext: test-app/image.bin FORCE
|
|
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
|
|
@(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom)
|
|
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc
|
|
@printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc
|
|
@make test-spi-on || true
|
|
flashrom -c $(SPI_CHIP) -p linux_spi:dev=/dev/spidev0.0 -w test-update.rom
|
|
@make test-spi-off
|
|
@make test-reset
|
|
@sleep 2
|
|
@make clean
|
|
|
|
test-erase: FORCE
|
|
@echo Mass-erasing the internal flash:
|
|
@make test-reset
|
|
@sleep 2
|
|
@st-flash erase
|
|
|
|
test-erase-ext: FORCE
|
|
@make test-spi-on || true
|
|
@echo Mass-erasing the external SPI flash:
|
|
flashrom -c $(SPI_CHIP) -p linux_spi:dev=/dev/spidev0.0 -E
|
|
@make test-spi-off || true
|
|
|
|
test-factory: factory.bin
|
|
@make test-reset
|
|
@sleep 2
|
|
@st-flash --reset write factory.bin 0x08000000 || \
|
|
((make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000) || \
|
|
(make test-reset && sleep 1 && st-flash --reset write factory.bin 0x08000000))&
|
|
|
|
test-resetold: FORCE
|
|
@(sleep 1 && st-info --reset) &
|
|
|
|
|
|
|
|
|
|
## Test cases:
|
|
|
|
test-01-forward-update-no-downgrade: $(EXPVER) FORCE
|
|
@make test-erase
|
|
@echo Creating and uploading factory image...
|
|
@make test-factory
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=4
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=1
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-02-forward-update-allow-downgrade: $(EXPVER) FORCE
|
|
@make test-erase
|
|
@echo Creating and uploading factory image...
|
|
@make test-factory ALLOW_DOWNGRADE=1
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=4
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=2
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 2)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-03-rollback: $(EXPVER) FORCE
|
|
@make test-erase
|
|
@echo Creating and uploading factory image...
|
|
@make test-factory
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=4
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update TEST_UPDATE_VERSION=5
|
|
@echo Expecting version '5'
|
|
@(test `$(EXPVER)` -eq 5)
|
|
@echo
|
|
@echo Resetting to trigger rollback...
|
|
@make test-reset
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-11-forward-update-no-downgrade-ECC: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=ECC256
|
|
|
|
test-13-rollback-ECC: $(EXPVER) FORCE
|
|
@make test-03-rollback SIGN=ECC256
|
|
|
|
test-21-forward-update-no-downgrade-SPI: $(EXPVER) FORCE
|
|
@make test-erase-ext
|
|
@echo Creating and uploading factory image...
|
|
@make test-factory $(SPI_OPTIONS)
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update-ext TEST_UPDATE_VERSION=4 $(SPI_OPTIONS)
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update-ext TEST_UPDATE_VERSION=1 $(SPI_OPTIONS)
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-23-rollback-SPI: $(EXPVER) FORCE
|
|
@make test-erase-ext
|
|
@echo Creating and uploading factory image...
|
|
@make test-factory $(SPI_OPTIONS)
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update-ext TEST_UPDATE_VERSION=4 $(SPI_OPTIONS)
|
|
@echo Expecting version '4'
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@echo
|
|
@echo Creating and uploading update image...
|
|
@make test-update-ext TEST_UPDATE_VERSION=5 $(SPI_OPTIONS)
|
|
@echo Expecting version '5'
|
|
@(test `$(EXPVER)` -eq 5)
|
|
@echo
|
|
@echo Resetting to trigger rollback...
|
|
@make test-reset
|
|
@sleep 2
|
|
@(test `$(EXPVER)` -eq 4)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-34-forward-self-update: $(EXPVER) FORCE
|
|
@echo Creating and uploading factory image...
|
|
@make clean
|
|
@make distclean
|
|
@make test-factory RAM_CODE=1 SIGN=$(SIGN)
|
|
@echo Expecting version '1'
|
|
@(test `$(EXPVER)` -eq 1)
|
|
@echo
|
|
@echo Updating keys, firmware, bootloader
|
|
@make test-self-update WOLFBOOT_VERSION=4 RAM_CODE=1 SIGN=$(SIGN)
|
|
@sleep 2
|
|
@(test `$(EXPVER)` -eq 2)
|
|
@make clean
|
|
@echo TEST PASSED
|
|
|
|
test-44-forward-self-update-ECC: $(EXPVER) FORCE
|
|
@make test-34-forward-self-update SIGN=ECC256
|
|
|
|
test-51-forward-update-no-downgrade-RSA: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=RSA2048
|
|
|
|
test-53-rollback-RSA: $(EXPVER) FORCE
|
|
@make test-03-rollback SIGN=RSA2048
|
|
|
|
test-61-forward-update-no-downgrade-TPM: $(EXPVER) FORCE
|
|
@make test-spi-off || true
|
|
@make tpm-unmute
|
|
@make test-01-forward-update-no-downgrade SIGN=ECC256 WOLFTPM=1 TPM2=1
|
|
@make tpm-mute
|
|
|
|
test-63-rollback-TPM: $(EXPVER) FORCE
|
|
@make test-spi-off || true
|
|
@make tpm-unmute
|
|
@make test-03-rollback SIGN=ECC256 WOLFTPM=1
|
|
@make tpm-mute
|
|
|
|
test-71-forward-update-no-downgrade-RSA-4096: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=RSA4096
|
|
|
|
test-73-rollback-RSA-4096: $(EXPVER) FORCE
|
|
@make test-03-rollback SIGN=RSA4096
|
|
|
|
test-81-forward-update-no-downgrade-ED25519-SHA3: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=ED25519 HASH=SHA3
|
|
|
|
test-91-forward-update-no-downgrade-ECC256-SHA3: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=ECC256 HASH=SHA3
|
|
|
|
test-101-forward-update-no-downgrade-RSA2048-SHA3: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=RSA2048 HASH=SHA3
|
|
|
|
test-111-forward-update-no-downgrade-RSA4096-SHA3: $(EXPVER) FORCE
|
|
@make test-01-forward-update-no-downgrade SIGN=RSA4096 HASH=SHA3
|
|
|
|
test-161-forward-update-no-downgrade-TPM-RSA: $(EXPVER) FORCE
|
|
@make test-spi-off || true
|
|
@make tpm-unmute
|
|
@make test-01-forward-update-no-downgrade SIGN=RSA2048 WOLFTPM=1
|
|
@make tpm-mute
|
|
|
|
test-163-rollback-TPM-RSA: $(EXPVER) FORCE
|
|
@make test-spi-off || true
|
|
@make tpm-unmute
|
|
@make test-03-rollback SIGN=RSA2048 WOLFTPM=1
|
|
@make tpm-mute
|
|
|
|
test-all: clean test-01-forward-update-no-downgrade test-02-forward-update-allow-downgrade test-03-rollback \
|
|
test-11-forward-update-no-downgrade-ECC test-13-rollback-ECC test-21-forward-update-no-downgrade-SPI test-23-rollback-SPI \
|
|
test-34-forward-self-update \
|
|
test-44-forward-self-update-ECC \
|
|
test-51-forward-update-no-downgrade-RSA \
|
|
test-53-rollback-RSA \
|
|
test-61-forward-update-no-downgrade-TPM \
|
|
test-63-rollback-TPM \
|
|
test-71-forward-update-no-downgrade-RSA-4096 \
|
|
test-73-rollback-RSA-4096 \
|
|
test-81-forward-update-no-downgrade-ED25519-SHA3 \
|
|
test-91-forward-update-no-downgrade-ECC256-SHA3 \
|
|
test-101-forward-update-no-downgrade-RSA2048-SHA3 \
|
|
test-111-forward-update-no-downgrade-RSA4096-SHA3 \
|
|
test-161-forward-update-no-downgrade-TPM-RSA \
|
|
test-163-rollback-TPM-RSA
|