def test_read_data_out_of_ram_range(self, bl):
# Set start address as a valid ram address, but the end address is out of valid ram region
ramStartAddr = common_util.get_memory_start_address(bl, 'ram')
ramTotalSize = common_util.get_memory_total_size(bl, 'ram')
startReadAddr = ramStartAddr + ramTotalSize - 1
readFile = os.path.join(bl.vectorsDir, 'read_data_from_memory.bin')
status, results = bl.read_memory(startReadAddr, 32, readFile)
assert status == bootloader.status.kStatusMemoryRangeInvalid
def test_read_data_from_invalid_ram_address(self, bl):
# Set start address as the end address of ram which should be an invalid address
ramStartAddr = common_util.get_memory_start_address(bl, 'ram')
ramTotalSize = common_util.get_memory_total_size(bl, 'ram')
startReadAddr = ramStartAddr + ramTotalSize
readFile = os.path.join(bl.vectorsDir, 'read_data_from_memory.bin')
status, results = bl.read_memory(startReadAddr, 32, readFile)
assert status == bootloader.status.kStatusMemoryRangeInvalid
def get_BCA_location(bl, bootCore):
if (bootCore == 'core0'):
bcaLocation = bl.target.BL_APP_VECTOR_TABLE_ADDRESS + 0x3C0
elif (bootCore == 'core1'):
flash1StartAddress = common_util.get_memory_start_address(
bl, 'flash', 1)
bcaLocation = flash1StartAddress + 0x3C0
print("BCA location address = 0x%x" % bcaLocation)
return bcaLocation
def get_indicator_address(bl, status):
startAddress = common_util.get_memory_start_address(bl, 'flash')
totalSize = common_util.get_memory_total_size(bl, 'flash')
sectorSize = common_util.get_flash_sector_size(bl)
if status:
#address for reliable update
address = startAddress + totalSize / 2 - sectorSize
return address
else:
#wrong address for test swap indicator address invalid
address = startAddress + totalSize / 2 - sectorSize * 2
return address
def test_erase_region_out_of_flash(self, bl):
address = common_util.get_memory_start_address(
bl, 'flash') + common_util.get_memory_total_size(bl, 'flash')
bytesNumber = common_util.get_flash_sector_size(bl)
status, results = bl.flash_erase_region(address, bytesNumber)
assert status == bootloader.status.kStatusMemoryRangeInvalid
def get_MMCAU_function_ready(bl, mmcauDataResident):
# Get mmcau function info
if bl.target.mmcauBinFileAppPlatform == common_util.kMmcauBinFileAppPlatformType_cm4:
mmcauFuncFilePath = os.path.abspath(
os.path.join(bl.vectorsDir, 'mmcau_sb_file',
'mmcau_function_cm4.bin'))
mmcauAddr_aes_init_start = MMCAU_OFFSET_cm4_aes_init_start
mmcauAddr_aes_encrypt_start = MMCAU_OFFSET_cm4_aes_encrypt_start
mmcauAddr_aes_decrypt_start = MMCAU_OFFSET_cm4_aes_decrypt_start
elif bl.target.mmcauBinFileAppPlatform == common_util.kMmcauBinFileAppPlatformType_cm0p:
mmcauFuncFilePath = os.path.abspath(
os.path.join(bl.vectorsDir, 'mmcau_sb_file',
'mmcau_function_cm0p.bin'))
mmcauAddr_aes_init_start = MMCAU_OFFSET_cm0p_aes_init_start
mmcauAddr_aes_encrypt_start = MMCAU_OFFSET_cm0p_aes_encrypt_start
mmcauAddr_aes_decrypt_start = MMCAU_OFFSET_cm0p_aes_decrypt_start
else:
raise ValueError('Invalid mmcauBinFileAppPlatform.')
# mmcauFuncFileLen = 0x4BC bytes for mmcau_function_cm4.bin
# mmcauFuncFileLen = 0x380 bytes for mmcau_function_cm0p.bin
mmcauFuncFileLen = os.path.getsize(mmcauFuncFilePath)
# Memory address for MMCAU data. The address must be at least 4 bytes aligment because it is a function pointer.
memStartAddr = common_util.get_memory_start_address(bl, mmcauDataResident)
memTotalSize = common_util.get_memory_total_size(bl, mmcauDataResident)
mmcauStart = memStartAddr + memTotalSize - MMCAU_FUNCTION_INFO_SIZE - mmcauFuncFileLen
# Here set 16 bytes down alignment.
mmcauStart = mmcauStart - (mmcauStart & 0xF)
# Create MMCAU info file
mmcauAddr_aes_init_start += mmcauStart
mmcauAddr_aes_encrypt_start += mmcauStart
mmcauAddr_aes_decrypt_start += mmcauStart
mmcauFunctionInfo = ''
mmcauFunctionInfo += MMCAU_FUNCTION_INFO_TAG
mmcauFunctionInfo += hex_to_chr(mmcauFuncFileLen)
mmcauFunctionInfo += hex_to_chr(mmcauAddr_aes_init_start)
mmcauFunctionInfo += hex_to_chr(mmcauAddr_aes_encrypt_start)
mmcauFunctionInfo += hex_to_chr(mmcauAddr_aes_decrypt_start)
mmcauFuncInfoFilePath = os.path.abspath(
os.path.join(bl.vectorsDir, 'mmcau_sb_file',
'mmcau_function_info.bin'))
with open(mmcauFuncInfoFilePath, 'wb') as fileObj:
fileObj.write(mmcauFunctionInfo)
fileObj.close
# Updata the BCA data for mmcauConfigPointer and write BCA data to BL_APP_VECTOR_TABLE_ADDRESS
update_MMCAU_config_pointer_in_BCA(bl, mmcauConfigPointer=mmcauStart)
# Write MMCAU data to memory. MMCAU data includes two parts,
print("Place the mmcau function info to the mmcauConfigPointer = 0x%x:" %
mmcauStart)
print(
"(Note: the info includes the aes_init, aes_encrypt, aes_decrypt function addresses)"
),
status, results = bl.write_memory(mmcauStart, mmcauFuncInfoFilePath)
assert status == bootloader.status.kStatus_Success
print(
"Place the aes_init, aes_encrypt, aes_decrypt function codes to the %s address 0x%x:"
% (mmcauDataResident, mmcauStart + MMCAU_FUNCTION_INFO_SIZE)),
status, results = bl.write_memory(mmcauStart + MMCAU_FUNCTION_INFO_SIZE,
mmcauFuncFilePath)
assert status == bootloader.status.kStatus_Success
return mmcauStart
def security_boot(
bl,
bootCore, # Which core does ROM code boot from?
originalImage, # Original led demo for boot core, which is not signed
certChainLength, # The length of the chain certificates in order of signing
isImageSigningCertCA, # Is the image signing certificate CA?
secureBootEnable, # Secure boot flag
devModeEnable, # Secure boot development mode flag
rootCertTableEntryIndex # Specify which root certificate table entry will be revoked,
# should be 0, 1, 2, 3, other values means no entry will be revoked.
):
# Get flash start address
if (bootCore == 'core0'):
flashStartAddress = common_util.get_memory_start_address(
bl, 'flash', 0)
elif (bootCore == 'core1'):
flashStartAddress = common_util.get_memory_start_address(
bl, 'flash', 1)
(signedImage, rkth0, rkth1, rkth2,
rkth3) = generate_signed_image(bl,
originalImage,
isImageSigningCertCA,
usedRootCertIndex=certChainLength - 1)
# Write the signed led demo to flash
status, results = bl.write_memory(flashStartAddress, signedImage)
assert status == bootloader.status.kStatus_Success
# Program the RKTH to IFR 0x94~0x97
status, results = bl.flash_program_once(0x94, 8, rkth0, 'msb')
assert status == bootloader.status.kStatus_Success
status, results = bl.flash_program_once(0x95, 8, rkth1, 'msb')
assert status == bootloader.status.kStatus_Success
status, results = bl.flash_program_once(0x96, 8, rkth2, 'msb')
assert status == bootloader.status.kStatus_Success
status, results = bl.flash_program_once(0x97, 8, rkth3, 'msb')
assert status == bootloader.status.kStatus_Success
#Enable/Disable secure boot and secure boot development mode
if (secureBootEnable == True and devModeEnable == True):
status, results = bl.flash_program_once(0x98, 8, 'fffffffffffffffa',
'lsb')
assert status == bootloader.status.kStatus_Success
elif (secureBootEnable == True and devModeEnable == False):
status, results = bl.flash_program_once(0x98, 8, 'fffffffffffffff1',
'lsb')
assert status == bootloader.status.kStatus_Success
elif (secureBootEnable == False and devModeEnable == True):
status, results = bl.flash_program_once(0x98, 8, 'fffffffffffffff7',
'lsb')
assert status == bootloader.status.kStatus_Success
elif (secureBootEnable == False and devModeEnable == False):
status, results = bl.flash_program_once(0x98, 8, 'fffffffffffffffc',
'lsb')
assert status == bootloader.status.kStatus_Success
# Revoke the root certificate table entry, the entry number should be 0~3,
# other values means no entry will be revoked.
if (rootCertTableEntryIndex < 0 or rootCertTableEntryIndex > 3):
needRevoke = False
else:
status, results = bl.flash_program_once(0x9c + rootCertTableEntryIndex,
8, '0000000000000000', 'lsb')
assert status == bootloader.status.kStatus_Success
needRevoke = True
# Reset target and wait about 5s
status, results = bl.reset()
assert status == bootloader.status.kStatus_Success
time.sleep(50)
status, results = bl.get_property(1)
# The led demo will never run in the following two cases:
# 1. when secure boot is enabled and the image signing certificate is CA,
# 2. when secure boot is enabled and the the root certificate table entry is revoked.
if ((secureBootEnable == True)
and (isImageSigningCertCA == True or needRevoke == True)):
assert status == bootloader.status.kStatus_Success
else:
assert status != bootloader.status.kStatus_Success