def test_sb1x_parse(data_dir):
# insufficient size
with pytest.raises(ValueError):
SecureBootV1.parse(b'')
# invalid signature/tag
with pytest.raises(ValueError):
SecureBootV1.parse(b'0' * 1024)
def test_sb1x_parse():
# insufficient size
with pytest.raises(SPSDKError):
SecureBootV1.parse(b"")
# invalid signature/tag
with pytest.raises(SPSDKError):
SecureBootV1.parse(b"0" * 1024)
def write_sb(cpu_params: CpuParams, image_file_name: str, img: SecureBootV1) -> None:
"""Write SB image to the external flash
The method behaviour depends on TEST_IMG_CONTENT:
- if True (TEST MODE), the method generates the image and compare with previous version
- if False (PRODUCTION), the method generates the image and burn into FLASH
:param cpu_params: processor specific parameters of the test
:param image_file_name: of the image to be written (including file extension)
:param img: image instance to be written
"""
path = os.path.join(cpu_params.data_dir, OUTPUT_IMAGES_SUBDIR, image_file_name)
dbg_info = DebugInfo()
img_data = img.export(dbg_info=dbg_info,
# use the following parameters only for unit test
header_padding8=b'\xdb\x00\x76\x7a\xf4\x81\x0b\x86',
auth_padding=b'\x36\x72\xf4\x99\x92\x05\x34\xd2\xd5\x17\xa0\xf7')
write_dbg_log(cpu_params.data_dir, image_file_name, dbg_info.lines, TEST_IMG_CONTENT)
if TEST_IMG_CONTENT:
assert img.info() # quick check info prints non-empty output
compare_bin_files(path, img_data)
img = SecureBootV1.parse(b'0' + img_data, 1)
dbg_info2 = DebugInfo()
img_data2 = img.export(dbg_info=dbg_info2, header_padding8=b'\xdb\x00\x76\x7a\xf4\x81\x0b\x86',
auth_padding=b'\x36\x72\xf4\x99\x92\x05\x34\xd2\xd5\x17\xa0\xf7')
assert dbg_info.lines == dbg_info2.lines
assert img_data == img_data2
else:
with open(path, 'wb') as f:
f.write(img_data)
mboot = init_flashloader(cpu_params)
assert mboot.receive_sb_file(img_data)
mboot.close()
def test_sb1x_invalid_export():
img = SecureBootV1(version="1.0")
img.append(BootSectionV1(0, SecureBootFlagsV1.ROM_SECTION_BOOTABLE))
img.append(BootSectionV1(1))
img.append(BootSectionV1(2, SecureBootFlagsV1.ROM_SECTION_BOOTABLE))
with pytest.raises(SPSDKError, match="Invalid padding length"):
img.export(auth_padding=bytes(12365))
def test_sb(cpu_params: CpuParams) -> None:
"""Test creation of SB file.
:param cpu_params: processor specific parameters of the test
"""
# timestamp is fixed for the test, do not not for production
timestamp = datetime(year=2020, month=4, day=24, hour=16, minute=33, second=32)
# load application to add into SB
img_name = f'{cpu_params.board}_iled_blinky_ext_FLASH_unsigned_nofcb'
app_data = load_binary(cpu_params.data_dir, OUTPUT_IMAGES_SUBDIR, img_name + '.bin')
boot_img = BootImgRT.parse(app_data) # parse to retrieve IVT offset
sb = SecureBootV1(version=SB_FILE_VERSION, timestamp=timestamp)
sect = BootSectionV1(0, SecureBootFlagsV1.ROM_SECTION_BOOTABLE)
# load 0xc0233007 > 0x2000;
sect.append(CmdFill(INT_RAM_ADDR_DATA, pack("<I", cpu_params.ext_flash_cfg_word0)))
# enable flexspinor 0x2000;
sect.append(CmdMemEnable(INT_RAM_ADDR_DATA, 4, ExtMemId.FLEX_SPI_NOR))
# erase 0x60000000..0x60100000;
sect.append(CmdErase(EXT_FLASH_ADDR, align(boot_img.ivt_offset + boot_img.size, 0x1000)))
# load 0xf000000f > 0x3000;
sect.append(CmdFill(INT_RAM_ADDR_DATA, pack("<I", FCB_FLASH_NOR_CFG_WORD)))
# enable flexspinor 0x3000;
sect.append(CmdMemEnable(INT_RAM_ADDR_DATA, 4, ExtMemId.FLEX_SPI_NOR))
# load myBinFile > kAbsAddr_Ivt;
app_data += b'\x49\x20\x93\x8e\x89\x8F\x43\x88' # this is random padding fixed for the test, not use for production
sect.append(CmdLoad(EXT_FLASH_ADDR + boot_img.ivt_offset, app_data))
#
sb.append(sect)
#
write_sb(cpu_params, img_name + '.sb', sb)
def test_sb1x_basic(data_dir):
"""Basic test of SB 1.x"""
img = SecureBootV1(version='1.0')
assert img.info()
img = SecureBootV1(version='1.2')
assert img.info()
with pytest.raises(ValueError):
img.export() # missing bootable section
assert len(img.sections) == 0
img.append(BootSectionV1(0, SecureBootFlagsV1.ROM_SECTION_BOOTABLE))
img.append(BootSectionV1(1))
img.append(BootSectionV1(2, SecureBootFlagsV1.ROM_SECTION_BOOTABLE))
assert len(img.sections) == 3
data = img.export()
assert data
assert len(data) == img.size
assert SecureBootV1.parse(data)
def test_sb_multiple_sections(cpu_params: CpuParams) -> None:
"""Test creation of SB file with multiple sections.
:param cpu_params: processor specific parameters of the test
"""
if (cpu_params.id != ID_RT1050) and (cpu_params.id != ID_RT1060):
return # this test case is supported only for RT1050 and RT1060
# timestamp is fixed for the test, do not not for production
timestamp = datetime(year=2020,
month=4,
day=24,
hour=15,
minute=33,
second=32,
tzinfo=timezone.utc)
# load application to add into SB
img_name = f"{cpu_params.board}_iled_blinky_ext_FLASH_unsigned_nofcb"
app_data = load_binary(cpu_params.data_dir, OUTPUT_IMAGES_SUBDIR,
img_name + ".bin")
boot_img = BootImgRT.parse(app_data) # parse to retrieve IVT offset
sb = SecureBootV1(version=SB_FILE_VERSION, timestamp=timestamp)
sect = BootSectionV1(0, SecureBootFlagsV1.ROM_SECTION_BOOTABLE)
# load 0xc0233007 > 0x2000;
sect.append(
CmdFill(
INT_RAM_ADDR_DATA,
int.from_bytes(pack("<I", cpu_params.ext_flash_cfg_word0),
"little")))
# enable flexspinor 0x2000;
sect.append(CmdMemEnable(INT_RAM_ADDR_DATA, 4, ExtMemId.FLEX_SPI_NOR))
# erase 0x60000000..0x60010000;
# Note: erasing of long flash region may fail on timeout
# For example this fails on EVK-RT1060: sect.append(CmdErase(EXT_FLASH_ADDR, 0x100000))
sect.append(CmdErase(EXT_FLASH_ADDR, 0x10000))
# load 0xf000000f > 0x3000;
sect.append(
CmdFill(INT_RAM_ADDR_DATA,
int.from_bytes(pack("<I", FCB_FLASH_NOR_CFG_WORD), "little")))
# enable flexspinor 0x3000;
sect.append(CmdMemEnable(INT_RAM_ADDR_DATA, 4, ExtMemId.FLEX_SPI_NOR))
# load myBinFile > kAbsAddr_Ivt;
app_data += b"\xdc\xe8\x6d\x5d\xe9\x8c\xf5\x7c" # this is random padding fixed for the test, not use for production
sect.append(CmdLoad(EXT_FLASH_ADDR + boot_img.ivt_offset, app_data))
#
sb.append(sect)
# add second section, just for the test
sect2 = BootSectionV1(1, SecureBootFlagsV1.ROM_SECTION_BOOTABLE)
sect2.append(
CmdLoad(0x6000F000,
load_binary(cpu_params.srk_data_dir, "SRK_hash_table.bin")))
sb.append(sect2)
#
write_sb(cpu_params, "sb_file_2_sections" + ".sb", sb)
def test_sb1x_invalid_length_section():
sb = SecureBootV1()
with pytest.raises(SPSDKError, match="Invalid length of section"):
sb.first_boot_section_id = 2222
sb.first_boot_section_id = -1