def test_load_schema_file():
"""Test class ValidationSchemas"""
assert isinstance(ValidationSchemas.get_schema_file(TZ_SCH_FILE), dict)
with pytest.raises(SPSDKError):
ValidationSchemas.get_schema_file("total_invalid_name")
def get_validation_schemas(
cls,
include_test_configuration: bool = False) -> List[Dict[str, Any]]:
"""Create the list of validation schemas.
:param include_test_configuration: Add also testing configuration schemas.
:return: List of validation schemas.
"""
mbi_sch_cfg = ValidationSchemas().get_schema_file(MBIMG_SCH_FILE)
crypto_sch_cfg = ValidationSchemas().get_schema_file(CRYPTO_SCH_FILE)
sb3_sch_cfg = ValidationSchemas().get_schema_file(SB3_SCH_FILE)
ret: List[Dict[str, Any]] = []
ret.extend([
mbi_sch_cfg[x] for x in [
"firmware_version",
"use_isk",
"signing_cert_prv_key",
"signing_root_prv_key",
"signing_prv_key_lpc55s3x",
"elliptic_curves",
]
])
ret.extend([
crypto_sch_cfg[x]
for x in ["certificate_v31", "certificate_root_keys"]
])
ret.extend(
[sb3_sch_cfg[x] for x in ["sb3_family", "sb3", "sb3_commands"]])
if include_test_configuration:
ret.append(sb3_sch_cfg["sb3_test"])
return ret
def get_validation_schemas(cls) -> List[Dict[str, Any]]:
"""Create the list of validation schemas.
:return: List of validation schemas.
"""
mbi_sch_cfg = ValidationSchemas().get_schema_file(MBIMG_SCH_FILE)
sb3_sch_cfg = ValidationSchemas().get_schema_file(SB3_SCH_FILE)
ret: List[Dict[str, Any]] = []
ret.extend([mbi_sch_cfg["firmware_version"]])
ret.extend([sb3_sch_cfg[x] for x in ["sb3", "sb3_commands", "sb3_test"]])
return ret
def get_validation_schemas_family(cls) -> List[Dict[str, Any]]:
"""Create the validation schema just for supported families.
:return: List of validation schemas for TZ supported families.
"""
sch_cfg = ValidationSchemas.get_schema_file(TZ_SCH_FILE)
return [sch_cfg["tz_family_rev"]]
def get_validation_schemas(cls) -> List[Dict[str, Any]]:
"""Create the validation schema.
:return: List of validation schemas.
"""
sch_cfg = ValidationSchemas.get_schema_file(TZ_SCH_FILE)
return [sch_cfg["tz"]]
def get_mbi_class(config: Dict[str, Any]) -> Type["MasterBootImage"]:
"""Get Master Boot Image class.
:raises SPSDKUnsupportedImageType: The invalid configuration.
:return: MBI Class.
"""
schema_cfg = ValidationSchemas.get_schema_file(MBIMG_SCH_FILE)
with open(DEVICE_FILE) as f:
device_cfg = YAML(typ="safe").load(f)
# Validate needed configuration to recognize MBI class
check_config(config, [schema_cfg["image_type"], schema_cfg["family"]])
try:
target = get_key_by_val(config["outputImageExecutionTarget"],
device_cfg["map_tables"]["targets"])
authentication = get_key_by_val(
config["outputImageAuthenticationType"],
device_cfg["map_tables"]["authentication"])
family = config["family"]
cls_name = device_cfg["devices"][family]["images"][target][
authentication]
except (KeyError, SPSDKValueError) as exc:
raise SPSDKUnsupportedImageType(
"The type of requested Master boot image is not supported for that device."
) from exc
return globals()[cls_name]
def get_validation_schemas(cls) -> List[Dict[str, Any]]:
"""Create the list of validation schemas.
:return: List of validation schemas.
"""
sch_cfg = ValidationSchemas.get_schema_file(CRYPTO_SCH_FILE)
return [sch_cfg["certificate_v31"], sch_cfg["certificate_root_keys"]]
def get_supported_families() -> List[str]:
"""Return list of supported families.
:return: List of supported families.
"""
tz_sch_cfg = ValidationSchemas().get_schema_file(TZ_SCH_FILE)
tz_families = tz_sch_cfg["tz_family_rev"]
return tz_families["properties"]["family"]["enum"]
def get_supported_families() -> List[str]:
"""Return list of supported families.
:return: List of supported families.
"""
sb3_sch_cfg = ValidationSchemas().get_schema_file(SB3_SCH_FILE)
sb3_families = sb3_sch_cfg["sb3_family"]
return sb3_families["properties"]["family"]["enum"]
def __init__(self, data: dict) -> None:
"""Create object out of data loaded from elf2sb configuration file."""
# Validate input
sch_cfg = ValidationSchemas.get_schema_file(MBIMG_SCH_FILE)
sch_crypto_cfg = ValidationSchemas.get_schema_file(CRYPTO_SCH_FILE)
val_schemas = [
sch_cfg[x] for x in ["cert_prv_key", "signing_root_prv_key"]
]
val_schemas.extend([
sch_crypto_cfg[x]
for x in ["certificate_v2_chain_id", "certificate_root_keys"]
])
check_config(data, val_schemas)
self.config_data = data
self.private_key = data.get("mainCertPrivateKeyFile") or data.get(
"mainRootCertPrivateKeyFile")
if not self.private_key:
raise SPSDKError(
"Private key not specified (mainCertPrivateKeyFile or mainRootCertPrivateKeyFile)"
)
public_keys: List[Optional[str]] = [
data.get(f"rootCertificate{idx}File") for idx in range(4)
]
# filter out None and empty values
self.public_keys = list(filter(None, public_keys))
for org, filtered in zip(public_keys, self.public_keys):
if org != filtered:
raise SPSDKError(
"There are gaps in rootCertificateXFile definition")
# look for keyID; can't use "or" because 0 is a valid number although it's a "falsy" value
data_main_cert_index = data.get("mainCertChainId")
if data_main_cert_index is None:
data_main_cert_index = data.get("mainRootCertId")
if data_main_cert_index is None:
raise SPSDKError(
"Main Cert ID not specified (mainCertChainId or mainRootCertId)"
)
root_cert_file = data.get(f"rootCertificate{data_main_cert_index}File")
if not root_cert_file:
raise SPSDKError(
f"rootCertificate{data_main_cert_index}File doesn't exist")
self.public_key_index = self.public_keys.index(root_cert_file)
def mbi_get_validation_schemas(sch_names: List[str]) -> List[Dict[str, Any]]:
"""Get list of validation schemas by its names.
:return: Validation list of schemas.
"""
schemas = []
schema_cfg = ValidationSchemas.get_schema_file(MBIMG_SCH_FILE)
for sch_name in sch_names:
schemas.append(schema_cfg[sch_name])
return schemas
def get_validation_schemas(cls) -> List[Dict[str, Any]]:
"""Create the validation schema for current image type.
:return: Validation schema.
"""
schemas = []
schema_cfg = ValidationSchemas.get_schema_file(MBIMG_SCH_FILE)
for base in cls._get_mixins():
for sch in base.VALIDATION_SCHEMAS:
schemas.append(deepcopy(schema_cfg[sch]))
schemas.extend(deepcopy(base.mix_get_extra_validation_schemas()))
return schemas
def generate_secure_binary_31(container_conf: click.File) -> None:
"""Geneate SecureBinary image from json configuration file.
:param container_conf: configuration file
:raises SPSDKError: Raised when there is no signing key
"""
config_data = load_configuration(container_conf.name)
schemas = SecureBinary31.get_validation_schemas(
include_test_configuration=True)
schemas.append(
ValidationSchemas.get_schema_file(SB3_SCH_FILE)["sb3_output"])
check_config(config_data, schemas)
sb3 = SecureBinary31.load_from_config(config_data)
sb3_data = sb3.export()
sb3_output_file_path = config_data["containerOutputFile"]
write_file(sb3_data, sb3_output_file_path, mode="wb")
click.echo(
f"Success. (Secure binary 3.1: {sb3_output_file_path} created.)")
def get_validation_schemas(
cls,
family: str,
revision: str = "latest") -> List[Dict[str, Any]]:
"""Create the validation schema.
:param family: Family description.
:param revision: Chip revision specification, as default, latest is used.
:raises SPSDKError: Family or revision is not supported.
:return: List of validation schemas.
"""
config_file = cls.load_config_file()
sch_cfg = ValidationSchemas.get_schema_file(TZ_SCH_FILE)
preset_properties = {}
try:
real_rev = config_file[family][revision]
presets = load_configuration(
os.path.join(TrustZone.PRESET_DIR,
config_file[family]["revisions"][real_rev]))
for key, value in presets.items():
preset_properties[key] = {
"type": ["string", "number"],
"title": "TZ Preset",
"description": f"Preset for {key}",
"format": "number",
"template_value": f"{value}",
}
sch_cfg["tz"]["properties"]["trustZonePreset"].pop(
"patternProperties")
sch_cfg["tz"]["properties"]["trustZonePreset"][
"properties"] = preset_properties
return [sch_cfg["tz_family_rev"], sch_cfg["tz"]]
except (KeyError, SPSDKError) as exc:
raise SPSDKError(
f"Family {family} or {revision} is not supported") from exc
def generate_config_template(cls, family: str) -> Dict[str, str]:
"""Generate configuration for selected family.
:param family: Family description.
:return: Dictionary of individual templates (key is name of template, value is template itself).
"""
ret: Dict[str, str] = {}
if family in cls.get_supported_families():
schemas = cls.get_validation_schemas()
schemas.append(
ValidationSchemas.get_schema_file(SB3_SCH_FILE)["sb3_output"])
override = {}
override["family"] = family
yaml_data = ConfigTemplate(
f"Secure Binary v3.1 Configuration template for {family}.",
schemas,
override,
).export_to_yaml()
ret[f"{family}_sb31"] = yaml_data
return ret