def test_sdhc(cpu_params: CpuParams, image_name: str, tgt_address: int,
dcd: Optional[str], plain0_signed1_encr2: int) -> None:
""" Test creation of unsigned image
:param cpu_params: processor specific parameters of the test
:param image_name: filename of the source image; without file extension; without board prefix
:param tgt_address: address, where the image will be located in the memory (start address of the memory)
:param dcd: file name of the DCD file to be included in the image; None if no DCD needed
:param plain0_signed1_encr2: 0 for unsigned; 1 for signed; 2 for encrypted
"""
image_name = cpu_params.board + '_' + image_name
# create bootable image object
app_data = load_binary(cpu_params.data_dir, image_name + '.bin')
boot_img = BootImgRT(tgt_address, BootImgRT.IVT_OFFSET_OTHER)
boot_img.fcb = PaddingFCB(0, enabled=False)
if dcd:
boot_img.add_dcd_bin(load_binary(cpu_params.data_dir, dcd))
if plain0_signed1_encr2 == 0:
boot_img.add_image(app_data)
suffix = '_sdhc_unsigned.bin'
elif plain0_signed1_encr2 == 1:
_to_authenticated_image(cpu_params, boot_img, app_data, 0)
suffix = '_sdhc_signed.bin'
elif plain0_signed1_encr2 == 2:
_to_authenticated_image(cpu_params, boot_img, app_data, 0)
suffix = '_sdhc_encrypted.bin'
else:
assert False
# write image to disk and to processor
write_image(cpu_params, image_name + suffix, boot_img)
def test_bee_unsigned_sw_key(cpu_params: CpuParams) -> None:
"""Test encrypted XIP unsigned image with user keys.
It is supposed the SRK_KEY_SEL fuse is burned.
It is supposed the user key is burned in SW_GP2 fuses.
:param cpu_params: processor specific parameters of the test
"""
img = BootImgRT(EXT_FLASH_ADDR)
img.add_image(
load_binary(cpu_params.data_dir,
f'{cpu_params.board}_iled_blinky_ext_FLASH.bin'))
# the following parameters are fixed for the test only, to produce stable result; for production use random number
cntr1 = bytes.fromhex('112233445566778899AABBCC00000000')
kib_key1 = bytes.fromhex('C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0')
kib_iv1 = bytes.fromhex('1112131415161718191A1B1C1D1E1F10')
cntr2 = bytes.fromhex('2233445566778899AABBCCDD00000000')
kib_key2 = bytes.fromhex('C1C2C3C4C5C6C7C8C9CACBCCCDCECFC2')
kib_iv2 = bytes.fromhex('2122232425262728292A2B2C2D2E2F20')
# Add two regions as an example (even this is probably not real use case)
# BEE region 0
sw_key = bytes.fromhex('0123456789abcdeffedcba9876543210')
region = BeeRegionHeader(BeeProtectRegionBlock(counter=cntr1), sw_key,
BeeKIB(kib_key1, kib_iv1))
region.add_fac(BeeFacRegion(EXT_FLASH_ADDR + 0x1000, 0x2000))
region.add_fac(BeeFacRegion(EXT_FLASH_ADDR + 0x3800, 0x800))
img.bee.add_region(region)
# BEE region 1 (this is just example, the is no code in the region)
sw_key = bytes.fromhex('F123456789abcdeffedcba987654321F')
region = BeeRegionHeader(BeeProtectRegionBlock(counter=cntr2), sw_key,
BeeKIB(kib_key2, kib_iv2))
region.add_fac(BeeFacRegion(EXT_FLASH_ADDR + 0x100000, 0x1000))
img.bee.add_region(region)
#
out_name = cpu_params.board + '_iled_blinky_ext_FLASH_bee_userkey_unsigned.bin'
write_image(cpu_params, out_name, img)
def test_invalid_image():
img = BootImgRT(address=0x60000000)
with pytest.raises(SPSDKError):
img.add_image(bytes([1]) * 1024, address=0x20000000, dek_key=b"")
with pytest.raises(SPSDKError):
img.add_image(bytes([0]) * 1024,
address=0x20000000,
dek_key=b"\x00\x00\x00")
def test_bootimage_rt10xx_add_encrypted_image_invalid():
img = BootImgRT(0x20000000)
test_app_data = bytes(1024)
with pytest.raises(SPSDKError, match="Invalid image type"):
img.add_image(test_app_data, address=0x20000000, img_type=7)
with pytest.raises(
SPSDKError,
match=
"entry_addr not detected from image, must be specified explicitly"
):
img.add_image(test_app_data, address=-1)
def test_unsigned(cpu_params: CpuParams, image_name: str, tgt_address: int, dcd: Optional[str]) -> None:
""" Test creation of unsigned image
:param cpu_params: processor specific parameters of the test
:param image_name: filename of the source image; without file extension; without {board} prefix
:param tgt_address: address, where the image will be located in the memory (start address of the memory)
:param dcd: file name of the DCD file to be included in the image; None if no DCD needed
"""
image_name = cpu_params.board + '_' + image_name
# create bootable image object
app_data = load_binary(cpu_params.data_dir, image_name + '.bin')
boot_img = BootImgRT(tgt_address)
boot_img.add_image(app_data)
if dcd:
boot_img.add_dcd_bin(load_binary(cpu_params.data_dir, dcd))
# write image to disk and to processor
write_image(cpu_params, image_name + '_unsigned.bin', boot_img)
def main() -> None:
"""Main function."""
# Create Boot Image instance
img = BootImgRT(address=0x20000000, version=0x40)
# Add DCD segment
with open(f"{DATA_DIR}/dcd.txt", "r") as f_txt:
img.dcd = SegDCD.parse_txt(f_txt.read())
# Add application segment
with open(f"{DATA_DIR}/plain_load_ivt_flashloader.bin", "rb") as f_bin:
img.add_image(data=f_bin.read())
# Print image info
print(img.info())
# Save into file
with open(f"{DATA_DIR}/flashloader.imx", "wb") as f:
f.write(img.export())
def test_nor_flash_fcb(cpu_params: CpuParams, fcb: bool) -> None:
"""Test unsigned image with FCB NOR FLASH block
:param cpu_params: processor specific parameters of the test
:param fcb: True to include FCB block to output image; False to exclude
"""
image_name = f'{cpu_params.board}_iled_blinky_ext_FLASH'
# create bootable image object
app_data = load_binary(cpu_params.data_dir, image_name + '.bin')
boot_img = BootImgRT(EXT_FLASH_ADDR)
boot_img.add_image(app_data)
if fcb:
boot_img.set_flexspi_fcb(load_binary(cpu_params.data_dir, 'flex_spi.fcb'))
else:
boot_img.fcb = PaddingFCB(0, enabled=False)
# write image to disk and to processor
suffix = '_unsigned_fcb.bin' if fcb else '_unsigned_nofcb.bin'
write_image(cpu_params, image_name + suffix, boot_img)
def _to_authenticated_image(cpu_params: CpuParams, boot_img: BootImgRT, app_data: bytes, srk_key_index: int,
entry_addr: int = -1, dek: Optional[bytes] = None, nonce: Optional[bytes] = None) -> None:
"""Configures given bootable image to authenticated image or encrypted image
:param cpu_params: processor specific parameters of the test
:param boot_img: bootable image to be updated (converted to signed or encrypted)
:param app_data: data of the binary application
:param srk_key_index: index of the SRK key used, 0-3
:param entry_addr: start address of the application; -1 to detect the address from the image
:param dek: key for encrypted image:
- None if image is not encrypted
- empty value for image encrypted with random key
- full key for test purposes
:param nonce: optional initialization vector for AES encryption; None to use random value (recommended)
:return: BootImageRT with application configured as signed or encrypted
"""
assert 0 <= srk_key_index <= 3
boot_img.add_image(app_data, address=entry_addr, dek_key=dek, nonce=nonce)
# test method `decrypted_app_data`
if dek:
decr_app = boot_img.decrypted_app_data
assert (len(decr_app) == align(len(app_data), MAC.AES128_BLK_LEN)) and (decr_app[:len(app_data)] == app_data)
else:
assert boot_img.decrypted_app_data == app_data
csf_prefix = 'CSF' + str(srk_key_index + 1) + '_1_sha256_2048_65537_v3_usr_'
img_prefix = 'IMG' + str(srk_key_index + 1) + '_1_sha256_2048_65537_v3_usr_'
csf_priv_key = load_pem_private_key(load_binary(cpu_params.keys_data_dir, csf_prefix + 'key.pem'),
password=PRIV_KEY_PASSWORD, backend=default_backend())
img_priv_key = load_pem_private_key(load_binary(cpu_params.keys_data_dir, img_prefix + 'key.pem'),
password=PRIV_KEY_PASSWORD, backend=default_backend())
csf_priv_key_data = csf_priv_key.private_bytes(encoding=Encoding.PEM, format=PrivateFormat.PKCS8,
encryption_algorithm=NoEncryption())
img_priv_key_data = img_priv_key.private_bytes(encoding=Encoding.PEM, format=PrivateFormat.PKCS8,
encryption_algorithm=NoEncryption())
if dek is None:
boot_img.add_csf_standard_auth(CSF_VERSION, srk_table4(cpu_params), srk_key_index,
load_binary(cpu_params.cert_data_dir, csf_prefix + 'crt.pem'), csf_priv_key_data,
load_binary(cpu_params.cert_data_dir, img_prefix + 'crt.pem'), img_priv_key_data)
else:
boot_img.add_csf_encrypted(CSF_VERSION, srk_table4(cpu_params), srk_key_index,
load_binary(cpu_params.cert_data_dir, csf_prefix + 'crt.pem'), csf_priv_key_data,
load_binary(cpu_params.cert_data_dir, img_prefix + 'crt.pem'), img_priv_key_data)
def test_nor_flash_fcb(cpu_params: CpuParams, fcb: bool) -> None:
"""Test unsigned image with FCB NOR FLASH block
:param cpu_params: processor specific parameters of the test
:param fcb: True to include FCB block to output image; False to exclude
"""
if (cpu_params.id != ID_RT1050) and (cpu_params.id != ID_RT1060):
return # this test case is supported only for RT1050 and RT1060
image_name = f"{cpu_params.board}_iled_blinky_ext_FLASH"
# create bootable image object
app_data = load_binary(cpu_params.data_dir, image_name + ".bin")
boot_img = BootImgRT(EXT_FLASH_ADDR)
boot_img.add_image(app_data)
if fcb:
boot_img.set_flexspi_fcb(
load_binary(cpu_params.data_dir, "flex_spi.fcb"))
else:
boot_img.fcb = PaddingFCB(0, enabled=False)
# write image to disk and to processor
suffix = "_unsigned_fcb.bin" if fcb else "_unsigned_nofcb.bin"
write_image(cpu_params, image_name + suffix, boot_img)
def test_bootimage_rt10xx_add_encrypted_image():
"""Test add_image with encryption parameters"""
img = BootImgRT(0x20000000)
test_app_data = bytes([0]) * 1024
img.add_image(test_app_data, address=0x20000000, dek_key=b"")
assert len(img.dek_key) == 16
# test invalid dek key length
img = BootImgRT(0x20000000)
with pytest.raises(SPSDKError):
img.add_image(test_app_data, address=0x20000000, dek_key=b"x")
# test image already added
with pytest.raises(SPSDKError):
img.add_image(test_app_data,
address=0x20000000,
dek_key=b"0123456789123456")
