Enable and provision the SCP03 keys on a TEE controlled secured elemt
from the U-Boot shell.
Executing this command will generate and program new SCP03 encryption
keys on the secure element NVM.
Depending on the TEE implementation, the keys would then be stored in
some persistent storage or better derived from some platform secret
(so they can't be lost).
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.
For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.
To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).
For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
check:
core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
The 'reset' command now resets sandbox but does not quit it. Fix the
instructions.
Fixes: 329dccc067 ("sandbox: implement reset")
Signed-off-by: Simon Glass <sjg@chromium.org>
Some format strings use the wrong type. Fix them.
Example warnings:
In file included from test/dm/acpi.c:22:
test/dm/acpi.c: In function ‘dm_test_acpi_cmd_list’:
test/dm/acpi.c:362:21: warning: format ‘%lx’ expects argument of type
‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformat=]
ut_assert_nextline("RSDP %08lx %06lx (v02 U-BOOT)", addr,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(struct acpi_rsdp));
~~~~~~~~~~~~~~~~~~~~~~~~
include/test/ut.h:282:33: note: in definition of macro ‘ut_assert_nextline’
if (ut_check_console_line(uts, fmt, ##args)) { \
^~~
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the warning:
drivers/tpm/tpm2_tis_sandbox.c: In function ‘sandbox_tpm2_xfer’:
drivers/tpm/tpm2_tis_sandbox.c:288:48: warning: format ‘%ld’ expects
argument of type ‘long int’, but argument 2 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
printf("TPM2: Unmatching length, received: %ld, expected: %d\n",
~~^
%d
send_size, length);
~~~~~~~~~
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We don't need to enable logging to run this command since the output will
still appear. Drop the 'select'.
Signed-off-by: Simon Glass <sjg@chromium.org>
The existing log_ret() and log_msg_ret() macros consider an error to be
less than zero. But some function may return a positive number to indicate
a different kind of failure. Add macros to check for that also.
Signed-off-by: Simon Glass <sjg@chromium.org>
When multiple log() calls are used which don't end in newline, the
log prefix is prepended multiple times in the same line. This makes the
output look strange.
Fix this by detecting when the previous log record did not end in newline.
In that case, setting a flag.
Drop the unused BUFFSIZE in the test while we are here.
As an example implementation, update log_console to check the flag and
produce the expected output.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present only a single flag (force_debug) is used in log records. Before
adding more, convert this into a bitfield, so more can be added without
using more space.
To avoid expanding the log_record struct itself (which some drivers may
wish to store in memory) reduce the line-number field to 16 bits. This
provides for up to 64K lines which should be enough for anyone.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a second on writing tests, covering when to use Python and C, where
to put the tests, etc. Add a link to the existing Python test
documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present some of the documentation about running sandbox tests is in the
sandbox docs. It makes more sense to put it in with the other testing
docs, with a link there from sandbox. Update the documentation
accordingly.
Also add a paragraph explaining why sandbox exists and the test philosophy
that it uses.
Signed-off-by: Simon Glass <sjg@chromium.org>
As an example of an SPL test, add a new test for loading a FIT within
SPL. This runs on sandbox_spl. For this to work, the text base is adjusted
so that there is plenty of space available.
While we are here, document struct spl_load_info properly, since this is
currently ambiguous.
This test only verifies the logic path. It does not actually check that
the image is loaded correctly. It is not possible for sandbox's SPL to
actually run u-boot.img since it currently includes u-boot.bin rather than
u-boot. Further work could expand the test in that direction.
The need for this was noted at:
http://patchwork.ozlabs.org/project/uboot/patch/20201216000944.2832585-3-mr.nuke.me@gmail.com/
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.
As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.
Use a (new) load_ptr variable to access memory at address load_addr.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this function can only locate the u-boot ELF file. For SPL it
is handy to be able to locate u-boot.img since this is what would normally
be loaded by SPL.
Add another argument to allow this to be selected.
While we are here, update the function to load SPL when running in TPL,
since that is the next stage.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present SPL only runs driver model tests. Update it to run all
available tests, i.e. in any test suite.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present each test suite has its own portion of the linker_list section
of the image, but other lists are interspersed. This makes it hard to
enumerate all the available tests without knowing the suites that each one
is in.
Place all tests together in a single contiguous list by giving them
common prefix not used elsewhere in U-Boot. This makes it possible to find
the start and end of all tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we use the linker list directly. This is not very friendly, so
add a helpful macro instead. This will also allow us to change the naming
later without updating this code.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current name is the same as the main test runner file. Rename it to
avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add this functionality to ut_run_list() so it can be removed from
dm_test_run().
At this point all tests are run through ut_run_list().
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a check to ut_run_list() as to whether a list has driver model tests.
Move the logic for the test devicetree into that function, in an effort
to eventually remove all logic from dm_test_run().
Signed-off-by: Simon Glass <sjg@chromium.org>
Update this function to use the return value of ut_run_list() to check for
success/failure, so that they are in sync. Also return a command success
code so that the caller gets what it expects.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use this function instead of implementing it separately for driver model.
Make ut_run_tests() private since it is only used in test-main.c
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we use a global test state for all driver-model tests. Make use
of a local struct like we do with the other tests.
To make this work, add functions to get and set this state. When a test
starts, the state is set (so it can be used in the test). When a test
finishes, the state is unset, so it cannot be used by mistake.
Signed-off-by: Simon Glass <sjg@chromium.org>
Driver model tests are generally run twice, once with livetree enable and
again with it disabled. Add a function to handle this and call it from the
driver model test runner.
Make ut_run_test() private since it is not used outside test-main.c now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Instead of having a separate function for running driver model tests, use
the common one. Make the pre/post-run functions private since we don't
need these outside of test-main.c
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this function into the common test runner and rename it to
dm_test_post_run() so that its purpose is clear.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this function into test-main so that all the init is in one place.
Rename it so that its purpose is clearer.
Signed-off-by: Simon Glass <sjg@chromium.org>
Driver model is a core part of U-Boot. We don't really need to have a
separate test structure for the driver model tests and it makes it harder
to write a test if you have to think about which type of test it is.
Subsume the fields from struct dm_test_state into struct unit_test_state
and delete the former.
Signed-off-by: Simon Glass <sjg@chromium.org>
For driver model tests we want to reinit the data structures so that
everything is in a known state before the test runs. This avoids one test
changing something that breaks a subsequent tests.
Move the call for this into test_pre_run().
Signed-off-by: Simon Glass <sjg@chromium.org>
We already have a function for silencing the console during tests. Use
this from test_pre_run() and drop this code from the driver model tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
Ultimately we want to get rid of the special driver model test init and
use test_pre_run() and test_post_run() for all tests. As a first step,
use those function to handle console recording.
For now we need a special case for setting uts->start, but that wil go
away once all init is in one place.
Signed-off-by: Simon Glass <sjg@chromium.org>
Split out the test preparation into a separation function before
expanding it. Add a post-run function as well, currently empty.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new test runner that will eventually be able to run any test. For
now, have it run the 'command' unit tests, so that the functionality in
cmd_ut_category() moves into it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is the main test function for driver model but not for other tests.
Rename the file and the function so this is clear.
Signed-off-by: Simon Glass <sjg@chromium.org>
This prefix should be for setexpr, not mem. This means that trying to
select just these tests to run does not work. Fix it.
For some reason this provokes an assertion failure due to memory not
being freed. Move the env_set() in setexpr_test_str() to before the
malloc() heap size size is recorded and disable the rest in
setexpr_test_str_oper().
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a few notes about the sandbox_spl tests, since they are special.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Add details about how to run a sandbox test directly, without using
pytest. This is more convenient for rapid development, since it is faster
and allows easier use of a debugger. Also mention sandbox_flattree as an
example of the different sandbox builds available.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a comment about this option in the documentation. Also mention the
script that runs these combinations.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
