diff --git a/dasharo-stability/coreboot-redundant-boot.robot b/dasharo-stability/coreboot-redundant-boot.robot index 1d1bd1de04..de6c2bbae4 100644 --- a/dasharo-stability/coreboot-redundant-boot.robot +++ b/dasharo-stability/coreboot-redundant-boot.robot @@ -5,8 +5,9 @@ Library String Resource ../variables.robot Resource ../keywords.robot -Suite Setup Run Keyword +Suite Setup Run Keywords ... Prepare Test Suite +... AND Skip If not ${COREBOOT_REDUNDANT_BOOT_SUPPORT} Suite Teardown Run Keyword ... Log Out And Close Connection @@ -14,9 +15,9 @@ Default Tags automated *** Variables *** -${NVRAM_ATTEMPT_B_FLAG}= attempt_slot_b # TBD -${NVRAM_ATTEMPT_B_FLAG_SET}= Enable # TBD -${NVRAM_ATTEMPT_B_FLAG_CLR}= Disable # TBD +${NVRAM_ATTEMPT_B_FLAG}= attempt_slot_b +${NVRAM_ATTEMPT_B_FLAG_SET}= Enable +${NVRAM_ATTEMPT_B_FLAG_CLR}= Disable *** Test Cases *** @@ -76,6 +77,33 @@ CRB003.201 Boot Slot A After Clearing Attempt Slot B Flag (Ubuntu) Switch To Root User Should Have Booted From Slot COREBOOT +CRB004.201 Slot A Protection (Ubuntu) + [Documentation] Check if the coreboot Slot A is protected with the + ... redundant boot feature turned on. + Skip If + ... ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET} is ${None} + ... ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET} not defined, skipping test + Power On + Boot System Or From Connected Disk ${ENV_ID_UBUNTU} + Login To Linux + Switch To Root User + Set Attempt Slot B Flag ${TRUE} + Execute Reboot Command + + Boot System Or From Connected Disk ${ENV_ID_UBUNTU} + Login To Linux + Switch To Root User + + Verify Region Range Protected # BOOTBLOCK + ... BIOS + ... ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET.start} + ... ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET.end} + + Verify Region Range Protected # COREBOOT + ... BIOS + ... ${COREBOOT_REDUNDANT_BOOT_COREBOOT_OFFSET.start} + ... ${COREBOOT_REDUNDANT_BOOT_COREBOOT_OFFSET.end} + *** Keywords *** Set Attempt Slot B Flag @@ -93,7 +121,6 @@ Set Attempt Slot B Flag Should Have Booted From Slot [Arguments] ${slot} ${slot}= Convert To Lower Case ${slot} - # TBD - will this show slot B? ${out}= Execute Command In Terminal cbmem -c | grep "Booting from" ${out}= Convert To Lower Case ${out} ${out}= Strip String ${out} diff --git a/lib/flash.robot b/lib/flash.robot index 8893eff9bf..9e42c80d61 100644 --- a/lib/flash.robot +++ b/lib/flash.robot @@ -191,3 +191,73 @@ Read Firmware ELSE Fail Read firmware not implemented for platform config ${CONFIG} END + +Get Flashrom Regions + ${output}= Execute Command In Terminal flashrom -p internal + ${lines}= Split To Lines ${output} + VAR &{dict}= &{EMPTY} + FOR ${l} IN @{lines} + ${m}= Get Regexp Matches + ... ${l} + ... FREG[0-9]+: (.+) region \\((0x[0-9a-f]+)-(0x[0-9a-f]+)\\) is (.+) + ... 1 + ... 2 + ... 3 + ... 4 + IF ${m} != [] + VAR &{region}= start=${m[0][1]} end=${m[0][2]} state=${m[0][3]} + Set To Dictionary ${dict} ${m[0][0]}=${region} + END + END + RETURN ${dict} + +Get Flashrom Readonly Offsets + ${output}= Execute Command In Terminal flashrom -p internal + ${lines}= Split To Lines ${output} + VAR @{list}= @{EMPTY} + FOR ${l} IN @{lines} + ${m}= Get Regexp Matches ${l} Warning: (0x[0-9a-f]+)-(0x[0-9a-f]+) is read-only 1 2 + IF ${m} != [] + VAR &{region}= start=${m[0][0]} end=${m[0][1]} + Append To List ${list} ${region} + END + END + RETURN ${list} + +Calculate Expected Flashrom Readonly Region + [Tags] robot:private + [Arguments] ${region_name} ${start_offset} ${end_offset} + ${flashrom_regions}= Get Flashrom Regions + ${bios_start}= Get From Dictionary ${flashrom_regions['${region_name}']} start + ${bios_end}= Get From Dictionary ${flashrom_regions['${region_name}']} end + ${expected_readonly_start}= Evaluate hex(${bios_start} + ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET.start}) + ${expected_readonly_end}= Evaluate hex(${bios_start} + ${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET.end}) + VAR &{expected_readonly}= start=${expected_readonly_start} end=${expected_readonly_end} + RETURN ${expected_readonly} + +Verify Region Range Protected + [Arguments] ${region_name} ${expected_start} ${expected_end} + ${readonly_regions}= Get Flashrom Readonly Offsets + IF len(${readonly_regions}) == 0 + Fail No readonly regions found in flashrom output + END + + ${expected_readonly_bootblock}= Calculate Expected Flashrom Readonly Region + ... region_name=${region_name} + ... start_offset=${expected_start} + ... end_offset=${expected_end} + + VAR ${expected_readonly_found}= ${FALSE} + FOR ${region} IN @{readonly_regions} + Log To Console Found readonly region: ${region} + Log To Console Expected readonly region: ${expected_readonly_bootblock} + ${start_matches}= Evaluate int(${region['start']}) == int(${expected_readonly_bootblock['start']}) + ${end_matches}= Evaluate int(${region['end']}) == int(${expected_readonly_bootblock['end']}) + IF ${start_matches} and ${end_matches} + VAR ${expected_readonly_found}= ${TRUE} + BREAK + END + END + IF not ${expected_readonly_found} + Fail Expected readonly region ${expected_readonly_bootblock} not found in flashrom output + END diff --git a/platform-configs/include/default.robot b/platform-configs/include/default.robot index abe2baade8..e328ca2479 100644 --- a/platform-configs/include/default.robot +++ b/platform-configs/include/default.robot @@ -199,6 +199,9 @@ ${POWERSHELL_STR_INTERNAL_IN}= Microphone Array (Realtek(R) ${POWERSHELL_STR_HEADSET_OUT}= ${POWERSHELL_STR_INTERNAL_OUT} ${POWERSHELL_STR_HEADSET_IN}= Microphone (Realtek(R) Audio) ${POWERSHELL_STR_HDMI_OUT}= Audio Driver for Display Audio +${COREBOOT_REDUNDANT_BOOT_SUPPORT}= ${FALSE} +${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET}= ${NONE} +${COREBOOT_REDUNDANT_BOOT_COREBOOT_OFFSET}= ${NONE} # Test module: dasharo-security ${TPM_SUPPORTED_VERSION}= ${NONE} diff --git a/platform-configs/protectli-vp6650.robot b/platform-configs/protectli-vp6650.robot index a69c488afc..06fdb040b7 100644 --- a/platform-configs/protectli-vp6650.robot +++ b/platform-configs/protectli-vp6650.robot @@ -3,41 +3,45 @@ Resource include/protectli-vp66xx.robot *** Variables *** -${INITIAL_DUT_CONNECTION_METHOD}= Telnet -${DUT_CONNECTION_METHOD}= ${INITIAL_DUT_CONNECTION_METHOD} -${INITIAL_CPU_FREQUENCY}= 1100 -${DEF_CORES_PER_SOCKET}= 2 -${DEF_THREADS_PER_CORE}= 2 -${DEF_THREADS_TOTAL}= 4 -${DEF_ONLINE_CPU}= 0-3 -${DEF_SOCKETS}= 1 - -${POWER_CTRL}= sonoff -${WIFI_CARD_UBUNTU}= Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter -${LTE_CARD}= ${TBD} -${DEVICE_NVME_DISK}= Non-Volatile memory controller -${USB_MODEL}= SanDisk - -${DMIDECODE_PRODUCT_NAME}= VP6650 -${HAS_E_CORES}= ${TRUE} - -${CPU_MIN_FREQUENCY}= 400 -${CPU_MAX_FREQUENCY}= 4400 -${PLATFORM_CPU_SPEED}= 2.50 -${PLATFORM_RAM_SPEED}= 4200 -${PLATFORM_RAM_SIZE}= 4209492 - -@{ETH_PERF_PAIR_2_G}= enp5s0 enp6s0 -@{ETH_PERF_PAIR_10_G}= enp2s0f0np0 enp2s0f1np1 - -@{ETH_PORTS}= 64-62-66-22-84-f5 -... 64-62-66-22-84-f6 -... 64-62-66-22-84-f7 -... 64-62-66-22-84-f8 - -${SATA_SUPPORT}= ${True} -${TESTS_IN_XCP_NG_SUPPORT}= ${True} -@{TESTED_LINUX_DISTROS}= ${ENV_ID_UBUNTU} ${ENV_ID_XCP_NG} +${INITIAL_DUT_CONNECTION_METHOD}= Telnet +${DUT_CONNECTION_METHOD}= ${INITIAL_DUT_CONNECTION_METHOD} +${INITIAL_CPU_FREQUENCY}= 1100 +${DEF_CORES_PER_SOCKET}= 2 +${DEF_THREADS_PER_CORE}= 2 +${DEF_THREADS_TOTAL}= 4 +${DEF_ONLINE_CPU}= 0-3 +${DEF_SOCKETS}= 1 + +${POWER_CTRL}= sonoff +${WIFI_CARD_UBUNTU}= Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter +${LTE_CARD}= ${TBD} +${DEVICE_NVME_DISK}= Non-Volatile memory controller +${USB_MODEL}= SanDisk + +${DMIDECODE_PRODUCT_NAME}= VP6650 +${HAS_E_CORES}= ${TRUE} + +${CPU_MIN_FREQUENCY}= 400 +${CPU_MAX_FREQUENCY}= 4400 +${PLATFORM_CPU_SPEED}= 2.50 +${PLATFORM_RAM_SPEED}= 4200 +${PLATFORM_RAM_SIZE}= 4209492 + +@{ETH_PERF_PAIR_2_G}= enp5s0 enp6s0 +@{ETH_PERF_PAIR_10_G}= enp2s0f0np0 enp2s0f1np1 + +@{ETH_PORTS}= 64-62-66-22-84-f5 +... 64-62-66-22-84-f6 +... 64-62-66-22-84-f7 +... 64-62-66-22-84-f8 + +${SATA_SUPPORT}= ${True} +${TESTS_IN_XCP_NG_SUPPORT}= ${True} +@{TESTED_LINUX_DISTROS}= ${ENV_ID_UBUNTU} ${ENV_ID_XCP_NG} + +# TODO - define in platform configs depending on platforms fmap +${COREBOOT_REDUNDANT_BOOT_BOOTBLOCK_OFFSET}= ${None} +${COREBOOT_REDUNDANT_BOOT_COREBOOT_OFFSET}= ${None} *** Keywords ***