test(fwu): validate scenario of invalid FWU IMAGE SIZE
Test to increase code coverage in bl1 directory where
bl2 and bl2u are both corrupt with invalid image sizes
bl1_fwu.c cc% improved by 10%
bl1_main.c cc% imporved by 1%
Change-Id: I4637a9e566e4edda8474da37ea4f3511fa32b6a7
Signed-off-by: Thaddeus Gonzalez-Serna <Thaddeus.Gonzalez-Serna@arm.com>
diff --git a/include/common/firmware_image_package.h b/include/common/firmware_image_package.h
index 2a144ba..1bc6672 100644
--- a/include/common/firmware_image_package.h
+++ b/include/common/firmware_image_package.h
@@ -16,6 +16,8 @@
/* ToC Entry UUIDs */
#define UUID_FIRMWARE_UPDATE_SCP_BL2U \
{{0x65, 0x92, 0x27, 0x03}, {0x2f, 0x74}, {0xe6, 0x44}, 0x8d, 0xff, {0x57, 0x9a, 0xc1, 0xff, 0x06, 0x10} }
+#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \
+ {{0x5f, 0xf9, 0xec, 0x0b}, {0x4d, 0x22}, {0x3e, 0x4d}, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} }
#define UUID_FIRMWARE_UPDATE_BL2U \
{{0x60, 0xb3, 0xeb, 0x37}, {0xc1, 0xe5}, {0xea, 0x41}, 0x9d, 0xf3, {0x19, 0xed, 0xa1, 0x1f, 0x68, 0x01} }
#define UUID_FIRMWARE_UPDATE_NS_BL2U \
diff --git a/tftf/tests/neg_scenario_tests/test_fwu_image_size.c b/tftf/tests/neg_scenario_tests/test_fwu_image_size.c
new file mode 100644
index 0000000..0bf4d29
--- /dev/null
+++ b/tftf/tests/neg_scenario_tests/test_fwu_image_size.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <firmware_image_package.h>
+#include <fwu_nvm.h>
+#include <image_loader.h>
+#include <io_storage.h>
+#include <platform.h>
+#include <platform_def.h>
+#include <psci.h>
+#include <smccc.h>
+#include <status.h>
+#include <tftf_lib.h>
+#include <uuid.h>
+#include <uuid_utils.h>
+
+/*
+ * @TEST_AIM@ validate FWU IMAGE SIZE invalid scenario
+ * TEST SUCCESS if FWU FIP IMAGE SIZE is found invalid and Fails to Proceed
+ * TEST FAIL in case FWU process is able to reboot
+ */
+
+static fip_toc_entry_t *
+find_fiptoc_entry_t(const int fip_base, const uuid_t *uuid)
+{
+ fip_toc_entry_t *current_file =
+ (fip_toc_entry_t *) (fip_base + sizeof(fip_toc_header_t));
+
+ while (!is_uuid_null(&(current_file->uuid))) {
+ if (uuid_equal(&(current_file->uuid), uuid))
+ return current_file;
+
+ current_file += 1;
+ };
+ return NULL;
+}
+
+test_result_t test_fwu_image_size(void)
+{
+ STATUS status;
+ int fip_base = PLAT_ARM_FIP_BASE;
+ int fwu_fip_base = PLAT_ARM_FWU_FIP_BASE;
+
+ const uuid_t bl2 = UUID_TRUSTED_BOOT_FIRMWARE_BL2;
+ const uuid_t bl2u = UUID_FIRMWARE_UPDATE_BL2U;
+
+ fip_toc_entry_t *bl2_entry;
+ fip_toc_entry_t *bl2u_entry;
+
+ uintptr_t bl2_entry_address, bl2u_entry_address;
+
+ int corrupt_size = 0xFFFF;
+ int offset;
+
+ smc_args args = { SMC_PSCI_SYSTEM_RESET };
+ smc_ret_values ret = {0};
+
+ /* retrieve bl2 and bl2u */
+ bl2_entry = find_fiptoc_entry_t(fip_base, &bl2);
+ bl2_entry_address = (uintptr_t)bl2_entry;
+
+ bl2u_entry = find_fiptoc_entry_t(fwu_fip_base, &bl2u);
+ bl2u_entry_address = (intptr_t)bl2u_entry;
+
+ /* Reboot has not occurred yet */
+ tftf_testcase_printf("not rebooted yet\n");
+
+ /* Corrupt FWU_FIP_SIZE */
+ tftf_testcase_printf("bl2_entry_address value is (%lx)\n", bl2_entry_address);
+
+ /*
+ * corrupt bl2 in fip
+ * corrupt toc entry size field of bl2u
+ */
+
+ /* corrupt bl2 image */
+ offset = bl2_entry_address + sizeof(uuid_t) + sizeof(uint64_t) - FLASH_BASE;
+ status = fwu_nvm_write(offset, &corrupt_size, sizeof(uint64_t));
+
+ if (status != STATUS_SUCCESS) {
+ tftf_testcase_printf("staus not success error %d\n", status);
+ return TEST_RESULT_FAIL;
+ }
+
+ /* corrupt toc bl2u entry */
+ offset = bl2u_entry_address + sizeof(uuid_t) + sizeof(uint64_t) - FLASH_BASE;
+ status = fwu_nvm_write(offset, &corrupt_size, sizeof(uint64_t));
+
+ if (status != STATUS_SUCCESS) {
+ tftf_testcase_printf("status not success error %d\n", status);
+ return TEST_RESULT_FAIL;
+ }
+
+ /* Notify that we are rebooting now. */
+ tftf_notify_reboot();
+
+ /* Request PSCI system reset. */
+ ret = tftf_smc(&args);
+
+ /* The PSCI SYSTEM_RESET call is not supposed to return */
+ tftf_testcase_printf("System didn't reboot properly (%d)\n",
+ (unsigned int)ret.ret0);
+
+ return TEST_RESULT_FAIL;
+}
diff --git a/tftf/tests/tests-neg_scenario.mk b/tftf/tests/tests-neg_scenario.mk
new file mode 100644
index 0000000..38093e6
--- /dev/null
+++ b/tftf/tests/tests-neg_scenario.mk
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2025, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+TESTS_SOURCES += $(addprefix tftf/tests/neg_scenario_tests/, \
+ test_fwu_image_size.c \
+)
+
+TESTS_SOURCES += plat/common/fwu_nvm_accessors.c \
+ plat/common/image_loader.c \
+ plat/arm/common/arm_fwu_io_storage.c
diff --git a/tftf/tests/tests-neg_scenario.xml b/tftf/tests/tests-neg_scenario.xml
new file mode 100644
index 0000000..bfec31c
--- /dev/null
+++ b/tftf/tests/tests-neg_scenario.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+ Copyright (c) 2025, Arm Limited. All rights reserved.
+
+ SPDX-License-Identifier: BSD-3-Clause
+-->
+
+<testsuites>
+
+ <testsuite name="neg scenario test" description="Validate firmware update failure in a scenario where BL2 is corrupted, triggering a firmware update that fails due to a BL2U size corruption.">
+ <testcase name="FWU imageSize Failure" function="test_fwu_image_size" />
+ </testsuite>
+
+</testsuites>