The current target for running the tests is the Freedom K64F board.
For each supported signing algorithm, check that non-signed, and signed with wrong key images are not swapped to, and image signed with correct key is swapped to.
For the 3 algorithms supported, rsa, ec and ec256, two files are provided: key_.pem, key_2.pem. And a keys file with the C public key data for key.pem.
Build and load mcuboot:
newt build k64f_boot_<sign-algo>newt load k64f_boot_<sign-algo>Build and load good image in slot 0:
newt create-image k64f_blinky 1.0.1 key_<sign-algo>.pemnewt load k64f_blinkyNOTE: If testing RSA/PSS newt create-image needs to be passed in the extra flag --rsa-pss eg:
newt create-image k64f_blinky 1.0.1 key_rsa.pem --rsa-pss
Build and load image in slot 1 with no signing, signed with key_2.pem and signed with key.pem. Mark each one as test image and check that swap only happens for image signed with key_.pem. Both others should be erased.
newt create-image k64f_blinky2 1.0.2 <one-of-the-sign-keys-or-none>newtmgr image upload k64f_blinky2newtmgr image listnewtmgr image test <hash of slot 1>FIXME: this is currently not functional, skip this section!
Build and load mcuboot:
newt build k64f_boot_rsa_ecnewt load k64f_boot_rsa_ecBuild and load good image in slot 0:
newt create-image k64f_blinky 1.0.1 key_rsa.pemnewt load k64f_blinkyBuild and load image in slot 1 with no signing, signed with key_2.pem and signed with key.pem. Mark each one as test image and check that swap only happens for image signed with key_.pem. Both others should be erased.
Use all of this options:
newt create-image k64f_blinky2 1.0.2And load
newtmgr image upload k64f_blinky2newtmgr image listnewtmgr image test <hash of slot 1>Build/load mcuboot:
newt build k64f_boot_rsa_noswapnewt load k64f_boot_rsa_noswapBuild/load blinky to slot 0:
newt create-image k64f_blinky 1.0.1 key_rsa.pemnewt load k64f_blinkyBuild/load blinky2 both with bad and good key, followed by a permanent swap request:
newt create-image k64f_blinky2 1.0.2 <bad and good rsa keys>.pemnewtmgr image upload k64f_blinky2newtmgr image listnewtmgr image confirm <hash of slot 1>This should not swap and delete the image in slot 1 when signed with the wrong key, otherwise the image in slot 1 should be moved to slot 0 and slot 1 should be empty.
Build/load mcuboot:
newt build k64f_boot_rsa_validate0newt load k64f_boot_rsa_validate0Build non-signed image:
newt create-image k64f_blinky 1.0.1newt load k64f_blinkyBuild signed image with invalid key:
newt create-image k64f_blinky 1.0.1 key_rsa_2.pemnewt load k64f_blinkyBuild signed image with valid key:
newt create-image k64f_blinky 1.0.1 key_rsa.pemnewt load k64f_blinkyDISCLAIMER: be careful with copy/paste of commands, this test uses another target/app!
Build/load mcuboot:
newt build k64f_boot_rsanewt load k64f_boot_rsaBuild/load slinky to slot 0:
newt create-image k64f_slinky 1.0.1 key_rsa.pemnewt load k64f_slinkyBuild/load slinky2 to slot 1:
newt create-image k64f_slinky2 1.0.2 key_rsa.pemnewtmgr image upload k64f_slinky2Confirm that both images are installed, request a permanent request to the image in slot 1 and check that it works.
newtmgr image listnewtmgr image confirm <hash of slot 1>If everything works, now proceed with requests for permanent swap to the image in slot 1 and do random swaps (as much as you like!). When the swap finishes confirm that the swap was finished with the previous slot 1 image now in slot 0 and vice-versa.
Mass erase MCU
$ pyocd erase --chip
Flashing image in slot 1:
$ pyocd flash -e sector -a 0x80000 ${IMG_FILE} bin