| David Brown | d2fcc21 | 2017-09-11 14:47:48 -0600 | [diff] [blame^] | 1 | # Zephyr Test Plan |
| 2 | |
| 3 | The following roughly describes how mcuboot is tested on Zephyr. The |
| 4 | testing is done with the code in `samples/zephyr`. These examples |
| 5 | were written using the FRDM-K64F, but other boards should be similar. |
| 6 | At this time, however, the partitions are hardcoded in the Makefile |
| 7 | targets to flash. |
| 8 | |
| 9 | Note that at the time of release of 0.9.0-rc2, the change [MPU flash |
| 10 | write][flashwrite] had not been merged. This change fixes a problem interaction |
| 11 | between the MPU and the flash drivers. Without this change, if the |
| 12 | MPU is enabled (the default), the bootloader will abort immediately on |
| 13 | boot, generally before printing any messages. |
| 14 | |
| 15 | At this time, most of the test variants are done by modifying either |
| 16 | the code or Makefiles. A future goal is to automate this testing. |
| 17 | |
| 18 | ## Sanity Check |
| 19 | |
| 20 | Begin by running make in `samples/zephyr`: |
| 21 | |
| 22 | $ make clean |
| 23 | $ make all |
| 24 | |
| 25 | This will result in three binaries: `mcuboot.bin`, |
| 26 | `signed-hello1.bin`, and `signed-hello2.bin`. |
| 27 | |
| 28 | The second file is marked as an "upgrade" by the image tool, so |
| 29 | has an appended image trailer. |
| 30 | |
| 31 | Begin by doing a full erase, and programming the first image: |
| 32 | |
| 33 | $ pyocd-flashtool -ce |
| 34 | $ make flash_boot |
| 35 | |
| 36 | After it resets, look for "main: Starting bootloader", a few debug |
| 37 | messages, and lastly: "main: Unable to find bootable image". |
| 38 | |
| 39 | Then, load hello1: |
| 40 | |
| 41 | $ make flash_hello1 |
| 42 | |
| 43 | This should print "main: Jumping to the first image slot", and you |
| 44 | should get an image "Hello World number 1!". |
| 45 | |
| 46 | For kicks, program slot 2's image into slot one. This has to be done |
| 47 | manually, and it is good to verify these addresses in the Makefile: |
| 48 | |
| 49 | $ pyocd-flashtool -a 0x20000 signed-hello1.bin |
| 50 | |
| 51 | This should boot, printing "Upgraded hello!". |
| 52 | |
| 53 | Now put back image 1, and put image 2 in as the upgrade: |
| 54 | |
| 55 | $ make flash_hello1 |
| 56 | $ make flash_hello2 |
| 57 | |
| 58 | This should print a message: `boot_swap_type: Swap type: test`, and |
| 59 | you should see "Upgraded hello!". |
| 60 | |
| 61 | Now reset the target:: |
| 62 | |
| 63 | $ pyocd-tool reset |
| 64 | |
| 65 | And you should see a revert and "Hello world number 1" running. |
| 66 | |
| 67 | Repeat this, to make sure we can mark the image as OK, and that a |
| 68 | revert doesn't happen: |
| 69 | |
| 70 | $ make flash_hello1 |
| 71 | $ make flash_hello2 |
| 72 | |
| 73 | We should have just booted the Upgraded hello. Mark this as OK: |
| 74 | |
| 75 | $ pyocd-flashtool -a 0x7ffe8 image_ok.bin |
| 76 | $ pyocd-tool reset |
| 77 | |
| 78 | And make sure this stays in the "Upgraded hello" image. |
| 79 | |
| 80 | ## Other Signature Combinations |
| 81 | |
| 82 | **note**: Make sure you don't have changes in your tree, as the |
| 83 | following step will undo them. |
| 84 | |
| 85 | As part of the above sanity check, we have tested the RSA signature |
| 86 | algorithm, along with the new RSA-PSS signature algorithm. To test |
| 87 | other configurations, we need to make some modifications to the code. |
| 88 | This is easiest to do by applying some patches (in |
| 89 | `testplan/zephyr`). For each of these patches, perform something |
| 90 | along the lines of: |
| 91 | |
| 92 | $ cd ../.. |
| 93 | $ git apply testplan/zephyr/0001-try-rsa-pkcs1-v15.patch |
| 94 | $ cd samples/zephyr |
| 95 | $ make clean |
| 96 | $ make all |
| 97 | $ pyocd-flashtool -ce |
| 98 | $ make flash_boot |
| 99 | $ make flash_hello1 |
| 100 | |
| 101 | Make sure image one boots if it is supposed to (and doesn't if it is |
| 102 | not supposed to). Then try the upgrade: |
| 103 | |
| 104 | $ make flash_hello2 |
| 105 | |
| 106 | After this, make sure that the the image does or doesn't perform the |
| 107 | upgrade (see test table below). |
| 108 | |
| 109 | After the upgrade runs, reset to make sure the revert works (or |
| 110 | doesn't for the noted cases below): |
| 111 | |
| 112 | $ pyocd-tool reset |
| 113 | |
| 114 | Then undo the change: |
| 115 | |
| 116 | $ cd ../.. |
| 117 | $ git checkout -- . |
| 118 | |
| 119 | and repeat the above steps for each patch. |
| 120 | |
| 121 | The following patches are available: |
| 122 | |
| 123 | | Patch | hello1 boot? | Upgrade ? | |
| 124 | |-------|--------------|-----------| |
| 125 | | 0001-bad-old-rsa-in-boot-not-in-image.patch | no | no | |
| 126 | | 0001-bad-old-RSA-no-slot0-check.patch | yes | no | |
| 127 | | 0001-good-rsa-pkcs-v1.5-good.patch | yes | yes | |
| 128 | | 0001-bad-ECDSA-P256-bootloader-not-in-images.patch | no | no | |
| 129 | | 0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch | yes | no | |
| 130 | | 0001-good-ECDSA-P256-bootloader-images-signed.patch | yes | yes | |
| 131 | | 0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch | no | yes<sup>1</sup> | |
| 132 | | 0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch | yes | no | |
| 133 | | 0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch | no | yes<sup>1</sup> | |
| 134 | |
| 135 | <sup>1</sup>These tests with hello1 bad should perform an upgrade when |
| 136 | hello2 is flashed, but they should not revert the image afterwards. |
| 137 | |
| 138 | [flashwrite]: https://github.com/zephyrproject-rtos/zephyr/pull/654 |