Add manual test of SabreLite secure boot (!132) · Merge requests · tests / apertis-test-cases

Denis Pynkin requested to merge wip/d4s/T6595 into apertis/v2021dev1 Mar 10, 2020

This test ensures:

U-Boot is compiled with HAB and FIT support
SRK hash is fused and U-Boot is signed ('hab_status' call)
U-Boot is able to verify signed OS image in FIT format
U-Boot hangs in case if we try to boot with unsigned binary

Unfortunately the DUT in "open" mode assume any signature as valid, hence it is not possible to check the boot hang for FIT image signed with incorrect key -- the HW return 'success' while checking signature.

If the system is in 'closed' state then it is able to use incorrect signature for the image, for example taken from document "High Assurance Boot (HAB) for dummies" by Boundary Devises: https://boundarydevices.com/high-assurance-boot-hab-dummies/

To check if the system is in "closed" state:

 => fuse read 0 6
 Reading bank 0:

 Word 0x00000006: 00000012

the last digit must be "2".

Signed-off-by: Denis Pynkin denis.pynkin@collabora.com

Edited Mar 10, 2020 by Denis Pynkin

Admin message

Add manual test of SabreLite secure boot

Merge request reports