secure-boot-imx6: allow limited testing with open DUT

Allow to use the board without fused Apertis SRK for limited
testing -- without validation of signed U-Boot.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

test-cases/secure-boot-imx6.yaml

@@ -17,13 +17,14 @@ metadata:
       as provided since version 2019.01+dfsg-7co6. U-Boot could be installed with
       [public U-Boot installer v2021dev1.0](https://images.apertis.org/release/v2021dev1/v2021dev1.0/installer/mx6qsabrelite-uboot/)
       or any newer version."
-    - "Requires a DUT with fused SRK hash (it's a irreversible operation! Please refer to the documentation)"
+    - "Requires a DUT with fused SRK hash (it's a irreversible operation! Please refer to the documentation).
+      Or use additional step for 'emulation' if fusing is not possible. Skip it if the board has fused SRK."
     - 'It is expected that DUT is working in "open" HAB mode'
     - "In addition need to use image without signed kernel, for example older OSTree-based image
       from [v2019 release](https://images.apertis.org/release/v2019/v2019.2/armhf/minimal/)"
 
   expected:
-    - "U-Boot is booted without HAB validation errors"
+    - "Only for devices with fused SRK: U-Boot is signed with a proper signature and ready to be flashed to closed dvices"
     - "U-Boot is able to verify and boot signed FIT image"
     - 'U-Boot hangs in "closed" state trying to boot with unsigned image'
 
@@ -34,10 +35,22 @@ metadata:
 run:
   steps:
     - "Stop in U-Boot prompt"
+    - "**This step is needed only for devices without fused SRK hash** -- emulate the fused Apertis SRK:"
+    - |
+        >fuse override 3 0 0xAABBCCDD
+        fuse override 3 1 0x519690F5
+        fuse override 3 2 0xE844EB48
+        fuse override 3 3 0x179B1826
+        fuse override 3 4 0xEC0F8D7C
+        fuse override 3 5 0x2F209598
+        fuse override 3 6 0x9A98BE3
+        fuse override 3 7 0xAAD9B3D6
+    - "Emulate that device is in 'closed' state:"
+    - $ fuse override 0 6 0x2
     - "Check if flashed U-Boot have HAB support and correct SRK hash fused"
     - $ hab_status
     - |
-        >Secure boot disabled
+        >Secure boot enabled
 
         HAB Configuration: 0xf0, HAB State: 0x66
         No HAB Events Found!
@@ -46,19 +59,27 @@ run:
     - "The output must contain following output while loading the image, meaning the Secure Boot is enabled and the image
        is signed with the proper signature"
     - |
-        >hab fuse not enabled
+        >Authenticate image from DDR location 0x12000000...
 
-        Authenticate image from DDR location 0x12000000...
-
-        Secure boot disabled
+        Secure boot enabled
 
         HAB Configuration: 0xf0, HAB State: 0x66
         No HAB Events Found!
-
+        
         i.MX HAB verification: image verification passed
         ## Loading kernel from FIT Image at 12000000 ...
     - "Switch off the DUT to clear any signature-related artifacts from the memory"
     - "Power on the device and stop in U-Boot prompt"
+    - "**This step is needed only for devices without fused SRK hash** -- emulate the fused Apertis SRK:"
+    - |
+        >fuse override 3 0 0xAABBCCDD
+        fuse override 3 1 0x519690F5
+        fuse override 3 2 0xE844EB48
+        fuse override 3 3 0x179B1826
+        fuse override 3 4 0xEC0F8D7C
+        fuse override 3 5 0x2F209598
+        fuse override 3 6 0x9A98BE3
+        fuse override 3 7 0xAAD9B3D6
     - "Emulate that device is in 'closed' state:"
     - $ fuse override 0 6 0x2
     - "Swap the SD-card to another one with flashed old Apertis armhf image with the unsigned kernel, and start the boot process"