MCUboot test plan
The current target for running the tests is the Freedom K64F board.
Basic sign support (RSA/EC/EC256)
For each supported signing algorithm, check that non-signed, and signed with wrong key images are not swapped to, and image signed with correct key is swapped to.
For the 3 algorithms supported, rsa, ec and ec256, two files are provided:
key_
Build and load MCUboot:
newt build k64f_boot_<sign-algo>
newt load k64f_boot_<sign-algo>
Build and load good image in slot 0:
newt create-image k64f_blinky 1.0.1 key_<sign-algo>.pem
newt load k64f_blinky
Note
If testing RSA/PSS newt create-image
needs to be passed in the extra
flag --rsa-pss
eg:
newt create-image k64f_blinky 1.0.1 key_rsa.pem --rsa-pss
Build and load image in slot 1 with no signing, signed with
key_
newt create-image k64f_blinky2 1.0.2 <one-of-the-sign-keys-or-none>
newtmgr image upload k64f_blinky2
newtmgr image list
newtmgr image test <hash of slot 1>
Image signed with more than one key
FIXME: this is currently not functional, skip this section!
Build and load MCUboot:
newt build k64f_boot_rsa_ec
newt load k64f_boot_rsa_ec
Build and load good image in slot 0:
newt create-image k64f_blinky 1.0.1 key_rsa.pem
newt load k64f_blinky
Build and load image in slot 1 with no signing, signed with
key_
Use all of this options:
newt create-image k64f_blinky2 1.0.2
And load
newtmgr image upload k64f_blinky2
newtmgr image list
newtmgr image test <hash of slot 1>
Overwrite only functionality
Build/load MCUboot:
newt build k64f_boot_rsa_noswap
newt load k64f_boot_rsa_noswap
Build/load blinky to slot 0:
newt create-image k64f_blinky 1.0.1 key_rsa.pem
newt load k64f_blinky
Build/load blinky2 both with bad and good key, followed by a permanent swap request:
newt create-image k64f_blinky2 1.0.2 <bad and good rsa keys>.pem
newtmgr image upload k64f_blinky2
newtmgr image list
newtmgr image confirm <hash of slot 1>
This should not swap and delete the image in slot 1 when signed with the wrong key, otherwise the image in slot 1 should be moved to slot 0 and slot 1 should be empty.
Validate slot 0 option
Build/load MCUboot:
newt build k64f_boot_rsa_validate0
newt load k64f_boot_rsa_validate0
Build non-signed image:
newt create-image k64f_blinky 1.0.1
newt load k64f_blinky
- Reset and no image should be run
Build signed image with invalid key:
newt create-image k64f_blinky 1.0.1 key_rsa_2.pem
newt load k64f_blinky
- Reset and no image should be run
Build signed image with valid key:
newt create-image k64f_blinky 1.0.1 key_rsa.pem
newt load k64f_blinky
- Reset and image should run
Swap with random failures
DISCLAIMER: be careful with copy/paste of commands, this test uses another target/app!
Build/load MCUboot:
newt build k64f_boot_rsa
newt load k64f_boot_rsa
Build/load slinky to slot 0:
newt create-image k64f_slinky 1.0.1 key_rsa.pem
newt load k64f_slinky
Build/load slinky2 to slot 1:
newt create-image k64f_slinky2 1.0.2 key_rsa.pem
newtmgr image upload k64f_slinky2
Confirm that both images are installed, request a permanent request to the image in slot 1 and check that it works.
newtmgr image list
newtmgr image confirm <hash of slot 1>
If everything works, now proceed with requests for permanent swap to the image in slot 1 and do random swaps (as much as you like!). When the swap finishes confirm that the swap was finished with the previous slot 1 image now in slot 0 and vice-versa.
Help
-
Mass erase MCU
$ pyocd erase --chip
-
Flashing image in slot 1:
$ pyocd flash -e sector -a 0x80000 ${IMG_FILE} bin