# Copyright 2018 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import os import re import logging from autotest_lib.server.cros.faft.fingerprint_test import FingerprintTest from autotest_lib.client.common_lib import error class firmware_Fingerprint(FingerprintTest): """ Common class for running fingerprint firmware tests. Initializes the firmware to a known state and then runs the test executable with specified arguments on the DUT. """ version = 1 def run_once(self, test_exe, test_exe_args=None, use_dev_signed_fw=False, enable_hardware_write_protect=True, enable_software_write_protect=True, force_firmware_flashing=False, init_entropy=True): """Run the test.""" test_dir = os.path.join(self.bindir, 'tests/') logging.info('test_dir: %s', test_dir) # Initialize DUT state and set up tmp working directory on device. self.setup_test( test_dir, use_dev_signed_fw, enable_hardware_write_protect, enable_software_write_protect, force_firmware_flashing, init_entropy) self._test_exe = test_exe # Convert the arguments (test image names) to the actual filenames of # the test images. image_args = [] if test_exe_args: for arg in test_exe_args: image_args.append(getattr(self, arg)) self._test_exe_args = image_args if self.get_host_board() == 'zork': # TODO(b/170770251): Move the rdp1 and rdp0 tests to separate files # # Zork's RDP1 and RDP0 tests requires an AP reboot, so do it in # this class if self._test_exe == 'rdp1.sh': self.test_rdp1() elif self._test_exe == 'rdp0.sh': self.test_rdp0() else: logging.info('Running test: %s', self._test_exe) self.run_test(self._test_exe, *self._test_exe_args) def test_rdp1(self): """ Validate initial state for the RDP1 test. The test tries to read from flash while maintaining RDP level 1. Then it tries to read from flash while changing RDP level to 0. """ if self.get_fp_board() == 'bloonchipper': _HW_WP_OFF_AND_SW_WP_ON = ( 'Flash protect flags: 0x00000407 ro_at_boot ro_now rollback_now all_now\n' 'Valid flags: 0x0000003f wp_gpio_asserted ro_at_boot ro_now all_now STUCK INCONSISTENT\n' 'Writable flags: 0x00000000\n') else: _HW_WP_OFF_AND_SW_WP_ON = ( 'Flash protect flags: 0x00000003 ro_at_boot ro_now\n' 'Valid flags: 0x0000003f wp_gpio_asserted ro_at_boot ro_now all_now STUCK INCONSISTENT\n' 'Writable flags: 0x00000000\n') logging.info('Running test to validate RDP level 1') original_fw_file = self._test_exe_args[0] self.check_file_exists(original_fw_file) logging.info('Making sure hardware write protect is DISABLED and ' 'software write protect is ENABLED') flashprotect_result = self._run_ectool_cmd('flashprotect') if flashprotect_result.stdout != _HW_WP_OFF_AND_SW_WP_ON: raise error.TestFail('Incorrect flashprotect state') logging.info('Validating initial state') # TODO(yichengli): Check that we are running MP-signed RO and RW by # checking the key id. if self.get_running_firmware_type() != self._FIRMWARE_TYPE_RW: raise error.TestFail('Not running RW copy of firmware') if not self.is_rollback_set_to_initial_val(): raise error.TestFail('Rollback is not set to initial value') self.test_rdp1_without_modifying_rdp_level() self.test_rdp1_while_setting_rdp_level_0() def test_rdp0(self): """ Validate initial state for the RDP0 test. The test tries to read from flash while maintaining RDP level 0. Then it tries to read from flash while setting RDP level to 0. """ _HW_AND_SW_WP_OFF = ( 'Flash protect flags: 0x00000000\n' 'Valid flags: 0x0000003f wp_gpio_asserted ro_at_boot ro_now all_now STUCK INCONSISTENT\n' 'Writable flags: 0x00000001 ro_at_boot\n') logging.info('Running test to validate RDP level 0') original_fw_file = self._test_exe_args[0] self.check_file_exists(original_fw_file) logging.info('Making sure all write protect is disabled') flashprotect_result = self._run_ectool_cmd('flashprotect') if flashprotect_result.stdout != _HW_AND_SW_WP_OFF: raise error.TestFail('Incorrect flashprotect state') logging.info('Validating initial state') # TODO(yichengli): Check that we are running MP-signed RO and RW by # checking the key id. if self.get_running_firmware_type() != self._FIRMWARE_TYPE_RW: raise error.TestFail('Not running RW copy of firmware') if not self.is_rollback_unset(): raise error.TestFail('Rollback should be unset.') self.check_firmware_is_functional() self.test_rdp0_without_modifying_rdp_level() self.test_rdp0_while_setting_rdp_level_0() def test_rdp1_without_modifying_rdp_level(self): """ Given: * Hardware write protect is disabled (so we can use bootloader to read and change RDP level) * Software write protect is enabled * RDP is at level 1 Then: * Reading from flash without changing the RDP level should fail (and we should not have read any bytes from flash). * The firmware should still be functional because mass erase is NOT triggered since we are NOT changing the RDP level. """ logging.info('Reading firmware without modifying RDP level') # This should fail and the file should be empty file_read_from_flash = os.path.join(self._dut_working_dir, 'test_keep_rdp.bin') cmd = 'flash_fp_mcu --read --noremove_flash_read_protect %s' % file_read_from_flash result = self.run_cmd(cmd) if result.exit_status == 0: raise error.TestFail('Should not be able to read from flash') logging.info('Checking file_read_from_flash is empty') if self.get_file_size(file_read_from_flash) != 0: raise error.TestFail('File read from flash is not empty') # On zork, an AP reboot is needed after using flash_fp_mcu. if self.get_host_board() == 'zork': self.host.reboot() self.check_firmware_is_functional() def test_rdp1_while_setting_rdp_level_0(self): """ Given: * Hardware write protect is disabled (so we can use bootloader to read and change RDP level) * Software write protect is enabled * RDP is at level 1 Then: * Setting the RDP level to 0 (after being at level 1) should trigger a mass erase. * A mass erase sets all flash bytes to 0xFF, so all bytes read from flash should have that value. * Since the flash was mass erased, the firmware should no longer function. """ logging.info('Reading firmware after setting RDP to level 0') # This command partially fails (and returns an error) because it causes the # flash to be mass erased, but we should still have a file with the contents # that we can compare against. file_read_from_flash = os.path.join(self._dut_working_dir, 'test_change_rdp.bin') cmd = 'flash_fp_mcu --read %s' % file_read_from_flash self.run_cmd(cmd) logging.info( 'Checking that value read is made up entirely of OxFF bytes') original_fw_file = self._test_exe_args[0] if self.get_file_size(original_fw_file) != self.get_file_size( file_read_from_flash): raise error.TestFail( 'Flash read output size doesn\'t match original fw size') self.check_file_contains_all_0xFF_bytes(file_read_from_flash) # On zork, an AP reboot is needed after using flash_fp_mcu. if self.get_host_board() == 'zork': self.host.reboot() logging.info('Checking that firmware is non-functional') result = self._run_ectool_cmd('version') if result.exit_status == 0: raise error.TestFail( 'Firmware should not be responding to commands') def test_rdp0_without_modifying_rdp_level(self): """ Given: * Hardware write protect is disabled * Software write protect is disabled * RDP is at level 0 Then: * Reading from flash without changing the RDP level should succeed (we're already at level 0). Thus we should be able to read the entire firmware out of flash and it should exactly match the firmware that we flashed for testing. """ logging.info('Reading firmware without modifying RDP level') file_read_from_flash = os.path.join(self._dut_working_dir, 'test_keep_rdp.bin') cmd = 'flash_fp_mcu --read --noremove_flash_read_protect %s' % file_read_from_flash result = self.run_cmd(cmd) if result.exit_status != 0: raise error.TestFail('Failed to read from flash') logging.info('Checking that value read matches the flashed version') original_fw_file = self._test_exe_args[0] if not self.files_match(file_read_from_flash, original_fw_file): raise error.TestFail( 'File read from flash does not match original fw file') # On zork, an AP reboot is needed after using flash_fp_mcu. if self.get_host_board() == 'zork': self.host.reboot() self.check_firmware_is_functional() def test_rdp0_while_setting_rdp_level_0(self): """ Given: * Hardware write protect is disabled * Software write protect is disabled * RDP is at level 0 Then: * Changing the RDP level to 0 should have no effect (we're already at level 0). Thus we should be able to read the entire firmware out of flash and it should exactly match the firmware that we flashed for testing. """ logging.info('Reading firmware while setting RDP to level 0') file_read_from_flash = os.path.join(self._dut_working_dir, 'test_change_rdp.bin') cmd = 'flash_fp_mcu --read %s' % file_read_from_flash result = self.run_cmd(cmd) if result.exit_status != 0: raise error.TestFail('Failed to read from flash') logging.info('Checking that value read matches the flashed version') original_fw_file = self._test_exe_args[0] if not self.files_match(file_read_from_flash, original_fw_file): raise error.TestFail( 'File read from flash does not match original fw file') # On zork, an AP reboot is needed after using flash_fp_mcu. if self.get_host_board() == 'zork': self.host.reboot() self.check_firmware_is_functional() def check_file_exists(self, filename): """Checks that |filename| exists on DUT. Fails the test otherwise.""" if not self.host.is_file_exists(filename): raise error.TestFail('Cannot find file: %s' % filename) def get_file_size(self, filename): """Returns the size of |filename| on DUT. Fails the test on error.""" cmd = 'stat --printf %%s %s' % filename result = self.run_cmd(cmd) if result.exit_status != 0 or not result.stdout.isdigit(): raise error.TestFail('Cannot get the size of file: %s' % filename) return int(result.stdout) def files_match(self, filename1, filename2): """Returns True if two files are identical, False otherwise.""" cmd = 'cmp %s %s' % (filename1, filename2) return self.run_cmd(cmd).exit_status == 0 def check_file_contains_all_0xFF_bytes(self, file_to_check): """ Checks that |file_to_check| is made of only 0xFF bytes. Fails the test otherwise. """ regex = '0000000 ffff ffff ffff ffff ffff ffff ffff ffff\n\*\n[0-9]+\n$' cmd = 'hexdump %s' % file_to_check result = self.run_cmd(cmd) if not re.match(regex, result.stdout): raise error.TestFail('%s does not contain all 0xFF bytes' % file_to_check) def check_firmware_is_functional(self): """ Returns true if AP can talk to FPMCU firmware. Fails the test otherwise """ logging.info('Checking that firmware is functional') # Catch exception to show better error message. try: self.get_running_firmware_type() except error.TestFail: raise error.TestFail('Firmware is not functional')