blob: ceac1e420732044cae9a75c692708efb5c380b13 [file] [log] [blame]
*** Settings ***
Documentation Secure boot related test cases.
# Test Parameters:
# FFDC_TOOL_DIR_PATH The path to the directory containing FFDC translation
# tools such as eSEL.pl.
Resource ../../lib/utils.robot
Resource ../../lib/boot_utils.robot
Resource ../../lib/secure_utils.robot
Resource ../../lib/open_power_utils.robot
Resource ../../lib/logging_utils.robot
Resource ../../lib/openbmc_ffdc_methods.robot
Library ../../lib/gen_misc.py
Suite Setup Suite Setup Execution
Test Setup Test Setup Execution
Test Teardown Test Teardown Execution
*** Variables ***
${security_access_bit_mask} ${0xC000000000000000}
# Description of BC8A1E07 A problem occurred during the IPL of the system.
${pnor_corruption_src} BC8A1E07
${bmc_image_dir_path} /usr/local/share/pnor
${bmc_guard_dir_path} /var/lib/phosphor-software-manager/pnor/prsv
${FFDC_TOOL_DIR_PATH} ${EMPTY}
*** Test Cases ***
Validate Secure Boot With TPM Policy Disabled
[Documentation] Validate secure boot with TPM policy disabled.
[Tags] Validate_Secure_Boot_With_TPM_Policy_Disabled
Validate Secure Boot With TPM Policy Enabled Or Disabled ${0}
Validate Secure Boot With TPM Policy Enabled
[Documentation] Validate secure boot with TPM policy enabled.
[Tags] Validate_Secure_Boot_With_TPM_Policy_Enabled
Validate Secure Boot With TPM Policy Enabled Or Disabled ${1}
Violate Secure Boot Via Corrupt Key In SBE During Host Boot
[Documentation] Violate secure boot via corrupt key SBE during host boot.
[Tags] Violate_Secure_Boot_Via_Corrupt_Key_In_SBE_During_Host_Boot
Violate Secure Boot Via Corrupt Key
... SBE ${pnor_corruption_src} ${bmc_image_dir_path}
*** Keywords ***
Violate Secure Boot Via Corrupt Key
[Documentation] Cause secure boot violation during host boot
... with corrupted key.
[Arguments] ${partition} ${error_src} ${bmc_image_dir_path}
# Description of argument(s):
# partition The partition which is to be corrupted
# (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC").
# error_src The system reference code that is expected as a
# result of the secure boot violation
# (e.g. "BC8A1E07").
# bmc_image_dir_path BMC image path.
Set And Verify TPM Policy ${1}
# Descipiton:
# Cause a secure boot violation by copying an BMC image file to the
# target BMC and then starting a power on.
# This action should result in:
# 1) an error log entry
# 2) the system going to "Quiesced" state.
# Load corrupted image to /usr/local/share/pnor.
Open Connection For SCP
Log ${bmc_image_dir_path}
scp.Put File
... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path}
# Starting a power on.
BMC Execute Command /usr/sbin/obmcutil poweron
Wait Until Keyword Succeeds 10 min 10 sec Error Logs Should Exist
Wait Until Keyword Succeeds 10 min 10 sec Collect Error Logs and Verify SRC ${error_src}
# Remove the file from /usr/local/share/pnor/.
BMC Execute Command rm -rf ${bmc_image_dir_path}*
# Check if system reaches quiesce state.
Run Keywords
... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND
... Recover Quiesced Host
Collect Error Logs and Verify SRC
[Documentation] Collect error logs and verify src.
[Arguments] ${system_reference_code}
# Description of argument(s):
# system_reference_code The system reference code that the caller
# expects to be found among the existing
# error log entries (e.g. "BC8A1E07").
# system_reference_code Src code.
Convert eSEL To Elog Format ${FFDC_TOOL_DIR_PATH}
${cmd}= Catenate
... grep -i ${system_reference_code} ${FFDC_TOOL_DIR_PATH}/esel.out.txt
${rc} ${output}= Run and Return RC and Output ${cmd}
Should Be Equal ${rc} ${0}
... msg=${system_reference_code} not found in the existing error logs.
Get And Verify Security Access Bit
[Documentation] Get and verify security access bit.
[Arguments] ${sol_log_file_path}
# Description of argument(s):
# sol_log_file_path The path to the file containing SOL data
# which was collected during a REST Power On.
# Sample output:
# 19.68481|SECURE|Security Access Bit> 0xC000000000000000
${cmd}= Catenate
... grep "Security Access Bit" ${sol_log_file_path} | awk '{ print $4 }'
${rc} ${security_access_bit_str}= Run and Return RC and Output ${cmd}
Should Be Equal ${rc} ${0}
... msg=Return code from ${cmd} not zero.
# Verify the value of "Security Access Bit".
${security_access_bit}= Convert to Integer ${security_access_bit_str}
${result}= Evaluate ${security_access_bit_mask} & ${security_access_bit}
Should Be Equal ${result} ${security_access_bit_mask}
... msg=System is not booted in secure mode. values=False
Validate Secure Boot With TPM Policy Enabled Or Disabled
[Documentation] Validate secure boot with TPM policy enabled or disabled.
[Arguments] ${tpm_policy}
# Description of argument(s):
# tpm_policy Enable-0 or Disable-1.
Set And Verify TPM Policy ${tpm_policy}
REST Power On quiet=1
Validate Secure Boot ${sol_log_file_path}
Validate Secure Boot
[Documentation] Validate secure boot.
[Arguments] ${sol_log_file_path}
# Description of argument(s):
# sol_log_file_path The path to the file containing SOL data
# which was collected during a REST Power On.
Get And Verify Security Access Bit ${sol_log_file_path}
Error Logs Should Not Exist
REST Verify No Gard Records
Suite Setup Execution
[Documentation] Suite Setup Execution
Run export PATH=$PATH:${FFDC_TOOL_DIR_PATH}
Set Environment Variable ${FFDC_TOOL_DIR_PATH} ${FFDC_TOOL_DIR_PATH}
${bmc_image_dir_path}= Add Trailing Slash ${bmc_image_dir_path}
${bmc_guard_dir_path}= Add Trailing Slash ${bmc_guard_dir_path}
Set Global Variable ${bmc_image_dir_path}
Log ${bmc_image_dir_path}
BMC Execute Command rm -rf ${bmc_image_dir_path}*
Set Global Variable ${bmc_guard_dir_path}
Log ${bmc_guard_dir_path}
BMC Execute Command rm -rf ${bmc_guard_dir_path}*
Test Setup Execution
[Documentation] Test setup execution.
${timestamp}= Get Current Date result_format=%Y%m%d%H%M%S
${sol_log_file_path}= Catenate ${EXECDIR}/Secure_SOL${timestamp}
Start SOL Console Logging ${sol_log_file_path}
Set Suite Variable ${sol_log_file_path}
REST Power Off stack_mode=skip quiet=1
Delete Error Logs And Verify
Test Teardown Execution
[Documentation] Test teardown execution.
Stop SOL Console Logging
Run rm -rf ${sol_log_file_path}
# Removing the corrupted file from BMC.
BMC Execute Command rm -rf ${bmc_image_dir_path}*