Secureboot test cases:
Added:
- Test to verify TPMPolicy Enabled and Disabled.
Resolves openbmc/openbmc-test-automation#1312
Change-Id: I1c2562bb4bc9bb8910d393fdc27ea6489549dec8
Signed-off-by: Sweta Potthuri <spotthur@in.ibm.com>
diff --git a/lib/open_power_utils.robot b/lib/open_power_utils.robot
index c657d05..84eb0b9 100644
--- a/lib/open_power_utils.robot
+++ b/lib/open_power_utils.robot
@@ -162,3 +162,11 @@
... Append To List ${power_supply_avg_list} ${entry}
[Return] ${power_supply_avg_list} ${power_supply_max_list}
+
+
+REST Verify No Gard Records
+ [Documentation] Verify no gard records are present.
+
+ ${resp}= Read Properties ${OPENPOWER_CONTROL}gard/enumerate
+ Log Dictionary ${resp}
+ Should Be Empty ${resp} msg=Found gard records.
diff --git a/lib/secure_utils.robot b/lib/secure_utils.robot
new file mode 100755
index 0000000..9e645e5
--- /dev/null
+++ b/lib/secure_utils.robot
@@ -0,0 +1,27 @@
+*** Settings ***
+Documentation Secure boot keywords.
+
+*** Keywords ***
+
+Set TPMEnable Policy
+ [Documentation] Enable or disable TPM Policy.
+ [Arguments] ${tpm_policy}
+
+ # Description of argument(s):
+ # tpm_policy Enable-1 or Disable-0.
+
+ ${value_dict}= Create Dictionary data=${tpm_policy}
+ Write Attribute ${CONTROL_HOST_URI}/TPMEnable TPMEnable
+ ... data=${value_dict}
+
+
+Set And Verify TPM Policy
+ [Documentation] Enable or disable and verify TPM Policy.
+ [Arguments] ${tpm_policy}
+
+ # Description of argument(s):
+ # tpm_policy Enable-1 or Disable-0.
+
+ Set TPMEnable Policy ${tpm_policy}
+ ${resp}= Verify The Attribute
+ ... ${CONTROL_URI}/host0/TPMEnable TPMEnable ${tpm_policy}
diff --git a/lib/utils.robot b/lib/utils.robot
index f77f057..e550491 100755
--- a/lib/utils.robot
+++ b/lib/utils.robot
@@ -1511,3 +1511,16 @@
... xyz.openbmc_project.Led.Physical.Action.${expected_state}
... msg=Unexpected LED state.
+
+Verify The Attribute
+ [Arguments] ${uri} ${attribute_name} ${attribute_value}
+
+ # Description of argument(s):
+ # uri URI path
+ # (e.g. "/xyz/openbmc_project/control/host0/TPMEnable").
+ # attribute_name Name of attribute to be verified (e.g. "TPMEnable").
+ # attribute_value The expected value of attribute (e.g. "1", "0", etc.)
+
+ ${output}= Read Attribute ${uri} ${attribute_name}
+ Should Be Equal ${attribute_value} ${output}
+ ... msg=Attribute "${attribute_name} does not have the expected value.
diff --git a/secureboot/secure.robot b/secureboot/secure.robot
new file mode 100644
index 0000000..1ef26ff
--- /dev/null
+++ b/secureboot/secure.robot
@@ -0,0 +1,101 @@
+*** Settings ***
+Documentation Secure boot related test cases.
+
+Resource ../lib/utils.robot
+Resource ../lib/boot_utils.robot
+Resource ../lib/secure_utils.robot
+Resource ../lib/open_power_utils.robot
+
+Test Setup Test Setup Execution
+Test Teardown Test Teardown Execution
+
+*** Variables ***
+
+${security_access_bit_mask} ${0xC000000000000000}
+
+*** Test Cases ***
+
+Validate Secure Boot With TPM Policy Disabled
+ [Documentation] Validate secure boot with TPM policy disabled.
+ [Tags] Validate_Secure_Boot_With_TPM_Policy_Disabled
+
+ Validate Secure Boot With TPM Policy Enabled Or Disabled ${0}
+
+
+Validate Secure Boot With TPM Policy Enabled
+ [Documentation] Validate secure boot with TPM policy enabled.
+ [Tags] Validate_Secure_Boot_With_TPM_Policy_Enabled
+
+ Validate Secure Boot With TPM Policy Enabled Or Disabled ${1}
+
+
+*** Keywords ***
+
+Get And Verify Security Access Bit
+ [Documentation] Get and verify security access bit.
+ [Arguments] ${sol_log_file_path}
+
+ # Description of argument(s):
+ # sol_log_file_path The path to the file containing SOL data
+ # which was collected during a REST Power On.
+
+ # Sample output:
+ # 19.68481|SECURE|Security Access Bit> 0xC000000000000000
+
+ ${cmd}= Catenate
+ ... grep "Security Access Bit" ${sol_log_file_path} | awk '{ print $4 }'
+ ${rc} ${security_access_bit_str}= Run and Return RC and Output ${cmd}
+ Should Be Equal ${rc} ${0}
+ ... msg=Return code from ${cmd} not zero.
+
+ # Verify the value of "Security Access Bit".
+
+ ${security_access_bit}= Convert to Integer ${security_access_bit_str}
+ ${result}= Evaluate ${security_access_bit_mask} & ${security_access_bit}
+ Should Be Equal ${result} ${security_access_bit_mask}
+ ... msg=System is not booted in secure mode. values=False
+
+
+Validate Secure Boot With TPM Policy Enabled Or Disabled
+ [Documentation] Validate secure boot with TPM policy enabled or disabled.
+ [Arguments] ${tpm_policy}
+
+ # Description of argument(s):
+ # tpm_policy Enable-0 or Disable-1.
+
+ Set And Verify TPM Policy ${tpm_policy}
+ REST Power On quiet=1
+ Validate Secure Boot ${sol_log_file_path}
+
+
+Validate Secure Boot
+ [Documentation] Validate secure boot.
+ [Arguments] ${sol_log_file_path}
+
+ # Description of argument(s):
+ # sol_log_file_path The path to the file containing SOL data
+ # which was collected during a REST Power On.
+
+ Get And Verify Security Access Bit ${sol_log_file_path}
+ Error Logs Should Not Exist
+ REST Verify No Gard Records
+
+
+Test Setup Execution
+ [Documentation] Test setup execution.
+
+ ${timestamp}= Get Current Date result_format=%Y%m%d%H%M%S
+ ${sol_log_file_path}= Catenate ${EXECDIR}/Secure_SOL${timestamp}
+ Start SOL Console Logging ${sol_log_file_path}
+ Set Suite Variable ${sol_log_file_path}
+
+ REST Power Off stack_mode=skip quiet=1
+ Delete Error Logs And Verify
+ Clear BMC Gard record
+
+
+Test Teardown Execution
+ [Documentation] Test teardown execution.
+
+ Stop SOL Console Logging
+ Run rm -rf ${sol_log_file_path}