Adding HB partition corruption test cases
Changes:
- 1) Adding HBB,HBD,HBI,HBBL,OCC,HBRT corruption tests
- 2) Some more modification to SOL console log check
- 3) Some tests required reboot to reflect the RC on console
- 4) Add REST Power On multiple places
- 5) Adding environment variable to point to Corrupted images
- 6) Adding FFDC collection on failure
Tested: Working Good
Resolve openbmc/openbmc-test-automation#1681
Change-Id: I3ff6ae92bdf795f792f85c93176ac02b897f223b
Signed-off-by: lkammath <lkammath@in.ibm.com>
diff --git a/data/pnor_test_data/SBE b/data/pnor_test_data/SBE
deleted file mode 100644
index ca9d13e..0000000
--- a/data/pnor_test_data/SBE
+++ /dev/null
Binary files differ
diff --git a/openpower/secureboot/secure.robot b/openpower/secureboot/secure.robot
index 4760e65..f670043 100644
--- a/openpower/secureboot/secure.robot
+++ b/openpower/secureboot/secure.robot
@@ -5,6 +5,15 @@
# SEL to PEL conversion:
# https://github.com/openbmc/openbmc-test-automation/blob/master/docs/
# openbmc_test_tools.md#converting-sels-to-readable-format
+#
+# Definition of each partition acronyms
+# HBB: Hostboot Base
+# HBI: Hostboot Extended Image
+# HBRT: Hostboot Runtime
+# HBD: Hostboot Data
+# HBBL: Bostboot Base loader
+# SBE: Self Boot Engine
+# OCC: On Chip Controller
Resource ../../lib/utils.robot
Resource ../../lib/state_manager.robot
@@ -28,6 +37,9 @@
${pnor_corruption_rc} 0x1E07
${bmc_image_dir_path} /usr/local/share/pnor
${bmc_guard_part_path} /var/lib/phosphor-software-manager/pnor/prsv/GUARD
+${HB_PART_LIST} [HBB, HBD, HBI, HBRT, HBBL]
+${NON_HB_PART_LIST} [SBE, OCC]
+${MIXED_PART_LIST} [SBE, HBD, OCC, HBRT, HBBL]
*** Test Cases ***
@@ -56,6 +68,51 @@
... SBE ${pnor_corruption_rc} ${bmc_image_dir_path}
+Secure Boot Violation Using Corrupt HBD Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt HBD image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_HBD_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... HBD ${pnor_corruption_rc} ${bmc_image_dir_path}
+
+Secure Boot Violation Using Corrupt HBB Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt HBB image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_HBB_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... HBB ${pnor_corruption_rc} ${bmc_image_dir_path}
+
+Secure Boot Violation Using Corrupt HBBL Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt HBBL image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_HBBL_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... HBBL ${pnor_corruption_rc} ${bmc_image_dir_path}
+
+
+Secure Boot Violation Using Corrupt HBI Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt HBI image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_HBI_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... HBI ${pnor_corruption_rc} ${bmc_image_dir_path}
+
+
+Secure Boot Violation Using Corrupt HBRT Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt HBRT image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_HBRT_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... HBRT ${pnor_corruption_rc} ${bmc_image_dir_path}
+
+
+Secure Boot Violation Using Corrupt OCC Image On Cold Boot
+ [Documentation] Secure boot violation using corrupt OCC image on cold boot.
+ [Tags] Secure_Boot_Violation_Using_Corrupt_OCC_Image_On_Cold_Boot
+
+ Violate Secure Boot Using Corrupt Image
+ ... OCC ${pnor_corruption_rc} ${bmc_image_dir_path}
+
*** Keywords ***
Violate Secure Boot Using Corrupt Image
@@ -82,11 +139,9 @@
# Load corrupted image to /usr/local/share/pnor.
Open Connection For SCP
- Log ${bmc_image_dir_path}
- Log ${error_rc}
scp.Put File
- ... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path}
+ ... ${ENV_SB_CORRUPTED_BIN_PATH}/${partition} ${bmc_image_dir_path}
${error_log_path}= Catenate ${SB_LOG_DIR_PATH}/partition-corruption
Create Directory ${error_log_path}
@@ -99,21 +154,42 @@
BMC Execute Command /usr/sbin/obmcutil poweron
Wait Until Keyword Succeeds 15 min 15 sec Error Logs Should Exist
- # TODO: This will be enabled little later as more tesing required
- # Wait Until Keyword Succeeds
- # ... 5 min 5 sec Collect Error Logs and Verify SRC ${error_rc} ${error_log_path}
+ #TODO: This will be enabled little later as more tesing required
+ #Wait Until Keyword Succeeds 5 min 5 sec
+ #... Collect Error Logs and Verify SRC ${error_rc} ${error_log_path}
+ # Expected behavior is that the error occurs early in the boot process,
+ # therefore, no entry in the error log and nothing to decode.
+ # The 1E07 error is written to PNOR & then goes into Quiesced state.
+ # On the next valid boot, the error log will be sent to BMC &
+ # seen on SOL console
+ Run Keyword If '${partition}' in '${NON_HB_PART_LIST}'
# Verify the RC 0x1E07 in the SOL logs.
- Get And Verify Partition Corruption ${sol_log_file_path}
+ ... Get And Verify Partition Corruption ${partition} ${sol_log_file_path}
+ ... ELSE IF '${partition}' in '${HB_PART_LIST}'
+ ... Log To Console ${partition} corrupted, Going to quiesced state.
# Remove the file from /usr/local/share/pnor/.
BMC Execute Command rm -rf ${bmc_image_dir_path}*
# Check if system reaches quiesce state.
+ # Default system state will be power off at the end of the verification.
Run Keywords
... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND
... Recover Quiesced Host
+ # We will retry boot with corrupted partition removed
+ # SOL console should show previous boot fail message (1E07) on current boot
+ # HBB corruption will never get far enough to log into PNOR.
+ # so, it should be removed from consideration for this check
+ Run Keyword If '${partition}' == 'HBB'
+ ... Log To Console No more action on ${partition} corruption required.
+ ... ELSE IF '${partition}' in '[HBD, HBI, HBRT, HBBL]'
+ ... Run Keywords
+ ... REST Power On stack_mode=skip quiet=1 AND
+ ... Wait Until Keyword Succeeds 5 min 5 sec Error Logs Should Exist AND
+ ... Get And Verify Partition Corruption ${partition} ${sol_log_file_path} AND
+ ... REST Power Off stack_mode=skip quiet=1
Collect Error Logs and Verify SRC
[Documentation] Verify error log entry & signature description.
@@ -159,23 +235,36 @@
Get And Verify Partition Corruption
[Documentation] Get and verify partition corruption.
- [Arguments] ${sol_log_file_path}
+ [Arguments] ${partition} ${sol_log_file_path}
# Description of argument(s):
+ # partition The partition which is to be corrupted
+ # (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC").
# sol_log_file_path The path to the file containing SOL data
# which was collected during a REST Power On.
# Sample output:
# 44.47498|secure|Secureboot Failure plid = 0x90000007, rc = 0x1E07
+ # OR
+ # 14.94315|Error reported by secure (0x1E00) PLID 0x90000002
+ # 14.99659| ROM_verify() Call Failed
+ # 14.99659| ModuleId 0x03 SECUREBOOT::MOD_SECURE_ROM_VERIFY
+ # 14.99660| ReasonCode 0x1e07 SECUREBOOT::RC_ROM_VERIFY
- ${cmd}= Catenate
+ ${cmd}= Run Keyword If '${partition}' in '${MIXED_PART_LIST}'
+ ... Catenate
... grep -i "Secureboot Failure" ${sol_log_file_path} | awk '{ print $8 }'
+ ... ELSE IF '${partition}' == 'HBI'
+ ... Catenate
+ ... grep -i "ReasonCode" ${sol_log_file_path} | awk '{ print $3 }'
+
${rc} ${corruption_rc_str}= Run and Return RC and Output ${cmd}
Should Be Equal ${rc} ${0}
... msg=Return code from ${cmd} not zero.
# Verify the RC 0x1E07 from sol output".
- Should Be Equal As Strings ${corruption_rc_str} ${pnor_corruption_rc}
+ Should Be Equal As Strings
+ ... ${corruption_rc_str} ${pnor_corruption_rc} ignore_case=True
... msg=SB violation due to PNOR partition corruption not reported. values=False
@@ -223,6 +312,11 @@
Log ${bmc_guard_part_path}
BMC Execute Command rm -rf ${bmc_guard_part_path}
+ # All the corrupted binaries will go in here
+ # Run this as input param
+ Should Not Be Empty ${ENV_SB_CORRUPTED_BIN_PATH}
+ Set Environment Variable PATH %{PATH}:${ENV_SB_CORRUPTED_BIN_PATH}
+
Test Setup Execution
[Documentation] Test setup execution.
@@ -242,5 +336,8 @@
Stop SOL Console Logging
Run rm -rf ${sol_log_file_path}
+ # Collect FFDC on failure
+ FFDC On Test Case Fail
+
# Removing the corrupted file from BMC.
BMC Execute Command rm -rf ${bmc_image_dir_path}*