Secure Boot: PNOR Corruption Test Cases.
Corrupt the PNOR partition and verify if a SRC is generated.
Resolves openbmc/openbmc-test-automation#1343
Change-Id: I869c2fe0724ec48e14a67af3656892fdafabe708
Signed-off-by: Sweta Potthuri <spotthur@in.ibm.com>
diff --git a/secureboot/secure.robot b/secureboot/secure.robot
index 61e4cc2..7afbdf2 100644
--- a/secureboot/secure.robot
+++ b/secureboot/secure.robot
@@ -1,18 +1,30 @@
*** Settings ***
Documentation Secure boot related test cases.
+# Test Parameters:
+# FFDC_TOOL_DIR_PATH The path to the directory containing FFDC translation
+# tools such as eSEL.pl.
+
Resource ../lib/utils.robot
Resource ../lib/boot_utils.robot
Resource ../lib/secure_utils.robot
Resource ../lib/open_power_utils.robot
Resource ../lib/logging_utils.robot
+Resource ../lib/openbmc_ffdc_methods.robot
+Library ../lib/gen_misc.py
+
+Suite Setup Suite Setup Execution
Test Setup Test Setup Execution
Test Teardown Test Teardown Execution
*** Variables ***
${security_access_bit_mask} ${0xC000000000000000}
+# Description of BC8A1E07 A problem occurred during the IPL of the system.
+${pnor_corruption_src} BC8A1E07
+${bmc_image_dir_path} /usr/local/share/pnor
+${FFDC_TOOL_DIR_PATH} ${EMPTY}
*** Test Cases ***
@@ -30,8 +42,78 @@
Validate Secure Boot With TPM Policy Enabled Or Disabled ${1}
+Violate Secure Boot Via Corrupt Key In SBE During Host Boot
+ [Documentation] Violate secure boot via corrupt key SBE during host boot.
+ [Tags] Violate_Secure_Boot_Via_Corrupt_Key_In_SBE_During_Host_Boot
+
+ Violate Secure Boot Via Corrupt Key
+ ... SBE ${pnor_corruption_src} ${bmc_image_dir_path}
+
+
*** Keywords ***
+Violate Secure Boot Via Corrupt Key
+ [Documentation] Cause secure boot violation during host boot
+ ... with corrupted key.
+ [Arguments] ${partition} ${error_src} ${bmc_image_dir_path}
+
+ # Decription of argument(s):
+ # partition The partition which is to be corrupted
+ # (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC").
+ # error_src The system reference code that is expected as a
+ # result of the secure boot violation
+ # (e.g. "BC8A1E07").
+ # bmc_image_dir_path BMC image path.
+
+ Set And Verify TPM Policy ${1}
+
+ # Descipiton:
+ # Cause a secure boot violation by copying an BMC image file to the
+ # target BMC and then starting a power on.
+ # This action should result in:
+ # 1) an error log entry
+ # 2) the system going to "Quiesced" state.
+
+ # Load corrupted image to /usr/local/share/pnor.
+ Open Connection For SCP
+ Log ${bmc_image_dir_path}
+ scp.Put File
+ ... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path}
+
+ # Starting a power on.
+ BMC Execute Command /usr/sbin/obmcutil poweron
+ Wait Until Keyword Succeeds 10 min 10 sec Error Logs Should Exist
+
+ Wait Until Keyword Succeeds 10 min 10 sec Collect Error Logs and Verify SRC ${error_src}
+
+ # Remove the file from /usr/local/share/pnor/.
+ BMC Execute Command rm -rf ${bmc_image_dir_path}*
+
+ # Check if system reaches quiesce state.
+ Run Keywords
+ ... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND
+ ... Recover Quiesced Host
+
+
+Collect Error Logs and Verify SRC
+ [Documentation] Collect error logs and verify src.
+ [Arguments] ${system_reference_code}
+
+ # Description of argument(s):
+ # system_reference_code The system reference code that the caller
+ # expects to be found among the existing
+ # error log entries (e.g. "BC8A1E07").
+ # system_reference_code Src code.
+
+ Convert eSEL To Elog Format ${FFDC_TOOL_DIR_PATH}
+
+ ${cmd}= Catenate
+ ... grep -i ${system_reference_code} ${FFDC_TOOL_DIR_PATH}/esel.out.txt
+ ${rc} ${output}= Run and Return RC and Output ${cmd}
+ Should Be Equal ${rc} ${0}
+ ... msg=${system_reference_code} not found in the existing error logs.
+
+
Get And Verify Security Access Bit
[Documentation] Get and verify security access bit.
[Arguments] ${sol_log_file_path}
@@ -82,6 +164,17 @@
REST Verify No Gard Records
+Suite Setup Execution
+ [Documentation] Suite Setup Execution
+
+ Run export PATH=$PATH:${FFDC_TOOL_DIR_PATH}
+ Set Environment Variable ${FFDC_TOOL_DIR_PATH} ${FFDC_TOOL_DIR_PATH}
+ ${bmc_image_dir_path}= Add Trailing Slash ${bmc_image_dir_path}
+ Set Global Variable ${bmc_image_dir_path}
+ Log ${bmc_image_dir_path}
+ BMC Execute Command rm -rf ${bmc_image_dir_path}*
+
+
Test Setup Execution
[Documentation] Test setup execution.
@@ -100,3 +193,6 @@
Stop SOL Console Logging
Run rm -rf ${sol_log_file_path}
+
+ # Removing the corrupted file from BMC.
+ BMC Execute Command rm -rf ${bmc_image_dir_path}*