Adding secureboot setup check:
Changes:
- 1) Get Secure boot info - Jumper settings, secure boot state,
number of procs
- 2) Execution of test cases based on jumper and secure boot policy
Tested: Working Good
Resolve openbmc/openbmc-test-automation#1705
Signed-off-by: Lakshminarayana R. Kammath <lkammath@in.ibm.com>
Change-Id: I709274d1263285d85856ae6048bfe594115ce4dc
diff --git a/lib/secure_utils.robot b/lib/secure_utils.robot
deleted file mode 100755
index 9e645e5..0000000
--- a/lib/secure_utils.robot
+++ /dev/null
@@ -1,27 +0,0 @@
-*** Settings ***
-Documentation Secure boot keywords.
-
-*** Keywords ***
-
-Set TPMEnable Policy
- [Documentation] Enable or disable TPM Policy.
- [Arguments] ${tpm_policy}
-
- # Description of argument(s):
- # tpm_policy Enable-1 or Disable-0.
-
- ${value_dict}= Create Dictionary data=${tpm_policy}
- Write Attribute ${CONTROL_HOST_URI}/TPMEnable TPMEnable
- ... data=${value_dict}
-
-
-Set And Verify TPM Policy
- [Documentation] Enable or disable and verify TPM Policy.
- [Arguments] ${tpm_policy}
-
- # Description of argument(s):
- # tpm_policy Enable-1 or Disable-0.
-
- Set TPMEnable Policy ${tpm_policy}
- ${resp}= Verify The Attribute
- ... ${CONTROL_URI}/host0/TPMEnable TPMEnable ${tpm_policy}
diff --git a/lib/secureboot/secureboot.py b/lib/secureboot/secureboot.py
new file mode 100644
index 0000000..99728c8
--- /dev/null
+++ b/lib/secureboot/secureboot.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+
+r"""
+This module provides some functions for Secure Boot verification.
+"""
+
+import bmc_ssh_utils as bsu
+import var_funcs as vf
+from robot.libraries.BuiltIn import BuiltIn
+
+
+# Define 'constant' functions.
+def secure_boot_mask():
+
+ return 0x08000000
+
+
+def jumper_mask():
+
+ return 0x04000000
+
+
+class secureboot(object):
+
+ def get_secure_boot_info(self, quiet=None):
+ r"""
+ Get secure-boot information and return it as a tuple consisting of
+ num_procs, secure_boot, jumper.
+
+ num_procs is the number of processors containing the information.
+
+ secure_boot will be set to True if each and every register value
+ in question has its secureboot bit set (Bit 4).
+
+ jumper will be set to True if each and every register value
+ in question has its jumper bit set (Bit 5).
+
+ Description of argument(s):
+ quiet See shell_cmd for details.
+ """
+
+ cmd_buf = "pdbg -d p9w -a getcfam 0x2801"
+ out_buf, stderr, rc = bsu.bmc_execute_command(cmd_buf, quiet=quiet)
+
+ # Convert result to a dictionary with one key for each processor:
+ # result:
+ # [p0:0x2801]: 0x80c00002
+ # [p1:0x2801]: 0x90c00002
+ result = vf.key_value_outbuf_to_dict(out_buf, delim="=")
+
+ num_procs = len(result)
+ # Initialize values to True.
+ secure_boot = True
+ jumper = True
+
+ for key, value in result.items():
+ # Convert hex string to int.
+ reg_value = int(value, 16)
+ if not reg_value & secure_boot_mask():
+ secure_boot = False
+ if not reg_value & jumper_mask():
+ jumper = False
+
+ return num_procs, secure_boot, jumper
diff --git a/lib/secureboot/secureboot.robot b/lib/secureboot/secureboot.robot
new file mode 100644
index 0000000..9c5fb4e
--- /dev/null
+++ b/lib/secureboot/secureboot.robot
@@ -0,0 +1,31 @@
+*** Settings ***
+Documentation Utility for getting/reading Secure Boot related settings.
+Resource ../../lib/open_power_utils.robot
+Resource ../../lib/utils.robot
+Resource ../../lib/state_manager.robot
+Resource ../../lib/boot_utils.robot
+Library ../../lib/bmc_ssh_utils.py
+
+*** Keywords ***
+
+Set TPMEnable Policy
+ [Documentation] Enable or disable TPM Policy.
+ [Arguments] ${tpm_policy}
+
+ # Description of argument(s):
+ # tpm_policy Enable-1 or Disable-0.
+
+ ${value_dict}= Create Dictionary data=${tpm_policy}
+ Write Attribute ${CONTROL_HOST_URI}/TPMEnable TPMEnable
+ ... data=${value_dict}
+
+
+Set And Verify TPM Policy
+ [Documentation] Enable or disable and verify TPM Policy.
+ [Arguments] ${tpm_policy}
+
+ # Description of argument(s):
+ # tpm_policy Enable-1 or Disable-0.
+
+ Set TPMEnable Policy ${tpm_policy}
+ Verify The Attribute ${CONTROL_URI}/host0/TPMEnable TPMEnable ${tpm_policy}
diff --git a/openpower/secureboot/secure.robot b/openpower/secureboot/test_secureboot.robot
similarity index 94%
rename from openpower/secureboot/secure.robot
rename to openpower/secureboot/test_secureboot.robot
index f670043..f6609c7 100644
--- a/openpower/secureboot/secure.robot
+++ b/openpower/secureboot/test_secureboot.robot
@@ -18,12 +18,13 @@
Resource ../../lib/utils.robot
Resource ../../lib/state_manager.robot
Resource ../../lib/boot_utils.robot
-Resource ../../lib/secure_utils.robot
+Resource ../../lib/secureboot/secureboot.robot
Resource ../../lib/open_power_utils.robot
Resource ../../lib/logging_utils.robot
Resource ../../lib/openbmc_ffdc_methods.robot
Library ../../lib/gen_misc.py
+Library ../../lib/secureboot/secureboot.py
Suite Setup Suite Setup Execution
Test Setup Test Setup Execution
@@ -115,6 +116,17 @@
*** Keywords ***
+Validate Secure Boot Setup
+ [Documentation] Validates setup to make sure it's secureboot run capable.
+
+ # Check the jumper position and Security settings before moving ahead.
+ ${num_procs} ${secureboot_state} ${jumper_state}= Get Secure Boot Info
+
+ Rprint Vars secureboot_state jumper_state
+
+ Should Be True ${secureboot_state} == True and ${jumper_state} == False
+ ... msg=Jumper is on while secureboot is disabled. Put the jumpers between pins 2 and 3.
+
Violate Secure Boot Using Corrupt Image
[Documentation] Cause secure boot violation during cold boot
... with corrupted image.
@@ -326,6 +338,11 @@
Start SOL Console Logging ${sol_log_file_path}
Set Suite Variable ${sol_log_file_path}
+ REST Power On stack_mode=skip quiet=1
+
+ # Validate the secureboot setup. If not met with required state then, fail.
+ Validate Secure Boot Setup
+
REST Power Off stack_mode=skip quiet=1
Delete Error Logs And Verify