Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 1 | *** Settings *** |
| 2 | Documentation Secure boot related test cases. |
| 3 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 4 | # Test Parameters: |
| 5 | # FFDC_TOOL_DIR_PATH The path to the directory containing FFDC translation |
| 6 | # tools such as eSEL.pl. |
| 7 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 8 | Resource ../lib/utils.robot |
| 9 | Resource ../lib/boot_utils.robot |
| 10 | Resource ../lib/secure_utils.robot |
| 11 | Resource ../lib/open_power_utils.robot |
George Keishing | ce72d96 | 2018-04-06 03:32:19 -0500 | [diff] [blame] | 12 | Resource ../lib/logging_utils.robot |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 13 | Resource ../lib/openbmc_ffdc_methods.robot |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 14 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 15 | Library ../lib/gen_misc.py |
| 16 | |
| 17 | Suite Setup Suite Setup Execution |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 18 | Test Setup Test Setup Execution |
| 19 | Test Teardown Test Teardown Execution |
| 20 | |
| 21 | *** Variables *** |
| 22 | |
| 23 | ${security_access_bit_mask} ${0xC000000000000000} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 24 | # Description of BC8A1E07 A problem occurred during the IPL of the system. |
| 25 | ${pnor_corruption_src} BC8A1E07 |
| 26 | ${bmc_image_dir_path} /usr/local/share/pnor |
| 27 | ${FFDC_TOOL_DIR_PATH} ${EMPTY} |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 28 | |
| 29 | *** Test Cases *** |
| 30 | |
| 31 | Validate Secure Boot With TPM Policy Disabled |
| 32 | [Documentation] Validate secure boot with TPM policy disabled. |
| 33 | [Tags] Validate_Secure_Boot_With_TPM_Policy_Disabled |
| 34 | |
| 35 | Validate Secure Boot With TPM Policy Enabled Or Disabled ${0} |
| 36 | |
| 37 | |
| 38 | Validate Secure Boot With TPM Policy Enabled |
| 39 | [Documentation] Validate secure boot with TPM policy enabled. |
| 40 | [Tags] Validate_Secure_Boot_With_TPM_Policy_Enabled |
| 41 | |
| 42 | Validate Secure Boot With TPM Policy Enabled Or Disabled ${1} |
| 43 | |
| 44 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 45 | Violate Secure Boot Via Corrupt Key In SBE During Host Boot |
| 46 | [Documentation] Violate secure boot via corrupt key SBE during host boot. |
| 47 | [Tags] Violate_Secure_Boot_Via_Corrupt_Key_In_SBE_During_Host_Boot |
| 48 | |
| 49 | Violate Secure Boot Via Corrupt Key |
| 50 | ... SBE ${pnor_corruption_src} ${bmc_image_dir_path} |
| 51 | |
| 52 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 53 | *** Keywords *** |
| 54 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 55 | Violate Secure Boot Via Corrupt Key |
| 56 | [Documentation] Cause secure boot violation during host boot |
| 57 | ... with corrupted key. |
| 58 | [Arguments] ${partition} ${error_src} ${bmc_image_dir_path} |
| 59 | |
| 60 | # Decription of argument(s): |
| 61 | # partition The partition which is to be corrupted |
| 62 | # (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC"). |
| 63 | # error_src The system reference code that is expected as a |
| 64 | # result of the secure boot violation |
| 65 | # (e.g. "BC8A1E07"). |
| 66 | # bmc_image_dir_path BMC image path. |
| 67 | |
| 68 | Set And Verify TPM Policy ${1} |
| 69 | |
| 70 | # Descipiton: |
| 71 | # Cause a secure boot violation by copying an BMC image file to the |
| 72 | # target BMC and then starting a power on. |
| 73 | # This action should result in: |
| 74 | # 1) an error log entry |
| 75 | # 2) the system going to "Quiesced" state. |
| 76 | |
| 77 | # Load corrupted image to /usr/local/share/pnor. |
| 78 | Open Connection For SCP |
| 79 | Log ${bmc_image_dir_path} |
| 80 | scp.Put File |
| 81 | ... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path} |
| 82 | |
| 83 | # Starting a power on. |
| 84 | BMC Execute Command /usr/sbin/obmcutil poweron |
| 85 | Wait Until Keyword Succeeds 10 min 10 sec Error Logs Should Exist |
| 86 | |
| 87 | Wait Until Keyword Succeeds 10 min 10 sec Collect Error Logs and Verify SRC ${error_src} |
| 88 | |
| 89 | # Remove the file from /usr/local/share/pnor/. |
| 90 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |
| 91 | |
| 92 | # Check if system reaches quiesce state. |
| 93 | Run Keywords |
| 94 | ... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND |
| 95 | ... Recover Quiesced Host |
| 96 | |
| 97 | |
| 98 | Collect Error Logs and Verify SRC |
| 99 | [Documentation] Collect error logs and verify src. |
| 100 | [Arguments] ${system_reference_code} |
| 101 | |
| 102 | # Description of argument(s): |
| 103 | # system_reference_code The system reference code that the caller |
| 104 | # expects to be found among the existing |
| 105 | # error log entries (e.g. "BC8A1E07"). |
| 106 | # system_reference_code Src code. |
| 107 | |
| 108 | Convert eSEL To Elog Format ${FFDC_TOOL_DIR_PATH} |
| 109 | |
| 110 | ${cmd}= Catenate |
| 111 | ... grep -i ${system_reference_code} ${FFDC_TOOL_DIR_PATH}/esel.out.txt |
| 112 | ${rc} ${output}= Run and Return RC and Output ${cmd} |
| 113 | Should Be Equal ${rc} ${0} |
| 114 | ... msg=${system_reference_code} not found in the existing error logs. |
| 115 | |
| 116 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 117 | Get And Verify Security Access Bit |
| 118 | [Documentation] Get and verify security access bit. |
| 119 | [Arguments] ${sol_log_file_path} |
| 120 | |
| 121 | # Description of argument(s): |
| 122 | # sol_log_file_path The path to the file containing SOL data |
| 123 | # which was collected during a REST Power On. |
| 124 | |
| 125 | # Sample output: |
| 126 | # 19.68481|SECURE|Security Access Bit> 0xC000000000000000 |
| 127 | |
| 128 | ${cmd}= Catenate |
| 129 | ... grep "Security Access Bit" ${sol_log_file_path} | awk '{ print $4 }' |
| 130 | ${rc} ${security_access_bit_str}= Run and Return RC and Output ${cmd} |
| 131 | Should Be Equal ${rc} ${0} |
| 132 | ... msg=Return code from ${cmd} not zero. |
| 133 | |
| 134 | # Verify the value of "Security Access Bit". |
| 135 | |
| 136 | ${security_access_bit}= Convert to Integer ${security_access_bit_str} |
| 137 | ${result}= Evaluate ${security_access_bit_mask} & ${security_access_bit} |
| 138 | Should Be Equal ${result} ${security_access_bit_mask} |
| 139 | ... msg=System is not booted in secure mode. values=False |
| 140 | |
| 141 | |
| 142 | Validate Secure Boot With TPM Policy Enabled Or Disabled |
| 143 | [Documentation] Validate secure boot with TPM policy enabled or disabled. |
| 144 | [Arguments] ${tpm_policy} |
| 145 | |
| 146 | # Description of argument(s): |
| 147 | # tpm_policy Enable-0 or Disable-1. |
| 148 | |
| 149 | Set And Verify TPM Policy ${tpm_policy} |
| 150 | REST Power On quiet=1 |
| 151 | Validate Secure Boot ${sol_log_file_path} |
| 152 | |
| 153 | |
| 154 | Validate Secure Boot |
| 155 | [Documentation] Validate secure boot. |
| 156 | [Arguments] ${sol_log_file_path} |
| 157 | |
| 158 | # Description of argument(s): |
| 159 | # sol_log_file_path The path to the file containing SOL data |
| 160 | # which was collected during a REST Power On. |
| 161 | |
| 162 | Get And Verify Security Access Bit ${sol_log_file_path} |
| 163 | Error Logs Should Not Exist |
| 164 | REST Verify No Gard Records |
| 165 | |
| 166 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 167 | Suite Setup Execution |
| 168 | [Documentation] Suite Setup Execution |
| 169 | |
| 170 | Run export PATH=$PATH:${FFDC_TOOL_DIR_PATH} |
| 171 | Set Environment Variable ${FFDC_TOOL_DIR_PATH} ${FFDC_TOOL_DIR_PATH} |
| 172 | ${bmc_image_dir_path}= Add Trailing Slash ${bmc_image_dir_path} |
| 173 | Set Global Variable ${bmc_image_dir_path} |
| 174 | Log ${bmc_image_dir_path} |
| 175 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |
| 176 | |
| 177 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 178 | Test Setup Execution |
| 179 | [Documentation] Test setup execution. |
| 180 | |
| 181 | ${timestamp}= Get Current Date result_format=%Y%m%d%H%M%S |
| 182 | ${sol_log_file_path}= Catenate ${EXECDIR}/Secure_SOL${timestamp} |
| 183 | Start SOL Console Logging ${sol_log_file_path} |
| 184 | Set Suite Variable ${sol_log_file_path} |
| 185 | |
| 186 | REST Power Off stack_mode=skip quiet=1 |
| 187 | Delete Error Logs And Verify |
| 188 | Clear BMC Gard record |
| 189 | |
| 190 | |
| 191 | Test Teardown Execution |
| 192 | [Documentation] Test teardown execution. |
| 193 | |
| 194 | Stop SOL Console Logging |
| 195 | Run rm -rf ${sol_log_file_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 196 | |
| 197 | # Removing the corrupted file from BMC. |
| 198 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |