blob: 7afbdf2c28a00ccc5cd6141766720ea96d59ad11 [file] [log] [blame]
Sweta Potthuri39255032018-03-28 10:12:14 -05001*** Settings ***
2Documentation Secure boot related test cases.
3
Sweta Potthurid3c03432018-04-19 11:30:27 -05004# Test Parameters:
5# FFDC_TOOL_DIR_PATH The path to the directory containing FFDC translation
6# tools such as eSEL.pl.
7
Sweta Potthuri39255032018-03-28 10:12:14 -05008Resource ../lib/utils.robot
9Resource ../lib/boot_utils.robot
10Resource ../lib/secure_utils.robot
11Resource ../lib/open_power_utils.robot
George Keishingce72d962018-04-06 03:32:19 -050012Resource ../lib/logging_utils.robot
Sweta Potthurid3c03432018-04-19 11:30:27 -050013Resource ../lib/openbmc_ffdc_methods.robot
Sweta Potthuri39255032018-03-28 10:12:14 -050014
Sweta Potthurid3c03432018-04-19 11:30:27 -050015Library ../lib/gen_misc.py
16
17Suite Setup Suite Setup Execution
Sweta Potthuri39255032018-03-28 10:12:14 -050018Test Setup Test Setup Execution
19Test Teardown Test Teardown Execution
20
21*** Variables ***
22
23${security_access_bit_mask} ${0xC000000000000000}
Sweta Potthurid3c03432018-04-19 11:30:27 -050024# Description of BC8A1E07 A problem occurred during the IPL of the system.
25${pnor_corruption_src} BC8A1E07
26${bmc_image_dir_path} /usr/local/share/pnor
27${FFDC_TOOL_DIR_PATH} ${EMPTY}
Sweta Potthuri39255032018-03-28 10:12:14 -050028
29*** Test Cases ***
30
31Validate Secure Boot With TPM Policy Disabled
32 [Documentation] Validate secure boot with TPM policy disabled.
33 [Tags] Validate_Secure_Boot_With_TPM_Policy_Disabled
34
35 Validate Secure Boot With TPM Policy Enabled Or Disabled ${0}
36
37
38Validate Secure Boot With TPM Policy Enabled
39 [Documentation] Validate secure boot with TPM policy enabled.
40 [Tags] Validate_Secure_Boot_With_TPM_Policy_Enabled
41
42 Validate Secure Boot With TPM Policy Enabled Or Disabled ${1}
43
44
Sweta Potthurid3c03432018-04-19 11:30:27 -050045Violate Secure Boot Via Corrupt Key In SBE During Host Boot
46 [Documentation] Violate secure boot via corrupt key SBE during host boot.
47 [Tags] Violate_Secure_Boot_Via_Corrupt_Key_In_SBE_During_Host_Boot
48
49 Violate Secure Boot Via Corrupt Key
50 ... SBE ${pnor_corruption_src} ${bmc_image_dir_path}
51
52
Sweta Potthuri39255032018-03-28 10:12:14 -050053*** Keywords ***
54
Sweta Potthurid3c03432018-04-19 11:30:27 -050055Violate Secure Boot Via Corrupt Key
56 [Documentation] Cause secure boot violation during host boot
57 ... with corrupted key.
58 [Arguments] ${partition} ${error_src} ${bmc_image_dir_path}
59
60 # Decription of argument(s):
61 # partition The partition which is to be corrupted
62 # (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC").
63 # error_src The system reference code that is expected as a
64 # result of the secure boot violation
65 # (e.g. "BC8A1E07").
66 # bmc_image_dir_path BMC image path.
67
68 Set And Verify TPM Policy ${1}
69
70 # Descipiton:
71 # Cause a secure boot violation by copying an BMC image file to the
72 # target BMC and then starting a power on.
73 # This action should result in:
74 # 1) an error log entry
75 # 2) the system going to "Quiesced" state.
76
77 # Load corrupted image to /usr/local/share/pnor.
78 Open Connection For SCP
79 Log ${bmc_image_dir_path}
80 scp.Put File
81 ... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path}
82
83 # Starting a power on.
84 BMC Execute Command /usr/sbin/obmcutil poweron
85 Wait Until Keyword Succeeds 10 min 10 sec Error Logs Should Exist
86
87 Wait Until Keyword Succeeds 10 min 10 sec Collect Error Logs and Verify SRC ${error_src}
88
89 # Remove the file from /usr/local/share/pnor/.
90 BMC Execute Command rm -rf ${bmc_image_dir_path}*
91
92 # Check if system reaches quiesce state.
93 Run Keywords
94 ... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND
95 ... Recover Quiesced Host
96
97
98Collect Error Logs and Verify SRC
99 [Documentation] Collect error logs and verify src.
100 [Arguments] ${system_reference_code}
101
102 # Description of argument(s):
103 # system_reference_code The system reference code that the caller
104 # expects to be found among the existing
105 # error log entries (e.g. "BC8A1E07").
106 # system_reference_code Src code.
107
108 Convert eSEL To Elog Format ${FFDC_TOOL_DIR_PATH}
109
110 ${cmd}= Catenate
111 ... grep -i ${system_reference_code} ${FFDC_TOOL_DIR_PATH}/esel.out.txt
112 ${rc} ${output}= Run and Return RC and Output ${cmd}
113 Should Be Equal ${rc} ${0}
114 ... msg=${system_reference_code} not found in the existing error logs.
115
116
Sweta Potthuri39255032018-03-28 10:12:14 -0500117Get And Verify Security Access Bit
118 [Documentation] Get and verify security access bit.
119 [Arguments] ${sol_log_file_path}
120
121 # Description of argument(s):
122 # sol_log_file_path The path to the file containing SOL data
123 # which was collected during a REST Power On.
124
125 # Sample output:
126 # 19.68481|SECURE|Security Access Bit> 0xC000000000000000
127
128 ${cmd}= Catenate
129 ... grep "Security Access Bit" ${sol_log_file_path} | awk '{ print $4 }'
130 ${rc} ${security_access_bit_str}= Run and Return RC and Output ${cmd}
131 Should Be Equal ${rc} ${0}
132 ... msg=Return code from ${cmd} not zero.
133
134 # Verify the value of "Security Access Bit".
135
136 ${security_access_bit}= Convert to Integer ${security_access_bit_str}
137 ${result}= Evaluate ${security_access_bit_mask} & ${security_access_bit}
138 Should Be Equal ${result} ${security_access_bit_mask}
139 ... msg=System is not booted in secure mode. values=False
140
141
142Validate Secure Boot With TPM Policy Enabled Or Disabled
143 [Documentation] Validate secure boot with TPM policy enabled or disabled.
144 [Arguments] ${tpm_policy}
145
146 # Description of argument(s):
147 # tpm_policy Enable-0 or Disable-1.
148
149 Set And Verify TPM Policy ${tpm_policy}
150 REST Power On quiet=1
151 Validate Secure Boot ${sol_log_file_path}
152
153
154Validate Secure Boot
155 [Documentation] Validate secure boot.
156 [Arguments] ${sol_log_file_path}
157
158 # Description of argument(s):
159 # sol_log_file_path The path to the file containing SOL data
160 # which was collected during a REST Power On.
161
162 Get And Verify Security Access Bit ${sol_log_file_path}
163 Error Logs Should Not Exist
164 REST Verify No Gard Records
165
166
Sweta Potthurid3c03432018-04-19 11:30:27 -0500167Suite Setup Execution
168 [Documentation] Suite Setup Execution
169
170 Run export PATH=$PATH:${FFDC_TOOL_DIR_PATH}
171 Set Environment Variable ${FFDC_TOOL_DIR_PATH} ${FFDC_TOOL_DIR_PATH}
172 ${bmc_image_dir_path}= Add Trailing Slash ${bmc_image_dir_path}
173 Set Global Variable ${bmc_image_dir_path}
174 Log ${bmc_image_dir_path}
175 BMC Execute Command rm -rf ${bmc_image_dir_path}*
176
177
Sweta Potthuri39255032018-03-28 10:12:14 -0500178Test Setup Execution
179 [Documentation] Test setup execution.
180
181 ${timestamp}= Get Current Date result_format=%Y%m%d%H%M%S
182 ${sol_log_file_path}= Catenate ${EXECDIR}/Secure_SOL${timestamp}
183 Start SOL Console Logging ${sol_log_file_path}
184 Set Suite Variable ${sol_log_file_path}
185
186 REST Power Off stack_mode=skip quiet=1
187 Delete Error Logs And Verify
188 Clear BMC Gard record
189
190
191Test Teardown Execution
192 [Documentation] Test teardown execution.
193
194 Stop SOL Console Logging
195 Run rm -rf ${sol_log_file_path}
Sweta Potthurid3c03432018-04-19 11:30:27 -0500196
197 # Removing the corrupted file from BMC.
198 BMC Execute Command rm -rf ${bmc_image_dir_path}*