Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 1 | *** Settings *** |
| 2 | Documentation Secure boot related test cases. |
| 3 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 4 | # Test Parameters: |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 5 | # SEL to PEL conversion: |
| 6 | # https://github.com/openbmc/openbmc-test-automation/blob/master/docs/ |
| 7 | # openbmc_test_tools.md#converting-sels-to-readable-format |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 8 | |
George Keishing | a8b2549 | 2018-06-07 01:15:37 -0500 | [diff] [blame] | 9 | Resource ../../lib/utils.robot |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 10 | Resource ../../lib/state_manager.robot |
George Keishing | a8b2549 | 2018-06-07 01:15:37 -0500 | [diff] [blame] | 11 | Resource ../../lib/boot_utils.robot |
| 12 | Resource ../../lib/secure_utils.robot |
| 13 | Resource ../../lib/open_power_utils.robot |
| 14 | Resource ../../lib/logging_utils.robot |
| 15 | Resource ../../lib/openbmc_ffdc_methods.robot |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 16 | |
George Keishing | a8b2549 | 2018-06-07 01:15:37 -0500 | [diff] [blame] | 17 | Library ../../lib/gen_misc.py |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 18 | |
| 19 | Suite Setup Suite Setup Execution |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 20 | Test Setup Test Setup Execution |
| 21 | Test Teardown Test Teardown Execution |
| 22 | |
| 23 | *** Variables *** |
| 24 | |
| 25 | ${security_access_bit_mask} ${0xC000000000000000} |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 26 | # TODO: will enable this in next commit |
| 27 | #${pnor_corruption_rc} SECUREBOOT::RC_ROM_VERIFY |
| 28 | ${pnor_corruption_rc} 0x1E07 |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 29 | ${bmc_image_dir_path} /usr/local/share/pnor |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 30 | ${bmc_guard_part_path} /var/lib/phosphor-software-manager/pnor/prsv/GUARD |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 31 | |
| 32 | *** Test Cases *** |
| 33 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 34 | # All the test cases requires by default jumpers to be positioned |
| 35 | # between 1 & 2. If this is not met test cases would fail |
| 36 | # TODO:https://github.com/openbmc/openbmc-test-automation/issues/1644 |
| 37 | Validate Secure Cold Boot With TPM Policy Disabled |
| 38 | [Documentation] Validate secure cold boot with TPM policy disabled. |
| 39 | [Tags] Validate_Secure_Cold_Boot_With_TPM_Policy_Disabled |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 40 | |
| 41 | Validate Secure Boot With TPM Policy Enabled Or Disabled ${0} |
| 42 | |
| 43 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 44 | Validate Secure Cold Boot With TPM Policy Enabled |
| 45 | [Documentation] Validate secure cold boot with TPM policy enabled. |
| 46 | [Tags] Validate_Secure_Cold_Boot_With_TPM_Policy_Enabled |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 47 | |
| 48 | Validate Secure Boot With TPM Policy Enabled Or Disabled ${1} |
| 49 | |
| 50 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 51 | Secure Boot Violation Using Corrupt SBE Image On Cold Boot |
| 52 | [Documentation] Secure boot violation using corrupt SBE image on cold boot. |
| 53 | [Tags] Secure_Boot_Violation_Using_Corrupt_SBE_Image_On_Cold_Boot |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 54 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 55 | Violate Secure Boot Using Corrupt Image |
| 56 | ... SBE ${pnor_corruption_rc} ${bmc_image_dir_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 57 | |
| 58 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 59 | *** Keywords *** |
| 60 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 61 | Violate Secure Boot Using Corrupt Image |
| 62 | [Documentation] Cause secure boot violation during cold boot |
| 63 | ... with corrupted image. |
| 64 | [Arguments] ${partition} ${error_rc} ${bmc_image_dir_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 65 | |
Gunnar Mills | 7732c7e | 2018-08-14 11:54:24 -0500 | [diff] [blame] | 66 | # Description of argument(s): |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 67 | # partition The partition which is to be corrupted |
| 68 | # (e.g. "SBE", "HBI", "HBB", "HBRT", "HBBL", "OCC"). |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 69 | # error_rc The RC that is expected as a |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 70 | # result of the secure boot violation |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 71 | # (e.g. "SECUREBOOT::RC_ROM_VERIFY"). |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 72 | # bmc_image_dir_path BMC image path. |
| 73 | |
| 74 | Set And Verify TPM Policy ${1} |
| 75 | |
| 76 | # Descipiton: |
| 77 | # Cause a secure boot violation by copying an BMC image file to the |
| 78 | # target BMC and then starting a power on. |
| 79 | # This action should result in: |
| 80 | # 1) an error log entry |
| 81 | # 2) the system going to "Quiesced" state. |
| 82 | |
| 83 | # Load corrupted image to /usr/local/share/pnor. |
| 84 | Open Connection For SCP |
| 85 | Log ${bmc_image_dir_path} |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 86 | Log ${error_rc} |
| 87 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 88 | scp.Put File |
| 89 | ... ${EXEC_DIR}/data/pnor_test_data/${partition} ${bmc_image_dir_path} |
| 90 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 91 | ${error_log_path}= Catenate ${SB_LOG_DIR_PATH}/partition-corruption |
| 92 | Create Directory ${error_log_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 93 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 94 | Set Global Variable ${error_log_path} |
| 95 | Log ${error_log_path} |
| 96 | |
| 97 | # Starting a power on. |
| 98 | # TODO: Need to move to REST Power On. Needs more testing. |
| 99 | BMC Execute Command /usr/sbin/obmcutil poweron |
| 100 | Wait Until Keyword Succeeds 15 min 15 sec Error Logs Should Exist |
| 101 | |
| 102 | #TODO: This will be enabled little later as more tesing required |
| 103 | #Wait Until Keyword Succeeds 5 min 5 sec Collect Error Logs and Verify SRC ${error_rc} ${error_log_path} |
| 104 | |
| 105 | # Verify the RC 0x1E07 in the SOL logs. |
| 106 | Get And Verify Partition Corruption ${sol_log_file_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 107 | |
| 108 | # Remove the file from /usr/local/share/pnor/. |
| 109 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |
| 110 | |
| 111 | # Check if system reaches quiesce state. |
| 112 | Run Keywords |
| 113 | ... Wait Until Keyword Succeeds 3 min 5 sec Is Host Quiesced AND |
| 114 | ... Recover Quiesced Host |
| 115 | |
| 116 | |
| 117 | Collect Error Logs and Verify SRC |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 118 | [Documentation] Verify error log entry & signature description. |
| 119 | [Arguments] ${error_rc} ${log_prefix} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 120 | |
| 121 | # Description of argument(s): |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 122 | # error_rc Error log signature description. |
| 123 | # log_prefix Log path prefix. |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 124 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 125 | Error Logs Should Not Exist |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 126 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 127 | Collect eSEL Log ${log_prefix} |
| 128 | ${error_log_file_path}= Catenate ${log_prefix}esel.txt |
| 129 | ${rc} ${output}= Run and Return RC and Output |
| 130 | ... grep -i ${error_rc} ${error_log_file_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 131 | Should Be Equal ${rc} ${0} |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 132 | Should Not Be Empty ${output} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 133 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 134 | Get And Verify Security Access Bit |
| 135 | [Documentation] Get and verify security access bit. |
| 136 | [Arguments] ${sol_log_file_path} |
| 137 | |
| 138 | # Description of argument(s): |
| 139 | # sol_log_file_path The path to the file containing SOL data |
| 140 | # which was collected during a REST Power On. |
| 141 | |
| 142 | # Sample output: |
| 143 | # 19.68481|SECURE|Security Access Bit> 0xC000000000000000 |
| 144 | |
| 145 | ${cmd}= Catenate |
| 146 | ... grep "Security Access Bit" ${sol_log_file_path} | awk '{ print $4 }' |
| 147 | ${rc} ${security_access_bit_str}= Run and Return RC and Output ${cmd} |
| 148 | Should Be Equal ${rc} ${0} |
| 149 | ... msg=Return code from ${cmd} not zero. |
| 150 | |
| 151 | # Verify the value of "Security Access Bit". |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 152 | # If fails, probable issue is Jumper position. |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 153 | |
| 154 | ${security_access_bit}= Convert to Integer ${security_access_bit_str} |
| 155 | ${result}= Evaluate ${security_access_bit_mask} & ${security_access_bit} |
| 156 | Should Be Equal ${result} ${security_access_bit_mask} |
| 157 | ... msg=System is not booted in secure mode. values=False |
| 158 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 159 | Get And Verify Partition Corruption |
| 160 | [Documentation] Get and verify partition corruption. |
| 161 | [Arguments] ${sol_log_file_path} |
| 162 | |
| 163 | # Description of argument(s): |
| 164 | # sol_log_file_path The path to the file containing SOL data |
| 165 | # which was collected during a REST Power On. |
| 166 | |
| 167 | # Sample output: |
| 168 | # 44.47498|secure|Secureboot Failure plid = 0x90000007, rc = 0x1E07 |
| 169 | |
| 170 | ${cmd}= Catenate |
| 171 | ... grep -i "Secureboot Failure" ${sol_log_file_path} | awk '{ print $8 }' |
| 172 | ${rc} ${corruption_rc_str}= Run and Return RC and Output ${cmd} |
| 173 | Should Be Equal ${rc} ${0} |
| 174 | ... msg=Return code from ${cmd} not zero. |
| 175 | |
| 176 | # Verify the RC 0x1E07 from sol output". |
| 177 | Should Be Equal As Strings ${corruption_rc_str} ${pnor_corruption_rc} |
| 178 | ... msg=SB violation due to PNOR partition corruption not reported. values=False |
| 179 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 180 | |
| 181 | Validate Secure Boot With TPM Policy Enabled Or Disabled |
| 182 | [Documentation] Validate secure boot with TPM policy enabled or disabled. |
| 183 | [Arguments] ${tpm_policy} |
| 184 | |
| 185 | # Description of argument(s): |
| 186 | # tpm_policy Enable-0 or Disable-1. |
| 187 | |
| 188 | Set And Verify TPM Policy ${tpm_policy} |
| 189 | REST Power On quiet=1 |
| 190 | Validate Secure Boot ${sol_log_file_path} |
| 191 | |
| 192 | |
| 193 | Validate Secure Boot |
| 194 | [Documentation] Validate secure boot. |
| 195 | [Arguments] ${sol_log_file_path} |
| 196 | |
| 197 | # Description of argument(s): |
| 198 | # sol_log_file_path The path to the file containing SOL data |
| 199 | # which was collected during a REST Power On. |
| 200 | |
| 201 | Get And Verify Security Access Bit ${sol_log_file_path} |
| 202 | Error Logs Should Not Exist |
| 203 | REST Verify No Gard Records |
| 204 | |
| 205 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 206 | Suite Setup Execution |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 207 | [Documentation] Suite Setup Execution. |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 208 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 209 | ${bmc_image_dir_path}= Add Trailing Slash ${bmc_image_dir_path} |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 210 | |
| 211 | ${SB_LOG_DIR_PATH}= Catenate ${EXECDIR}/SB_logs/ |
| 212 | Set Suite Variable ${SB_LOG_DIR_PATH} |
| 213 | |
| 214 | Create Directory ${SB_LOG_DIR_PATH} |
| 215 | Empty Directory ${SB_LOG_DIR_PATH} |
Lakshminarayana R. Kammath | 077fbf9 | 2019-02-20 11:15:18 -0600 | [diff] [blame] | 216 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 217 | Set Global Variable ${bmc_image_dir_path} |
| 218 | Log ${bmc_image_dir_path} |
| 219 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |
| 220 | |
Lakshminarayana R. Kammath | 6c91829 | 2019-02-22 05:05:22 -0600 | [diff] [blame^] | 221 | Set Global Variable ${bmc_guard_part_path} |
| 222 | Log ${bmc_guard_part_path} |
| 223 | BMC Execute Command rm -rf ${bmc_guard_part_path} |
Lakshminarayana R. Kammath | 077fbf9 | 2019-02-20 11:15:18 -0600 | [diff] [blame] | 224 | |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 225 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 226 | Test Setup Execution |
| 227 | [Documentation] Test setup execution. |
| 228 | |
| 229 | ${timestamp}= Get Current Date result_format=%Y%m%d%H%M%S |
| 230 | ${sol_log_file_path}= Catenate ${EXECDIR}/Secure_SOL${timestamp} |
| 231 | Start SOL Console Logging ${sol_log_file_path} |
| 232 | Set Suite Variable ${sol_log_file_path} |
| 233 | |
| 234 | REST Power Off stack_mode=skip quiet=1 |
| 235 | Delete Error Logs And Verify |
Lakshminarayana R. Kammath | 077fbf9 | 2019-02-20 11:15:18 -0600 | [diff] [blame] | 236 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 237 | |
Sweta Potthuri | 3925503 | 2018-03-28 10:12:14 -0500 | [diff] [blame] | 238 | Test Teardown Execution |
| 239 | [Documentation] Test teardown execution. |
| 240 | |
| 241 | Stop SOL Console Logging |
| 242 | Run rm -rf ${sol_log_file_path} |
Sweta Potthuri | d3c0343 | 2018-04-19 11:30:27 -0500 | [diff] [blame] | 243 | |
| 244 | # Removing the corrupted file from BMC. |
| 245 | BMC Execute Command rm -rf ${bmc_image_dir_path}* |