1#!/bin/bash
2
3# Copyright (c) 2020 Arm Limited
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -e
18
19# Get the dir this is running in and the dir the script is in.
20PWD=$(pwd)
21DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )
22
23# PAD is the amount of extra instructions that should be tested on each side of
24# the critical region
25PAD=6
26
27MCUBOOT_AXF=$1
28SKIP_SIZES=$2
29DAMAGE_TYPE=$3
30
31# Take an image and make it unbootable. This is done by replacing one of the
32# strings in the image with a different string. This causes the signature check
33# to fail
34function damage_image
35{
36    IMAGEDIR=$(dirname $MCUBOOT_AXF)
37    local IMAGE_NAME=tfm_s_ns_signed.bin
38    local BACKUP_IMAGE_NAME=tfm_s_ns_signed.bin.orig
39    local IMAGE=$IMAGEDIR/$IMAGE_NAME
40    mv $IMAGE $IMAGEDIR/$BACKUP_IMAGE_NAME
41
42    if [ "$DAMAGE_TYPE" = "SIGNATURE" ]; then
43        DAMAGE_PARAM="--signature"
44    elif [ "$DAMAGE_TYPE" = "IMAGE_HASH" ]; then
45        DAMAGE_PARAM="--image-hash"
46    else
47        echo "Failed to damage image $IMAGE with param $DAMAGE_TYPE" 1>&2
48        exit -1
49    fi
50
51    python3 $DIR/damage_image.py -i $IMAGEDIR/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
52}
53
54function run_test
55{
56    local SKIP_SIZE=$1
57
58    $DIR/fi_make_manifest.sh $MCUBOOT_AXF > $PWD/fih_manifest.csv
59
60    # Load the CSV FI manifest file, and output in START, END lines. Effectively
61    # join START and END lines together with a comma seperator.
62    REGIONS=$(sed "N;s/\(0x[[:xdigit:]]*\).*START\n\(0x[[:xdigit:]]*\).*END.*/\1,\2/g;P;D" $PWD/fih_manifest.csv)
63    # Ignore the first line, which includes the CSV header
64    REGIONS=$(echo "$REGIONS" | tail -n+2)
65
66    for REGION in $REGIONS; do
67        #Split the START,END pairs into the two variables
68        START=$(echo $REGION | cut -d"," -f 1)
69        END=$(echo $REGION | cut -d"," -f 2)
70
71        # Apply padding, converting back to hex
72        START=$(printf "0x%X" $((START - PAD)))
73        END=$(printf "0x%X" $((END + PAD)))
74
75        # Invoke the fi tester script
76        $DIR/fi_tester_gdb.sh $IMAGEDIR $START $END --skip $SKIP_SIZE
77    done
78}
79
80damage_image $MCUBOOT_AXF
81# Run the run_test function with each skip length between min and max in turn.
82
83IFS=', ' read -r -a sizes <<< "$SKIP_SIZES"
84for size in "${sizes[@]}"; do
85    echo "Run tests with skip size $size" 1>&2
86    run_test $size
87done
88