1## MCUboot test plan 2 3The current target for running the tests is the Freedom K64F board. 4 5### Basic sign support (RSA/EC/EC256) 6 7For each supported signing algorithm, check that non-signed, and signed 8with wrong key images are not swapped to, and image signed with correct key 9is swapped to. 10 11For the 3 algorithms supported, rsa, ec and ec256, two files are provided: 12key_<sign-algo>.pem, key_<sign-algo>_2.pem. And a keys file with the C public 13key data for key_<sign-algo>.pem. 14 15Build and load MCUboot: 16 17* `newt build k64f_boot_<sign-algo>` 18* `newt load k64f_boot_<sign-algo>` 19 20Build and load good image in slot 0: 21 22* `newt create-image k64f_blinky 1.0.1 key_<sign-algo>.pem` 23* `newt load k64f_blinky` 24 25--- 26***Note*** 27 28*If testing RSA/PSS `newt create-image` needs to be passed in the extra* 29*flag `--rsa-pss` eg:* 30 31`newt create-image k64f_blinky 1.0.1 key_rsa.pem --rsa-pss` 32 33--- 34 35Build and load image in slot 1 with no signing, signed with 36key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as 37test image and check that swap only happens for image signed with 38key_<sign-algo>.pem. Both others should be erased. 39 40* `newt create-image k64f_blinky2 1.0.2 <one-of-the-sign-keys-or-none>` 41* `newtmgr image upload k64f_blinky2` 42* `newtmgr image list` 43* `newtmgr image test <hash of slot 1>` 44 45### Image signed with more than one key 46 47FIXME: this is currently not functional, skip this section! 48 49Build and load MCUboot: 50 51* `newt build k64f_boot_rsa_ec` 52* `newt load k64f_boot_rsa_ec` 53 54Build and load good image in slot 0: 55 56* `newt create-image k64f_blinky 1.0.1 key_rsa.pem` 57* `newt load k64f_blinky` 58 59Build and load image in slot 1 with no signing, signed with 60key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as 61test image and check that swap only happens for image signed with 62key_<sign-algo>.pem. Both others should be erased. 63 64Use all of this options: 65 66* `newt create-image k64f_blinky2 1.0.2` 67 68And load 69 70* `newtmgr image upload k64f_blinky2` 71* `newtmgr image list` 72* `newtmgr image test <hash of slot 1>` 73 74### Overwrite only functionality 75 76Build/load MCUboot: 77 78* `newt build k64f_boot_rsa_noswap` 79* `newt load k64f_boot_rsa_noswap` 80 81Build/load blinky to slot 0: 82 83* `newt create-image k64f_blinky 1.0.1 key_rsa.pem` 84* `newt load k64f_blinky` 85 86Build/load blinky2 both with bad and good key, followed by a permanent swap 87request: 88 89* `newt create-image k64f_blinky2 1.0.2 <bad and good rsa keys>.pem` 90* `newtmgr image upload k64f_blinky2` 91* `newtmgr image list` 92* `newtmgr image confirm <hash of slot 1>` 93 94This should not swap and delete the image in slot 1 when signed with the wrong 95key, otherwise the image in slot 1 should be *moved* to slot 0 and slot 1 should 96be empty. 97 98### Validate slot 0 option 99 100Build/load MCUboot: 101 102* `newt build k64f_boot_rsa_validate0` 103* `newt load k64f_boot_rsa_validate0` 104 105Build non-signed image: 106 107* `newt create-image k64f_blinky 1.0.1` 108* `newt load k64f_blinky` 109* Reset and no image should be run 110 111Build signed image with invalid key: 112 113* `newt create-image k64f_blinky 1.0.1 key_rsa_2.pem` 114* `newt load k64f_blinky` 115* Reset and no image should be run 116 117Build signed image with *valid* key: 118 119* `newt create-image k64f_blinky 1.0.1 key_rsa.pem` 120* `newt load k64f_blinky` 121* Reset and image *should* run 122 123### Swap with random failures 124 125DISCLAIMER: be careful with copy/paste of commands, this test uses another 126target/app! 127 128Build/load MCUboot: 129 130* `newt build k64f_boot_rsa` 131* `newt load k64f_boot_rsa` 132 133Build/load slinky to slot 0: 134 135* `newt create-image k64f_slinky 1.0.1 key_rsa.pem` 136* `newt load k64f_slinky` 137 138Build/load slinky2 to slot 1: 139 140* `newt create-image k64f_slinky2 1.0.2 key_rsa.pem` 141* `newtmgr image upload k64f_slinky2` 142 143Confirm that both images are installed, request a permanent request to the 144image in slot 1 and check that it works. 145 146* `newtmgr image list` 147* `newtmgr image confirm <hash of slot 1>` 148 149If everything works, now proceed with requests for permanent swap to the image 150in slot 1 and do random swaps (as much as you like!). When the swap finishes 151confirm that the swap was finished with the previous slot 1 image now in 152slot 0 and vice-versa. 153 154### Help 155 156* Mass erase MCU 157 158 $ pyocd erase --chip 159 160* Flashing image in slot 1: 161 162 $ pyocd flash -e sector -a 0x80000 ${IMG_FILE} bin 163
