1#!/bin/bash
2
3# Copyright (c) 2020 Arm Limited
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -e
18
19# Get the dir this is running in and the dir the script is in.
20PWD=$(pwd)
21DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )
22
23# PAD is the amount of extra instructions that should be tested on each side of
24# the critical region
25PAD=6
26
27MCUBOOT_AXF=$1
28SKIP_SIZES=$2
29DAMAGE_TYPE=$3
30
31source $(dirname "$0")/paths.sh
32
33# Take an image and make it unbootable. This is done by replacing one of the
34# strings in the image with a different string. This causes the signature check
35# to fail
36function damage_image
37{
38    local IMAGE_NAME=${TFM_IMAGE_NAME}
39    local BACKUP_IMAGE_NAME=${TFM_IMAGE_NAME}.orig
40    local IMAGE=$TFM_IMAGE_OUTPUT_PATH/$IMAGE_NAME
41    mv $IMAGE $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME
42
43    if [ "$DAMAGE_TYPE" = "SIGNATURE" ]; then
44        DAMAGE_PARAM="--signature"
45    elif [ "$DAMAGE_TYPE" = "IMAGE_HASH" ]; then
46        DAMAGE_PARAM="--image-hash"
47    else
48        echo "Failed to damage image $IMAGE with param $DAMAGE_TYPE" 1>&2
49        exit -1
50    fi
51
52    python3 $DIR/damage_image.py -i $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
53}
54
55function run_test
56{
57    local SKIP_SIZE=$1
58
59    $DIR/fi_make_manifest.sh $MCUBOOT_AXF > $PWD/fih_manifest.csv
60
61    # Load the CSV FI manifest file, and output in START, END lines. Effectively
62    # join START and END lines together with a comma seperator.
63    REGIONS=$(sed "N;s/\(0x[[:xdigit:]]*\).*START\n\(0x[[:xdigit:]]*\).*END.*/\1,\2/g;P;D" $PWD/fih_manifest.csv)
64    # Ignore the first line, which includes the CSV header
65    REGIONS=$(echo "$REGIONS" | tail -n+2)
66
67    for REGION in $REGIONS; do
68        #Split the START,END pairs into the two variables
69        START=$(echo $REGION | cut -d"," -f 1)
70        END=$(echo $REGION | cut -d"," -f 2)
71
72        # Apply padding, converting back to hex
73        START=$(printf "0x%X" $((START - PAD)))
74        END=$(printf "0x%X" $((END + PAD)))
75
76        # Invoke the fi tester script
77        $DIR/fi_tester_gdb.sh $TFM_IMAGE_OUTPUT_PATH $START $END --skip $SKIP_SIZE
78    done
79}
80
81damage_image $MCUBOOT_AXF
82# Run the run_test function with each skip length between min and max in turn.
83
84IFS=', ' read -r -a sizes <<< "$SKIP_SIZES"
85for size in "${sizes[@]}"; do
86    echo "Run tests with skip size $size" 1>&2
87    run_test $size
88done
89