From 99f0e1b52611fc8d27c33bf301ceca1715c7dc21 Mon Sep 17 00:00:00 2001 From: "hrushikesh.bhosale" Date: Tue, 20 Aug 2024 11:41:19 +0530 Subject: [PATCH] feat(ota): Added test for checking flash encryption and anti-rollback enabled Added test to check if flash encryption and anti-rollback enbaled together. Added marked pytest.mark.flash_encryption to advanced OTA test. --- .../anti_rollback_partition.csv | 4 ++-- .../advanced_https_ota/pytest_advanced_ota.py | 2 +- .../sdkconfig.ci.anti_rollback | 20 ++++++++++++++++--- tools/ci/idf_pytest/constants.py | 1 + 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/examples/system/ota/advanced_https_ota/anti_rollback_partition.csv b/examples/system/ota/advanced_https_ota/anti_rollback_partition.csv index a53ed857de..f20b66ef85 100644 --- a/examples/system/ota/advanced_https_ota/anti_rollback_partition.csv +++ b/examples/system/ota/advanced_https_ota/anti_rollback_partition.csv @@ -4,5 +4,5 @@ nvs, data, nvs, , 0x4000, otadata, data, ota, , 0x2000, phy_init, data, phy, , 0x1000, emul_efuse,data,efuse, , 0x2000, -ota_0, app, ota_0, , 3584K, -ota_1, app, ota_1, , 3584K, +ota_0, app, ota_0, , 1500K, +ota_1, app, ota_1, , 1500K, diff --git a/examples/system/ota/advanced_https_ota/pytest_advanced_ota.py b/examples/system/ota/advanced_https_ota/pytest_advanced_ota.py index fbabc2c4e7..3f4c9f3843 100644 --- a/examples/system/ota/advanced_https_ota/pytest_advanced_ota.py +++ b/examples/system/ota/advanced_https_ota/pytest_advanced_ota.py @@ -430,7 +430,7 @@ def test_examples_protocol_advanced_https_ota_example_redirect_url(dut: Dut) -> @pytest.mark.esp32 -@pytest.mark.ethernet_flash_8m +@pytest.mark.flash_encryption_ota @pytest.mark.parametrize('config', ['anti_rollback',], indirect=True) @pytest.mark.parametrize('skip_autoflash', ['y'], indirect=True) def test_examples_protocol_advanced_https_ota_example_anti_rollback(dut: Dut) -> None: diff --git a/examples/system/ota/advanced_https_ota/sdkconfig.ci.anti_rollback b/examples/system/ota/advanced_https_ota/sdkconfig.ci.anti_rollback index 97073c7daf..82dd6864a5 100644 --- a/examples/system/ota/advanced_https_ota/sdkconfig.ci.anti_rollback +++ b/examples/system/ota/advanced_https_ota/sdkconfig.ci.anti_rollback @@ -6,12 +6,11 @@ CONFIG_PARTITION_TABLE_CUSTOM=y CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="anti_rollback_partition.csv" CONFIG_PARTITION_TABLE_FILENAME="anti_rollback_partition.csv" CONFIG_PARTITION_TABLE_OFFSET=0xd000 -CONFIG_ESPTOOLPY_FLASHSIZE_8MB=y -CONFIG_ESPTOOLPY_FLASHSIZE="8MB" +CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y +CONFIG_ESPTOOLPY_FLASHSIZE="4MB" CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK=y CONFIG_BOOTLOADER_APP_SECURE_VERSION=1 -CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE=y CONFIG_EXAMPLE_CONNECT_ETHERNET=y CONFIG_EXAMPLE_CONNECT_WIFI=n CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y @@ -24,3 +23,18 @@ CONFIG_EXAMPLE_ETH_PHY_ADDR=1 CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_COMPILER_OPTIMIZATION_SIZE=y CONFIG_EXAMPLE_CONNECT_IPV6=n + + +# Default settings for testing this example in CI. +# This configuration is not secure, don't use it in production! +# See Flash Encryption API Guide for more details. + +CONFIG_SECURE_FLASH_ENC_ENABLED=y +CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y +CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y +CONFIG_SECURE_BOOT_ALLOW_JTAG=y +CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y +CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y +CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y +CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y +CONFIG_NVS_ENCRYPTION=n # this test combination is only for flash encryption and anti-rollback use-case and hence disabling it. diff --git a/tools/ci/idf_pytest/constants.py b/tools/ci/idf_pytest/constants.py index 583064feff..17af0277f6 100644 --- a/tools/ci/idf_pytest/constants.py +++ b/tools/ci/idf_pytest/constants.py @@ -68,6 +68,7 @@ ENV_MARKERS = { 'flash_encryption': 'Flash Encryption runners', 'flash_encryption_f4r8': 'Flash Encryption runners with 4-line flash and 8-line psram', 'flash_encryption_f8r8': 'Flash Encryption runners with 8-line flash and 8-line psram', + 'flash_encryption_ota': 'Flash Encryption runners with ethernet OTA support with 4mb flash size', 'flash_multi': 'Multiple flash chips tests', 'psram': 'Chip has 4-line psram', 'ir_transceiver': 'runners with a pair of IR transmitter and receiver',