Merge branch 'ci/flash_encryption_test' into 'master'

flash_encryption: Add several test environments for flash encryption test

Closes IDF-5530

See merge request espressif/esp-idf!19043
This commit is contained in:
Simon 2022-07-21 18:38:18 +08:00
commit 62bc3348d5
16 changed files with 255 additions and 55 deletions

View File

@ -219,6 +219,14 @@ component_ut_pytest_esp32_lan8720:
- build_pytest_components_esp32
tags: [ esp32, lan8720 ]
component_ut_pytest_esp32_flash_encryption:
extends:
- .pytest_components_dir_template
- .rules:test:component_ut-esp32
needs:
- build_pytest_components_esp32
tags: [ esp32, flash_encryption ]
component_ut_pytest_esp32s2_generic:
extends:
- .pytest_components_dir_template
@ -243,6 +251,22 @@ component_ut_pytest_esp32s3_octal_psram:
- build_pytest_components_esp32s3
tags: [ esp32s3, octal_psram ]
component_ut_pytest_esp32s3_flash_encryption_f4r8:
extends:
- .pytest_components_dir_template
- .rules:test:component_ut-esp32s3
needs:
- build_pytest_components_esp32s3
tags: [ esp32s3, flash_encryption_f4r8 ]
component_ut_pytest_esp32s3_flash_encryption_f8r8:
extends:
- .pytest_components_dir_template
- .rules:test:component_ut-esp32s3
needs:
- build_pytest_components_esp32s3
tags: [ esp32s3, flash_encryption_f8r8 ]
component_ut_pytest_esp32c2_generic:
extends:
- .pytest_components_dir_template
@ -267,6 +291,14 @@ component_ut_pytest_esp32c3_generic:
- build_pytest_components_esp32c3
tags: [ esp32c3, generic ]
component_ut_pytest_esp32c3_flash_encryption:
extends:
- .pytest_components_dir_template
- .rules:test:component_ut-esp32c3
needs:
- build_pytest_components_esp32c3
tags: [ esp32c3, flash_encryption ]
.pytest_test_apps_dir_template:
extends: .pytest_template
variables:
@ -777,13 +809,6 @@ UT_020:
- Example_SPI_Multi_device
- psram
UT_021:
extends: .unit_test_esp32_template
tags:
- ESP32_IDF
- psram
- UT_T1_FlashEncryption
UT_022:
extends: .unit_test_esp32_template
tags:
@ -798,12 +823,6 @@ UT_028:
- UT_T2_1
- psram
UT_031:
extends: .unit_test_esp32_template
tags:
- ESP32_IDF
- UT_T1_FlashEncryption
UT_033:
extends: .unit_test_esp32_template
tags:
@ -918,12 +937,6 @@ UT_C3_SPI_DUAL:
- ESP32C3_IDF
- Example_SPI_Multi_device
UT_C3_FLASH_ENC:
extends: .unit_test_esp32c3_template
tags:
- ESP32C3_IDF
- UT_T1_FlashEncryption
UT_C3_I2C:
extends: .unit_test_esp32c3_template
tags:

View File

@ -4,3 +4,9 @@ components/spi_flash/host_test/partition_api_test:
enable:
- if: IDF_TARGET == "linux"
reason: only test on linux
components/spi_flash/test_apps/flash_encryption:
disable_test:
- if: IDF_TARGET in ["esp32c2", "esp32s2"]
temporary: true
reason: No runners # IDF-5634

View File

@ -0,0 +1,5 @@
# This is the project CMakeLists.txt file for the test subproject
cmake_minimum_required(VERSION 3.16)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(test_flash_encryption)

View File

@ -0,0 +1,6 @@
| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
| ----------------- | ----- | -------- | -------- | -------- | -------- |
## Prepare runner
To prepare flash encryption tunner, you can run `encrypt_flash.sh`. Note that doing so will burn efuses.

View File

@ -0,0 +1,14 @@
#This is the step for ESP32-S2/S3/C3
#!/bin/bash
set -e
if [ -z "$ESPPORT" ]; then
echo "ESPPORT must be set"
exit 1
fi
dd if=/dev/zero of=key.bin bs=1 count=32
# Change the first byte as espsecure uses modules that won't
# allow symmetric keys
echo -ne \\xFF | dd conv=notrunc bs=1 count=1 of=key.bin
espefuse.py --do-not-confirm -p $ESPPORT burn_efuse SPI_BOOT_CRYPT_CNT 0x1
espefuse.py --do-not-confirm -p $ESPPORT burn_key BLOCK_KEY2 key.bin XTS_AES_128_KEY

View File

@ -0,0 +1,5 @@
set(srcs "test_app_main.c"
"test_flash_encryption.c")
idf_component_register(SRCS ${srcs}
WHOLE_ARCHIVE)

View File

@ -0,0 +1,57 @@
/*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "unity.h"
#include "unity_test_runner.h"
#include "esp_heap_caps.h"
// Some resources are lazy allocated in flash encryption, the threadhold is left for that case
#define TEST_MEMORY_LEAK_THRESHOLD (-300)
static size_t before_free_8bit;
static size_t before_free_32bit;
static void check_leak(size_t before_free, size_t after_free, const char *type)
{
ssize_t delta = after_free - before_free;
printf("MALLOC_CAP_%s: Before %u bytes free, After %u bytes free (delta %d)\n", type, before_free, after_free, delta);
TEST_ASSERT_MESSAGE(delta >= TEST_MEMORY_LEAK_THRESHOLD, "memory leak");
}
void setUp(void)
{
before_free_8bit = heap_caps_get_free_size(MALLOC_CAP_8BIT);
before_free_32bit = heap_caps_get_free_size(MALLOC_CAP_32BIT);
}
void tearDown(void)
{
size_t after_free_8bit = heap_caps_get_free_size(MALLOC_CAP_8BIT);
size_t after_free_32bit = heap_caps_get_free_size(MALLOC_CAP_32BIT);
check_leak(before_free_8bit, after_free_8bit, "8BIT");
check_leak(before_free_32bit, after_free_32bit, "32BIT");
}
void app_main(void)
{
// ####### #######
// # # ## #### # # # #### # # ##### # # ##### ##### # #### # #
// # # # # # # # # # # ## # # # # # # # # # # # ## #
// ##### # # # #### ###### ##### # # # # # # # # # # # # # # # #
// # # ###### # # # # # # # # ##### # ##### # # # # # # #
// # # # # # # # # # # # # ## # # # # # # # # # ##
// # ###### # # #### # # ####### #### # # # # # # # # #### # #
printf(" ####### ####### \n");
printf("# # ## #### # # # #### # # ##### # # ##### ##### # #### # #\n");
printf("# # # # # # # # # # ## # # # # # # # # # # # ## #\n");
printf("##### # # # #### ###### ##### # # # # # # # # # # # # # # # #\n");
printf("# # ###### # # # # # # # # ##### # ##### # # # # # # #\n");
printf("# # # # # # # # # # # # ## # # # # # # # # # ##\n");
printf("# ###### # # #### # # ####### #### # # # # # # # # #### # #\n");
unity_run_menu();
}

View File

@ -1,15 +1,20 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
#include <stdio.h>
#include <freertos/FreeRTOS.h>
#include <freertos/task.h>
#include <freertos/semphr.h>
#include <unity.h>
#include <test_utils.h>
#include <stdlib.h>
#include "esp_log.h"
#include "unity.h"
#include "esp_flash.h"
#include <spi_flash_mmap.h>
#include <esp_attr.h>
#include <esp_flash_encrypt.h>
#include <string.h>
#include "esp_log.h"
#include "esp_partition.h"
#include "esp_heap_caps.h"
/*-------------------- For running this test, some configurations are necessary -------------------*/
/* ESP32 | CONFIG_SECURE_FLASH_ENC_ENABLED | SET */
@ -27,6 +32,15 @@ static void verify_erased_flash(size_t offset, size_t length);
static size_t start;
const esp_partition_t *get_test_data_partition(void)
{
/* This finds "flash_test" partition defined in partition_table_unit_test_app.csv */
const esp_partition_t *result = esp_partition_find_first(ESP_PARTITION_TYPE_DATA,
ESP_PARTITION_SUBTYPE_ANY, "flash_test");
TEST_ASSERT_NOT_NULL(result); /* means partition table set wrong */
return result;
}
static void setup_tests(void)
{
const esp_partition_t *part = get_test_data_partition();
@ -46,7 +60,7 @@ static void verify_erased_flash(size_t offset, size_t length)
free(readback);
}
TEST_CASE("test 16 byte encrypted writes", "[flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test 16 byte encrypted writes", "[flash_encryption]")
{
setup_tests();
@ -107,7 +121,7 @@ static void test_encrypted_write(size_t offset, const uint8_t *data, size_t leng
TEST_ASSERT_EQUAL_HEX8_ARRAY(data, readback, length);
}
TEST_CASE("test read & write random encrypted data", "[flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test read & write random encrypted data", "[flash_encryption]")
{
const int MAX_LEN = 192;
//buffer to hold the read data
@ -190,7 +204,7 @@ static void test_encrypted_write_new_impl(size_t offset, const uint8_t *data, si
free(readback);
}
TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[flash_encryption]")
{
setup_tests();
@ -238,7 +252,7 @@ TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[esp_flash_enc][flash_en
verify_erased_flash(start + 0x120, 0x10);
}
TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[flash_encryption]")
{
setup_tests();
@ -264,7 +278,7 @@ TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[esp_fl
free(cmp_encrypt_buf);
}
TEST_CASE("test read & write encrypted data(16 bytes alianed but 32 bytes unaligned)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test read & write encrypted data(16 bytes alianed but 32 bytes unaligned)", "[flash_encryption]")
{
setup_tests();
TEST_ESP_OK(esp_flash_erase_region(NULL, start, SPI_FLASH_SEC_SIZE));
@ -310,7 +324,7 @@ static const uint8_t large_const_buffer[16432] = {
202, // last byte
};
TEST_CASE("test read & write encrypted data with large buffer(n*64+32+16)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
TEST_CASE("test read & write encrypted data with large buffer(n*64+32+16)", "[flash_encryption]")
{
// The tested buffer should be n*64(or n*32)+16 bytes.
setup_tests();

View File

@ -0,0 +1,5 @@
# Name, Type, SubType, Offset, Size, Flags
# Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
nvs, data, nvs, 0x9000, 0x6000,
factory, 0, 0, 0x10000, 1M
flash_test, data, fat, , 528K
1 # Name, Type, SubType, Offset, Size, Flags
2 # Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
3 nvs, data, nvs, 0x9000, 0x6000,
4 factory, 0, 0, 0x10000, 1M
5 flash_test, data, fat, , 528K

View File

@ -0,0 +1,51 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Apache-2.0
import pytest
from pytest_embedded import Dut
@pytest.mark.esp32
@pytest.mark.esp32c3
@pytest.mark.flash_encryption
@pytest.mark.parametrize(
'config',
[
'release',
],
indirect=True,
)
def test_flash_encryption(dut: Dut) -> None:
dut.expect_exact('Press ENTER to see the list of tests')
dut.write('*')
dut.expect_unity_test_output()
@pytest.mark.esp32s3
@pytest.mark.flash_encryption_f4r8
@pytest.mark.parametrize(
'config',
[
'release_f4r8',
],
indirect=True,
)
def test_flash_encryption_f4r8(dut: Dut) -> None:
dut.expect_exact('Press ENTER to see the list of tests')
dut.write('*')
dut.expect_unity_test_output()
@pytest.mark.esp32s3
@pytest.mark.flash_encryption_f8r8
@pytest.mark.parametrize(
'config',
[
'release_f8r8',
],
indirect=True,
)
def test_flash_encryption_f8r8(dut: Dut) -> None:
dut.expect_exact('Press ENTER to see the list of tests')
dut.write('*')
dut.expect_unity_test_output()

View File

@ -1,7 +1,10 @@
# This config is for ESP32 only (no ESP32-S2/S3 flash encryption support yet, ESP32-C3 has no psram)
CONFIG_IDF_TARGET="esp32"
TEST_COMPONENTS=spi_flash
TEST_GROUPS=flash_encryption
CONFIG_ESP_TASK_WDT=n
CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
CONFIG_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
@ -10,5 +13,3 @@ CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
CONFIG_SPIRAM=y
CONFIG_ESPTOOLPY_FLASHFREQ_80M=y

View File

@ -0,0 +1,17 @@
CONFIG_ESP_TASK_WDT=n
CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
CONFIG_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
CONFIG_SECURE_BOOT_ALLOW_JTAG=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
CONFIG_SPIRAM_MODE_OCT=y
CONFIG_SPIRAM_TYPE_AUTO=y

View File

@ -0,0 +1,18 @@
CONFIG_ESP_TASK_WDT=n
CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
CONFIG_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
CONFIG_SECURE_BOOT_ALLOW_JTAG=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
CONFIG_SPIRAM_MODE_OCT=y
CONFIG_SPIRAM_TYPE_AUTO=y
CONFIG_ESPTOOLPY_FLASHMODE_OPI=y

View File

@ -1,7 +1,6 @@
# This config is for ESP32 only (no ESP32-S2 flash encryption support yet)
CONFIG_IDF_TARGET="esp32"
TEST_COMPONENTS=spi_flash
TEST_GROUPS=flash_encryption
CONFIG_ESP_TASK_WDT=n
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y

View File

@ -38,6 +38,9 @@ markers =
usb_host: usb host runners
ethernet_ota: ethernet OTA runners
flash_encryption: Flash Encryption runners
flash_encryption_f4r8: Flash Encryption runners with 4-line flash and 8-line psram
flash_encryption_f8r8: Flash Encryption runners with 8-line flash and 8-line psram
psram: Chip has 4-line psram
ir_transceiver: runners with a pair of IR transmitter and receiver
flash_encryption_wifi_high_traffic: Flash Encryption runners with wifi high traffic support
ethernet: ethernet runner

View File

@ -1,14 +0,0 @@
CONFIG_IDF_TARGET="esp32c3"
TEST_COMPONENTS=spi_flash
TEST_GROUPS=flash_encryption
CONFIG_EFUSE_VIRTUAL=n
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_JTAG=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
# CI uses ECO2 for flash_encryption tests
CONFIG_ESP32C3_REV_MIN_2=y
CONFIG_ESP32C3_REV_MIN=2