From 7d98bdd495efae8af993330a3059f059250cf1ba Mon Sep 17 00:00:00 2001 From: Harshit Malpani Date: Mon, 18 Sep 2023 17:53:43 +0530 Subject: [PATCH] feat: Add test app to verify SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT Add a test app to verify the working of the application when SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT is selected in the menuconfig and the application is not signed --- tools/test_apps/.build-test-rules.yml | 6 ++++++ .../signed_app_no_secure_boot/CMakeLists.txt | 7 +++++++ .../security/signed_app_no_secure_boot/README.md | 11 +++++++++++ .../signed_app_no_secure_boot/main/CMakeLists.txt | 2 ++ .../signed_app_no_secure_boot/main/main.c | 15 +++++++++++++++ .../pytest_signed_app_no_secure_boot.py | 12 ++++++++++++ .../signed_app_no_secure_boot/sdkconfig.defaults | 8 ++++++++ 7 files changed, 61 insertions(+) create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/CMakeLists.txt create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/README.md create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/main/CMakeLists.txt create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/main/main.c create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py create mode 100644 tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.defaults diff --git a/tools/test_apps/.build-test-rules.yml b/tools/test_apps/.build-test-rules.yml index 39cadd6f2a..e41802b864 100644 --- a/tools/test_apps/.build-test-rules.yml +++ b/tools/test_apps/.build-test-rules.yml @@ -68,6 +68,12 @@ tools/test_apps/security/secure_boot: - if: IDF_ENV_FPGA != 1 reason: the test can only run on an FPGA as efuses need to be reset during the test. +tools/test_apps/security/signed_app_no_secure_boot: + enable: + - if: IDF_TARGET in ["esp32c2", "esp32c3"] + temporary: true + reason: No need to test on all targets + tools/test_apps/system/bootloader_sections: disable: - if: IDF_TARGET == "esp32c2" diff --git a/tools/test_apps/security/signed_app_no_secure_boot/CMakeLists.txt b/tools/test_apps/security/signed_app_no_secure_boot/CMakeLists.txt new file mode 100644 index 0000000000..09d112f667 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/CMakeLists.txt @@ -0,0 +1,7 @@ +# The following lines of boilerplate have to be in your project's +# CMakeLists in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.16) + +# Secure Boot not currently supported for ESP32-S2 +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(secure_boot) diff --git a/tools/test_apps/security/signed_app_no_secure_boot/README.md b/tools/test_apps/security/signed_app_no_secure_boot/README.md new file mode 100644 index 0000000000..7a2105fef3 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/README.md @@ -0,0 +1,11 @@ +| Supported Targets | ESP32-C2 | ESP32-C3 | +| ----------------- | -------- | -------- | + +# Secure Signed On Update No Secure Boot + +This examples verifies the case when CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT is selected and application is not signed. The application should abort its execution with the logs: + +``` +secure_boot_v2: No signatures were found for the running app +secure_boot: This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update. +``` \ No newline at end of file diff --git a/tools/test_apps/security/signed_app_no_secure_boot/main/CMakeLists.txt b/tools/test_apps/security/signed_app_no_secure_boot/main/CMakeLists.txt new file mode 100644 index 0000000000..cf2c455cb5 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/main/CMakeLists.txt @@ -0,0 +1,2 @@ +idf_component_register(SRCS "main.c" + INCLUDE_DIRS ".") diff --git a/tools/test_apps/security/signed_app_no_secure_boot/main/main.c b/tools/test_apps/security/signed_app_no_secure_boot/main/main.c new file mode 100644 index 0000000000..b49cdd1ee8 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/main/main.c @@ -0,0 +1,15 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Unlicense OR CC0-1.0 + */ +#include +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" + +#define TAG "example_secure_boot" + +void app_main(void) +{ + printf("\nExample for secured signed with no secure boot\n"); +} diff --git a/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py b/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py new file mode 100644 index 0000000000..686b7cdeda --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py @@ -0,0 +1,12 @@ +# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD +# SPDX-License-Identifier: Unlicense OR CC0-1.0 + +import pytest +from pytest_embedded import Dut + + +@pytest.mark.esp32c2 +@pytest.mark.esp32c3 +@pytest.mark.generic +def test_examples_security_on_update_no_secure_boot(dut: Dut) -> None: + dut.expect("This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", timeout=10) diff --git a/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.defaults b/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.defaults new file mode 100644 index 0000000000..2bab812218 --- /dev/null +++ b/tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.defaults @@ -0,0 +1,8 @@ +CONFIG_SECURE_SIGNED_ON_UPDATE=y +CONFIG_SECURE_SIGNED_APPS=y +CONFIG_SECURE_BOOT_V2_PREFERRED=y +CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y +CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT=y +# CONFIG_SECURE_BOOT is not set +# CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES is not set +# CONFIG_SECURE_FLASH_ENC_ENABLED is not set