From cfcb893289ed72696ec7d8f466a3b0f9f03d54ee Mon Sep 17 00:00:00 2001 From: Sachin Parekh Date: Wed, 25 Aug 2021 22:16:52 +0530 Subject: [PATCH] ttfw_idf: Added ESP32-S3 FPGA support Provision to burn and reset efuses of ESP32S3 on FPGA test_app: Enabled automated test cases for ESP32S3 --- tools/ci/python_packages/ttfw_idf/IDFDUT.py | 37 +++++++++++++++++++ tools/ci/python_packages/ttfw_idf/__init__.py | 3 +- .../test_apps/security/secure_boot/README.md | 9 +++-- .../security/secure_boot/example_test.py | 10 ++--- 4 files changed, 49 insertions(+), 10 deletions(-) diff --git a/tools/ci/python_packages/ttfw_idf/IDFDUT.py b/tools/ci/python_packages/ttfw_idf/IDFDUT.py index a31b8008d3..13a8b0977b 100644 --- a/tools/ci/python_packages/ttfw_idf/IDFDUT.py +++ b/tools/ci/python_packages/ttfw_idf/IDFDUT.py @@ -849,3 +849,40 @@ class ESP32C3FPGADUT(IDFFPGADUT): @classmethod def confirm_dut(cls, port, **kwargs): return True, cls.TARGET + + +class ESP32S3FPGADUT(IDFFPGADUT): + TARGET = 'esp32s3' + TOOLCHAIN_PREFIX = 'xtensa-esp32s3-elf-' + FLASH_ENCRYPT_SCHEME = 'AES-XTS' + FLASH_ENCRYPT_CNT_KEY = 'SPI_BOOT_CRYPT_CNT' + FLASH_ENCRYPT_CNT_VAL = 1 + FLASH_ENCRYPT_PURPOSE = 'XTS_AES_128_KEY' + SECURE_BOOT_EN_KEY = 'SECURE_BOOT_EN' + SECURE_BOOT_EN_VAL = 1 + + @classmethod + def get_rom(cls): + return esptool.ESP32S3ROM + + def erase_partition(self, esp, partition): + raise NotImplementedError() + + def flash_encrypt_burn_cnt(self): + self.burn_efuse(self.FLASH_ENCRYPT_CNT_KEY, self.FLASH_ENCRYPT_CNT_VAL) + + def flash_encrypt_burn_key(self, key, block=0): + self.burn_efuse_key(key, self.FLASH_ENCRYPT_PURPOSE, 'BLOCK_KEY%d' % block) + + def flash_encrypt_get_scheme(self): + return self.FLASH_ENCRYPT_SCHEME + + def secure_boot_burn_en_bit(self): + self.burn_efuse(self.SECURE_BOOT_EN_KEY, self.SECURE_BOOT_EN_VAL) + + def secure_boot_burn_digest(self, digest, key_index=0, block=0): + self.burn_efuse_key_digest(digest, 'SECURE_BOOT_DIGEST%d' % key_index, 'BLOCK_KEY%d' % block) + + @classmethod + def confirm_dut(cls, port, **kwargs): + return True, cls.TARGET diff --git a/tools/ci/python_packages/ttfw_idf/__init__.py b/tools/ci/python_packages/ttfw_idf/__init__.py index 9dbd35b70e..51c7d587ec 100644 --- a/tools/ci/python_packages/ttfw_idf/__init__.py +++ b/tools/ci/python_packages/ttfw_idf/__init__.py @@ -24,7 +24,7 @@ from tiny_test_fw import TinyFW, Utility from .DebugUtils import CustomProcess, GDBBackend, OCDBackend # noqa: export DebugUtils for users from .IDFApp import UT, ComponentUTApp, Example, IDFApp, LoadableElfTestApp, TestApp # noqa: export all Apps for users from .IDFDUT import (ESP32C3DUT, ESP32C3FPGADUT, ESP32DUT, ESP32QEMUDUT, ESP32S2DUT, # noqa: export DUTs for users - ESP32S3DUT, ESP8266DUT, IDFDUT) + ESP32S3DUT, ESP32S3FPGADUT, ESP8266DUT, IDFDUT) from .unity_test_parser import TestFormat, TestResults # pass TARGET_DUT_CLS_DICT to Env.py to avoid circular dependency issue. @@ -34,6 +34,7 @@ TARGET_DUT_CLS_DICT = { 'ESP32S3': ESP32S3DUT, 'ESP32C3': ESP32C3DUT, 'ESP32C3FPGA': ESP32C3FPGADUT, + 'ESP32S3FPGA': ESP32S3FPGADUT, } diff --git a/tools/test_apps/security/secure_boot/README.md b/tools/test_apps/security/secure_boot/README.md index 9015e60c8c..3d30576a4c 100644 --- a/tools/test_apps/security/secure_boot/README.md +++ b/tools/test_apps/security/secure_boot/README.md @@ -1,5 +1,5 @@ -| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 | -| ----------------- | ----- | -------- | -------- | +| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 | ESP32-S3 | +| ----------------- | ----- | -------- | -------- | -------- | # Secure Boot @@ -14,6 +14,7 @@ Any of the following ESP module: * ESP32-ECO3 (supports Secure Boot V2 & Secure Boot V1) * ESP32S2 (supports Secure Boot V2) * ESP32C3-ECO3 (supports Secure Boot V2) +* ESP32S3 (supports Secure Boot V2) It is recommended to use Secure Boot V2 from ESP32-ECO3 onwards. @@ -68,7 +69,7 @@ Purpose of the example test cases (`example_test.py`) is to test the secure boot ### Hardware required -* FPGA setup with ESP32C3 image +* FPGA setup with ESP32C3/ESP32S3 image * COM port for programming and export it as ESPPORT e.g `export ESPPORT=/dev/ttyUSB0` @@ -81,7 +82,7 @@ Purpose of the example test cases (`example_test.py`) is to test the secure boot ``` export IDF_ENV_FPGA=1 -idf.py set-target esp32c3 +idf.py set-target esp32c3 #(or esp32s3) idf.py menuconfig ``` diff --git a/tools/test_apps/security/secure_boot/example_test.py b/tools/test_apps/security/secure_boot/example_test.py index 17eae760fb..ac2a14ad50 100644 --- a/tools/test_apps/security/secure_boot/example_test.py +++ b/tools/test_apps/security/secure_boot/example_test.py @@ -75,7 +75,7 @@ def dut_start_secure_app(dut): # type: (ttfw_idf.IDFDUT) -> None # Test secure boot flow. # Correctly signed bootloader + correctly signed app should work -@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga'], ignore=True) +@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga', 'esp32s3fpga'], ignore=True) def test_examples_security_secure_boot(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None efuse_port = os.getenv('EFUSEPORT') dut = env.get_dut('secure_boot', 'tools/test_apps/security/secure_boot', efuse_reset_port=efuse_port) @@ -85,7 +85,7 @@ def test_examples_security_secure_boot(env, _): # type: (ttfw_idf.TinyFW.Env, # Test efuse key index and key block combination. # Any key index can be written to any key block and should work -@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga'], ignore=True) +@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga', 'esp32s3fpga'], ignore=True) def test_examples_security_secure_boot_key_combo(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None efuse_port = os.getenv('EFUSEPORT') dut = env.get_dut('secure_boot', 'tools/test_apps/security/secure_boot', efuse_reset_port=efuse_port) @@ -101,7 +101,7 @@ def test_examples_security_secure_boot_key_combo(env, _): # type: (ttfw_idf # Test secure boot key revoke. # If a key is revoked, bootloader signed with that key should fail verification -@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga'], ignore=True) +@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga', 'esp32s3fpga'], ignore=True) def test_examples_security_secure_boot_key_revoke(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None efuse_port = os.getenv('EFUSEPORT') dut = env.get_dut('secure_boot', 'tools/test_apps/security/secure_boot', efuse_reset_port=efuse_port) @@ -117,7 +117,7 @@ def test_examples_security_secure_boot_key_revoke(env, _): # type: (ttfw_idf # Test bootloader signature corruption. # Corrupt one byte at a time of bootloader signature and test that the verification fails -@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga'], ignore=True) +@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga', 'esp32s3fpga'], ignore=True) def test_examples_security_secure_boot_corrupt_bl_sig(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None efuse_port = os.getenv('EFUSEPORT') dut = env.get_dut('secure_boot', 'tools/test_apps/security/secure_boot', efuse_reset_port=efuse_port) @@ -140,7 +140,7 @@ def test_examples_security_secure_boot_corrupt_bl_sig(env, _): # type: (ttfw # Test app signature corruption. # Corrupt app signature, one byte at a time, and test that the verification fails -@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga'], ignore=True) +@ttfw_idf.idf_custom_test(env_tag='Example_Secure_Boot', target=['esp32c3fpga', 'esp32s3fpga'], ignore=True) def test_examples_security_secure_boot_corrupt_app_sig(env, _): # type: (ttfw_idf.TinyFW.Env, None) -> None efuse_port = os.getenv('EFUSEPORT') dut = env.get_dut('secure_boot', 'tools/test_apps/security/secure_boot', efuse_reset_port=efuse_port)