From: Sean Edmond seanedmond@microsoft.com
Adds a test for a sandbox and TPM backed security driver.
Allows for testing of anti-rollback version number get/set API using the security driver.
Signed-off-by: Sean Edmond seanedmond@microsoft.com --- arch/sandbox/dts/test.dts | 8 ++++ configs/sandbox_defconfig | 3 ++ test/dm/Makefile | 1 + test/dm/security.c | 78 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 test/dm/security.c
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index f351d5cb84..c87298cd46 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -1263,6 +1263,14 @@ backlight = <&backlight 0 100>; };
+ security@0 { + compatible = "sandbox,security"; + }; + + security@1 { + compatible = "tpm,security"; + }; + scsi { compatible = "sandbox,scsi"; sandbox,filepath = "scsi.img"; diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 1cd1c2ed7c..546873b049 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -346,3 +346,6 @@ CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y CONFIG_ARM_FFA_TRANSPORT=y +CONFIG_DM_SECURITY=y +CONFIG_SECURITY_SANDBOX=y +CONFIG_SECURITY_TPM=y \ No newline at end of file diff --git a/test/dm/Makefile b/test/dm/Makefile index 7ed00733c1..d0583c0332 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -104,6 +104,7 @@ obj-$(CONFIG_DM_RNG) += rng.o obj-$(CONFIG_DM_RTC) += rtc.o obj-$(CONFIG_SCMI_FIRMWARE) += scmi.o obj-$(CONFIG_SCSI) += scsi.o +obj-$(CONFIG_DM_SECURITY) += security.o obj-$(CONFIG_DM_SERIAL) += serial.o obj-$(CONFIG_DM_SPI_FLASH) += sf.o obj-$(CONFIG_SIMPLE_BUS) += simple-bus.o diff --git a/test/dm/security.c b/test/dm/security.c new file mode 100644 index 0000000000..a388a80096 --- /dev/null +++ b/test/dm/security.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2023 Microsoft Corporation + * Written by Sean Edmond seanedmond@microsoft.com + */ + +#include <common.h> +#include <dm.h> +#include <dm-security.h> +#include <log.h> +#include <dm/test.h> +#include <test/test.h> +#include <test/ut.h> + +/* + * get_security() - Get a security driver of a given driver name + * + * @devp: Returns the security device + * @driver_name: Driver name to find + * Returns: 0 if OK, -ENODEV if not found + */ +static int get_security(struct udevice **devp, char *driver_name) +{ + struct udevice *dev; + + uclass_foreach_dev_probe(UCLASS_SECURITY, dev) { + if (strcmp(dev->driver->name, driver_name) == 0) { + *devp = dev; + return 0; + } + } + + return -ENODEV; +} + +/* Basic test of security driver Anti rollback version number read/write */ +static int test_security_arbvn(struct unit_test_state *uts, char *driver_name) +{ + struct udevice *dev; + uint64_t arbvn; + + /* get the security driver */ + ut_assertok(get_security(&dev, driver_name)); + + /* ensure initial value is 0 */ + dm_security_arbvn_get(dev, &arbvn); + ut_asserteq(0, arbvn); + + /* write 1 and ensure it's read back */ + dm_security_arbvn_set(dev, 1); + dm_security_arbvn_get(dev, &arbvn); + ut_asserteq(1, arbvn); + + /* write all ones and ensure it's read back */ + dm_security_arbvn_set(dev, 0xffffffffffffffffULL); + dm_security_arbvn_get(dev, &arbvn); + ut_asserteq(0xffffffffffffffffULL, arbvn); + + return 0; +} + +static int dm_test_security_sandbox(struct unit_test_state *uts) +{ + ut_assertok(test_security_arbvn(uts, "security_sandbox")); + + return 0; +} + +DM_TEST(dm_test_security_sandbox, UT_TESTF_SCAN_FDT); + +static int dm_test_security_tpm(struct unit_test_state *uts) +{ + ut_assertok(test_security_arbvn(uts, "security_tpm")); + + return 0; +} + +DM_TEST(dm_test_security_tpm, UT_TESTF_SCAN_FDT);