1 files changed, 190 insertions, 0 deletions

diff --git a/test/py/tests/test_zynq_secure.py b/test/py/tests/test_zynq_secure.py
new file mode 100644
index 0000000..0ee5aeb
--- /dev/null
+++ b/test/py/tests/test_zynq_secure.py
@@ -0,0 +1,190 @@
+# SPDX-License-Identifier: GPL-2.0
+# (C) Copyright 2023, Advanced Micro Devices, Inc.
+
+import pytest
+import re
+import u_boot_utils
+import test_net
+
+"""
+This test verifies different type of secure boot images to authentication and
+decryption using AES and RSA features for AMD's Zynq SoC.
+
+Note: This test relies on boardenv_* containing configuration values to define
+the network available and files to be used for testing. Without this, this test
+will be automatically skipped. It also relies on dhcp or setup_static net test
+to support tftp to load files from a TFTP server.
+
+For example:
+
+# Details regarding the files that may be read from a TFTP server and addresses
+# and size for aes and rsa cases respectively. This variable may be omitted or
+# set to None if zynqmp secure testing is not possible or desired.
+env__zynq_aes_readable_file = {
+    'fn': 'zynq_aes_image.bin',
+    'fnbit': 'zynq_aes_bit.bin',
+    'fnpbit': 'zynq_aes_par_bit.bin',
+    'srcaddr': 0x1000000,
+    'dstaddr': 0x2000000,
+    'dstlen': 0x1000000,
+}
+
+env__zynq_rsa_readable_file = {
+    'fn': 'zynq_rsa_image.bin',
+    'fninvalid': 'zynq_rsa_image_invalid.bin',
+    'srcaddr': 0x1000000,
+}
+"""
+
+def zynq_secure_pre_commands(u_boot_console):
+    output = u_boot_console.run_command('print modeboot')
+    if not 'modeboot=' in output:
+        pytest.skip('bootmode cannnot be determined')
+    m = re.search('modeboot=(.+?)boot', output)
+    if not m:
+        pytest.skip('bootmode cannnot be determined')
+    bootmode = m.group(1)
+    if bootmode == 'jtag':
+        pytest.skip('skipping due to jtag bootmode')
+
+@pytest.mark.buildconfigspec('cmd_zynq_aes')
+def test_zynq_aes_image(u_boot_console):
+    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
+    if not f:
+        pytest.skip('No TFTP readable file for zynq secure aes case to read')
+
+    dstaddr = f.get('dstaddr', None)
+    if not dstaddr:
+        pytest.skip('No dstaddr specified in env file to read')
+
+    dstsize = f.get('dstlen', None)
+    if not dstsize:
+        pytest.skip('No dstlen specified in env file to read')
+
+    zynq_secure_pre_commands(u_boot_console)
+    test_net.test_net_dhcp(u_boot_console)
+    if not test_net.net_set_up:
+        test_net.test_net_setup_static(u_boot_console)
+
+    srcaddr = f.get('srcaddr', None)
+    if not srcaddr:
+        addr = u_boot_utils.find_ram_base(u_boot_console)
+
+    expected_tftp = 'Bytes transferred = '
+    fn = f['fn']
+    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
+    assert expected_tftp in output
+
+    expected_op = 'zynq aes [operation type] <srcaddr>'
+    output = u_boot_console.run_command(
+        'zynq aes %x $filesize %x %x' % (srcaddr, dstaddr, dstsize)
+    )
+    assert expected_op not in output
+    output = u_boot_console.run_command('echo $?')
+    assert output.endswith('0')
+
+@pytest.mark.buildconfigspec('cmd_zynq_aes')
+def test_zynq_aes_bitstream(u_boot_console):
+    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
+    if not f:
+        pytest.skip('No TFTP readable file for zynq secure aes case to read')
+
+    zynq_secure_pre_commands(u_boot_console)
+    test_net.test_net_dhcp(u_boot_console)
+    if not test_net.net_set_up:
+        test_net.test_net_setup_static(u_boot_console)
+
+    srcaddr = f.get('srcaddr', None)
+    if not srcaddr:
+        addr = u_boot_utils.find_ram_base(u_boot_console)
+
+    expected_tftp = 'Bytes transferred = '
+    fn = f['fnbit']
+    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
+    assert expected_tftp in output
+
+    expected_op = 'zynq aes [operation type] <srcaddr>'
+    output = u_boot_console.run_command(
+        'zynq aes load %x $filesize' % (srcaddr)
+    )
+    assert expected_op not in output
+    output = u_boot_console.run_command('echo $?')
+    assert output.endswith('0')
+
+@pytest.mark.buildconfigspec('cmd_zynq_aes')
+def test_zynq_aes_partial_bitstream(u_boot_console):
+    f = u_boot_console.config.env.get('env__zynq_aes_readable_file', None)
+    if not f:
+        pytest.skip('No TFTP readable file for zynq secure aes case to read')
+
+    zynq_secure_pre_commands(u_boot_console)
+    test_net.test_net_dhcp(u_boot_console)
+    if not test_net.net_set_up:
+        test_net.test_net_setup_static(u_boot_console)
+
+    srcaddr = f.get('srcaddr', None)
+    if not srcaddr:
+        addr = u_boot_utils.find_ram_base(u_boot_console)
+
+    expected_tftp = 'Bytes transferred = '
+    fn = f['fnpbit']
+    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
+    assert expected_tftp in output
+
+    expected_op = 'zynq aes [operation type] <srcaddr>'
+    output = u_boot_console.run_command('zynq aes loadp %x $filesize' % (srcaddr))
+    assert expected_op not in output
+    output = u_boot_console.run_command('echo $?')
+    assert output.endswith('0')
+
+@pytest.mark.buildconfigspec('cmd_zynq_rsa')
+def test_zynq_rsa_image(u_boot_console):
+    f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
+    if not f:
+        pytest.skip('No TFTP readable file for zynq secure rsa case to read')
+
+    zynq_secure_pre_commands(u_boot_console)
+    test_net.test_net_dhcp(u_boot_console)
+    if not test_net.net_set_up:
+        test_net.test_net_setup_static(u_boot_console)
+
+    srcaddr = f.get('srcaddr', None)
+    if not srcaddr:
+        addr = u_boot_utils.find_ram_base(u_boot_console)
+
+    expected_tftp = 'Bytes transferred = '
+    fn = f['fn']
+    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fn))
+    assert expected_tftp in output
+
+    expected_op = 'zynq rsa <baseaddr>'
+    output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
+    assert expected_op not in output
+    output = u_boot_console.run_command('echo $?')
+    assert output.endswith('0')
+
+@pytest.mark.buildconfigspec('cmd_zynq_rsa')
+def test_zynq_rsa_image_invalid(u_boot_console):
+    f = u_boot_console.config.env.get('env__zynq_rsa_readable_file', None)
+    if not f:
+        pytest.skip('No TFTP readable file for zynq secure rsa case to read')
+
+    zynq_secure_pre_commands(u_boot_console)
+    test_net.test_net_dhcp(u_boot_console)
+    if not test_net.net_set_up:
+        test_net.test_net_setup_static(u_boot_console)
+
+    srcaddr = f.get('srcaddr', None)
+    if not srcaddr:
+        addr = u_boot_utils.find_ram_base(u_boot_console)
+
+    expected_tftp = 'Bytes transferred = '
+    fninvalid = f['fninvalid']
+    output = u_boot_console.run_command('tftpboot %x %s' % (srcaddr, fninvalid))
+    assert expected_tftp in output
+
+    expected_op = 'zynq rsa <baseaddr>'
+    output = u_boot_console.run_command('zynq rsa %x ' % (srcaddr))
+    assert expected_op in output
+    output = u_boot_console.run_command('echo $?')
+    assert not output.endswith('0')