| # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import logging |
| |
| from autotest_lib.client.common_lib import error |
| from autotest_lib.server.cros import vboot_constants as vboot |
| from autotest_lib.server.cros.faft.firmware_test import FirmwareTest |
| |
| |
| class firmware_SelfSignedBoot(FirmwareTest): |
| """ |
| Servo based developer mode boot only test to Self signed Kernels. |
| |
| This test requires a USB disk plugged-in, which contains a Chrome OS test |
| image (built by 'build_image test'). On runtime, this test first switches |
| DUT to dev mode. When dev_boot_usb=1 and dev_boot_signed_only=1, pressing |
| Ctrl-U on developer screen should not boot the USB disk(recovery mode boot |
| should work), and when USB image is resigned with SSD keys, pressing Ctrl-U |
| should boot to the USB disk. |
| """ |
| version = 1 |
| |
| def initialize(self, host, cmdline_args, ec_wp=None): |
| super(firmware_SelfSignedBoot, self).initialize(host, cmdline_args, |
| ec_wp=ec_wp) |
| self.switcher.setup_mode('dev') |
| self.setup_usbkey(usbkey=True, host=False) |
| |
| self.original_dev_boot_usb = self.faft_client.system.get_dev_boot_usb() |
| logging.info('Original dev_boot_usb value: %s', |
| str(self.original_dev_boot_usb)) |
| |
| self.usb_dev = self.get_usbdisk_path_on_dut() |
| if not self.usb_dev: |
| raise error.TestError("Unable to find USB disk") |
| |
| def cleanup(self): |
| try: |
| self.faft_client.system.set_dev_boot_usb(self.original_dev_boot_usb) |
| self.disable_crossystem_selfsigned() |
| self.ensure_dev_internal_boot(self.original_dev_boot_usb) |
| self.resignimage_recoverykeys() |
| except Exception as e: |
| logging.error("Caught exception: %s", str(e)) |
| super(firmware_SelfSignedBoot, self).cleanup() |
| |
| def resignimage_ssdkeys(self): |
| """Re-signing the USB image using the SSD keys.""" |
| self.faft_client.system.run_shell_command( |
| '/usr/share/vboot/bin/make_dev_ssd.sh -i %s' % self.usb_dev) |
| |
| def resignimage_recoverykeys(self): |
| """Re-signing the USB image using the Recovery keys.""" |
| self.faft_client.system.run_shell_command( |
| '/usr/share/vboot/bin/make_dev_ssd.sh -i %s --recovery_key' |
| % self.usb_dev) |
| |
| def enable_crossystem_selfsigned(self): |
| """Enable dev_boot_signed_only + dev_boot_usb.""" |
| self.faft_client.system.run_shell_command( |
| 'crossystem dev_boot_signed_only=1') |
| self.faft_client.system.run_shell_command('crossystem dev_boot_usb=1') |
| |
| def disable_crossystem_selfsigned(self): |
| """Disable dev_boot_signed_only + dev_boot_usb.""" |
| self.faft_client.system.run_shell_command( |
| 'crossystem dev_boot_signed_only=0') |
| self.faft_client.system.run_shell_command('crossystem dev_boot_usb=0') |
| |
| def run_once(self): |
| """Runs a single iteration of the test.""" |
| if (self.faft_config.has_keyboard and |
| not self.check_ec_capability(['keyboard'])): |
| raise error.TestNAError("TEST IT MANUALLY! This test can't be " |
| "automated on non-Chrome-EC devices.") |
| |
| logging.info("Expected developer mode, set dev_boot_usb and " |
| "dev_boot_signed_only to 1.") |
| self.check_state((self.checkers.dev_boot_usb_checker, False)) |
| self.enable_crossystem_selfsigned() |
| self.switcher.mode_aware_reboot() |
| |
| logging.info("Expected internal disk boot, switch to recovery mode.") |
| self.check_state((self.checkers.dev_boot_usb_checker, False, |
| 'Not internal disk boot, dev_boot_usb misbehaved')) |
| self.switcher.reboot_to_mode(to_mode='rec') |
| |
| logging.info("Expected recovery boot and reboot.") |
| self.check_state((self.checkers.crossystem_checker, { |
| 'mainfw_type': 'recovery', |
| 'recovery_reason': vboot.RECOVERY_REASON['RO_MANUAL'], |
| })) |
| self.switcher.mode_aware_reboot() |
| |
| logging.info("Expected internal disk boot, resign with SSD keys.") |
| self.check_state((self.checkers.dev_boot_usb_checker, False, |
| 'Not internal disk boot, dev_boot_usb misbehaved')) |
| self.resignimage_ssdkeys() |
| self.switcher.simple_reboot() |
| self.switcher.bypass_dev_boot_usb() |
| self.switcher.wait_for_client() |
| |
| logging.info("Expected USB boot.") |
| # After signing USB image with SSD developer keys, kernkey_vfy value |
| # is expected as 'sig' when booted in USB image. |
| self.check_state((self.checkers.dev_boot_usb_checker, (True, False), |
| 'Device not booted from USB image properly.')) |
| self.switcher.mode_aware_reboot() |
| |
| logging.info("Check and done.") |
| self.check_state((self.checkers.dev_boot_usb_checker, False)) |