From b278314fc38b88c8046dca37852f1e4d7a4b1ad0 Mon Sep 17 00:00:00 2001 From: Nick Quarton <139178705+nquarton@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:35:45 -0800 Subject: [PATCH] Changing CI ROM version from rust feature to environment variable --- .github/workflows/fpga.yml | 13 ++- .github/workflows/fw-test-emu.yml | 6 + .github/workflows/nightly-release.yml | 50 +++++--- builder/Cargo.toml | 2 - builder/src/lib.rs | 71 ++++++------ fmc/Cargo.toml | 2 - .../fmc_integration_tests/test_rtalias.rs | 9 +- runtime/Cargo.toml | 4 +- .../test_get_idev_csr.rs | 38 +++--- test/Cargo.toml | 4 +- .../caliptra_integration_tests/smoke_test.rs | 108 ++++++++++-------- test/tests/fips_test_suite/common.rs | 10 +- 12 files changed, 179 insertions(+), 138 deletions(-) diff --git a/.github/workflows/fpga.yml b/.github/workflows/fpga.yml index db2604eb77..5f143ea03a 100644 --- a/.github/workflows/fpga.yml +++ b/.github/workflows/fpga.yml @@ -22,6 +22,9 @@ on: hw-version: default: "latest" type: string + rom-version: + default: "latest" + type: string workflow_call: description: 'Set true for workflow_call' default: true @@ -161,6 +164,9 @@ jobs: run: | export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc" export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT" + if [ "${{ inputs.rom-version }}" != "latest" ]; then + export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}" + fi if [ "${{ inputs.workflow_call }}" ]; then FEATURES=fpga_realtime,${{ inputs.extra-features }} @@ -428,7 +434,12 @@ jobs: echo "Unexpected inputs.rom-logging: ${{ inputs.rom-logging }}" exit 1 fi - echo CPTRA_ROM_TYPE=${CPTRA_ROM_TYPE} + + if [[ "${{ inputs.workflow_call }}" && "${{ inputs.rom-version }}" != "latest" ]]; then + VARS+=" CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"" + fi + + echo VARS=${VARS} COMMON_ARGS=( --cargo-metadata="${TEST_BIN}/target/nextest/cargo-metadata.json" diff --git a/.github/workflows/fw-test-emu.yml b/.github/workflows/fw-test-emu.yml index b600ba6231..33d270edb7 100644 --- a/.github/workflows/fw-test-emu.yml +++ b/.github/workflows/fw-test-emu.yml @@ -13,6 +13,9 @@ on: rom-logging: default: true type: boolean + rom-version: + default: "latest" + type: string jobs: build_and_test: @@ -57,6 +60,9 @@ jobs: - name: Run tests run: | export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware + if [ "${{ inputs.rom-version }}" != "latest" ]; then + export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}" + fi if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then export CPTRA_ROM_TYPE=ROM_WITH_UART diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml index db369d86d5..21330cf856 100644 --- a/.github/workflows/nightly-release.yml +++ b/.github/workflows/nightly-release.yml @@ -64,8 +64,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-hw-1.0-etrng-log - extra-features: slow_tests,ci-rom-1.0 + extra-features: slow_tests hw-version: "1.0" + rom-version: "1.0" rom-logging: true fpga-itrng: false @@ -76,8 +77,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-hw-1.0-etrng-nolog - extra-features: slow_tests,ci-rom-1.0 + extra-features: slow_tests hw-version: "1.0" + rom-version: "1.0" rom-logging: false fpga-itrng: false @@ -88,8 +90,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-hw-1.0-itrng-log - extra-features: slow_tests,itrng,ci-rom-1.0 + extra-features: slow_tests,itrng hw-version: "1.0" + rom-version: "1.0" rom-logging: true fpga-itrng: true @@ -100,8 +103,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-hw-1.0-itrng-nolog - extra-features: slow_tests,itrng,ci-rom-1.0 + extra-features: slow_tests,itrng hw-version: "1.0" + rom-version: "1.0" rom-logging: false fpga-itrng: true @@ -112,8 +116,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-rom-1.1-etrng-log - extra-features: slow_tests,ci-rom-1.1 + extra-features: slow_tests hw-version: "latest" + rom-version: "1.1" rom-logging: true fpga-itrng: false @@ -124,8 +129,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-rom-1.1-etrng-nolog - extra-features: slow_tests,ci-rom-1.1 + extra-features: slow_tests hw-version: "latest" + rom-version: "1.1" rom-logging: false fpga-itrng: false @@ -136,8 +142,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-rom-1.1-itrng-log - extra-features: slow_tests,itrng,ci-rom-1.1 + extra-features: slow_tests,itrng hw-version: "latest" + rom-version: "1.1" rom-logging: true fpga-itrng: true @@ -148,8 +155,9 @@ jobs: uses: ./.github/workflows/fpga.yml with: artifact-suffix: -fpga-realtime-rom-1.1-itrng-nolog - extra-features: slow_tests,itrng,ci-rom-1.1 + extra-features: slow_tests,itrng hw-version: "latest" + rom-version: "1.1" rom-logging: false fpga-itrng: true @@ -197,7 +205,7 @@ jobs: with: artifact-suffix: -fpga-realtime-latest-itrng-nolog extra-features: slow_tests,itrng - hw-version: latest + hw-version: "latest" rom-logging: false fpga-itrng: true @@ -248,8 +256,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.1-etrng-log - extra-features: ci-rom-1.1,slow_tests + extra-features: slow_tests rom-logging: true + rom-version: "1.1" sw-emulator-rom-1_1-full-suite-etrng-nolog: name: sw-emulator Suite (etrng, nolog) @@ -258,8 +267,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.1-etrng-nolog - extra-features: ci-rom-1.1,slow_tests + extra-features: slow_tests rom-logging: false + rom-version: "1.1" sw-emulator-rom-1_1-full-suite-itrng-log: name: sw-emulator Suite (itrng, log) @@ -268,8 +278,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.1-itrng-log - extra-features: ci-rom-1.1,slow_tests,itrng + extra-features: slow_tests,itrng rom-logging: true + rom-version: "1.1" sw-emulator-rom-1_1-full-suite-itrng-nolog: name: sw-emulator Suite (itrng, nolog) @@ -278,8 +289,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.1-itrng-nolog - extra-features: ci-rom-1.1,slow_tests,itrng + extra-features: slow_tests,itrng rom-logging: false + rom-version: "1.1" sw-emulator-hw-1_0-full-suite-etrng-log: name: sw-emulator Suite (etrng, log) @@ -288,8 +300,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.0-etrng-log - extra-features: hw-1.0,ci-rom-1.0,slow_tests + extra-features: hw-1.0,slow_tests rom-logging: true + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-etrng-nolog: name: sw-emulator Suite (etrng, nolog) @@ -298,8 +311,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog - extra-features: hw-1.0,ci-rom-1.0,slow_tests + extra-features: hw-1.0,slow_tests rom-logging: false + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-itrng-log: name: sw-emulator Suite (itrng, log) @@ -308,8 +322,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.0-itrng-log - extra-features: hw-1.0,ci-rom-1.0,slow_tests,itrng + extra-features: hw-1.0,slow_tests,itrng rom-logging: true + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-itrng-nolog: name: sw-emulator Suite (itrng, nolog) @@ -318,8 +333,9 @@ jobs: uses: ./.github/workflows/fw-test-emu.yml with: artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog - extra-features: hw-1.0,ci-rom-1.0,slow_tests,itrng + extra-features: hw-1.0,slow_tests,itrng rom-logging: false + rom-version: "1.0" create-release: name: Create New Release diff --git a/builder/Cargo.toml b/builder/Cargo.toml index 470b332594..bac1a4732a 100644 --- a/builder/Cargo.toml +++ b/builder/Cargo.toml @@ -25,8 +25,6 @@ zerocopy.workspace = true default = ["openssl"] slow_tests = [] "hw-1.0" = [] -"ci-rom-1.0" = [] -"ci-rom-1.1" = [] openssl = ["caliptra-image-crypto/openssl"] rustcrypto = ["caliptra-image-crypto/rustcrypto"] diff --git a/builder/src/lib.rs b/builder/src/lib.rs index f071cd7cbb..b0ddc18523 100644 --- a/builder/src/lib.rs +++ b/builder/src/lib.rs @@ -366,43 +366,46 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result>> { /// a particular hardware version. DO NOT USE this for ROM-only tests. pub fn rom_for_fw_integration_tests() -> io::Result> { let rom_from_env = firmware::rom_from_env(); - if cfg!(all(feature = "hw-1.0", not(feature = "ci-rom-1.0"))) { - panic!("ci-rom-1.0 is required for hw-1.0"); + if cfg!(feature = "hw-1.0") && std::env::var("CPTRA_CI_ROM_VERSION").as_deref() != Ok("1.0") { + panic!("CPTRA_CI_ROM_VERSION of \'1.0\' is expected for hw-1.0"); } - if cfg!(feature = "ci-rom-1.0") { - if rom_from_env == &firmware::ROM { - Ok( - include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin") - .as_slice() - .into(), - ) - } else if rom_from_env == &firmware::ROM_WITH_UART { - Ok(include_bytes!( - "../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin" - ) - .as_slice() - .into()) - } else { - Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { + Ok("1.0") => { + if rom_from_env == &firmware::ROM { + Ok( + include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin") + .as_slice() + .into(), + ) + } else if rom_from_env == &firmware::ROM_WITH_UART { + Ok(include_bytes!( + "../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin" + ) + .as_slice() + .into()) + } else { + Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + } } - } else if cfg!(feature = "ci-rom-1.1") { - if rom_from_env == &firmware::ROM { - Ok( - include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin") - .as_slice() - .into(), - ) - } else if rom_from_env == &firmware::ROM_WITH_UART { - Ok(include_bytes!( - "../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin" - ) - .as_slice() - .into()) - } else { - Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + Ok("1.1") => { + if rom_from_env == &firmware::ROM { + Ok( + include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin") + .as_slice() + .into(), + ) + } else if rom_from_env == &firmware::ROM_WITH_UART { + Ok(include_bytes!( + "../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin" + ) + .as_slice() + .into()) + } else { + Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + } } - } else { - Ok(build_firmware_rom(rom_from_env)?.into()) + Ok(version) => panic!("Unknown CI ROM version \'{}\'", version), + Err(_) => Ok(build_firmware_rom(rom_from_env)?.into()), } } diff --git a/fmc/Cargo.toml b/fmc/Cargo.toml index e736f239ba..ce8cbb61f9 100644 --- a/fmc/Cargo.toml +++ b/fmc/Cargo.toml @@ -41,5 +41,3 @@ itrng = ["caliptra-hw-model/itrng"] verilator = ["caliptra-hw-model/verilator"] fake-fmc = [] "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-cpu/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0"] -"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"] -"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"] diff --git a/fmc/tests/fmc_integration_tests/test_rtalias.rs b/fmc/tests/fmc_integration_tests/test_rtalias.rs index 2cbd335d34..782c87c5fa 100644 --- a/fmc/tests/fmc_integration_tests/test_rtalias.rs +++ b/fmc/tests/fmc_integration_tests/test_rtalias.rs @@ -91,11 +91,10 @@ fn test_fht_info() { let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) { - assert_eq!(fht.fmcalias_tbs_size, 786); - } else { - assert_eq!(fht.fmcalias_tbs_size, 753); - } + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { + Ok("1.0") | Ok("1.1") => assert_eq!(fht.fmcalias_tbs_size, 786), + _ => assert_eq!(fht.fmcalias_tbs_size, 753), + }; assert_eq!(fht.ldevid_tbs_addr, 0x50003C00); assert_eq!(fht.fmcalias_tbs_addr, 0x50004000); assert_eq!(fht.pcr_log_addr, 0x50004800); diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index b82d795350..2a70738d43 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -64,6 +64,4 @@ fips_self_test=[] no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"] fpga_realtime = ["caliptra-drivers/fpga_realtime"] "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"] -fips-test-hooks = ["caliptra-drivers/fips-test-hooks"] -"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"] -"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"] \ No newline at end of file +fips-test-hooks = ["caliptra-drivers/fips-test-hooks"] \ No newline at end of file diff --git a/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs b/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs index 30cf45b435..77e9c4f9b2 100644 --- a/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs +++ b/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs @@ -27,25 +27,26 @@ fn test_get_csr() { let result = model.mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes()); - if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) { + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { // 1.0 and 1.1 ROM do not support this feature - assert_eq!( + Ok("1.0") | Ok("1.1") => assert_eq!( result.unwrap_err(), ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into()) - ); - } else { - let response = result.unwrap().unwrap(); + ), + _ => { + let response = result.unwrap().unwrap(); - let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap(); + let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap(); - assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size); - assert_ne!(0, get_idv_csr_resp.data_size); + assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size); + assert_ne!(0, get_idv_csr_resp.data_size); - let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize]; - assert_ne!([0; 512], csr_bytes); + let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize]; + assert_ne!([0; 512], csr_bytes); - assert!(X509Req::from_der(csr_bytes).is_ok()); - } + assert!(X509Req::from_der(csr_bytes).is_ok()); + } + }; } #[test] @@ -64,16 +65,15 @@ fn test_missing_csr() { .mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes()) .unwrap_err(); - if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) { + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { // 1.0 and 1.1 ROM do not support this feature - assert_eq!( + Ok("1.0") | Ok("1.1") => assert_eq!( response, ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into()) - ); - } else { - assert_eq!( + ), + _ => assert_eq!( response, ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNPROVISIONED.into()) - ); - } + ), + }; } diff --git a/test/Cargo.toml b/test/Cargo.toml index 88102f9447..def56736ad 100644 --- a/test/Cargo.toml +++ b/test/Cargo.toml @@ -44,6 +44,4 @@ itrng = ["caliptra-hw-model/itrng"] verilator = ["caliptra-hw-model/verilator"] fips_self_test = ["caliptra-runtime/fips_self_test"] test_env_immutable_rom = [] -"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-hw-model/hw-1.0"] -"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"] -"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"] \ No newline at end of file +"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-hw-model/hw-1.0"] \ No newline at end of file diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs index de460cf717..ec7740c771 100644 --- a/test/tests/caliptra_integration_tests/smoke_test.rs +++ b/test/tests/caliptra_integration_tests/smoke_test.rs @@ -27,47 +27,56 @@ use zerocopy::AsBytes; // Support testing against older versions of ROM in CI // More constants may need to be added here as the ROMs further diverge -#[cfg(feature = "ci-rom-1.0")] -mod rom_specific_test_params { +struct RomTestParams<'a> { #[allow(dead_code)] - pub const TESTDATA_PATH: &str = "tests/caliptra_integration_tests/smoke_testdata/rom-1.0"; - pub const FMC_ALIAS_CERT_REDACTED_TXT: &str = - include_str!("smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt"); - pub const FMC_ALIAS_CERT_REDACTED_DER: &[u8] = - include_bytes!("smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der"); - pub const TCB_INFO_VENDOR: Option<&str> = Some("Caliptra"); - pub const TCB_DEVICE_INFO_MODEL: Option<&str> = Some("Device"); - pub const TCB_FMC_INFO_MODEL: Option<&str> = Some("FMC"); - pub const TCB_INFO_FLAGS: Option = Some(0x80000000); -} -#[cfg(feature = "ci-rom-1.1")] -mod rom_specific_test_params { - #[allow(dead_code)] - pub const TESTDATA_PATH: &str = "tests/caliptra_integration_tests/smoke_testdata/rom-1.1"; - pub const FMC_ALIAS_CERT_REDACTED_TXT: &str = - include_str!("smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt"); - pub const FMC_ALIAS_CERT_REDACTED_DER: &[u8] = - include_bytes!("smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der"); - pub const TCB_INFO_VENDOR: Option<&str> = Some("Caliptra"); - pub const TCB_DEVICE_INFO_MODEL: Option<&str> = Some("Device"); - pub const TCB_FMC_INFO_MODEL: Option<&str> = Some("FMC"); - pub const TCB_INFO_FLAGS: Option = Some(0x80000000); -} -#[cfg(all(not(feature = "ci-rom-1.0"), not(feature = "ci-rom-1.1")))] -mod rom_specific_test_params { - #[allow(dead_code)] - pub const TESTDATA_PATH: &str = "tests/caliptra_integration_tests/smoke_testdata/rom-latest"; - pub const FMC_ALIAS_CERT_REDACTED_TXT: &str = - include_str!("smoke_testdata/rom-latest/fmc_alias_cert_redacted.txt"); - pub const FMC_ALIAS_CERT_REDACTED_DER: &[u8] = - include_bytes!("smoke_testdata/rom-latest/fmc_alias_cert_redacted.der"); - pub const TCB_INFO_VENDOR: Option<&str> = None; - pub const TCB_DEVICE_INFO_MODEL: Option<&str> = None; - pub const TCB_FMC_INFO_MODEL: Option<&str> = None; - pub const TCB_INFO_FLAGS: Option = Some(0x00000001); + testdata_path: &'a str, + fmc_alias_cert_redacted_txt: &'a str, + fmc_alias_cert_redacted_der: &'a [u8], + tcb_info_vendor: Option<&'a str>, + tcb_device_info_model: Option<&'a str>, + tcb_fmc_info_model: Option<&'a str>, + tcb_info_flags: Option, } +const ROM_1_0_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-1.0", + fmc_alias_cert_redacted_txt: include_str!("smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt"), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der" + ), + tcb_info_vendor: Some("Caliptra"), + tcb_device_info_model: Some("Device"), + tcb_fmc_info_model: Some("FMC"), + tcb_info_flags: Some(0x80000000), +}; +const ROM_1_1_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-1.1", + fmc_alias_cert_redacted_txt: include_str!("smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt"), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der" + ), + ..ROM_1_0_TEST_PARAMS +}; +const ROM_LATEST_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-latest", + fmc_alias_cert_redacted_txt: include_str!( + "smoke_testdata/rom-latest/fmc_alias_cert_redacted.txt" + ), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-latest/fmc_alias_cert_redacted.der" + ), + tcb_info_vendor: None, + tcb_device_info_model: None, + tcb_fmc_info_model: None, + tcb_info_flags: Some(0x00000001), +}; -use rom_specific_test_params::*; +fn get_rom_test_params() -> RomTestParams<'static> { + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { + Ok("1.0") => ROM_1_0_TEST_PARAMS, + Ok("1.1") => ROM_1_1_TEST_PARAMS, + _ => ROM_LATEST_TEST_PARAMS, + } +} #[track_caller] fn assert_output_contains(haystack: &str, needle: &str) { @@ -322,8 +331,10 @@ fn smoke_test() { dice_tcb_info, [ DiceTcbInfo { - vendor: TCB_INFO_VENDOR.map(String::from), - model: TCB_DEVICE_INFO_MODEL.map(String::from), + vendor: get_rom_test_params().tcb_info_vendor.map(String::from), + model: get_rom_test_params() + .tcb_device_info_model + .map(String::from), // This is from the SVN in the fuses (7 bits set) svn: Some(0x107), fwids: vec![DiceFwid { @@ -331,13 +342,13 @@ fn smoke_test() { digest: device_info_hash.to_vec(), },], - flags: TCB_INFO_FLAGS, + flags: get_rom_test_params().tcb_info_flags, ty: Some(b"DEVICE_INFO".to_vec()), ..Default::default() }, DiceTcbInfo { - vendor: TCB_INFO_VENDOR.map(String::from), - model: TCB_FMC_INFO_MODEL.map(String::from), + vendor: get_rom_test_params().tcb_info_vendor.map(String::from), + model: get_rom_test_params().tcb_fmc_info_model.map(String::from), // This is from the SVN in the image (9) svn: Some(0x109), fwids: vec![DiceFwid { @@ -448,14 +459,17 @@ fn smoke_test() { String::from_utf8(fmc_alias_cert_redacted.to_text().unwrap()).unwrap(); // To update the alias-cert golden-data: - // std::fs::write(format!("{}/fmc_alias_cert_redacted.txt", TESTDATA_PATH), &fmc_alias_cert_redacted_txt).unwrap(); - // std::fs::write(format!("{}/fmc_alias_cert_redacted.der", TESTDATA_PATH), &fmc_alias_cert_redacted_der).unwrap(); + // std::fs::write(format!("{}/fmc_alias_cert_redacted.txt", get_rom_test_params().testdata_path), &fmc_alias_cert_redacted_txt).unwrap(); + // std::fs::write(format!("{}/fmc_alias_cert_redacted.der", get_rom_test_params().testdata_path), &fmc_alias_cert_redacted_der).unwrap(); assert_eq!( fmc_alias_cert_redacted_txt.as_str(), - FMC_ALIAS_CERT_REDACTED_TXT + get_rom_test_params().fmc_alias_cert_redacted_txt + ); + assert_eq!( + fmc_alias_cert_redacted_der, + get_rom_test_params().fmc_alias_cert_redacted_der ); - assert_eq!(fmc_alias_cert_redacted_der, FMC_ALIAS_CERT_REDACTED_DER); } let rt_alias_cert_resp = hw diff --git a/test/tests/fips_test_suite/common.rs b/test/tests/fips_test_suite/common.rs index ab73af5b41..ff2218ca77 100755 --- a/test/tests/fips_test_suite/common.rs +++ b/test/tests/fips_test_suite/common.rs @@ -115,12 +115,12 @@ impl RomExpVals { version ), } - } else if cfg!(feature = "ci-rom-1.0") { - ROM_EXP_1_0_3 - } else if cfg!(feature = "ci-rom-1.1") { - ROM_EXP_1_1_0 } else { - ROM_EXP_CURRENT + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { + Ok("1.0") => ROM_EXP_1_0_3, + Ok("1.1") => ROM_EXP_1_1_0, + _ => ROM_EXP_CURRENT, + } } } }