1#!/bin/bash 2 3# Copyright 2019 The Chromium OS Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7set -e 8 9. $(dirname "$(readlink -f "${0}")")/common.sh 10 11test_read_from_flash_in_bootloader_mode_without_modifying_RDP_level() { 12 local file_read_from_flash="test.bin" 13 14 # Given: 15 # * Hardware write protect is disabled 16 # (so we can use bootloader to read and change RDP level) 17 # * Software write protect is enabled 18 # * RDP is at level 1 19 # 20 # Then: 21 # * Reading from flash without changing the RDP level should fail 22 # (and we should not have read any bytes from flash). 23 # * The firmware should still be functional because mass erase is NOT 24 # triggered since we are NOT changing the RDP level. 25 echo "Reading firmware without modifying RDP level" 26 # This should fail and the file should be empty 27 if read_from_flash_in_bootloader_mode_without_modifying_RDP_level \ 28 "${file_read_from_flash}"; then 29 echo "Should not be able to read from flash" 30 exit 1 31 fi 32 33 check_file_size_equals_zero "${file_read_from_flash}" 34 35 echo "Checking that firmware is still functional" 36 check_firmware_is_functional 37 38 rm -rf "${file_read_from_flash}" 39} 40 41test_read_from_flash_in_bootloader_mode_while_setting_RDP_to_level_0() { 42 local file_read_from_flash="test.bin" 43 local original_fw_file="$1" 44 local file_expected_byte_size="$(get_file_size ${original_fw_file})" 45 46 # Given: 47 # * Hardware write protect is disabled 48 # (so we can use bootloader to read and change RDP level) 49 # * Software write protect is enabled 50 # * RDP is at level 1 51 # 52 # Then: 53 # * Setting the RDP level to 0 (after being at level 1) should trigger 54 # a mass erase. 55 # * A mass erase sets all flash bytes to 0xFF, so all bytes read from flash 56 # should have that value. 57 # * Since the flash was mass erased, the firmware should no longer function. 58 echo "Reading firmware after setting RDP to level 0" 59 # This command partially fails (and returns an error) because it causes the 60 # flash to be mass erased, but we should still have a file with the contents 61 # that we can compare against. 62 read_from_flash_in_bootloader_mode_while_setting_RDP_to_level_0 \ 63 "${file_read_from_flash}" || true 64 65 echo "Checking that value read is made up entirely of OxFF bytes" 66 check_file_contains_all_0xFF_bytes \ 67 "${file_read_from_flash}" "${file_expected_byte_size}" 68 69 # Make sure the flash was really erased 70 echo "Checking that firmware is non-functional" 71 check_firmware_is_not_functional 72 73 rm -rf "${file_read_from_flash}" 74} 75 76echo "Running test to validate RDP level 1" 77 78readonly ORIGINAL_FW_FILE="$1" 79 80check_file_exists "${ORIGINAL_FW_FILE}" 81 82echo "Making sure hardware write protect is DISABLED and software write \ 83protect is ENABLED" 84check_hw_write_protect_disabled_and_sw_write_protect_enabled 85 86echo "Validating initial state" 87check_has_mp_rw_firmware 88check_has_mp_ro_firmware 89check_running_rw_firmware 90check_is_rollback_set_to_initial_val 91 92echo "Checking that firmware is functional" 93check_firmware_is_functional 94 95test_read_from_flash_in_bootloader_mode_without_modifying_RDP_level 96 97test_read_from_flash_in_bootloader_mode_while_setting_RDP_to_level_0 \ 98 "${ORIGINAL_FW_FILE}" 99