[FiSim ] Manual cherry-pick rom/rom_ext/unit testing #29168
+3,130
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
siemen11
requested review from
nasahlpa and
pamaury
and removed request for
a team
nasahlpa
approved these changes
Jan 26, 2026
For GDB testing, add a label after the RMA spin to know which address to jump to after the spin. cherry picked from commit 78b98e1 Signed-off-by: Siemen Dhooghe <[email protected]>
Similar to print_all and dump_all, make a similar read_all function. cherry picked from commit 35a49fd Signed-off-by: Siemen Dhooghe <[email protected]>
When a function is inlined, it is depicted as function_name(): in the assembly instead of <function_name>: Hence, a new parsing function is needed for getting the address of an inlined function. cherry picked from commit 48f0d98 Signed-off-by: Siemen Dhooghe <[email protected]>
Fix send_openocd_command to read the correct end byte. Then, change the reset_target command of GDB to set it such that it can reset and halt the CPU. cherry picked from commit f957010 Signed-off-by: Siemen Dhooghe <[email protected]>
Add a new test target for instruction skip testing of the ROM_EXT. The ROM_EXT testing is done with RMA OTP but setting and locking SECRET2 and setting the RMA spin cycles to maximum. A wrongly signed BL0 image is created and we create separate targets for manifest images to allow testing of various malicious flash inputs. The GDB testing halts the CPU in the RMA spin cycles, jumps the loop, then traces the rom_ext_try_next_stage function and inserts instruction skips with a corrupted BL0 image. cherry picked from commit bd04223 Signed-off-by: Siemen Dhooghe <[email protected]>
Use instruction skips with a ROM_EXT image of version zero while setting the minimum version in OTP to 2. Verify whether it is possible to still load the image. cherry picked from commit 9ba7004 Signed-off-by: Siemen Dhooghe <[email protected]>
Add testing of the ROM's secure boot using the instruction skip framework using GDB. Note that due to GDB hanging (unknown reason) when communicating to the OTBN, the tracing is done in two steps (two trace files). cherry picked from commit 5fac0f1 Signed-off-by: Siemen Dhooghe <[email protected]>
Add the instruction skip testing for a ROM where the security version is lower than what was set in the OTP. cherry picked from commit fdeb01a Signed-off-by: Siemen Dhooghe <[email protected]>
Change the logging command in the trace function. From lowRISC#28714 the toolchain changed version, we run GDB 10 now, this command changed. cherry picked from commit 011b73c Signed-off-by: Siemen Dhooghe <[email protected]>
The FiSim framework typically takes a couple of hours for a regular instruction skip test. In order to have a version of this framework in CI, we create small unit tests showing secure coding styles which are then testing via instruction skips. Info on those guidelines has been added in the firmware_gdb.c file and we refer to this file in the README. In case this test catches in CI: This is a small binary which is tested via OpenOCD/GDB specifically for an RMA ROM on the CW340 FPGA. Please adapt the code/raise an issue/contact someone, since the other tests in //sw/host/penetrationtests/python/fi/gdb_testing would need to be adapted as well. However, these tests take a long time, hence they are out of CI. cherry picked from commit 553c815 Signed-off-by: Siemen Dhooghe <[email protected]>
Cherry-pick fixes for the eg100 branch for the FiSIm framework from master. Signed-off-by: Siemen Dhooghe <[email protected]>
siemen11
force-pushed
the
fisim_rom_cherry_eg100
branch
from
627650e to
4423c67
Compare
Contributor
Author
Thank you, added! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manual cherry-picks from
#28850
#28936
#28945
This adds a 6min test in CI which is a unit test for FiSim