suit: Allow to skip suit-validate sequence

tomchy · rlubos · commit 2e7a2c5ccf04 · 2024-11-21T09:24:37.000+01:00
Allow to skip suit-validate sequence in parent manifests.

Ref: NCSDK-30155

Signed-off-by: Tomasz Chyrowicz &lt;tomasz.chyrowicz@nordicsemi.no&gt;
diff --git a/subsys/suit/orchestrator/src/suit_orchestrator_sdfw.c b/subsys/suit/orchestrator/src/suit_orchestrator_sdfw.c
@@ -279,6 +279,7 @@ static int boot_envelope(const suit_manifest_class_id_t *class_id)
 	}
 	LOG_DBG("Found installed envelope");
 
+#ifdef CONFIG_LOG
 	unsigned int seq_num;
 	suit_semver_raw_t version;
 
@@ -293,12 +294,18 @@ static int boot_envelope(const suit_manifest_class_id_t *class_id)
 	}
 	LOG_INF("Booting from manifest version: %d.%d.%d-%d.%d, sequence: 0x%x", version.raw[0],
 		version.raw[1], version.raw[2], -version.raw[3], version.raw[4], seq_num);
+#endif /* CONFIG_LOG */
 
 	err = suit_process_sequence(installed_envelope_address, installed_envelope_size,
 				    SUIT_SEQ_VALIDATE);
 	if (err != SUIT_SUCCESS) {
-		LOG_ERR("Failed to execute suit-validate: %d", err);
-		return -EILSEQ;
+		if (err == SUIT_ERR_UNAVAILABLE_COMMAND_SEQ) {
+			LOG_DBG("Command sequence suit-validate not available - skip it");
+			err = 0;
+		} else {
+			LOG_ERR("Failed to execute suit-validate: %d", err);
+			return -EILSEQ;
+		}
 	}
 
 	LOG_INF("Processed suit-validate");
diff --git a/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_boot_mode.c b/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_boot_mode.c
@@ -298,7 +298,7 @@ ZTEST(orchestrator_boot_tests, test_valid_root_app_envelope)
 	int err = suit_orchestrator_entry();
 
 	/* THEN orchestrator succeeds... */
-	zassert_equal(0, err, "Orchestrator not initialized");
+	zassert_equal(0, err, "Valid envelopes not accepted (err: %d)", err);
 	/* ... and the emergency flag is not set... */
 	zassert_equal(SUIT_PLAT_ERR_NOT_FOUND, suit_storage_report_read(0, &buf, &len),
 		      "Emergency flag set");
@@ -332,13 +332,14 @@ ZTEST(orchestrator_boot_tests, test_seq_no_validate)
 	/* WHEN orchestrator is executed */
 	int err = suit_orchestrator_entry();
 
-	/* THEN orchestrator fails (no support for reboots)... */
-	zassert_equal(-ENOTSUP, err, "Orchestrator did not fail");
-	/* ... and the emergency flag is set... */
-	zassert_equal(SUIT_PLAT_SUCCESS, suit_storage_report_read(0, &buf, &len),
-		      "Emergency flag not set");
-	/* ... and the execution mode remains unchanged */
-	zassert_equal(EXECUTION_MODE_INVOKE, suit_execution_mode_get(), "Execution mode modified");
+	/* THEN orchestrator succeeds... */
+	zassert_equal(0, err, "Envelope without validate sequence not accepted (err: %d)", err);
+	/* ... and the emergency flag is not set... */
+	zassert_equal(SUIT_PLAT_ERR_NOT_FOUND, suit_storage_report_read(0, &buf, &len),
+		      "Emergency flag set");
+	/* ... and the execution mode is set to the POST INVOKE */
+	zassert_equal(EXECUTION_MODE_POST_INVOKE, suit_execution_mode_get(),
+		      "Execution mode modified");
 }
 
 ZTEST(orchestrator_boot_tests, test_seq_validate_fail)
@@ -502,11 +503,11 @@ ZTEST(orchestrator_boot_tests, test_seq_validate_load_invoke)
 	/* WHEN orchestrator is executed */
 	int err = suit_orchestrator_entry();
 
-	/* THEN orchestrator fails (no support for reboots)... */
-	zassert_equal(0, err, "Orchestrator not initialized");
+	/* THEN orchestrator succeeds... */
+	zassert_equal(0, err, "Envelope with three sequences not accepted (err: %d)", err);
 	/* ... and the emergency flag is not set... */
 	zassert_equal(SUIT_PLAT_ERR_NOT_FOUND, suit_storage_report_read(0, &buf, &len),
-		      "Emergency flag not set");
+		      "Emergency flag set");
 	/* ... and the execution mode is set to the POST INVOKE */
 	zassert_equal(EXECUTION_MODE_POST_INVOKE, suit_execution_mode_get(),
 		      "Execution mode modified");
diff --git a/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_recovery_boot_mode.c b/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_recovery_boot_mode.c
@@ -267,14 +267,14 @@ ZTEST(orchestrator_recovery_boot_tests, test_rec_seq_no_validate)
 	/* WHEN orchestrator is executed */
 	int err = suit_orchestrator_entry();
 
-	/* THEN orchestrator fails (hard)... */
-	zassert_equal(-EILSEQ, err, "Orchestrator did not fail");
+	/* THEN orchestrator succeeds... */
+	zassert_equal(0, err, "Envelope without validate sequence not accepted (err: %d)", err);
 	/* ... and the emergency flag is set... */
 	zassert_equal(SUIT_PLAT_SUCCESS, suit_storage_report_read(0, &buf, &len),
 		      "Emergency flag not set");
-	/* ... and the execution mode is set to the FAIL INVOKE RECOVERY */
-	zassert_equal(EXECUTION_MODE_FAIL_INVOKE_RECOVERY, suit_execution_mode_get(),
-		      "Execution mode not changed to the FAIL INVOKE RECOVERY");
+	/* ... and the execution mode is set to the POST INVOKE RECOVERY */
+	zassert_equal(EXECUTION_MODE_POST_INVOKE_RECOVERY, suit_execution_mode_get(),
+		      "Execution mode not changed to the POST INVOKE RECOVERY");
 }
 
 ZTEST(orchestrator_recovery_boot_tests, test_rec_seq_validate_fail)
