diff --git a/tests/subsys/suit/common/CMakeLists.txt b/tests/subsys/suit/common/CMakeLists.txt index a0dd07cf1b5c..c6671fe12513 100644 --- a/tests/subsys/suit/common/CMakeLists.txt +++ b/tests/subsys/suit/common/CMakeLists.txt @@ -5,6 +5,7 @@ # add_subdirectory(mci_test) +add_subdirectory(validator_test) zephyr_include_directories(${CMAKE_CURRENT_LIST_DIR}/include) if (CONFIG_MBEDTLS) diff --git a/tests/subsys/suit/common/validator_test/CMakeLists.txt b/tests/subsys/suit/common/validator_test/CMakeLists.txt new file mode 100644 index 000000000000..5ab6cfefe3b9 --- /dev/null +++ b/tests/subsys/suit/common/validator_test/CMakeLists.txt @@ -0,0 +1,12 @@ +# Copyright (c) 2024 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +if (CONFIG_SUIT_VALIDATOR_IMPL_CUSTOM) + zephyr_library_named(validator_test) + zephyr_library_sources(validator_test.c) + zephyr_library_link_libraries(suit_validator) + + target_link_libraries(app PUBLIC validator_test) +endif() diff --git a/tests/subsys/suit/common/validator_test/validator_test.c b/tests/subsys/suit/common/validator_test/validator_test.c new file mode 100644 index 000000000000..55ec8b2e4dbf --- /dev/null +++ b/tests/subsys/suit/common/validator_test/validator_test.c @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +#include + +static suit_plat_err_t validate_candidate_location_common(uintptr_t address, + size_t size) +{ + + /* For the purpose of the "mock" in tests, set the forbidden + address range to 0x0001000 - 0x0001FFF */ + if(((uint32_t) address >= 0x0001000 && (uint32_t) address <= 0x0001FFF) + || ((uint32_t) address + size >= 0x0001000 && (uint32_t) address + size <= 0x0001FFF)) + { + return SUIT_PLAT_ERR_ACCESS; + } + + return SUIT_PLAT_SUCCESS; +} + +suit_plat_err_t suit_validator_validate_update_candidate_location(const uint8_t *address, + size_t size) +{ + return validate_candidate_location_common((uintptr_t) address, size); +} + +suit_plat_err_t suit_validator_validate_dfu_partition_location(const uint8_t *address, + size_t size) +{ + return validate_candidate_location_common((uintptr_t) address, size); +} diff --git a/tests/subsys/suit/orchestrator/orchestrator_sdfw/prj.conf b/tests/subsys/suit/orchestrator/orchestrator_sdfw/prj.conf index 3a331bb27d72..22f99bb51217 100644 --- a/tests/subsys/suit/orchestrator/orchestrator_sdfw/prj.conf +++ b/tests/subsys/suit/orchestrator/orchestrator_sdfw/prj.conf @@ -11,6 +11,8 @@ CONFIG_SUIT=y CONFIG_SUIT_CRYPTO=y CONFIG_SUIT_MCI=y CONFIG_SUIT_MCI_IMPL_CUSTOM=y +CONFIG_SUIT_VALIDATOR=y +CONFIG_SUIT_VALIDATOR_IMPL_CUSTOM=y CONFIG_SUIT_METADATA=y CONFIG_SUIT_ORCHESTRATOR=y CONFIG_SUIT_PROCESSOR=y diff --git a/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_update_mode.c b/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_update_mode.c index 08881515de6f..8448725d2f5c 100644 --- a/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_update_mode.c +++ b/tests/subsys/suit/orchestrator/orchestrator_sdfw/src/test_update_mode.c @@ -562,3 +562,58 @@ ZTEST(orchestrator_update_tests, test_seq_cand_varification_install) /* ... and the candidate availability flag is cleared */ assert_post_install_state(); } + +ZTEST(orchestrator_update_tests, test_invalid_update_candidate_address) +{ + /* GIVEN update candidate with invalid address... */ + setup_update_candidate((uint8_t *) 0x00000FF0, 0x50); + /* ... and suit orchestrator is initialized... */ + zassert_equal(0, suit_orchestrator_init(), "Orchestrator not initialized"); + /* ... and the execution mode is set to install mode */ + zassert_equal(EXECUTION_MODE_INSTALL, suit_execution_mode_get(), + "Unexpected execution mode before test execution"); + + /* WHEN orchestrator is launched */ + int err = suit_orchestrator_entry(); + + /* THEN orchestrator returns error code... */ + zassert_equal(-EACCES, err, "Unexpected error code"); + /* ... and the candidate availability flag is cleared */ + assert_post_install_state(); +} + +ZTEST(orchestrator_update_tests, test_invalid_dfu_partition_address) +{ + /* GIVEN update candidate with valid address, cache partition with invalid address... */ + suit_plat_mreg_t update_candidate[2] = { + { + .mem = manifest_valid_buf, + .size = manifest_valid_len, + }, + { + .mem = (uint8_t *) 0x00000FF0, + .size = 0x50, + } + }; + + setup_erased_flash(); + + int err = suit_storage_update_cand_set(update_candidate, ARRAY_SIZE(update_candidate)); + + zassert_equal(SUIT_PLAT_SUCCESS, err, + "Unable to set update candidate before test execution"); + + /* ... and suit orchestrator is initialized... */ + zassert_equal(0, suit_orchestrator_init(), "Orchestrator not initialized"); + /* ... and the execution mode is set to install mode */ + zassert_equal(EXECUTION_MODE_INSTALL, suit_execution_mode_get(), + "Unexpected execution mode before test execution"); + + /* WHEN orchestrator is launched */ + err = suit_orchestrator_entry(); + + /* THEN orchestrator returns error code... */ + zassert_equal(-EACCES, err, "Unexpected error code"); + /* ... and the candidate availability flag is cleared */ + assert_post_install_state(); +} diff --git a/tests/subsys/suit/orchestrator/orchestrator_sdfw_nrf54h20/prj.conf b/tests/subsys/suit/orchestrator/orchestrator_sdfw_nrf54h20/prj.conf index cbb5054fabdf..4565f0e944d5 100644 --- a/tests/subsys/suit/orchestrator/orchestrator_sdfw_nrf54h20/prj.conf +++ b/tests/subsys/suit/orchestrator/orchestrator_sdfw_nrf54h20/prj.conf @@ -11,6 +11,8 @@ CONFIG_SUIT=y CONFIG_SUIT_CRYPTO=y CONFIG_SUIT_MCI=y CONFIG_SUIT_MCI_IMPL_CUSTOM=y +CONFIG_SUIT_VALIDATOR=y +CONFIG_SUIT_VALIDATOR_IMPL_CUSTOM=y CONFIG_SUIT_METADATA=y CONFIG_SUIT_ORCHESTRATOR=y CONFIG_SUIT_PROCESSOR=y