zephyr: Move testplan into sample Makefile
Instead of a bunch of patches that tend to become conflicting, use the
newly parameterized Makefile to make all of the test plans into make
targets. Update the instructions to match this.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/docs/testplan-zephyr.md b/docs/testplan-zephyr.md
index fe18b79..58e9458 100644
--- a/docs/testplan-zephyr.md
+++ b/docs/testplan-zephyr.md
@@ -6,29 +6,15 @@
At this time, however, the partitions are hardcoded in the Makefile
targets to flash.
-Note that at the time of release of 0.9.0-rc2, the change [MPU flash
-write][flashwrite] had not been merged. This change fixes a problem interaction
-between the MPU and the flash drivers. Without this change, if the
-MPU is enabled (the default), the bootloader will abort immediately on
-boot, generally before printing any messages.
+## Building and running.
-At this time, most of the test variants are done by modifying either
-the code or Makefiles. A future goal is to automate this testing.
+The tests are build using the various `test-*` targets in
+`samples/zephyr/Makefile`. For each test, invoke `make` with that
+target:
-## Sanity Check
+ $ make test-good-rsa
-Begin by running make in `samples/zephyr`:
-
- $ make clean
- $ make all
-
-This will result in three binaries: `mcuboot.bin`,
-`signed-hello1.bin`, and `signed-hello2.bin`.
-
-The second file is marked as an "upgrade" by the image tool, so
-has an appended image trailer.
-
-Begin by doing a full erase, and programming the first image:
+Begin by doing a full erase, and programming the bootloader itself:
$ pyocd-flashtool -ce
$ make flash_boot
@@ -41,28 +27,24 @@
$ make flash_hello1
This should print "main: Jumping to the first image slot", and you
-should get an image "Hello World number 1!".
+should get an image "hello1".
-For kicks, program slot 2's image into slot one. This has to be done
-manually, and it is good to verify these addresses in the Makefile:
+Note that there are comments with each test target describing the
+intended behavior for each of these steps. Sometimes an upgrade will
+happen and sometimes it will not.
- $ pyocd-flashtool -a 0x20000 signed-hello1.bin
-
-This should boot, printing "Upgraded hello!".
-
-Now put back image 1, and put image 2 in as the upgrade:
-
- $ make flash_hello1
$ make flash_hello2
This should print a message: `boot_swap_type: Swap type: test`, and
-you should see "Upgraded hello!".
+you should see "hello2".
Now reset the target::
$ pyocd-tool reset
-And you should see a revert and "Hello world number 1" running.
+And you should see a revert and "hello1" running.
+
+## Testing that mark ok works
Repeat this, to make sure we can mark the image as OK, and that a
revert doesn't happen:
@@ -70,69 +52,16 @@
$ make flash_hello1
$ make flash_hello2
-We should have just booted the Upgraded hello. Mark this as OK:
+We should have just booted the hello2. Mark this as OK:
$ pyocd-flashtool -a 0x7ffe8 image_ok.bin
$ pyocd-tool reset
-And make sure this stays in the "Upgraded hello" image.
+And make sure this stays in the "hello2" image.
-## Other Signature Combinations
+This step doesn't make sense on the tests where the upgrade doesn't
+happen.
-**note**: Make sure you don't have changes in your tree, as the
-following step will undo them.
+## Testing all configurations
-As part of the above sanity check, we have tested the RSA signature
-algorithm, along with the new RSA-PSS signature algorithm. To test
-other configurations, we need to make some modifications to the code.
-This is easiest to do by applying some patches (in
-`testplan/zephyr`). For each of these patches, perform something
-along the lines of:
-
- $ cd ../..
- $ git apply testplan/zephyr/0001-try-rsa-pkcs1-v15.patch
- $ cd samples/zephyr
- $ make clean
- $ make all
- $ pyocd-flashtool -ce
- $ make flash_boot
- $ make flash_hello1
-
-Make sure image one boots if it is supposed to (and doesn't if it is
-not supposed to). Then try the upgrade:
-
- $ make flash_hello2
-
-After this, make sure that the the image does or doesn't perform the
-upgrade (see test table below).
-
-After the upgrade runs, reset to make sure the revert works (or
-doesn't for the noted cases below):
-
- $ pyocd-tool reset
-
-Then undo the change:
-
- $ cd ../..
- $ git checkout -- .
-
-and repeat the above steps for each patch.
-
-The following patches are available:
-
-| Patch | hello1 boot? | Upgrade ? |
-|-------|--------------|-----------|
-| 0001-bad-old-rsa-in-boot-not-in-image.patch | no | no |
-| 0001-bad-old-RSA-no-slot0-check.patch | yes | no |
-| 0001-good-rsa-pkcs-v1.5-good.patch | yes | yes |
-| 0001-bad-ECDSA-P256-bootloader-not-in-images.patch | no | no |
-| 0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch | yes | no |
-| 0001-good-ECDSA-P256-bootloader-images-signed.patch | yes | yes |
-| 0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch | no | yes<sup>1</sup> |
-| 0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch | yes | no |
-| 0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch | no | yes<sup>1</sup> |
-
-<sup>1</sup>These tests with hello1 bad should perform an upgrade when
-hello2 is flashed, but they should not revert the image afterwards.
-
-[flashwrite]: https://github.com/zephyrproject-rtos/zephyr/pull/654
+Repeat these steps for each of the `test-*` targest in the Makefile.
diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
index a2b68b5..ecfd4b4 100644
--- a/samples/zephyr/Makefile
+++ b/samples/zephyr/Makefile
@@ -49,12 +49,16 @@
BOARD ?=
+# We can override the Zephyr configuration for the bootloader by
+# setting this.
+BOOTLOADER_CONFIG ?=
+
.PHONY: check boot hello1 clean_boot clean_hello1 \
hello2 clean_hello2 flash_boot flash_hello1 flash_hello2
# For signing, use the default RSA demo key, to match the default in
# the mcuboot Makefile.
-SIGNING_KEY = ../../root-rsa-2048.pem
+SIGNING_KEY ?= ../../root-rsa-2048.pem
# The header size should match that in hello1/prj.conf
# CONFIG_TEXT_SECTION_OFFSET. This value needs to be a power of two
@@ -92,7 +96,7 @@
boot: check
@rm -f mcuboot.bin
- $(MAKE) -C ../.. BOARD=$(BOARD) -j$(nproc)
+ $(MAKE) -C ../.. BOARD=$(BOARD) -j$(nproc) $(BOOTLOADER_CONFIG)
cp ../../outdir/$(BOARD)/zephyr.bin mcuboot.bin
clean_boot: check
@@ -133,6 +137,9 @@
clean_hello2: check
rm -rf hello-world/outdir/hello2/$(BOARD)
+# These flash_* targets use pyocd to flash the images. The addresses
+# are hardcoded at this time.
+
flash_boot:
$(PYOCD_FLASHTOOL) -ce -a 0 mcuboot.bin
@@ -145,6 +152,139 @@
flash_full:
$(PYOCD_FLASHTOOL) -ce -a 0 full.bin
+# These test- targets reinvoke make with the configuration set to test
+# various configurations. This will generally be followed by using
+# the above flash targets.
+
+# Test a good image, with a good upgrade, using RSA signatures.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello2 runs
+# reset: hello1 runs
+test-good-rsa:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ all
+
+# Test a good image, with a good upgrade, using ECDSA signatures.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello2 runs
+# reset: hello1 runs
+test-good-ecdsa:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ all
+
+# Test (with RSA) that overwrite-only works. This should boot,
+# upgrade correctly, but not revert once the upgrade has been done.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello2 runs
+# reset: hello2 runs
+test-overwrite:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_UPGRADE_ONLY=YES" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_UPGRADE_ONLY=YES" \
+ all
+
+# Test that when configured for RSA, a wrong signature in the upgrade
+# image will fail to upgrade.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello1 runs
+# reset: hello1 runs
+test-bad-rsa-upgrade:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ boot hello1
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ hello2
+
+# Test that when configured for ECDSA, a wrong signature in the upgrade
+# image will fail to upgrade.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello1 runs
+# reset: hello1 runs
+test-bad-ecdsa-upgrade:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ boot hello1
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=../../root-rsa-2048.pem \
+ hello2
+
+# Test that when configured to not validate slot0, we still boot, but
+# don't upgrade.
+# flash_boot: tries to boot and resets
+# flash_hello1: hello1 runs
+# flash_hello2: hello1 runs
+# reset: hello1 runs
+test-no-bootcheck:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_VALIDATE_SLOT0=NO" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_VALIDATE_SLOT0=NO" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ all
+
+# Test a good image, with a wrong-signature upgrade, using RSA signatures.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello1 runs
+# reset: hello1 runs
+test-wrong-rsa:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ boot hello1
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=RSA" \
+ SIGNING_KEY=bad-keys/bad-rsa-2048.pem \
+ hello2
+
+# Test a good image, with a wrong-signature upgrade, using ECDSA signatures.
+# flash_boot: Unable to find bootable image
+# flash_hello1: hello1 runs
+# flash_hello2: hello1 runs
+# reset: hello1 runs
+test-wrong-ecdsa:
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ clean
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=../../root-ec-p256.pem \
+ boot hello1
+ $(MAKE) \
+ BOOTLOADER_CONFIG="CONF_SIGNATURE_TYPE=ECDSA_P256" \
+ SIGNING_KEY=bad-keys/bad-ec-p256.pem \
+ hello2
+
check:
@if [ -z "$$ZEPHYR_BASE" ]; then echo "Zephyr environment not set up"; false; fi
@if [ -z "$(BOARD)" ]; then echo "You must specify BOARD=<board>"; false; fi
diff --git a/samples/zephyr/bad-keys/README.md b/samples/zephyr/bad-keys/README.md
new file mode 100644
index 0000000..621ce96
--- /dev/null
+++ b/samples/zephyr/bad-keys/README.md
@@ -0,0 +1,6 @@
+# Bad keys for testing
+
+This directory contains some alternate keys that can be used for
+testing. Signing the images with either of these keys, but leaving
+the demo keys's public keys in the bootloader should result in it not
+upgrading, or not booting.
diff --git a/samples/zephyr/bad-keys/bad-ec-p256.pem b/samples/zephyr/bad-keys/bad-ec-p256.pem
new file mode 100644
index 0000000..333f41f
--- /dev/null
+++ b/samples/zephyr/bad-keys/bad-ec-p256.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
+-----END EC PRIVATE KEY-----
diff --git a/samples/zephyr/bad-keys/bad-rsa-2048.pem b/samples/zephyr/bad-keys/bad-rsa-2048.pem
new file mode 100644
index 0000000..755f95b
--- /dev/null
+++ b/samples/zephyr/bad-keys/bad-rsa-2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzXhCIc6kig0DRWEyKj4N8v/bfvh/RmU73Jo0Z0RAFSLnFrE5
+5W5C9tsdDalhN5HV7xBQCzr7GSW1C6MNvtw/lVr4+x4LvgwYD6kl+9IZc5udPIJ1
+R7aLBP2o4r6rJWtCj9Y6bifsMlVkHCONIHDGhp3bSl+9C2EqfwqJENg3mHYyZcbr
+kBfLhILE24T+MhxkPZiI3Ox6XthwT7Is8ZCXF6VCYaK6N8jXAXz8OiEhIpMl3Z3m
+DqxaM0ovSXfXvOfMeKN76iI9m8S4JnPbuzu+/5GdSnNbIxoluzXU7e52FoKgthNM
+2mArAak5x3IqsStY0qDCODSlNnSha9+jfk8ULwIDAQABAoIBAQC7Z6dx7GdY3vuP
+yVIXA1h3vfP2gDKeA3GxCRko4zBL1vTNVsJGx+XeAAYk0suwAp0NGmTXiWlDC4hw
+37yGy55W3I3hhQsSwTck+ZOCdqPuNQ4aBadwzEdKOw5SGbRCQe2JAc1zcYhWdFoF
+7EspPpNkbxB3apEjkvFOxE42Be/XZrwxig1OQJ9DpOhTeV8+jljg6aSzOuQxdR4G
+ZXTzACnb20jnefnwmC5lhZxRWYEXkc96onYIvrDpIMdTzTnTbshJjg5HNPOEEgpF
+U1x2iCRB3tN9QHbzdH/XrnRBr9Yy62SUIDXf4LBqin/pRQPodh9ZM7zanrhzsuiy
+Tro2WKhRAoGBANoAT73haGrUb9ZSdzpu5qOD0eaQZPCIlubRrT5BCXPS2xVIGe+g
+eDaBljdlXDJnKvBqjOVQyU7lrZAIVWgz6qD1HNIQZI30WivXejL4GeoXnAnp/ohh
+1QmjMVvlcGe/22jpDmJa3Qgm4leaUxnxxilO/pQlZzzndBP88Df4/hIJAoGBAPFI
+xBRq0SdBWhSydeEFvm8n37/icrN+V9f/Ka9tbPZcJaowzqQPrAHtu2CBD1JVyo2G
+sKxFy867vCHntFu8zq2KSpCPVyeR+pDvwknr9PDm+DiLScBCGdyKqjBazT5+mHzP
+fKk6nRV8uoNXLZQtnqKJzN61bYrnFaOQx6GZM6J3AoGAUHqA9bY7GAUo7FQxU88R
+Mhg96wIvYWTrYHbToAHefXXAD1E40e/JsUWRsQ2oRas0fOC49wcl6gx8UInjDb7s
+xVL3usz2cjlc+IZpxFs3JeZlYnuRzcNgJFispiJDpul7FHXFK6YjpxjDwldkilVp
+NGLHNOXCAQfpIF/mRqOTGBECgYAmb7kMp5d58WcwNN2iYw/bFTcHkkNDZLUJq5Qw
+ZfYdqMA3RF8ms3hrNjvLO8P9Eb2angI270dwP2fQ3uBUXNdvvb/zF2KC4zZPMGJ6
+9COo3KJeH5I4Fk+YWl6SJWTct74C4+qv6q5rZdswYQrZuAq1Sc5hC/XPUtCXpdCn
+ZYhcMQKBgEHN3ZYe7gOfxR4rqk+OIsAUN9P3zyu6kQzUL1BQ7t7Gwi1dv6+E+BGQ
+vGUt4RGG10g3K9twfhOHnwAiruEk6CK2+1G/ZsGCrPIE21KCcucUCPvzUGhintO+
+b+Q5kAeZFg5CB9b616SY/GvlzPraNx5OZfI8nw39U9do7N/yFiKT
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/testplan/zephyr/0001-bad-ECDSA-P256-bootloader-not-in-images.patch b/testplan/zephyr/0001-bad-ECDSA-P256-bootloader-not-in-images.patch
deleted file mode 100644
index 68f4816..0000000
--- a/testplan/zephyr/0001-bad-ECDSA-P256-bootloader-not-in-images.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 66f6f44bcea43ac991aa025d634fb98de964be05 Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] bad: ECDSA P256 bootloader, not in images
-
-This configures the bootloader to require an ECDSA P256 signature, but
-does not sign the images with it. Neither should boot.
----
- Makefile | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..b0adf05 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,16 +9,16 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-bad-old-RSA-no-slot0-check.patch b/testplan/zephyr/0001-bad-old-RSA-no-slot0-check.patch
deleted file mode 100644
index 12e57ab..0000000
--- a/testplan/zephyr/0001-bad-old-RSA-no-slot0-check.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From a170ab0b596e480445a9b9e2fca6ca937034192c Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 09:56:30 -0600
-Subject: [PATCH] bad: old RSA no slot0 check
-
-This builds the bootloader with the old RSA signature type, but not the
-images. It also disables verification of slot 0, so the image in slot 0
-should boot, but it should not perform an upgrade.
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..d6e5876 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
--#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
- #CONF_FILE = boot/zephyr/prj-p256.conf
-@@ -23,7 +23,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
- # verification only happens on upgrade.
--CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
-+# CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
-
- # Enabling this option uses newer flash map APIs. This saves RAM and
- # avoids deprecated API usage.
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-bad-old-rsa-in-boot-not-in-image.patch b/testplan/zephyr/0001-bad-old-rsa-in-boot-not-in-image.patch
deleted file mode 100644
index 99d9d51..0000000
--- a/testplan/zephyr/0001-bad-old-rsa-in-boot-not-in-image.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 8f3c2f2fe9ade9ff6fe2a37b39318b0186d08efb Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 09:50:48 -0600
-Subject: [PATCH] bad: old rsa in boot, not in image
-
-This patch makes the bootloader use the old signature style, but does
-not modify the images. Neither image should boot.
-
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..db97832 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
--#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
- #CONF_FILE = boot/zephyr/prj-p256.conf
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch b/testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch
deleted file mode 100644
index 80a4aa5..0000000
--- a/testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 5c9fd9690623165c3d1be4d3d219bb0d0c57647d Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] good: ECDSA P256 bootloader, images signed
-
-This configures the bootloader to require an ECDSA P256 signature, and
-both images signed properly. Both should work.
----
- Makefile | 8 ++++----
- samples/zephyr/Makefile | 4 ++--
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..b0adf05 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,16 +9,16 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..1b90b7e 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -102,7 +102,7 @@ clean_boot: check
- hello1: check
- $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-@@ -121,7 +121,7 @@ clean_hello1: check
- hello2: check
- $(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-good-rsa-pkcs-v1.5-good.patch b/testplan/zephyr/0001-good-rsa-pkcs-v1.5-good.patch
deleted file mode 100644
index fa491f9..0000000
--- a/testplan/zephyr/0001-good-rsa-pkcs-v1.5-good.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 950796d68430c2a2778689ee00560d2f455937d4 Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:01:23 -0600
-Subject: [PATCH] good: rsa pkcs v1.5 good
-
-This builds the bootloader and each image with the older PKCS v1.5
-signature format. Both the image and the upgrade should work.
----
- Makefile | 2 +-
- samples/zephyr/Makefile | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..db97832 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,7 +14,7 @@ CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
--#CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-+CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
- #CONF_FILE = boot/zephyr/prj-p256.conf
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..07bb71c 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -106,6 +106,7 @@ hello1: check
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-+ --rsa-pkcs1-15 \
- --included-header \
- hello1/outdir/$(BOARD)/zephyr.bin \
- signed-hello1.bin
-@@ -125,6 +126,7 @@ hello2: check
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-+ --rsa-pkcs1-15 \
- --included-header \
- --pad 0x60000 \
- hello2/outdir/$(BOARD)/zephyr.bin \
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch
deleted file mode 100644
index 1188bef..0000000
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-0-bad-sig.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 26115ff2752b40a5727bc9cf5c76300b30e04d09 Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] partial: ECDSA P256 bootloader, slot 0 bad sig
-
-This configures the bootloader to require an ECDSA P256 signature, with
-hello1 having an invalid signature. Slot 0 should fail to boot, but the
-upgrade should work.
----
- Makefile | 8 ++++----
- bad-ec-p256.pem | 5 +++++
- samples/zephyr/Makefile | 4 ++--
- 3 files changed, 11 insertions(+), 6 deletions(-)
- create mode 100644 bad-ec-p256.pem
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..b0adf05 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,16 +9,16 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
-diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
-new file mode 100644
-index 0000000..333f41f
---- /dev/null
-+++ b/bad-ec-p256.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN EC PRIVATE KEY-----
-+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
-+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
-+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
-+-----END EC PRIVATE KEY-----
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..f84314d 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -102,7 +102,7 @@ clean_boot: check
- hello1: check
- $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../bad-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-@@ -121,7 +121,7 @@ clean_hello1: check
- hello2: check
- $(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch
deleted file mode 100644
index 3d83658..0000000
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot-1-bad-sig.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From f261e0e1c7e0876094ed688f5f0923590aca3739 Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] partial: ECDSA P256 bootloader, slot 1 bad sig
-
-This configures the bootloader to require an ECDSA P256 signature, with
-hello2 having an invalid signature. Slot 0 should boot, but the upgrade
-should not work.
----
- Makefile | 8 ++++----
- bad-ec-p256.pem | 5 +++++
- samples/zephyr/Makefile | 4 ++--
- 3 files changed, 11 insertions(+), 6 deletions(-)
- create mode 100644 bad-ec-p256.pem
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..b0adf05 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,16 +9,16 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
-diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
-new file mode 100644
-index 0000000..333f41f
---- /dev/null
-+++ b/bad-ec-p256.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN EC PRIVATE KEY-----
-+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
-+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
-+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
-+-----END EC PRIVATE KEY-----
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..02a54da 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -102,7 +102,7 @@ clean_boot: check
- hello1: check
- $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-@@ -121,7 +121,7 @@ clean_hello1: check
- hello2: check
- $(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../bad-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch b/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch
deleted file mode 100644
index a879119..0000000
--- a/testplan/zephyr/0001-partial-ECDSA-P256-bootloader-slot0-ok-slot1-bad.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 86f857cafbdd40d1ba158028e142c8cdf5c56e0d Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] partial: ECDSA P256 bootloader, slot0 ok slot1 bad
-
-This configures the bootloader to require an ECDSA P256 signature, and
-the slot 0 image as good. This should boot slot 0, but not perform the
-upgrade in slot 1.
----
- Makefile | 8 ++++----
- samples/zephyr/Makefile | 2 +-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..b0adf05 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,16 +9,16 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..b62e966 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -102,7 +102,7 @@ clean_boot: check
- hello1: check
- $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
---
-2.11.0
-
diff --git a/testplan/zephyr/0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch b/testplan/zephyr/0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch
deleted file mode 100644
index dead2c2..0000000
--- a/testplan/zephyr/0001-partial-ECDSA-P256-slot-0-bad-no-verification.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From b2d9560f05fabdcfdff549ccc361d9dfbe74735b Mon Sep 17 00:00:00 2001
-From: David Brown <david.brown@linaro.org>
-Date: Thu, 27 Jul 2017 10:05:47 -0600
-Subject: [PATCH] partial ECDSA P256 slot 0 bad, no verification
-
-This has a badly signed image in slot 0, which should boot because
-checking is off. It should perform the upgrade in slot 1, and not
-revert, because the old image is not valid.
----
- Makefile | 10 +++++-----
- bad-ec-p256.pem | 5 +++++
- samples/zephyr/Makefile | 4 ++--
- 3 files changed, 12 insertions(+), 7 deletions(-)
- create mode 100644 bad-ec-p256.pem
-
-diff --git a/Makefile b/Makefile
-index 1e9ec42..3f875a2 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,21 +9,21 @@
- # lines there, and comment out any other blocks.
-
- # RSA
--CONF_FILE = boot/zephyr/prj.conf
--CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-+#CONF_FILE = boot/zephyr/prj.conf
-+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
-
- # Newer uses should use the RSA-PSS signature algorithm. This define
- # enables (and requires) this type of signature.
- #CFLAGS += -DMCUBOOT_RSA_PKCS1_15
-
- # ECDSA P-256
--#CONF_FILE = boot/zephyr/prj-p256.conf
--#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-+CONF_FILE = boot/zephyr/prj-p256.conf
-+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-
- # Enable this option to have the bootloader verify the signature of
- # the primary image upon every boot. Without it, signature
- # verification only happens on upgrade.
--CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
-+#CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
-
- # Enabling this option uses newer flash map APIs. This saves RAM and
- # avoids deprecated API usage.
-diff --git a/bad-ec-p256.pem b/bad-ec-p256.pem
-new file mode 100644
-index 0000000..333f41f
---- /dev/null
-+++ b/bad-ec-p256.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN EC PRIVATE KEY-----
-+MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49
-+AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs
-+ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw==
-+-----END EC PRIVATE KEY-----
-diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
-index 7678615..f84314d 100644
---- a/samples/zephyr/Makefile
-+++ b/samples/zephyr/Makefile
-@@ -102,7 +102,7 @@ clean_boot: check
- hello1: check
- $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../bad-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
-@@ -121,7 +121,7 @@ clean_hello1: check
- hello2: check
- $(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
- $(IMGTOOL) sign \
-- --key $(SIGNING_KEY) \
-+ --key ../../root-ec-p256.pem \
- --header-size $(BOOT_HEADER_LEN) \
- --align $(FLASH_ALIGNMENT) \
- --version 1.2 \
---
-2.11.0
-