ci(rotpk): add a boot test for ROTPK hash in trusted registers
Added a fixed ROTPK (SHA256 hash of the 2K ROTPK) to the model
to cover the test where the ROTPK is stored in registers
(ARM_ROTPK_LOCATION=regs), simulating the production use case.
Change-Id: I428b469efeedf56f9dd78a543445bb243b71f315
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/group/tf-l2-boot-tests-misc/fvp-tbb-mbedtls-regs-rotpk,fvp-default:fvp-tftf-fip.tftf-aemv8a.tbb.rotpk_regs-debug b/group/tf-l2-boot-tests-misc/fvp-tbb-mbedtls-regs-rotpk,fvp-default:fvp-tftf-fip.tftf-aemv8a.tbb.rotpk_regs-debug
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/group/tf-l2-boot-tests-misc/fvp-tbb-mbedtls-regs-rotpk,fvp-default:fvp-tftf-fip.tftf-aemv8a.tbb.rotpk_regs-debug
diff --git a/model/base-aemva-common.sh b/model/base-aemva-common.sh
index fb8ca3c..d47162e 100644
--- a/model/base-aemva-common.sh
+++ b/model/base-aemva-common.sh
@@ -134,6 +134,9 @@
# FEAT_LS64_V, FEAT_LS64_ACCDATA)
reset_var accelerator_support_level
+# ROTPK in trusted register space
+reset_var has_rotpk_in_regs
+
source "$ci_root/model/fvp_common.sh"
#------------ Common configuration --------------
@@ -172,6 +175,14 @@
${etm_plugin+--plugin=$etm_plugin_path}
EOF
+# Store the fixed ROTPK hash in registers
+# Note: This is the SHA256 hash of the RSA 2K development public key used in TF-A
+if [ "$has_rotpk_in_regs" = "1" ]; then
+ cat <<EOF >>"$model_param_file"
+-C bp.trusted_key_storage.public_key="0982f3b0 3ad89712 47727a37 7332ec1b e23292e9 5ef65949 464a4a8b da9a22d8"
+EOF
+fi
+
# TFTF Reboot/Shutdown tests
if [ "$retain_flash" = "1" ]; then
cat <<EOF >>"$model_param_file"
diff --git a/run_config/fvp-aemv8a.tbb.rotpk_regs b/run_config/fvp-aemv8a.tbb.rotpk_regs
new file mode 100644
index 0000000..7643699
--- /dev/null
+++ b/run_config/fvp-aemv8a.tbb.rotpk_regs
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2025, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+generate_lava_job() {
+ local model="base-aemv8a"
+
+ model="$model" has_rotpk_in_regs="1" gen_model_params
+ model="$model" gen_fvp_yaml
+}
diff --git a/tf_config/fvp-tbb-mbedtls-regs-rotpk b/tf_config/fvp-tbb-mbedtls-regs-rotpk
new file mode 100644
index 0000000..77e9791
--- /dev/null
+++ b/tf_config/fvp-tbb-mbedtls-regs-rotpk
@@ -0,0 +1,6 @@
+ARM_ROTPK_LOCATION=regs
+CROSS_COMPILE=aarch64-none-elf-
+GENERATE_COT=1
+PLAT=fvp
+ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
+TRUSTED_BOARD_BOOT=1