From 860dee1e6af4d6eafac01be68ad289139d589670 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Thu, 28 Feb 2019 20:11:28 -0800 Subject: cr50: complete support of the new NVMEM structure (take two) This patch eliminates unnecessary legacy nvmem.c and nvmem_vars.c code and brings the code base to the state where the new NVMEM layout is fully functional. BRANCH=cr50, cr50-mp BUG=b:69907320, b:129710256 CQ-DEPEND=CL:1450278 TEST=the following tests pass: - test cases in ./test/nvmem.c - TCG suite (passes on par with the existing Cr50 code with the reduced code footprint TPM2 library) - Chrome OS device migrates from legacy to new implementation with user account maintained. - Chrome OS user account is maintained over AP and H1 reboots and deep sleep cycles. Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/1496607 Reviewed-by: Andrey Pronin (cherry picked from commit 171578b67f40355528cbb5f34b78e8e8ed83e335) Change-Id: I92900a8a9ed53cba3e6976caf60fd1a793e8ff0f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1644277 Tested-by: Vadim Bendebury Reviewed-by: Vadim Bendebury Commit-Queue: Vadim Bendebury (cherry picked from commit 7483d43520fa68654617d3da02dd67e9a15b7efd) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1705698 (cherry picked from commit 3ec55a4f3b2be3d1e080ee13cb95c83efb683188) --- test/nvmem.c | 1655 +++++++++++++++++++++++++++++++++++++----------------- test/pinweaver.c | 86 +-- 2 files changed, 1197 insertions(+), 544 deletions(-) (limited to 'test') diff --git a/test/nvmem.c b/test/nvmem.c index 99b2d554e9..dc5cde1eee 100644 --- a/test/nvmem.c +++ b/test/nvmem.c @@ -5,11 +5,15 @@ * Test Cr-50 Non-Voltatile memory module */ +#include "nvmem_test.h" + #include "common.h" #include "console.h" #include "crc.h" -#include "nvmem.h" #include "flash.h" +#include "new_nvmem.h" +#include "nvmem.h" +#include "printf.h" #include "shared_mem.h" #include "task.h" #include "test_util.h" @@ -19,16 +23,29 @@ #define WRITE_SEGMENT_LEN 200 #define WRITE_READ_SEGMENTS 4 -uint32_t nvmem_user_sizes[NVMEM_NUM_USERS] = { - NVMEM_USER_0_SIZE, - NVMEM_USER_1_SIZE, - NVMEM_USER_2_SIZE +enum test_failure_mode failure_mode; + +static const uint8_t legacy_nvmem_image[] = { +#include "legacy_nvmem_dump.h" }; +BUILD_ASSERT(sizeof(legacy_nvmem_image) == NVMEM_PARTITION_SIZE); + static uint8_t write_buffer[NVMEM_PARTITION_SIZE]; -static uint8_t read_buffer[NVMEM_PARTITION_SIZE]; static int flash_write_fail; -static int lock_test_started; + +struct nvmem_test_result { + int var_count; + int reserved_obj_count; + int evictable_obj_count; + int deleted_obj_count; + int delimiter_count; + int unexpected_count; + size_t valid_data_size; + size_t erased_data_size; +}; + +static struct nvmem_test_result test_result; int app_cipher(const void *salt_p, void *out_p, const void *in_p, size_t size) { @@ -50,15 +67,28 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes, uint32_t crc; uint32_t *p_data; int n; + size_t tail_size; crc32_init(); - /* Assuming here that buffer is 4 byte aligned and that num_bytes is - * divisible by 4 - */ + /* Assuming here that buffer is 4 byte aligned. */ p_data = (uint32_t *)p_buf; - for (n = 0; n < num_bytes/4; n++) + for (n = 0; n < num_bytes / 4; n++) crc32_hash32(*p_data++); - crc = crc32_result(); + + tail_size = num_bytes % 4; + if (tail_size) { + uint32_t tail; + + tail = 0; + memcpy(&tail, p_data, tail_size); + crc32_hash32(tail); + } + + /* + * Crc32 of 0xffffffff is 0xffffffff. Let's spike the results to avoid + * this unfortunate Crc32 property. + */ + crc = crc32_result() ^ 0x55555555; for (n = 0; n < hash_bytes; n += sizeof(crc)) { size_t copy_bytes = MIN(sizeof(crc), hash_bytes - n); @@ -73,652 +103,1263 @@ int flash_pre_op(void) return flash_write_fail ? EC_ERROR_UNKNOWN : EC_SUCCESS; } -static int generate_random_data(int offset, int num_bytes) +static void dump_nvmem_state(const char *title, + const struct nvmem_test_result *tr) +{ + ccprintf("\n%s:\n", title); + ccprintf("var_count: %d\n", tr->var_count); + ccprintf("reserved_obj_count: %d\n", tr->reserved_obj_count); + ccprintf("evictable_obj_count: %d\n", tr->evictable_obj_count); + ccprintf("deleted_obj_count: %d\n", tr->deleted_obj_count); + ccprintf("deimiter_count: %d\n", tr->delimiter_count); + ccprintf("unexpected_count: %d\n", tr->unexpected_count); + ccprintf("valid_data_size: %d\n", tr->valid_data_size); + ccprintf("erased_data_size: %d\n\n", tr->erased_data_size); +} + +static void wipe_out_nvmem_cache(void) +{ + memset(nvmem_cache_base(NVMEM_TPM), 0, nvmem_user_sizes[NVMEM_TPM]); +} + +static int prepare_nvmem_contents(void) +{ + struct nvmem_tag *tag; + + memcpy(write_buffer, legacy_nvmem_image, sizeof(write_buffer)); + tag = (struct nvmem_tag *)write_buffer; + + app_compute_hash(tag->padding, NVMEM_PARTITION_SIZE - NVMEM_SHA_SIZE, + tag->sha, sizeof(tag->sha)); + app_cipher(tag->sha, tag + 1, tag + 1, + NVMEM_PARTITION_SIZE - sizeof(struct nvmem_tag)); + + return flash_physical_write(CONFIG_FLASH_NVMEM_BASE_A - + CONFIG_PROGRAM_MEMORY_BASE, + sizeof(write_buffer), write_buffer); +} + +static int iterate_over_flash(void) { - int m, n, limit; - uint32_t r_data; + enum ec_error_list rv; + struct nn_container *ch; + struct access_tracker at = {}; + uint8_t buf[CONFIG_FLASH_BANK_SIZE]; + + memset(&test_result, 0, sizeof(test_result)); + ch = (struct nn_container *)buf; + + while ((rv = get_next_object(&at, ch, 1)) == EC_SUCCESS) + switch (ch->container_type) { + case NN_OBJ_OLD_COPY: + if (ch->container_type_copy == NN_OBJ_TRANSACTION_DEL) { + test_result.delimiter_count++; + } else { + test_result.deleted_obj_count++; + test_result.erased_data_size += ch->size; + } + break; + + case NN_OBJ_TUPLE: + test_result.var_count++; + test_result.valid_data_size += ch->size; + break; + + case NN_OBJ_TPM_RESERVED: + test_result.reserved_obj_count++; + test_result.valid_data_size += ch->size; + break; + + case NN_OBJ_TPM_EVICTABLE: + test_result.evictable_obj_count++; + test_result.valid_data_size += ch->size; + break; + + case NN_OBJ_TRANSACTION_DEL: + test_result.delimiter_count++; + break; + default: + test_result.unexpected_count++; + break; + } - /* Ensure it will fit in the write buffer */ - TEST_ASSERT((num_bytes + offset) <= NVMEM_PARTITION_SIZE); - /* Seed random number sequence */ - r_data = prng((uint32_t)clock()); - m = 0; - while (m < num_bytes) { - r_data = prng(r_data); - limit = MIN(4, num_bytes - m); - /* No byte alignment assumptions */ - for (n = 0; n < limit; n++) - write_buffer[offset + m + n] = (r_data >> (n*8)) & 0xff; - m += limit; + if (rv != EC_ERROR_MEMORY_ALLOCATION) { + ccprintf("\n%s:%d - unexpected return value %d\n", __func__, + __LINE__, rv); + return rv; } - return EC_SUCCESS; + /* Verify that there is a delimiter at the top of the flash. */ + if (at.mt.data_offset > sizeof(*at.mt.ph)) { + if ((at.mt.ph == at.dt.ph) && + (((at.mt.data_offset - sizeof(struct nn_container))) == + at.dt.data_offset)) { + return EC_SUCCESS; + } + } else { + if ((at.dt.ph == list_element_to_ph(at.list_index)) && + (at.dt.data_offset == + (CONFIG_FLASH_BANK_SIZE - sizeof(struct nn_container)))) { + ccprintf("%s:%d edge delimiter case OK\n", __func__, + __LINE__); + return EC_SUCCESS; + } + } + ccprintf("%s:%d bad delimiter location: ph %p, " + "dt.ph %p, offset %d, delim offset %d\n", + __func__, __LINE__, at.mt.ph, at.dt.ph, at.mt.data_offset, + at.dt.data_offset); + + return EC_ERROR_INVAL; } -static int test_write_read(uint32_t offset, uint32_t num_bytes, int user) +static void *page_to_flash_addr(int page_num) { - int ret; + uint32_t base_offset = CONFIG_FLASH_NEW_NVMEM_BASE_A; - /* Generate source data */ - generate_random_data(0, num_bytes); - /* Write source data to NvMem */ - ret = nvmem_write(offset, num_bytes, write_buffer, user); - /* Write to flash */ - ret = nvmem_commit(); - if (ret != EC_SUCCESS) - return ret; - /* Read from flash */ - nvmem_read(offset, num_bytes, read_buffer, user); - /* Verify that write to flash was successful */ - TEST_ASSERT_ARRAY_EQ(write_buffer, read_buffer, num_bytes); + if (page_num > NEW_NVMEM_TOTAL_PAGES) + return NULL; - return EC_SUCCESS; + if (page_num >= (NEW_NVMEM_TOTAL_PAGES / 2)) { + page_num -= (NEW_NVMEM_TOTAL_PAGES / 2); + base_offset = CONFIG_FLASH_NEW_NVMEM_BASE_B; + } + + return (void *)((uintptr_t)base_offset + + page_num * CONFIG_FLASH_BANK_SIZE); } -static int write_full_buffer(uint32_t size, int user) +static int post_init_from_scratch(uint8_t flash_value) { - uint32_t offset; - uint32_t len; - int ret; + int i; + void *flash_p; + + memset(write_buffer, flash_value, sizeof(write_buffer)); + + /* Overwrite nvmem flash space with junk value. */ + flash_physical_write( + CONFIG_FLASH_NEW_NVMEM_BASE_A - CONFIG_PROGRAM_MEMORY_BASE, + NEW_FLASH_HALF_NVMEM_SIZE, (const char *)write_buffer); + flash_physical_write( + CONFIG_FLASH_NEW_NVMEM_BASE_B - CONFIG_PROGRAM_MEMORY_BASE, + NEW_FLASH_HALF_NVMEM_SIZE, (const char *)write_buffer); + + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(test_result.var_count == 0); + TEST_ASSERT(test_result.reserved_obj_count == 38); + TEST_ASSERT(test_result.evictable_obj_count == 0); + TEST_ASSERT(test_result.deleted_obj_count == 0); + TEST_ASSERT(test_result.unexpected_count == 0); + TEST_ASSERT(test_result.valid_data_size == 1088); + TEST_ASSERT(total_var_space == 0); + + for (i = 0; i < (NEW_NVMEM_TOTAL_PAGES - 1); i++) { + flash_p = page_to_flash_addr(i); + + TEST_ASSERT(!!flash_p); + TEST_ASSERT(is_uninitialized(flash_p, CONFIG_FLASH_BANK_SIZE)); + } - /* Start at beginning of the user buffer */ - offset = 0; - do { - /* User default segment length unless it will exceed */ - len = MIN(WRITE_SEGMENT_LEN, size - offset); - /* Generate data for tx buffer */ - generate_random_data(offset, len); - /* Write data to Nvmem cache memory */ - nvmem_write(offset, len, &write_buffer[offset], user); - /* Write to flash */ - ret = nvmem_commit(); - if (ret != EC_SUCCESS) - return ret; - /* Adjust starting offset by segment length */ - offset += len; - } while (offset < size); - - /* Entire flash buffer should be full at this point */ - nvmem_read(0, size, read_buffer, user); - /* Verify that write to flash was successful */ - TEST_ASSERT_ARRAY_EQ(write_buffer, read_buffer, size); + flash_p = page_to_flash_addr(i); + TEST_ASSERT(!is_uninitialized(flash_p, CONFIG_FLASH_BANK_SIZE)); return EC_SUCCESS; } +/* + * The purpose of this test is to check NvMem initialization when NvMem is + * completely erased (i.e. following SpiFlash write of program). In this case, + * nvmem_init() is expected to create initial flash storage containing + * reserved objects only. + */ static int test_fully_erased_nvmem(void) { - /* - * The purpose of this test is to check NvMem intialization when NvMem - * is completely erased (i.e. following SpiFlash write of program). In - * this configuration, nvmem_init() should be able to detect this case - * and configure an initial NvMem partition. - */ - /* Erase full NvMem area */ - flash_physical_erase(CONFIG_FLASH_NVMEM_OFFSET_A, - NVMEM_PARTITION_SIZE); - flash_physical_erase(CONFIG_FLASH_NVMEM_OFFSET_B, - NVMEM_PARTITION_SIZE); - /* Call NvMem initialization function */ - return nvmem_init(); + return post_init_from_scratch(0xff); } -static int test_configured_nvmem(void) +/* + * The purpose of this test is to check nvmem_init() in the case when no valid + * pages exist but flash space is garbled as opposed to be fully erased. In + * this case, the initialization is expected to create one new valid page and + * erase the rest of the pages. + */ +static int test_corrupt_nvmem(void) { - /* - * The purpose of this test is to check nvmem_init() when both - * partitions are configured and valid. - */ + return post_init_from_scratch(0x55); +} - /* Call NvMem initialization */ - return nvmem_init(); +static int prepare_new_flash(void) +{ + TEST_ASSERT(test_fully_erased_nvmem() == EC_SUCCESS); + + /* Now copy sensible information into the nvmem cache. */ + memcpy(nvmem_cache_base(NVMEM_TPM), + legacy_nvmem_image + sizeof(struct nvmem_tag), + nvmem_user_sizes[NVMEM_TPM]); + + dump_nvmem_state("after first save", &test_result); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + + TEST_ASSERT(test_result.deleted_obj_count == 24); + TEST_ASSERT(test_result.var_count == 0); + TEST_ASSERT(test_result.reserved_obj_count == 40); + TEST_ASSERT(test_result.evictable_obj_count == 9); + TEST_ASSERT(test_result.unexpected_count == 0); + TEST_ASSERT(test_result.valid_data_size == 5128); + TEST_ASSERT(test_result.erased_data_size == 698); + + return EC_SUCCESS; } -/* Verify that nvmem_erase_user_data only erases the given user's data. */ -static int test_nvmem_erase_user_data(void) +static int test_nvmem_save(void) { - uint32_t write_value; - uint32_t read_value; - int i; + const char *key = "var1"; + const char *value = "value of var 1"; + size_t total_var_size; + struct nvmem_test_result old_result; - nvmem_init(); - - /* Make sure all partitions have data in them. */ - for (i = 0; i < NVMEM_NUM_PARTITIONS; i++) { - write_value = i; - nvmem_write(0, sizeof(write_value), &write_value, NVMEM_USER_0); - write_value = 2; - nvmem_write(0, sizeof(write_value), &write_value, NVMEM_USER_1); - write_value = 3; - nvmem_write(0, sizeof(write_value), &write_value, NVMEM_USER_2); - nvmem_commit(); - } + TEST_ASSERT(prepare_new_flash() == EC_SUCCESS); - /* Check that the writes took place. */ - read_value = ~write_value; - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_0); - TEST_ASSERT(read_value == i-1); - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_1); - TEST_ASSERT(read_value == 2); - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_2); - TEST_ASSERT(read_value == 3); + /* + * Verify that saving without changing the cache does not affect flash + * contents. + */ + old_result = test_result; + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); /* - * nvmem_erase_user_data() is supposed to erase the user's data across - * all partitions. + * Save of unmodified cache does not modify the flash contents and + * does not set the delimiter. */ - nvmem_erase_user_data(NVMEM_USER_0); - for (i = 0; i < NVMEM_NUM_PARTITIONS; i++) { - /* Make sure USER 0's data is (still) gone. */ - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_0); - TEST_ASSERT(read_value == 0xffffffff); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(!memcmp(&test_result, &old_result, sizeof(test_result))); - /* Make sure the other users' data has been untouched. */ - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_1); - TEST_ASSERT(read_value == 2); + wipe_out_nvmem_cache(); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(!memcmp(&test_result, &old_result, sizeof(test_result))); - /* - * The active partition changes when the contents of the cache - * changes. Therefore, in order to examine all the paritions, - * we'll keep modifying one of the user's data. - */ - nvmem_read(0, sizeof(read_value), &read_value, NVMEM_USER_2); - TEST_ASSERT(read_value == (3+i)); - write_value = 4 + i; - nvmem_write(0, sizeof(write_value), &write_value, NVMEM_USER_2); - nvmem_commit(); - } + /* + * Total size test variable storage takes in flash (container header + * size not included). + */ + total_var_size = strlen(key) + strlen(value) + sizeof(struct tuple); + + /* Verify that we can add a variable to nvmem. */ + TEST_ASSERT(setvar(key, strlen(key), value, strlen(value)) == + EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + + /* Remove changes caused by the new var addition. */ + test_result.var_count -= 1; + test_result.delimiter_count -= 1; + test_result.valid_data_size -= total_var_size; + + TEST_ASSERT(memcmp(&test_result, &old_result, sizeof(test_result)) == + 0); + + /* Verify that we can delete a variable from nvmem. */ + TEST_ASSERT(setvar(key, strlen(key), NULL, 0) == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + test_result.deleted_obj_count -= 1; + test_result.erased_data_size -= total_var_size; + test_result.delimiter_count -= 1; + TEST_ASSERT(memcmp(&test_result, &old_result, sizeof(test_result)) == + 0); return EC_SUCCESS; } -static int test_corrupt_nvmem(void) +static size_t get_free_nvmem_room(void) { - uint8_t invalid_value = 0x55; - int ret; - struct nvmem_tag *p_part; - uint8_t *p_data; + size_t free_room; + size_t free_pages; + /* Compaction kicks in when 3 pages or less are left. */ + const size_t max_pages = NEW_NVMEM_TOTAL_PAGES - 3; + + ccprintf("list index %d, data offset 0x%x\n", master_at.list_index, + master_at.mt.data_offset); + + if (master_at.list_index >= max_pages) + return 0; + + free_pages = max_pages - master_at.list_index; + free_room = (free_pages - 1) * (CONFIG_FLASH_BANK_SIZE - + sizeof(struct nn_page_header)) + + CONFIG_FLASH_BANK_SIZE - master_at.mt.data_offset; + ccprintf("free pages %d, data offset 0x%x\n", free_pages, + master_at.mt.data_offset); + return free_room; +} + +static int test_nvmem_compaction(void) +{ + char value[100]; /* Definitely more than enough. */ + const char *key = "var 1"; + int i; + size_t key_len; + size_t val_len; + size_t free_room; + size_t real_var_size; + size_t var_space; + int max_vars; + int erased_data_size; + const size_t alignment_mask = CONFIG_FLASH_WRITE_SIZE - 1; + + key_len = strlen(key); + val_len = snprintf(value, sizeof(value), "variable value is %04d", 0); + + TEST_ASSERT(prepare_new_flash() == EC_SUCCESS); /* - * The purpose of this test is to check nvmem_init() in the case when no - * vailid partition exists (not fully erased and no valid sha). In this - * case, the initialization create one new valid partition. + * Remember how much room was erased before flooding nvmem with erased + * values. */ + erased_data_size = test_result.erased_data_size; - /* Overwrite each partition will all 0s */ - memset(write_buffer, invalid_value, NVMEM_PARTITION_SIZE); - flash_physical_write(CONFIG_FLASH_NVMEM_OFFSET_A, - NVMEM_PARTITION_SIZE, - (const char *)write_buffer); - flash_physical_write(CONFIG_FLASH_NVMEM_OFFSET_B, - NVMEM_PARTITION_SIZE, - (const char *)write_buffer); + /* Let's see how much free room there is. */ + free_room = get_free_nvmem_room(); + TEST_ASSERT(free_room); + + /* How much room (key, value) pair takes in a container. */ + real_var_size = val_len + key_len + sizeof(struct tuple); /* - * The initialization function will look for a valid partition and if - * none is found, it will create one, and save it at partition index - * 1. + * See how many vars including containers should be able to fit there. + * + * First calculate rounded up space a var will take. Apart from the + * var itself there will be a container header and a delimiter. */ - ret = nvmem_init(); - if (ret) - return ret; + var_space = (real_var_size + 2 * sizeof(struct nn_container) + + alignment_mask) & ~alignment_mask; + + max_vars = free_room / var_space; /* - * nvmem_init() called on uninitialized flash will create the first - * valid partition with generation set to 0 at flash partition 1. - * - * Check here that partition 1 has a generation number of 0. + * And now flood the NVMEM with erased values (each new setvar() + * invocation erases the previous instance. */ - p_part = (struct nvmem_tag *)CONFIG_FLASH_NVMEM_BASE_B; - TEST_ASSERT(p_part->generation == 0); - p_data = (uint8_t *)p_part + sizeof(struct nvmem_tag); + for (i = 0; i <= max_vars; i++) { + snprintf(value, sizeof(value), "variable value is %04d", i); + TEST_ASSERT(setvar(key, key_len, value, val_len) == EC_SUCCESS); + } - /* Verify that partition 0 is still empty. */ - memset(write_buffer, invalid_value, NVMEM_PARTITION_SIZE); - p_data = (void *)CONFIG_FLASH_NVMEM_BASE_A; - TEST_ASSERT_ARRAY_EQ(write_buffer, p_data, NVMEM_PARTITION_SIZE); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + /* Make sure there was no compaction yet. */ + TEST_ASSERT(test_result.erased_data_size > erased_data_size); - /* Now let's write a different value into user NVMEM_CR50 */ - invalid_value ^= ~0; - TEST_ASSERT(nvmem_write(0, sizeof(invalid_value), - &invalid_value, NVMEM_USER_0) == EC_SUCCESS); - TEST_ASSERT(nvmem_commit() == EC_SUCCESS); + /* This is how much the erased space grew as a result of flooding. */ + erased_data_size = test_result.erased_data_size - erased_data_size; + TEST_ASSERT(erased_data_size == max_vars * real_var_size); - /* Verify that partition 1 generation did not change. */ - TEST_ASSERT(p_part->generation == 0); + /* This will take it over the compaction limit. */ + val_len = snprintf(value, sizeof(value), "variable value is %03d", i); + TEST_ASSERT(setvar(key, key_len, value, val_len) == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(test_result.erased_data_size < var_space); + return EC_SUCCESS; +} + +static int test_configured_nvmem(void) +{ /* - * Now verify that partition 0 generation is set to 1; + * The purpose of this test is to check how nvmem_init() initializes + * from previously saved flash contents. */ - p_part = (struct nvmem_tag *)CONFIG_FLASH_NVMEM_BASE_A; - TEST_ASSERT(p_part->generation == 1); + TEST_ASSERT(prepare_nvmem_contents() == EC_SUCCESS); - return EC_SUCCESS; + /* + * This is initialization from legacy flash contents which replaces + * legacy flash image with the new format flash image + */ + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + + /* And this is initialization from the new flash layout. */ + return nvmem_init(); } -static int test_write_read_sequence(void) +static uint8_t find_lb(const void *data) { - uint32_t offset; - uint32_t length; - int user; - int n; - int ret; - - for (user = 0; user < NVMEM_NUM_USERS; user++) { - /* Length for each write/read segment */ - length = nvmem_user_sizes[user] / WRITE_READ_SEGMENTS; - /* Start at beginning of user buffer */ - offset = 0; - for (n = 0; n < WRITE_READ_SEGMENTS; n++) { - ret = test_write_read(offset, length, user); - if (ret != EC_SUCCESS) - return ret; - /* Adjust offset by segment length */ - offset += length; - /* For 1st iteration only, adjust to create stagger */ - if (n == 0) - offset -= length / 2; - - } - } - return EC_SUCCESS; + return (const uint8_t *)memchr(data, '#', 256) - (const uint8_t *)data; } -static int test_write_full_multi(void) +/* + * Helper function, depending on the argument value either writes variables + * into nvmem and verifies their presence, or deletes them and verifies that + * they indeed disappear. + */ +static int var_read_write_delete_helper(int do_write) { - int n; - int ret; + size_t i; + uint16_t saved_total_var_space; + uint32_t coverage_map; + + const struct { + uint8_t *key; + uint8_t *value; + } kv_pairs[] = { + /* Use # as the delimiter to allow \0 in keys/values. */ + {"\0key\00#", "value of key2#"}, {"key1#", "value of key1#"}, + {"key2#", "value of key2#"}, {"key3#", "value of\0 key3#"}, + {"ke\04#", "value\0 of\0 key4#"}, + }; + + coverage_map = 0; + saved_total_var_space = total_var_space; /* - * The purpose of this test is to completely fill each user buffer in - * NvMem with random data a segment length at a time. The data written - * to NvMem is saved in write_buffer[] and then can be used to check the - * NvMem writes were successful by reading and then comparing each user - * buffer. + * Read all vars, one at a time, verifying that they shows up in + * getvar results when appropriate but not before. */ - for (n = 0; n < NVMEM_NUM_USERS; n++) { - ret = write_full_buffer(nvmem_user_sizes[n], n); - if (ret != EC_SUCCESS) - return ret; + for (i = 0; i <= ARRAY_SIZE(kv_pairs); i++) { + size_t j; + uint8_t key_len; + uint8_t val_len; + const void *value; + + for (j = 0; j < ARRAY_SIZE(kv_pairs); j++) { + const struct tuple *t; + + coverage_map |= 1; + + key_len = find_lb(kv_pairs[j].key); + t = getvar(kv_pairs[j].key, key_len); + + if ((j >= i) ^ !do_write) { + TEST_ASSERT(t == NULL); + continue; + } + + coverage_map |= 2; + + TEST_ASSERT(saved_total_var_space == total_var_space); + + /* Confirm that what we found is the right variable. */ + val_len = find_lb(kv_pairs[j].value); + + TEST_ASSERT(t->key_len == key_len); + TEST_ASSERT(t->val_len == val_len); + TEST_ASSERT( + !memcmp(kv_pairs[j].key, t->data_, key_len)); + TEST_ASSERT(!memcmp(kv_pairs[j].value, + t->data_ + key_len, val_len)); + freevar(t); + } + + if (i == ARRAY_SIZE(kv_pairs)) { + coverage_map |= 4; + /* All four variables have been processed. */ + break; + } + + val_len = find_lb(kv_pairs[i].value); + key_len = find_lb(kv_pairs[i].key); + value = kv_pairs[i].value; + if (!do_write) { + + coverage_map |= 8; + + saved_total_var_space -= val_len + key_len; + /* + * Make sure all val_len == 0 and val == NULL + * combinations are exercised. + */ + switch (i) { + case 0: + val_len = 0; + coverage_map |= 0x10; + break; + + case 1: + coverage_map |= 0x20; + value = NULL; + break; + default: + coverage_map |= 0x40; + val_len = 0; + value = NULL; + break; + } + } else { + coverage_map |= 0x80; + saved_total_var_space += val_len + key_len; + } + key_len = find_lb(kv_pairs[i].key); + TEST_ASSERT(setvar(kv_pairs[i].key, key_len, value, val_len) == + EC_SUCCESS); + + TEST_ASSERT(saved_total_var_space == total_var_space); } + + if (do_write) + TEST_ASSERT(coverage_map == 0x87); + else + TEST_ASSERT(coverage_map == 0x7f); + return EC_SUCCESS; } -static int test_write_fail(void) +static int test_var_read_write_delete(void) { - uint32_t offset = 0; - uint32_t num_bytes = 0x200; - int ret; + TEST_ASSERT(post_init_from_scratch(0xff) == EC_SUCCESS); - /* Do write/read sequence that's expected to be successful */ - if (test_write_read(offset, num_bytes, NVMEM_USER_0)) - return EC_ERROR_UNKNOWN; + ccprintf("\n%s: starting write cycle\n", __func__); + TEST_ASSERT(var_read_write_delete_helper(1) == EC_SUCCESS); - /* Prevent flash erase/write operations */ - flash_write_fail = 1; - /* Attempt flash write */ - ret = test_write_read(offset, num_bytes, NVMEM_USER_0); - /* Resume normal operation */ - flash_write_fail = 0; + ccprintf("%s: starting delete cycle\n", __func__); + TEST_ASSERT(var_read_write_delete_helper(0) == EC_SUCCESS); + + return EC_SUCCESS; +} +/* Verify that nvmem_erase_user_data only erases the given user's data. */ +static int test_nvmem_erase_tpm_data(void) +{ + TEST_ASSERT(prepare_nvmem_contents() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + browse_flash_contents(1); + TEST_ASSERT(nvmem_erase_tpm_data() == EC_SUCCESS); + browse_flash_contents(1); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(test_result.deleted_obj_count == 0); + TEST_ASSERT(test_result.var_count == 3); + TEST_ASSERT(test_result.reserved_obj_count == 0); + TEST_ASSERT(test_result.evictable_obj_count == 0); + TEST_ASSERT(test_result.unexpected_count == 0); + TEST_ASSERT(test_result.valid_data_size == 86); + TEST_ASSERT(test_result.erased_data_size == 0); - /* This test is successful if write attempt failed */ - return !ret; + return EC_SUCCESS; } -static int test_buffer_overflow(void) +static size_t fill_obj_offsets(uint16_t *offsets, size_t max_objects) { - int ret; - int n; + size_t i; + size_t obj_count; - /* - * The purpose of this test is to check that NvMem writes behave - * properly in relation to the defined length of each user buffer. A - * write operation to completely fill the buffer is done first. This - * should pass. Then the same buffer is written to with one extra byte - * and this operation is expected to fail. - */ + obj_count = init_object_offsets(offsets, max_objects); - /* Do test for each user buffer */ - for (n = 0; n < NVMEM_NUM_USERS; n++) { - /* Write full buffer */ - ret = write_full_buffer(nvmem_user_sizes[n], n); - if (ret != EC_SUCCESS) - return ret; - /* Attempt to write full buffer plus 1 extra byte */ - ret = write_full_buffer(nvmem_user_sizes[n] + 1, n); - if (!ret) - return EC_ERROR_UNKNOWN; + ccprintf("%d objects\n", obj_count); + for (i = 0; i < obj_count; i++) { + uint32_t *op; + + op = evictable_offs_to_addr(offsets[i]); + ccprintf("offs %04x:%08x:%08x:%08x addr %p size %d\n", + offsets[i], op[-1], op[0], op[1], op, + (uintptr_t)nvmem_cache_base(NVMEM_TPM) + op[-1] - + (uintptr_t)op); } - /* Test case where user buffer number is valid */ - ret = test_write_read(0, 0x100, NVMEM_USER_0); - if (ret != EC_SUCCESS) - return ret; - /* Attempt same write, but with invalid user number */ - ret = test_write_read(0, 0x100, NVMEM_NUM_USERS); - if (!ret) - return ret; + return obj_count; +} - return EC_SUCCESS; +static size_t fill_cache_offsets(const void *cache, uint16_t *offsets, + size_t max_objects) +{ + uint8_t buf[nvmem_user_sizes[NVMEM_TPM]]; + void *real_cache; + size_t num_offsets; + + real_cache = nvmem_cache_base(NVMEM_TPM); + memcpy(buf, real_cache, sizeof(buf)); + + memcpy(real_cache, cache, sizeof(buf)); + memset(offsets, 0, sizeof(*offsets) * max_objects); + num_offsets = fill_obj_offsets(offsets, max_objects); + + /* Restore the real cache. */ + memcpy(real_cache, buf, sizeof(buf)); + + return num_offsets; } +#define MAX_OFFSETS 20 -static int test_move(void) +static uint32_t get_evict_size(const uint8_t *cache, uint16_t offset) { - uint32_t len = 0x100; - uint32_t nv1_offset; - uint32_t nv2_offset; - int user = 0; - int n; - int ret; + uint32_t next_addr; + uint32_t cache_offset; - /* - * The purpose of this test is to check that nvmem_move() behaves - * properly. This test only uses one user buffer as accessing multiple - * user buffers is tested separately. This test uses writes a set of - * test data then test move operations with full overlap, half overlap - * and no overlap. Folliwng these tests, the boundary conditions for - * move operations are checked for the giver user buffer. - */ + cache_offset = s_evictNvStart + offset; + memcpy(&next_addr, cache + cache_offset - sizeof(next_addr), + sizeof(next_addr)); + + return next_addr - cache_offset; +} + +/* Returns zero if the two objects are identical. */ +static int compare_objects(const uint8_t *cache1, uint16_t offset1, + const uint8_t *cache2, uint16_t offset2) +{ + uint32_t size1; + uint32_t size2; + + size1 = get_evict_size(cache1, offset1); + size2 = get_evict_size(cache2, offset2); + + if (size1 == size2) + return memcmp(cache1 + s_evictNvStart + offset1, + cache2 + s_evictNvStart + offset2, size1); + + return 1; +} +/* + * Compare two instances of NVMEM caches. Reserved spaces should be exactly + * the same for the match, but evictable objects could be rearranged due to + * compaction, updating, etc. + * + * For the two cache instances to be considered the same the sets and contents + * of the evictable object spaces must also match object to object. + */ +static int caches_match(const uint8_t *cache1, const uint8_t *cache2) +{ + int failed_count; + size_t cache1_offs_count; + size_t cache2_offs_count; + size_t i; + uint16_t cache1_offsets[MAX_OFFSETS]; + uint16_t cache2_offsets[MAX_OFFSETS]; + + for (failed_count = i = 0; i < NV_PSEUDO_RESERVE_LAST; i++) { + NV_RESERVED_ITEM ri; + struct { + uint32_t offset; + uint32_t size; + } ranges[3]; + size_t j; + + NvGetReserved(i, &ri); + + ranges[0].offset = ri.offset; + + if (i != NV_STATE_CLEAR) { + ranges[0].size = ri.size; + ranges[1].size = 0; + } else { + ranges[0].size = offsetof(STATE_CLEAR_DATA, pcrSave); + ranges[1].offset = ranges[0].offset + ranges[0].size; + ranges[1].size = sizeof(PCR_SAVE); + ranges[2].offset = ranges[1].offset + ranges[1].size; + ranges[2].size = sizeof(PCR_AUTHVALUE); + } + + for (j = 0; j < ARRAY_SIZE(ranges); j++) { + + uint32_t offset; + uint32_t size; + uint32_t k; + + size = ranges[j].size; + if (!size) + break; + + offset = ranges[j].offset; - nv1_offset = 0; - for (n = 0; n < 3; n++) { - /* Generate Test data */ - generate_random_data(nv1_offset, len); - nv2_offset = nv1_offset + (len / 2) * n; - /* Write data to Nvmem cache memory */ - nvmem_write(nv1_offset, len, &write_buffer[nv1_offset], user); - nvmem_commit(); - /* Test move while data is in cache area */ - nvmem_move(nv1_offset, nv2_offset, len, user); - nvmem_read(nv2_offset, len, read_buffer, user); - if (memcmp(write_buffer, read_buffer, len)) - return EC_ERROR_UNKNOWN; - ccprintf("Memmove nv1 = 0x%x, nv2 = 0x%x\n", - nv1_offset, nv2_offset); + if (!memcmp(cache1 + offset, cache2 + offset, size)) + continue; + + ccprintf("%s:%d failed comparing %d:%d:\n", __func__, + __LINE__, i, j); + for (k = offset; k < (offset + size); k++) + if (cache1[k] != cache2[k]) + ccprintf(" %3d:%02x", k - offset, + cache1[k]); + ccprintf("\n"); + for (k = offset; k < (offset + size); k++) + if (cache1[k] != cache2[k]) + ccprintf(" %3d:%02x", k - offset, + cache2[k]); + ccprintf("\n"); + + failed_count++; + } } - /* Test invalid buffer offsets */ - /* Destination offset is equal to length of buffer */ - nv1_offset = 0; - nv2_offset = nvmem_user_sizes[user]; - /* Attempt to move just 1 byte */ - ret = nvmem_move(nv1_offset, nv2_offset, 1, user); - if (!ret) - return EC_ERROR_UNKNOWN; - - /* Source offset is equal to length of buffer */ - nv1_offset = nvmem_user_sizes[user]; - nv2_offset = 0; - /* Attempt to move just 1 byte */ - ret = nvmem_move(nv1_offset, nv2_offset, 1, user); - if (!ret) - return EC_ERROR_UNKNOWN; - - nv1_offset = 0; - nv2_offset = nvmem_user_sizes[user] - len; - /* Move data chunk from start to end of buffer */ - ret = nvmem_move(nv1_offset, nv2_offset, - len, user); - if (ret) - return ret; - - /* Attempt to move data chunk 1 byte beyond end of user buffer */ - nv1_offset = 0; - nv2_offset = nvmem_user_sizes[user] - len + 1; - ret = nvmem_move(nv1_offset, nv2_offset, - len, user); - if (!ret) - return EC_ERROR_UNKNOWN; - /* nvmem_move returned an error, need to clear internal error state */ - nvmem_commit(); + TEST_ASSERT(!failed_count); + + cache1_offs_count = fill_cache_offsets(cache1, cache1_offsets, + ARRAY_SIZE(cache1_offsets)); + cache2_offs_count = fill_cache_offsets(cache2, cache2_offsets, + ARRAY_SIZE(cache2_offsets)); + + TEST_ASSERT(cache1_offs_count == cache2_offs_count); + + for (i = 0; (i < ARRAY_SIZE(cache1_offsets)) && cache2_offs_count; + i++) { + size_t j; + + for (j = 0; j < cache2_offs_count; j++) { + if (compare_objects(cache1, cache1_offsets[i], cache2, + cache2_offsets[j])) + continue; + /* Remove object from the cache2 offsets. */ + cache2_offsets[j] = cache2_offsets[--cache2_offs_count]; + break; + } + } + + TEST_ASSERT(cache2_offs_count == 0); return EC_SUCCESS; } -static int test_is_different(void) +static int prepare_post_migration_nvmem(void) { - uint32_t len = 0x41; - uint32_t nv1_offset = 0; - int user = 1; - int ret; + TEST_ASSERT(prepare_nvmem_contents() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + return EC_SUCCESS; +} +/* + * This test creates various failure conditions related to interrupted nvmem + * save operations and verifies that transaction integrity is maintained - + * i.e. either all variables get updated, + */ +static int test_nvmem_incomplete_transaction(void) +{ /* - * The purpose of this test is to verify nv_is_different(). Test data is - * written to a location in user buffer 1, then a case that's expected - * to pass along with a case that is expected to fail are checked. Next - * the same tests are repeated when the NvMem write is followed by a - * commit operation. + * Will be more than enough, we can't store more than 15 objects or so + * anyways. */ + uint16_t offsets[MAX_OFFSETS]; + size_t num_objects; + uint8_t buf[nvmem_user_sizes[NVMEM_TPM]]; + + TEST_ASSERT(prepare_post_migration_nvmem() == EC_SUCCESS); + num_objects = fill_obj_offsets(offsets, ARRAY_SIZE(offsets)); + TEST_ASSERT(num_objects == 9); + + /* Save cache state before deleting objects. */ + memcpy(buf, nvmem_cache_base(NVMEM_TPM), sizeof(buf)); + + drop_evictable_obj(evictable_offs_to_addr(offsets[4])); + drop_evictable_obj(evictable_offs_to_addr(offsets[3])); + + failure_mode = TEST_FAIL_WHEN_SAVING; + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + wipe_out_nvmem_cache(); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + + TEST_ASSERT(caches_match(buf, nvmem_cache_base(NVMEM_TPM)) == + EC_SUCCESS); + drop_evictable_obj(evictable_offs_to_addr(offsets[4])); + drop_evictable_obj(evictable_offs_to_addr(offsets[3])); + + /* Check if failure when invalidating is recovered after restart. */ + failure_mode = TEST_FAIL_WHEN_INVALIDATING; + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + ccprintf("%s:%d\n", __func__, __LINE__); + wipe_out_nvmem_cache(); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + ccprintf("%s:%d\n", __func__, __LINE__); + num_objects = fill_obj_offsets(offsets, ARRAY_SIZE(offsets)); + TEST_ASSERT(num_objects == 7); - /* Generate test data */ - generate_random_data(nv1_offset, len); - /* Write to NvMem cache buffer */ - nvmem_write(nv1_offset, len, &write_buffer[nv1_offset], user); - /* Expected to be the same */ - ret = nvmem_is_different(nv1_offset, len, - &write_buffer[nv1_offset], user); - if (ret) - return EC_ERROR_UNKNOWN; - - /* Expected to be different */ - ret = nvmem_is_different(nv1_offset + 1, len, - &write_buffer[nv1_offset], user); - if (!ret) - return EC_ERROR_UNKNOWN; - - /* Commit cache buffer and retest */ - nvmem_commit(); - /* Expected to be the same */ - ret = nvmem_is_different(nv1_offset, len, - &write_buffer[nv1_offset], user); - if (ret) - return EC_ERROR_UNKNOWN; - - /* Expected to be different */ - write_buffer[nv1_offset] ^= 0xff; - ret = nvmem_is_different(nv1_offset, len, - &write_buffer[nv1_offset], user); - if (!ret) - return EC_ERROR_UNKNOWN; + return EC_SUCCESS; +} + +/* + * Verify that interrupted compaction results in a consistent state of the + * NVMEM cache. + */ +static int test_nvmem_interrupted_compaction(void) +{ + uint8_t buf[nvmem_user_sizes[NVMEM_TPM]]; + uint8_t target_list_index; + uint8_t filler = 1; + TEST_ASSERT(prepare_post_migration_nvmem() == EC_SUCCESS); + + /* Let's fill up a couple of pages with erased objects. */ + target_list_index = master_at.list_index + 2; + + do { + /* + * A few randomly picked reserved objects to modify to create + * need for compaction. + */ + const uint8_t objs_to_modify[] = {1, 3, 19, 42}; + size_t i; + + for (i = 0; i < ARRAY_SIZE(objs_to_modify); i++) { + NV_RESERVED_ITEM ri; + + NvGetReserved(i, &ri); + + /* Direct access to the object. */ + memset((uint8_t *)nvmem_cache_base(NVMEM_TPM) + + ri.offset, + filler++, ri.size); + } + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + } while (master_at.list_index != target_list_index); + + /* Save the state of NVMEM cache. */ + memcpy(buf, nvmem_cache_base(NVMEM_TPM), sizeof(buf)); + failure_mode = TEST_FAIL_WHEN_COMPACTING; + compact_nvmem(); + wipe_out_nvmem_cache(); + ccprintf("%s:%d\n", __func__, __LINE__); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + TEST_ASSERT(caches_match(buf, nvmem_cache_base(NVMEM_TPM)) == + EC_SUCCESS); return EC_SUCCESS; } int nvmem_first_task(void *unused) { - uint32_t offset = 0; - uint32_t num_bytes = WRITE_SEGMENT_LEN; - int user = NVMEM_USER_0; - - task_wait_event(0); - /* Generate source data */ - generate_random_data(0, num_bytes); - nvmem_write(0, num_bytes, &write_buffer[offset], user); - /* Read from cache memory */ - nvmem_read(0, num_bytes, read_buffer, user); - /* Verify that write to nvmem was successful */ - TEST_ASSERT_ARRAY_EQ(write_buffer, read_buffer, num_bytes); - /* Wait here with mutex held by this task */ - task_wait_event(0); - /* Write to flash which releases nvmem mutex */ - nvmem_commit(); - nvmem_read(0, num_bytes, read_buffer, user); - /* Verify that write to flash was successful */ - TEST_ASSERT_ARRAY_EQ(write_buffer, read_buffer, num_bytes); - return EC_SUCCESS; } int nvmem_second_task(void *unused) { - uint32_t offset = WRITE_SEGMENT_LEN; - uint32_t num_bytes = WRITE_SEGMENT_LEN; - int user = NVMEM_USER_0; - - task_wait_event(0); - - /* Gen test data and don't overwite test data generated by 1st task */ - generate_random_data(offset, num_bytes); - /* Write test data at offset 0 nvmem user buffer */ - nvmem_write(0, num_bytes, &write_buffer[offset], user); - /* Write to flash */ - nvmem_commit(); - /* Read from nvmem */ - nvmem_read(0, num_bytes, read_buffer, user); - /* Verify that write to nvmem was successful */ - TEST_ASSERT_ARRAY_EQ(&write_buffer[offset], read_buffer, num_bytes); - /* Clear flag to indicate lock test is complete */ - lock_test_started = 0; - return EC_SUCCESS; } -static int test_lock(void) +static void run_test_setup(void) { - /* - * This purpose of this test is to verify the mutex lock portion of the - * nvmem module. There are two additional tasks utilized. The first task - * is woken and it creates some test data and does an - * nvmem_write(). This will cause the mutex to be locked by the 1st - * task. The 1st task then waits and control is returned to this - * function and the 2nd task is woken, the 2nd task also attempts to - * write data to nvmem. The 2nd task should stall waiting for the mutex - * to be unlocked. - * - * When control returns to this function, the 1st task is woken again - * and the nvmem operation is completed. This will allow the 2nd task to - * grab the lock and finish its nvmem operation. The test will not - * complete until the 2nd task finishes the nvmem write. A static global - * flag is used to let this function know when the 2nd task is complete. - * - * Both tasks write to the same location in nvmem so the test will only - * pass if the 2nd task can't write until the nvmem write in the 1st - * task is completed. - */ + /* Allow Flash erase/writes */ + flash_write_fail = 0; + test_reset(); +} - /* Set flag for start of test */ - lock_test_started = 1; - /* Wake first_task */ - task_wake(TASK_ID_NV_1); - task_wait_event(1000); - /* Wake second_task. It should stall waiting for mutex */ - task_wake(TASK_ID_NV_2); - task_wait_event(1000); - /* Go back to first_task so it can complete its nvmem operation */ - task_wake(TASK_ID_NV_1); - /* Wait for 2nd task to complete nvmem operation */ - while (lock_test_started) - task_wait_event(100); +void nvmem_wipe_cache(void) +{ +} - return EC_SUCCESS; +int DCRYPTO_ladder_is_enabled(void) +{ + return 1; } -static int test_nvmem_save(void) +static int test_migration(void) { /* - * The purpose of this test is to verify that if the written value - * did not change the cache contents there is no actual write - * happening at the commit time. + * This purpose of this test is to verify migration of the 'legacy' + * TPM NVMEM format to the new scheme where each element is stored in + * flash in its own container. */ - int dummy_value; - int offset = 0x10; - uint8_t generation_a; - uint8_t generation_b; - uint8_t prev_generation; - uint8_t new_generation; - const struct nvmem_tag *part_a; - const struct nvmem_tag *part_b; - const struct nvmem_tag *new_gen_part; - const struct nvmem_tag *prev_gen_part; - - part_a = (const struct nvmem_tag *)CONFIG_FLASH_NVMEM_BASE_A; - part_b = (const struct nvmem_tag *)CONFIG_FLASH_NVMEM_BASE_B; + TEST_ASSERT(prepare_nvmem_contents() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + TEST_ASSERT(iterate_over_flash() == EC_SUCCESS); + TEST_ASSERT(test_result.var_count == 3); + TEST_ASSERT(test_result.reserved_obj_count == 40); + TEST_ASSERT(test_result.evictable_obj_count == 9); + TEST_ASSERT(test_result.delimiter_count == 1); + TEST_ASSERT(test_result.deleted_obj_count == 0); + TEST_ASSERT(test_result.unexpected_count == 0); + TEST_ASSERT(test_result.valid_data_size == 5214); + TEST_ASSERT(total_var_space == 77); + /* Container pointer not yet set. */ + TEST_ASSERT(!master_at.ct.data_offset && !master_at.ct.ph); + return EC_SUCCESS; +} + +/* + * The purpose of this test is to verify variable storage limits, both per + * object and total. + */ +static int test_var_boundaries(void) +{ + const size_t max_size = 255; /* Key and value must fit in a byte. */ + const uint8_t *key; + const uint8_t *val; + size_t key_len; + size_t val_len; + uint16_t saved_total_var_space; + uint32_t coverage_map; + uint8_t var_key[10]; + + TEST_ASSERT(prepare_new_flash() == EC_SUCCESS); + saved_total_var_space = total_var_space; + coverage_map = 0; + /* - * Make sure nvmem is initialized and both partitions have been - * written. + * Let's use the legacy NVMEM image as a source of fairly random but + * reproducible data. */ - nvmem_init(); + key = legacy_nvmem_image; + val = legacy_nvmem_image; /* - * Make sure something is changed at offset 0x10 into the second user - * space. + * Test limit of max variable body space, use keys and values of + * different sizes, below and above the limit. */ - nvmem_read(offset, sizeof(dummy_value), &dummy_value, NVMEM_USER_1); - dummy_value ^= ~0; - nvmem_write(0x10, sizeof(dummy_value), &dummy_value, NVMEM_USER_1); - nvmem_commit(); + for (key_len = 1; key_len < max_size; key_len += 20) { + + coverage_map |= 1; + + val_len = MIN(max_size, MAX_VAR_BODY_SPACE - key_len); + TEST_ASSERT(setvar(key, key_len, val, val_len) == EC_SUCCESS); + TEST_ASSERT(total_var_space == + saved_total_var_space + key_len + val_len); - /* Verify that the two generation values are different. */ - generation_a = part_a->generation; - generation_b = part_b->generation; - TEST_ASSERT(generation_a != generation_b); + /* Now drop the variable from the storage. */ + TEST_ASSERT(setvar(key, key_len, NULL, 0) == EC_SUCCESS); + TEST_ASSERT(total_var_space == saved_total_var_space); + + /* And if key length allows it, try to write too much. */ + if (val_len == max_size) + continue; + + coverage_map |= 2; + /* + * Yes, let's try writing one byte too many and see that the + * attempt is rejected. + */ + val_len++; + TEST_ASSERT(setvar(key, key_len, val, val_len) == + EC_ERROR_INVAL); + TEST_ASSERT(total_var_space == saved_total_var_space); + } /* - * Figure out which one should change next, we are close to the - * beginnig of the test, no wrap is expected. + * Test limit of max total variable space, use keys and values of + * different sizes, below and above the limit. */ - if (generation_a > generation_b) { - prev_generation = generation_a; - new_generation = generation_a + 1; - new_gen_part = part_b; - prev_gen_part = part_a; - } else { - prev_generation = generation_b; - new_generation = generation_b + 1; - new_gen_part = part_a; - prev_gen_part = part_b; + key_len = sizeof(var_key); + val_len = 20; /* Anything below 256 would work. */ + memset(var_key, 'x', key_len); + + while (1) { + int rv; + + /* + * Change the key so that a new variable is added to the + * storage. + */ + rv = setvar(var_key, key_len, val, val_len); + + if (rv == EC_ERROR_OVERFLOW) + break; + + coverage_map |= 4; + TEST_ASSERT(rv == EC_SUCCESS); + var_key[0]++; + saved_total_var_space += key_len + val_len; } - /* Write a new value, this should trigger generation switch. */ - dummy_value += 1; - TEST_ASSERT(nvmem_write(0x10, sizeof(dummy_value), - &dummy_value, NVMEM_USER_1) == EC_SUCCESS); - TEST_ASSERT(nvmem_commit() == EC_SUCCESS); + TEST_ASSERT(saved_total_var_space == total_var_space); + TEST_ASSERT(saved_total_var_space <= MAX_VAR_TOTAL_SPACE); + TEST_ASSERT((saved_total_var_space + key_len + val_len) > + MAX_VAR_TOTAL_SPACE); - TEST_ASSERT(prev_gen_part->generation == prev_generation); - TEST_ASSERT(new_gen_part->generation == new_generation); + TEST_ASSERT(coverage_map == 7); + return EC_SUCCESS; +} - /* Write the same value, this should NOT trigger generation switch. */ - TEST_ASSERT(nvmem_write(0x10, sizeof(dummy_value), - &dummy_value, NVMEM_USER_1) == EC_SUCCESS); - TEST_ASSERT(nvmem_commit() == EC_SUCCESS); +static int verify_ram_index_space(size_t verify_size) +{ + NV_RESERVED_ITEM ri; + size_t i; + uint32_t casted_size; + uint8_t byte; + uint8_t fill_byte = 0x55; + + if (verify_size > RAM_INDEX_SPACE) + return EC_ERROR_INVAL; + + NvGetReserved(NV_RAM_INDEX_SPACE, &ri); + + /* + * Save the size of the index space, needed on machines where size_t + * is a 64 bit value. + */ + casted_size = verify_size; + + /* + * Now write index space in the cache, we write the complete space, + * but on read back only verify_size bytes are expected to be set. + */ + nvmem_write(ri.offset, sizeof(casted_size), &casted_size, NVMEM_TPM); + + for (i = 0; i < RAM_INDEX_SPACE; i++) + nvmem_write(ri.offset + sizeof(casted_size) + i, + sizeof(fill_byte), &fill_byte, NVMEM_TPM); - TEST_ASSERT(prev_gen_part->generation == prev_generation); - TEST_ASSERT(new_gen_part->generation == new_generation); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + wipe_out_nvmem_cache(); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + + /* Make sure read back size matches. */ + nvmem_read(ri.offset, sizeof(casted_size), &casted_size, NVMEM_TPM); + TEST_ASSERT(casted_size == verify_size); + + /* + * Now check spaces which were supposed to be written (up to + * verify_size) and left intact. + */ + for (i = 0; i < RAM_INDEX_SPACE; i++) { + nvmem_read(ri.offset + sizeof(casted_size) + i, sizeof(byte), + &byte, NVMEM_TPM); + if (i < verify_size) + TEST_ASSERT(byte == fill_byte); + else + TEST_ASSERT(byte == 0); + } return EC_SUCCESS; } -static void run_test_setup(void) +static int test_tpm_nvmem_modify_reserved_objects(void) { - /* Allow Flash erase/writes */ - flash_write_fail = 0; - test_reset(); + NV_RESERVED_ITEM ri; + /* Some random reserved objects' indices. */ + const uint8_t res_obj_ids[] = {1, 4, 9, 20}; + size_t i; + static uint8_t cache_copy[12 * 1024]; + struct nvmem_test_result old_result; + uint64_t new_values[ARRAY_SIZE(res_obj_ids)]; + size_t erased_size; + + TEST_ASSERT(sizeof(cache_copy) >= nvmem_user_sizes[NVMEM_TPM]); + TEST_ASSERT(prepare_new_flash() == EC_SUCCESS); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + iterate_over_flash(); + old_result = test_result; + + /* Preserve NVMEM cache for future comparison. */ + memcpy(cache_copy, nvmem_cache_base(NVMEM_TPM), + nvmem_user_sizes[NVMEM_TPM]); + + erased_size = 0; + /* Modify several reserved objects in the cache. */ + for (i = 0; i < ARRAY_SIZE(res_obj_ids); i++) { + size_t copy_size; + uint8_t *addr_in_cache; + size_t k; + + NvGetReserved(res_obj_ids[i], &ri); + copy_size = MIN(sizeof(new_values[0]), ri.size); + addr_in_cache = + (uint8_t *)nvmem_cache_base(NVMEM_TPM) + ri.offset; + + /* Prepare a new value for the variable. */ + memcpy(new_values + i, addr_in_cache, copy_size); + for (k = 0; k < copy_size; k++) + ((uint8_t *)(new_values + i))[k] ^= 0x55; + + /* Update value in the cache. */ + memcpy(addr_in_cache, new_values + i, copy_size); + + /* And in the cache copy. */ + memcpy(cache_copy + ri.offset, new_values + i, copy_size); + + /* + * This much will be added to the erased space, object size + * plus index size. + */ + erased_size += ri.size + 1; + } + + /* Save it into flash. */ + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + + /* Wipe out the cache to be sure. */ + wipe_out_nvmem_cache(); + + /* Read NVMEM contents from flash. */ + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + + /* Verify that the cache matches expectations. */ + TEST_ASSERT(!memcmp(cache_copy, nvmem_cache_base(NVMEM_TPM), + nvmem_user_sizes[NVMEM_TPM])); + + iterate_over_flash(); + + /* Update previous results with our expectations. */ + old_result.deleted_obj_count += ARRAY_SIZE(res_obj_ids); + old_result.erased_data_size += erased_size; + old_result.delimiter_count++; + + TEST_ASSERT(!memcmp(&test_result, &old_result, sizeof(test_result))); + + /* Verify several index space cases. */ + for (i = 0; i <= RAM_INDEX_SPACE; i += (RAM_INDEX_SPACE / 2)) + TEST_ASSERT(verify_ram_index_space(i) == EC_SUCCESS); + + return EC_SUCCESS; } -void nvmem_wipe_cache(void) +static int compare_object(uint16_t obj_offset, size_t obj_size, const void *obj) { + uint32_t next_addr; + + memcpy(&next_addr, + evictable_offs_to_addr(obj_offset - sizeof(next_addr)), + sizeof(next_addr)); + + ccprintf("next_addr %x, sum %x size %d\n", next_addr, + (s_evictNvStart + obj_offset + obj_size), obj_size); + TEST_ASSERT(next_addr == (s_evictNvStart + obj_offset + obj_size)); + + if (!memcmp(evictable_offs_to_addr(obj_offset), obj, obj_size)) + return EC_SUCCESS; + + return EC_ERROR_INVAL; } -int DCRYPTO_ladder_is_enabled(void) +static int test_tpm_nvmem_modify_evictable_objects(void) { - return 1; + size_t num_objects; + uint16_t offsets[MAX_OFFSETS]; + uint32_t handles[ARRAY_SIZE(offsets)]; + uint32_t new_evictable_object[30]; + size_t i; + const uint32_t new_obj_handle = 0x100; + static uint8_t modified_obj[CONFIG_FLASH_BANK_SIZE]; + size_t modified_obj_size; + uint32_t modified_obj_handle; + uint32_t deleted_obj_handle; + uint8_t *obj_cache_addr; + size_t num_handles; + int new_obj_index; + int modified_obj_index; + + TEST_ASSERT(prepare_new_flash() == EC_SUCCESS); + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + iterate_over_flash(); + + /* Verify that all evictable objects are there. */ + num_objects = fill_obj_offsets(offsets, ARRAY_SIZE(offsets)); + TEST_ASSERT(num_objects == 9); + num_handles = num_objects; + + /* Save handles of all objects there are. */ + for (i = 0; i < num_objects; i++) { + memcpy(handles + i, evictable_offs_to_addr(offsets[i]), + sizeof(handles[i])); + ccprintf("obj %d handle %08x\n", i, handles[i]); + } + /* + * Let's modify the object which currently is stored second in the + * stack. + */ + modified_obj_size = offsets[3] - offsets[2] - sizeof(uint32_t); + + /* Modify the object and copy modified value into local buffer. */ + obj_cache_addr = evictable_offs_to_addr(offsets[2]); + memcpy(&modified_obj_handle, obj_cache_addr, + sizeof(modified_obj_handle)); + + for (i = 0; i < modified_obj_size; i++) { + uint8_t c; + + c = obj_cache_addr[i]; + + if (i >= sizeof(uint32_t)) { /* Preserve the 4 byte handle. */ + c ^= 0x55; + obj_cache_addr[i] = c; + } + modified_obj[i] = c; + } + + /* Save its handle and then drop the object at offset 5. */ + memcpy(&deleted_obj_handle, evictable_offs_to_addr(offsets[5]), + sizeof(deleted_obj_handle)); + drop_evictable_obj(evictable_offs_to_addr(offsets[5])); + + /* Prepare the new evictable object, first four bytes are the handle. */ + for (i = 0; i < ARRAY_SIZE(new_evictable_object); i++) + new_evictable_object[i] = new_obj_handle + i; + + /* Add it to the cache. */ + add_evictable_obj(new_evictable_object, sizeof(new_evictable_object)); + + /* Save the new cache state in the flash. */ + TEST_ASSERT(new_nvmem_save() == EC_SUCCESS); + + /* Wipe out NVMEM cache just in case. */ + wipe_out_nvmem_cache(); + + /* Read back from flash into cache. */ + TEST_ASSERT(nvmem_init() == EC_SUCCESS); + + /* One object removed, one added, the number should have not changed. */ + TEST_ASSERT(num_objects == + fill_obj_offsets(offsets, ARRAY_SIZE(offsets))); + + new_obj_index = 0; + modified_obj_index = 0; + for (i = 0; i < num_objects; i++) { + uint32_t handle; + size_t j; + + memcpy(&handle, evictable_offs_to_addr(offsets[i]), + sizeof(handles[i])); + ASSERT(handle != deleted_obj_handle); + + if (handle == new_obj_handle) + new_obj_index = i; + else if (handle == modified_obj_handle) + modified_obj_index = i; + /* + * Remove the found handle from the set of handles which were + * there originally. + */ + for (j = 0; j < num_handles; j++) + if (handles[j] == handle) { + num_handles--; + handles[j] = handles[num_handles]; + break; + } + } + + /* + * Removed object's handle is still in the array, and it should be the + * only remaining element. + */ + TEST_ASSERT(num_handles == 1); + TEST_ASSERT(handles[0] == deleted_obj_handle); + TEST_ASSERT(new_obj_index >= 0); /* New handle was seen in the cache. */ + TEST_ASSERT(modified_obj_index >= + 0); /* Modified object was seen in the cache. */ + + TEST_ASSERT(compare_object(offsets[new_obj_index], + sizeof(new_evictable_object), + new_evictable_object) == EC_SUCCESS); + TEST_ASSERT(compare_object(offsets[modified_obj_index], + modified_obj_size, + modified_obj) == EC_SUCCESS); + return EC_SUCCESS; } void run_test(void) { run_test_setup(); + + if (0) { + RUN_TEST(test_nvmem_incomplete_transaction); + test_print_result(); + return; + } + RUN_TEST(test_migration); RUN_TEST(test_corrupt_nvmem); RUN_TEST(test_fully_erased_nvmem); RUN_TEST(test_configured_nvmem); - RUN_TEST(test_write_read_sequence); - RUN_TEST(test_write_full_multi); - RUN_TEST(test_write_fail); - RUN_TEST(test_buffer_overflow); - RUN_TEST(test_move); - RUN_TEST(test_is_different); - RUN_TEST(test_lock); - RUN_TEST(test_nvmem_erase_user_data); RUN_TEST(test_nvmem_save); + RUN_TEST(test_var_read_write_delete); + RUN_TEST(test_nvmem_compaction); + RUN_TEST(test_var_boundaries); + RUN_TEST(test_nvmem_erase_tpm_data); + RUN_TEST(test_tpm_nvmem_modify_reserved_objects); + RUN_TEST(test_tpm_nvmem_modify_evictable_objects); + RUN_TEST(test_nvmem_incomplete_transaction); + failure_mode = TEST_NO_FAILURE; /* In case the above test failed. */ + RUN_TEST(test_nvmem_interrupted_compaction); + failure_mode = TEST_NO_FAILURE; /* In case the above test failed. */ + + /* + * more tests to come + * RUN_TEST(test_lock); + * RUN_TEST(test_malloc_blocking); + */ + test_print_result(); } diff --git a/test/pinweaver.c b/test/pinweaver.c index d26842d67d..093443e49e 100644 --- a/test/pinweaver.c +++ b/test/pinweaver.c @@ -16,6 +16,8 @@ #include "test_util.h" +#include + struct pw_test_data_t { union { struct pw_request_t request; @@ -23,7 +25,7 @@ struct pw_test_data_t { /* Reserve space for the variable length fields. */ uint8_t tpm_buffer_size[PW_MAX_MESSAGE_SIZE]; }; -}; +} PW_ALIGN_TO_WRD; /******************************************************************************/ /* Test data @@ -152,13 +154,10 @@ const uint8_t DEFAULT_PCR_DIGEST[] = { /* Config Variables and defines for Mocks. */ -struct tuple MOCK_pw_tuple; struct pw_long_term_storage_t MOCK_pw_long_term_storage; struct pw_log_storage_t MOCK_pw_log_storage; int MOCK_getvar_ret = EC_SUCCESS; int MOCK_setvar_ret = EC_SUCCESS; -int MOCK_writevars_ret = EC_SUCCESS; -void *MOCK_tuple_val_ret; const uint8_t *MOCK_rand_bytes_src; size_t MOCK_rand_bytes_offset; @@ -342,7 +341,6 @@ static void setup_storage(int num_operations) { MOCK_getvar_ret = EC_SUCCESS; MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; memset(&MOCK_pw_long_term_storage, 0, sizeof(MOCK_pw_long_term_storage)); @@ -470,7 +468,6 @@ static void setup_reset_tree_defaults(struct merkle_tree_t *merkle_tree, MOCK_rand_bytes_len = sizeof(EMPTY_TREE.key_derivation_nonce); MOCK_appkey_derive_fail = EC_SUCCESS; MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; } static void setup_insert_leaf_defaults(struct merkle_tree_t *merkle_tree, @@ -513,7 +510,6 @@ static void setup_insert_leaf_defaults(struct merkle_tree_t *merkle_tree, MOCK_hmac = DEFAULT_HMAC; MOCK_aes_fail = 0; MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; } static void setup_remove_leaf_defaults(struct merkle_tree_t *merkle_tree, @@ -540,7 +536,6 @@ static void setup_remove_leaf_defaults(struct merkle_tree_t *merkle_tree, setup_default_empty_path(request->data.remove_leaf.path_hashes); MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; } static void setup_try_auth_defaults_with_leaf( @@ -598,7 +593,6 @@ static void setup_try_auth_defaults_with_leaf( MOCK_hash_update_cb = auth_hash_update_cb; MOCK_aes_fail = 0; MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; } static void setup_try_auth_defaults(struct merkle_tree_t *merkle_tree, @@ -645,7 +639,6 @@ static void setup_reset_auth_defaults(struct merkle_tree_t *merkle_tree, MOCK_hmac = EMPTY_HMAC; /* Gets overwritten by auth_hash_update_cb. */ MOCK_aes_fail = 0; MOCK_setvar_ret = EC_SUCCESS; - MOCK_writevars_ret = EC_SUCCESS; } static void setup_get_log_defaults(struct merkle_tree_t *merkle_tree, @@ -802,33 +795,57 @@ uint8_t get_current_pcr_digest(const uint8_t bitmask[2], */ const struct tuple *getvar(const uint8_t *key, uint8_t key_len) { + struct tuple *var = NULL; + size_t i; + + const struct { + size_t key_len; + const void *key; + size_t val_size; + const void *val; + } vars[] = { + {sizeof(PW_TREE_VAR) - 1, PW_TREE_VAR, + sizeof(MOCK_pw_long_term_storage), &MOCK_pw_long_term_storage}, + {sizeof(PW_LOG_VAR0) - 1, PW_LOG_VAR0, + sizeof(MOCK_pw_log_storage), &MOCK_pw_log_storage}, + }; + + if (!key || !key_len) + return NULL; + if (MOCK_getvar_ret != EC_SUCCESS) return NULL; - MOCK_pw_tuple.flags = 0; - MOCK_pw_tuple.key_len = key_len; + for (i = 0; i < ARRAY_SIZE(vars); i++) { + if ((key_len != vars[i].key_len) || + memcmp(key, vars[i].key, key_len)) { + continue; + } + var = malloc(sizeof(struct tuple) + key_len + vars[i].val_size); + var->flags = 0; + var->val_len = vars[i].val_size; + memcpy(var->data_ + var->key_len, vars[i].val, var->val_len); + break; + } - if (key_len == (sizeof(PW_TREE_VAR) - 1) && - memcmp(key, PW_TREE_VAR, (sizeof(PW_TREE_VAR) - 1)) == 0) { - MOCK_pw_tuple.val_len = sizeof(MOCK_pw_long_term_storage); - MOCK_tuple_val_ret = &MOCK_pw_long_term_storage; - return &MOCK_pw_tuple; - } else if (key_len == (sizeof(PW_LOG_VAR0) - 1) && - memcmp(key, PW_LOG_VAR0, (sizeof(PW_LOG_VAR0) - 1)) == 0) { - MOCK_pw_tuple.val_len = sizeof(struct pw_log_storage_t); - MOCK_tuple_val_ret = &MOCK_pw_log_storage; - return &MOCK_pw_tuple; - } else - return NULL; + return var; } +void freevar(const struct tuple *var) +{ + if (!var) + return; + + /* This typecast is OK because we know that 'var' came from malloc. */ + free((void *)var); +} const uint8_t *tuple_val(const struct tuple *tpl) { - return MOCK_tuple_val_ret; + return tpl->data_ + tpl->key_len; } -int setvar(const uint8_t *key, uint8_t key_len, - const uint8_t *val, uint8_t val_len) +int setvar(const uint8_t *key, uint8_t key_len, const uint8_t *val, + uint8_t val_len) { if (MOCK_setvar_ret != EC_SUCCESS) return MOCK_setvar_ret; @@ -847,11 +864,6 @@ int setvar(const uint8_t *key, uint8_t key_len, return EC_ERROR_UNKNOWN; } -int writevars(void) -{ - return MOCK_writevars_ret; -} - /******************************************************************************/ /* Mock implementations of TRNG functionality. */ @@ -1214,7 +1226,7 @@ static int handle_reset_tree_nv_fail(void) setup_reset_tree_defaults(&merkle_tree, &buf.request); - MOCK_writevars_ret = PW_ERR_NV_LENGTH_MISMATCH; + MOCK_setvar_ret = PW_ERR_NV_LENGTH_MISMATCH; TEST_RET_EQ(test_handle_short_msg(&merkle_tree, &buf, merkle_tree.root), PW_ERR_NV_LENGTH_MISMATCH); @@ -1364,7 +1376,7 @@ static int handle_insert_leaf_nv_fail(void) setup_insert_leaf_defaults(&merkle_tree, &buf.request); - MOCK_writevars_ret = PW_ERR_NV_LENGTH_MISMATCH; + MOCK_setvar_ret = PW_ERR_NV_LENGTH_MISMATCH; TEST_RET_EQ(test_handle_short_msg(&merkle_tree, &buf, merkle_tree.root), PW_ERR_NV_LENGTH_MISMATCH); @@ -1535,7 +1547,7 @@ static int handle_remove_leaf_nv_fail(void) setup_remove_leaf_defaults(&merkle_tree, &buf.request); - MOCK_writevars_ret = PW_ERR_NV_LENGTH_MISMATCH; + MOCK_setvar_ret = PW_ERR_NV_LENGTH_MISMATCH; TEST_RET_EQ(test_handle_short_msg(&merkle_tree, &buf, merkle_tree.root), PW_ERR_NV_LENGTH_MISMATCH); @@ -1789,7 +1801,7 @@ static int handle_try_auth_nv_fail(void) force_restart_count(0); force_time((timestamp_t){.val = 65 * SECOND}); - MOCK_writevars_ret = PW_ERR_NV_LENGTH_MISMATCH; + MOCK_setvar_ret = PW_ERR_NV_LENGTH_MISMATCH; TEST_RET_EQ(test_handle_short_msg(&merkle_tree, &buf, merkle_tree.root), PW_ERR_NV_LENGTH_MISMATCH); @@ -2136,7 +2148,7 @@ static int handle_reset_auth_nv_fail(void) setup_reset_auth_defaults(&merkle_tree, &buf.request); - MOCK_writevars_ret = PW_ERR_NV_LENGTH_MISMATCH; + MOCK_setvar_ret = PW_ERR_NV_LENGTH_MISMATCH; TEST_RET_EQ(test_handle_short_msg(&merkle_tree, &buf, merkle_tree.root), PW_ERR_NV_LENGTH_MISMATCH); -- cgit v1.2.1