forked from davidsaada/mbed-os
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Define bootloader test plan (ARMmbed#97)
- Loading branch information
Showing
2 changed files
with
73 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| # Test Plan | ||
|
|
||
| ## Goals: | ||
|
|
||
| - Validate bootloader functionality | ||
| -Ensure that Bootloader does not violate the UC/BL contract | ||
| - Validate bootloader configurations for a new platform | ||
| - The bootloader needs to be validated as a standalone product | ||
|
|
||
| ## Functional Tests: | ||
|
|
||
| ### Firmware update | ||
|
|
||
| 1. Given correct header and active firmware, bootloader boots into the active image. | ||
| 1. Given correct header and a single firmware candidate, bootloader copies the candidate onto the active region and boots into the active image | ||
|
|
||
| ### Rollback protection | ||
|
|
||
| 1. Given single firmware candidate with a same or older version than the active, does not perform an update. | ||
|
|
||
| ### Multiple candidates | ||
|
|
||
| 1. Given 2 valid firmware candidates, perform update with newer firmware. | ||
| 1. Given 2 valid firmware candidates of the exact same content and header, perform update with either firmware. | ||
| 1. Set max firmare candidate slots to 1 and give valid firmware in slot 2, does not perform update. | ||
|
|
||
| ### Integrity check of firmware candidates | ||
|
|
||
| 1. Given corrupted candidate header, does not perform update. | ||
| 1. Given corrupted candidate firmware, does not perform update. | ||
| 1. Given old header version, does not perform update. | ||
|
|
||
| ### Integrity check of active firmware | ||
|
|
||
| 1. Given corrupted active firmware header, does not boot into firmware. | ||
| 1. Given corrupted active firmware, does not boot into firmware. | ||
| 1. Given corrupted active firmware, valid firmware candidate of older version, always perform update. | ||
|
|
||
| ### Overall size (< 32K) | ||
|
|
||
| 1. Test that the compiled binary does not exeed 32K limit | ||
|
|
||
| ## Stress Tests | ||
|
|
||
| ### Successful update | ||
|
|
||
| 1. Repeatedly update firmware candidate onto active region | ||
|
|
||
| ### Forward to Application | ||
|
|
||
| 1. Repeatedly reboot device and see that the application boots up successfully every time | ||
|
|
||
| ### Power Cut | ||
|
|
||
| 1. power cut at a random times during whole firmware update process | ||
|
|
||
| ## Testing Variants of the bootloader | ||
|
|
||
| ### Platforms | ||
|
|
||
| 1. K64F | ||
| 1. NUCLEO_F429ZI | ||
| 1. UBLOX_EVK_ODIN_W2 | ||
|
|
||
| ### Storage options | ||
|
|
||
| 1. SD Block Device with ARM_UCP_FLASHIAP_BLOCKDEVICE | ||
| 1. Internal Flash with ARM_UCP_FLASHIAP | ||
|
|
||
| ### RoT options | ||
|
|
||
| 1. SOTP | ||
| 1. Insecure Example RoT |
This file was deleted.
Oops, something went wrong.