|
| 1 | +# Test Plan |
| 2 | + |
| 3 | +## Goals: |
| 4 | + |
| 5 | +- Validate bootloader functionality |
| 6 | + -Ensure that Bootloader does not violate the UC/BL contract |
| 7 | +- Validate bootloader configurations for a new platform |
| 8 | +- The bootloader needs to be validated as a standalone product |
| 9 | + |
| 10 | +## Functional Tests: |
| 11 | + |
| 12 | +### Firmware update |
| 13 | + |
| 14 | +1. Given correct header and active firmware, bootloader boots into the active image. |
| 15 | +1. Given correct header and a single firmware candidate, bootloader copies the candidate onto the active region and boots into the active image |
| 16 | + |
| 17 | +### Rollback protection |
| 18 | + |
| 19 | +1. Given single firmware candidate with a same or older version than the active, does not perform an update. |
| 20 | + |
| 21 | +### Multiple candidates |
| 22 | + |
| 23 | +1. Given 2 valid firmware candidates, perform update with newer firmware. |
| 24 | +1. Given 2 valid firmware candidates of the exact same content and header, perform update with either firmware. |
| 25 | +1. Set max firmare candidate slots to 1 and give valid firmware in slot 2, does not perform update. |
| 26 | + |
| 27 | +### Integrity check of firmware candidates |
| 28 | + |
| 29 | +1. Given corrupted candidate header, does not perform update. |
| 30 | +1. Given corrupted candidate firmware, does not perform update. |
| 31 | +1. Given old header version, does not perform update. |
| 32 | + |
| 33 | +### Integrity check of active firmware |
| 34 | + |
| 35 | +1. Given corrupted active firmware header, does not boot into firmware. |
| 36 | +1. Given corrupted active firmware, does not boot into firmware. |
| 37 | +1. Given corrupted active firmware, valid firmware candidate of older version, always perform update. |
| 38 | + |
| 39 | +### Overall size (< 32K) |
| 40 | + |
| 41 | +1. Test that the compiled binary does not exeed 32K limit |
| 42 | + |
| 43 | +## Stress Tests |
| 44 | + |
| 45 | +### Successful update |
| 46 | + |
| 47 | +1. Repeatedly update firmware candidate onto active region |
| 48 | + |
| 49 | +### Forward to Application |
| 50 | + |
| 51 | +1. Repeatedly reboot device and see that the application boots up successfully every time |
| 52 | + |
| 53 | +### Power Cut |
| 54 | + |
| 55 | +1. power cut at a random times during whole firmware update process |
| 56 | + |
| 57 | +## Testing Variants of the bootloader |
| 58 | + |
| 59 | +### Platforms |
| 60 | + |
| 61 | +1. K64F |
| 62 | +1. NUCLEO_F429ZI |
| 63 | +1. UBLOX_EVK_ODIN_W2 |
| 64 | + |
| 65 | +### Storage options |
| 66 | + |
| 67 | +1. SD Block Device with ARM_UCP_FLASHIAP_BLOCKDEVICE |
| 68 | +1. Internal Flash with ARM_UCP_FLASHIAP |
| 69 | + |
| 70 | +### RoT options |
| 71 | + |
| 72 | +1. SOTP |
| 73 | +1. Insecure Example RoT |
0 commit comments