flash_encryption: Add several test environments for flash encryption test

.gitlab/ci/target-test.yml

@@ -219,6 +219,14 @@ component_ut_pytest_esp32_lan8720:
     - build_pytest_components_esp32
   tags: [ esp32, lan8720 ]
 
+component_ut_pytest_esp32_flash_encryption:
+  extends:
+    - .pytest_components_dir_template
+    - .rules:test:component_ut-esp32
+  needs:
+    - build_pytest_components_esp32
+  tags: [ esp32, flash_encryption ]
+
 component_ut_pytest_esp32s2_generic:
   extends:
     - .pytest_components_dir_template
@@ -243,6 +251,22 @@ component_ut_pytest_esp32s3_octal_psram:
     - build_pytest_components_esp32s3
   tags: [ esp32s3, octal_psram ]
 
+component_ut_pytest_esp32s3_flash_encryption_f4r8:
+  extends:
+    - .pytest_components_dir_template
+    - .rules:test:component_ut-esp32s3
+  needs:
+    - build_pytest_components_esp32s3
+  tags: [ esp32s3, flash_encryption_f4r8 ]
+
+component_ut_pytest_esp32s3_flash_encryption_f8r8:
+  extends:
+    - .pytest_components_dir_template
+    - .rules:test:component_ut-esp32s3
+  needs:
+    - build_pytest_components_esp32s3
+  tags: [ esp32s3, flash_encryption_f8r8 ]
+
 component_ut_pytest_esp32c2_generic:
   extends:
     - .pytest_components_dir_template
@@ -259,6 +283,14 @@ component_ut_pytest_esp32c3_generic:
     - build_pytest_components_esp32c3
   tags: [ esp32c3, generic ]
 
+component_ut_pytest_esp32c3_flash_encryption:
+  extends:
+    - .pytest_components_dir_template
+    - .rules:test:component_ut-esp32c3
+  needs:
+    - build_pytest_components_esp32c3
+  tags: [ esp32c3, flash_encryption ]
+
 .pytest_test_apps_dir_template:
   extends: .pytest_template
   variables:
@@ -769,13 +801,6 @@ UT_020:
     - Example_SPI_Multi_device
     - psram
 
-UT_021:
-  extends: .unit_test_esp32_template
-  tags:
-    - ESP32_IDF
-    - psram
-    - UT_T1_FlashEncryption
-
 UT_022:
   extends: .unit_test_esp32_template
   tags:
@@ -790,12 +815,6 @@ UT_028:
     - UT_T2_1
     - psram
 
-UT_031:
-  extends: .unit_test_esp32_template
-  tags:
-    - ESP32_IDF
-    - UT_T1_FlashEncryption
-
 UT_033:
   extends: .unit_test_esp32_template
   tags:
@@ -910,12 +929,6 @@ UT_C3_SPI_DUAL:
     - ESP32C3_IDF
     - Example_SPI_Multi_device
 
-UT_C3_FLASH_ENC:
-  extends: .unit_test_esp32c3_template
-  tags:
-    - ESP32C3_IDF
-    - UT_T1_FlashEncryption
-
 UT_C3_I2C:
   extends: .unit_test_esp32c3_template
   tags:

components/spi_flash/.build-test-rules.yml

@@ -4,3 +4,9 @@ components/spi_flash/host_test/partition_api_test:
   enable:
     - if: IDF_TARGET == "linux"
       reason: only test on linux
+
+components/spi_flash/test_apps/flash_encryption:
+  disable_test:
+    - if: IDF_TARGET in ["esp32c2", "esp32s2"]
+      temporary: true
+      reason: No runners # IDF-5634

components/spi_flash/test_apps/flash_encryption/CMakeLists.txt

@@ -0,0 +1,5 @@
+# This is the project CMakeLists.txt file for the test subproject
+cmake_minimum_required(VERSION 3.16)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(test_flash_encryption)

components/spi_flash/test_apps/flash_encryption/README.md

@@ -0,0 +1,6 @@
+| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
+| ----------------- | ----- | -------- | -------- | -------- | -------- |
+
+## Prepare runner
+
+To prepare flash encryption tunner, you can run `encrypt_flash.sh`. Note that doing so will burn efuses.

components/spi_flash/test_apps/flash_encryption/encrypt_flash.sh

@@ -0,0 +1,14 @@
+#This is the step for ESP32-S2/S3/C3
+
+#!/bin/bash
+set -e
+if [ -z "$ESPPORT" ]; then
+    echo "ESPPORT must be set"
+    exit 1
+fi
+dd if=/dev/zero of=key.bin bs=1 count=32
+# Change the first byte as espsecure uses modules that won't
+# allow symmetric keys
+echo -ne \\xFF | dd conv=notrunc bs=1 count=1 of=key.bin
+espefuse.py --do-not-confirm -p $ESPPORT burn_efuse SPI_BOOT_CRYPT_CNT 0x1
+espefuse.py --do-not-confirm -p $ESPPORT burn_key BLOCK_KEY2 key.bin XTS_AES_128_KEY

components/spi_flash/test_apps/flash_encryption/main/CMakeLists.txt

@@ -0,0 +1,5 @@
+set(srcs "test_app_main.c"
+         "test_flash_encryption.c")
+
+idf_component_register(SRCS ${srcs}
+                       WHOLE_ARCHIVE)

components/spi_flash/test_apps/flash_encryption/main/test_app_main.c

@@ -0,0 +1,57 @@
+/*
+ * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "unity.h"
+#include "unity_test_runner.h"
+#include "esp_heap_caps.h"
+
+// Some resources are lazy allocated in flash encryption, the threadhold is left for that case
+#define TEST_MEMORY_LEAK_THRESHOLD (-300)
+
+static size_t before_free_8bit;
+static size_t before_free_32bit;
+
+static void check_leak(size_t before_free, size_t after_free, const char *type)
+{
+    ssize_t delta = after_free - before_free;
+    printf("MALLOC_CAP_%s: Before %u bytes free, After %u bytes free (delta %d)\n", type, before_free, after_free, delta);
+    TEST_ASSERT_MESSAGE(delta >= TEST_MEMORY_LEAK_THRESHOLD, "memory leak");
+}
+
+void setUp(void)
+{
+    before_free_8bit = heap_caps_get_free_size(MALLOC_CAP_8BIT);
+    before_free_32bit = heap_caps_get_free_size(MALLOC_CAP_32BIT);
+}
+
+void tearDown(void)
+{
+    size_t after_free_8bit = heap_caps_get_free_size(MALLOC_CAP_8BIT);
+    size_t after_free_32bit = heap_caps_get_free_size(MALLOC_CAP_32BIT);
+    check_leak(before_free_8bit, after_free_8bit, "8BIT");
+    check_leak(before_free_32bit, after_free_32bit, "32BIT");
+}
+
+void app_main(void)
+{
+    //    #######                                #######
+    // #       #        ##    ####  #    #    #        ####  #    # #####  #   # #####  ##### #  ####  #    #
+    // #       #       #  #  #      #    #    #       #    # ##   # #    #  # #  #    #   #   # #    # ##   #
+    // #####   #      #    #  ####  ######    #####   #      # #  # #    #   #   #    #   #   # #    # # #  #
+    // #       #      ######      # #    #    #       #      #  # # #####    #   #####    #   # #    # #  # #
+    // #       #      #    # #    # #    #    #       #    # #   ## #   #    #   #        #   # #    # #   ##
+    // #       ###### #    #  ####  #    #    #######  ####  #    # #    #   #   #        #   #  ####  #    #
+
+    printf("   #######                                #######                                                     \n");
+    printf("#       #        ##    ####  #    #    #        ####  #    # #####  #   # #####  ##### #  ####  #    #\n");
+    printf("#       #       #  #  #      #    #    #       #    # ##   # #    #  # #  #    #   #   # #    # ##   #\n");
+    printf("#####   #      #    #  ####  ######    #####   #      # #  # #    #   #   #    #   #   # #    # # #  #\n");
+    printf("#       #      ######      # #    #    #       #      #  # # #####    #   #####    #   # #    # #  # #\n");
+    printf("#       #      #    # #    # #    #    #       #    # #   ## #   #    #   #        #   # #    # #   ##\n");
+    printf("#       ###### #    #  ####  #    #    #######  ####  #    # #    #   #   #        #   #  ####  #    #\n");
+
+    unity_run_menu();
+}

components/spi_flash/test/test_flash_encryption.c → components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c

@@ -1,15 +1,20 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense OR CC0-1.0
+ */
 #include <stdio.h>
-#include <freertos/FreeRTOS.h>
-#include <freertos/task.h>
-#include <freertos/semphr.h>
-
-#include <unity.h>
-#include <test_utils.h>
+#include <stdlib.h>
+#include "esp_log.h"
+#include "unity.h"
+#include "esp_flash.h"
 #include <spi_flash_mmap.h>
 #include <esp_attr.h>
 #include <esp_flash_encrypt.h>
 #include <string.h>
 #include "esp_log.h"
+#include "esp_partition.h"
+#include "esp_heap_caps.h"
 
 /*-------------------- For running this test, some configurations are necessary -------------------*/
 /*     ESP32    |           CONFIG_SECURE_FLASH_ENC_ENABLED         |             SET              */
@@ -27,6 +32,15 @@ static void verify_erased_flash(size_t offset, size_t length);
 
 static size_t start;
 
+const esp_partition_t *get_test_data_partition(void)
+{
+    /* This finds "flash_test" partition defined in partition_table_unit_test_app.csv */
+    const esp_partition_t *result = esp_partition_find_first(ESP_PARTITION_TYPE_DATA,
+            ESP_PARTITION_SUBTYPE_ANY, "flash_test");
+    TEST_ASSERT_NOT_NULL(result); /* means partition table set wrong */
+    return result;
+}
+
 static void setup_tests(void)
 {
     const esp_partition_t *part = get_test_data_partition();
@@ -46,7 +60,7 @@ static void verify_erased_flash(size_t offset, size_t length)
     free(readback);
 }
 
-TEST_CASE("test 16 byte encrypted writes", "[flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test 16 byte encrypted writes", "[flash_encryption]")
 {
     setup_tests();
 
@@ -107,7 +121,7 @@ static void test_encrypted_write(size_t offset, const uint8_t *data, size_t leng
     TEST_ASSERT_EQUAL_HEX8_ARRAY(data, readback, length);
 }
 
-TEST_CASE("test read & write random encrypted data", "[flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test read & write random encrypted data", "[flash_encryption]")
 {
     const int MAX_LEN = 192;
     //buffer to hold the read data
@@ -190,7 +204,7 @@ static void test_encrypted_write_new_impl(size_t offset, const uint8_t *data, si
     free(readback);
 }
 
-TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[flash_encryption]")
 {
     setup_tests();
 
@@ -238,7 +252,7 @@ TEST_CASE("test 16 byte encrypted writes (esp_flash)", "[esp_flash_enc][flash_en
     verify_erased_flash(start + 0x120, 0x10);
 }
 
-TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[flash_encryption]")
 {
     setup_tests();
 
@@ -264,7 +278,7 @@ TEST_CASE("test read & write encrypted data(32 bytes alianed address)", "[esp_fl
     free(cmp_encrypt_buf);
 }
 
-TEST_CASE("test read & write encrypted data(16 bytes alianed but 32 bytes unaligned)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test read & write encrypted data(16 bytes alianed but 32 bytes unaligned)", "[flash_encryption]")
 {
     setup_tests();
     TEST_ESP_OK(esp_flash_erase_region(NULL, start, SPI_FLASH_SEC_SIZE));
@@ -310,7 +324,7 @@ static const uint8_t large_const_buffer[16432] = {
     202, // last byte
 };
 
-TEST_CASE("test read & write encrypted data with large buffer(n*64+32+16)", "[esp_flash_enc][flash_encryption][test_env=UT_T1_FlashEncryption]")
+TEST_CASE("test read & write encrypted data with large buffer(n*64+32+16)", "[flash_encryption]")
 {
     // The tested buffer should be n*64(or n*32)+16 bytes.
     setup_tests();

components/spi_flash/test_apps/flash_encryption/partitions.csv

@@ -0,0 +1,5 @@
+# Name,     Type, SubType, Offset,   Size, Flags
+# Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
+nvs,        data, nvs,      0x9000,  0x6000,
+factory,    0,    0,        0x10000, 1M
+flash_test, data, fat,      ,        528K

components/spi_flash/test_apps/flash_encryption/pytest_flash_encrypted.py

@@ -0,0 +1,51 @@
+# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+# SPDX-License-Identifier: Apache-2.0
+
+import pytest
+from pytest_embedded import Dut
+
+
+@pytest.mark.esp32
+@pytest.mark.esp32c3
+@pytest.mark.flash_encryption
+@pytest.mark.parametrize(
+    'config',
+    [
+        'release',
+    ],
+    indirect=True,
+)
+def test_flash_encryption(dut: Dut) -> None:
+    dut.expect_exact('Press ENTER to see the list of tests')
+    dut.write('*')
+    dut.expect_unity_test_output()
+
+
+@pytest.mark.esp32s3
+@pytest.mark.flash_encryption_f4r8
+@pytest.mark.parametrize(
+    'config',
+    [
+        'release_f4r8',
+    ],
+    indirect=True,
+)
+def test_flash_encryption_f4r8(dut: Dut) -> None:
+    dut.expect_exact('Press ENTER to see the list of tests')
+    dut.write('*')
+    dut.expect_unity_test_output()
+
+
+@pytest.mark.esp32s3
+@pytest.mark.flash_encryption_f8r8
+@pytest.mark.parametrize(
+    'config',
+    [
+        'release_f8r8',
+    ],
+    indirect=True,
+)
+def test_flash_encryption_f8r8(dut: Dut) -> None:
+    dut.expect_exact('Press ENTER to see the list of tests')
+    dut.write('*')
+    dut.expect_unity_test_output()

tools/unit-test-app/configs/flash_encryption_psram → components/spi_flash/test_apps/flash_encryption/sdkconfig.ci.release

@@ -1,7 +1,10 @@
-# This config is for ESP32 only (no ESP32-S2/S3 flash encryption support yet, ESP32-C3 has no psram)
-CONFIG_IDF_TARGET="esp32"
-TEST_COMPONENTS=spi_flash
-TEST_GROUPS=flash_encryption
+CONFIG_ESP_TASK_WDT=n
+CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
+CONFIG_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
 CONFIG_SECURE_FLASH_ENC_ENABLED=y
 CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
 CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
@@ -10,5 +13,3 @@ CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
 CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
 CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
-CONFIG_SPIRAM=y
-CONFIG_ESPTOOLPY_FLASHFREQ_80M=y

components/spi_flash/test_apps/flash_encryption/sdkconfig.ci.release_f4r8

@@ -0,0 +1,17 @@
+CONFIG_ESP_TASK_WDT=n
+CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
+CONFIG_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
+CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
+CONFIG_SECURE_BOOT_ALLOW_JTAG=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
+CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
+CONFIG_SPIRAM_MODE_OCT=y
+CONFIG_SPIRAM_TYPE_AUTO=y

components/spi_flash/test_apps/flash_encryption/sdkconfig.ci.release_f8r8

@@ -0,0 +1,18 @@
+CONFIG_ESP_TASK_WDT=n
+CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
+CONFIG_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
+CONFIG_SECURE_FLASH_ENC_ENABLED=y
+CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
+CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
+CONFIG_SECURE_BOOT_ALLOW_JTAG=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
+CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
+CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
+CONFIG_SPIRAM_MODE_OCT=y
+CONFIG_SPIRAM_TYPE_AUTO=y
+CONFIG_ESPTOOLPY_FLASHMODE_OPI=y

tools/unit-test-app/configs/flash_encryption → components/spi_flash/test_apps/flash_encryption/sdkconfig.defaults

@@ -1,7 +1,6 @@
-# This config is for ESP32 only (no ESP32-S2 flash encryption support yet)
-CONFIG_IDF_TARGET="esp32"
-TEST_COMPONENTS=spi_flash
-TEST_GROUPS=flash_encryption
+CONFIG_ESP_TASK_WDT=n
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
 CONFIG_SECURE_FLASH_ENC_ENABLED=y
 CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
 CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y

pytest.ini

@@ -38,6 +38,9 @@ markers =
   usb_host: usb host runners
   ethernet_ota: ethernet OTA runners
   flash_encryption: Flash Encryption runners
+  flash_encryption_f4r8: Flash Encryption runners with 4-line flash and 8-line psram
+  flash_encryption_f8r8: Flash Encryption runners with 8-line flash and 8-line psram
+  psram: Chip has 4-line psram
   ir_transceiver: runners with a pair of IR transmitter and receiver
   flash_encryption_wifi_high_traffic: Flash Encryption runners with wifi high traffic support
   ethernet: ethernet runner

tools/unit-test-app/configs/flash_encryption_c3

@@ -1,14 +0,0 @@
-CONFIG_IDF_TARGET="esp32c3"
-TEST_COMPONENTS=spi_flash
-TEST_GROUPS=flash_encryption
-CONFIG_EFUSE_VIRTUAL=n
-CONFIG_SECURE_FLASH_ENC_ENABLED=y
-CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
-CONFIG_SECURE_BOOT_ALLOW_JTAG=y
-CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
-CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
-CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
-
-# CI uses ECO2 for flash_encryption tests
-CONFIG_ESP32C3_REV_MIN_2=y
-CONFIG_ESP32C3_REV_MIN=2