OCP_2_6_Group_4

DSSD_26_Rollback_Prevention_Test_Case.py

For rollback prevention the test objectives are to verify the following:

  1. That when attempting to perform a firmware update on a secure drive using a validly signed firmware image that has a security version number equal to the current security version number the commit action step succeeds, the secured drive is updated with the new firmware, and the current security version number is unchanged.

  2. That when attempting to perform a firmware update on a secure drive using a validly signed firmware image that has a security version number greater than the current security version number the commit action step succeeds, the secured drive is updated with the new firmware, and the current security version number reported in C0h log page is updated to the new security version number.

  3. That when attempting to perform a firmware update on a secure drive using a validly signed firmware image that has a security version number less than the current security version number the commit action step fails, and the secured drive is not updated with the new firmware.

  4. That the security version number is not the same as the firmware version.

  5. That a firmware image that increases the security version is successfully activated, the read-only slot 1 is also updated with the new firmware image.

Open Compute Project Datacenter NVMe SSD Spec v2.5 requirements referenced by this script:

SEC-1, SEC-3, SEC-5, FWUP-8, FWUP-20

DSSD_26_Secured_Drive_Verification_Test_Case.py

For secured drive testing, the test objectives are to verify the following:

  1. That when a firmware update is performed on a secured drive using a firmware image signed with a new key that has previously been provisioned, i.e., PK2, the firmware update is successful, the new firmware is committed and activated.

  2. That when a firmware update is performed on a secured drive executing firmware signed with PK2 using a firmware image signed with PK1, the firmware update fails, and the drive is unchanged.

Open Compute Project Datacenter NVMe SSD Spec v2.0 requirements referenced by this script:

SEC-1, SEC-3, SEC-5, SEC-9

DSSD_26_Unsecured_Drive_Verification_Test_Case.py

For an unsecured drive, the secure boot test objectives are to verify the following:

  1. That when attempting to perform a firmware update on an unsecured drive using a valid and signed firmware image, the firmware update fails, and the drive firmware is unchanged.

  2. That when attempting to perform a firmware update using a valid unsigned firmware image, the firmware update succeeds, and the drive firmware is updated to the new unsigned firmware image.

Open Compute Project Datacenter NVMe SSD Spec v2.5 requirements referenced by this script:

SEC-1/5