From 9c8e93ff72a12f92e5ed0958e969e39efa27d4ef Mon Sep 17 00:00:00 2001
From: Mateusz Michalek <mateusz.michalek@nordicsemi.no>
Date: Mon, 17 Feb 2025 13:52:24 +0100
Subject: [PATCH] tests: subsys: bootlader: b0_lock

test for NSIB self lock.

Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no>
---
 .../subsys/bootloader/b0_lock/CMakeLists.txt  | 14 +++++
 tests/subsys/bootloader/b0_lock/prj.conf      |  6 ++
 tests/subsys/bootloader/b0_lock/src/main.c    | 59 +++++++++++++++++++
 tests/subsys/bootloader/b0_lock/sysbuild.conf |  7 +++
 tests/subsys/bootloader/b0_lock/testcase.yaml | 10 ++++
 5 files changed, 96 insertions(+)
 create mode 100644 tests/subsys/bootloader/b0_lock/CMakeLists.txt
 create mode 100644 tests/subsys/bootloader/b0_lock/prj.conf
 create mode 100644 tests/subsys/bootloader/b0_lock/src/main.c
 create mode 100644 tests/subsys/bootloader/b0_lock/sysbuild.conf
 create mode 100644 tests/subsys/bootloader/b0_lock/testcase.yaml

diff --git a/tests/subsys/bootloader/b0_lock/CMakeLists.txt b/tests/subsys/bootloader/b0_lock/CMakeLists.txt
new file mode 100644
index 000000000000..4cd80cdfdd36
--- /dev/null
+++ b/tests/subsys/bootloader/b0_lock/CMakeLists.txt
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_minimum_required(VERSION 3.20.0)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(NONE)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+target_include_directories(app PRIVATE .)
diff --git a/tests/subsys/bootloader/b0_lock/prj.conf b/tests/subsys/bootloader/b0_lock/prj.conf
new file mode 100644
index 000000000000..e0c651b25aff
--- /dev/null
+++ b/tests/subsys/bootloader/b0_lock/prj.conf
@@ -0,0 +1,6 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+CONFIG_ZTEST=y
diff --git a/tests/subsys/bootloader/b0_lock/src/main.c b/tests/subsys/bootloader/b0_lock/src/main.c
new file mode 100644
index 000000000000..03bdf0188a41
--- /dev/null
+++ b/tests/subsys/bootloader/b0_lock/src/main.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/ztest.h>
+#include <hal/nrf_rramc.h>
+
+#define RRAMC_REGION_FOR_BOOTCONF 3
+static uint32_t expected_fatal;
+static uint32_t actual_fatal;
+static nrf_rramc_region_config_t config;
+
+void k_sys_fatal_error_handler(unsigned int reason, const struct arch_esf *pEsf)
+{
+	printk("Caught system error -- reason %d\n", reason);
+	actual_fatal++;
+}
+
+void check_fatal(void *unused)
+{
+	zassert_equal(expected_fatal, actual_fatal,
+		"Wrong number of fatal errors has occurred (e:%d != a:%d).",
+		expected_fatal, actual_fatal);
+}
+
+void *get_config(void)
+{
+	nrf_rramc_region_config_get(NRF_RRAMC,
+			RRAMC_REGION_FOR_BOOTCONF,
+			&config);
+	zassert_equal(0, config.permissions &
+			(NRF_RRAMC_REGION_PERM_READ_MASK |
+			 NRF_RRAMC_REGION_PERM_WRITE_MASK |
+			 NRF_RRAMC_REGION_PERM_EXECUTE_MASK),
+			"Read Write and eXecute permissions aren't cleared");
+	zassert_true(config.size_kb > 0, "Protected region has zero size.");
+	return NULL;
+}
+
+ZTEST(b0_self_lock_test, test_reading_b0_image)
+{
+	uint32_t protected_end_address = 1024 * config.size_kb;
+	int val;
+
+	printk("Legal read\n");
+	val = *((volatile int*)protected_end_address);
+	config.permissions = NRF_RRAMC_REGION_PERM_READ_MASK |
+			     NRF_RRAMC_REGION_PERM_WRITE_MASK |
+			     NRF_RRAMC_REGION_PERM_EXECUTE_MASK;
+	/* Try unlocking. This should take no effect at this point */
+	nrf_rramc_region_config_set(NRF_RRAMC, RRAMC_REGION_FOR_BOOTCONF, &config);
+	printk("Illegal read\n");
+	expected_fatal++;
+	val = *((volatile int*)protected_end_address-1);
+}
+
+ZTEST_SUITE(b0_self_lock_test, NULL, get_config, NULL, check_fatal, NULL);
diff --git a/tests/subsys/bootloader/b0_lock/sysbuild.conf b/tests/subsys/bootloader/b0_lock/sysbuild.conf
new file mode 100644
index 000000000000..0505233e71e0
--- /dev/null
+++ b/tests/subsys/bootloader/b0_lock/sysbuild.conf
@@ -0,0 +1,7 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+SB_CONFIG_SECURE_BOOT_APPCORE=y
diff --git a/tests/subsys/bootloader/b0_lock/testcase.yaml b/tests/subsys/bootloader/b0_lock/testcase.yaml
new file mode 100644
index 000000000000..037b56b9bf53
--- /dev/null
+++ b/tests/subsys/bootloader/b0_lock/testcase.yaml
@@ -0,0 +1,10 @@
+tests:
+  b0.self_lock:
+    sysbuild: true
+    extra_args:
+      - b0_CONFIG_SB_DISABLE_SELF_RWX=y
+    platform_allow: nrf54l15dk/nrf54l15/cpuapp
+    integration_platforms:
+      - nrf54l15dk/nrf54l15/cpuapp
+    tags:
+      - b0