1# Copyright (c) 2021 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5AUTHOR = "ChromeOS Team" 6NAME = "firmware_CheckEOPState" 7PURPOSE = "Ensure that firmware told ME that the boot process is complete." 8ATTRIBUTES = "suite:faft_bios_ro_qual, suite:faft_bios_rw_qual" 9CRITERIA = "Fail if ME on Tiger Lake or later is not in post-boot state" 10TIME = "SHORT" 11TEST_CATEGORY = "Security" 12TEST_CLASS = "firmware" 13TEST_TYPE = "client" 14PY_VERSION = 3 15 16DOC = """ 17Intel x86 CPUs come with a Management Engine (going by more complicated 18names sometimes, look for ME, CSE or CSME) that coordinates various 19tasks during boot and after. 20 21That coprocessor needs to know when the boot process is complete so 22it can reject privileged boot-only requests until next reboot. 23 24This test PASSES if the ME reports that it's in Post-Boot State. 25 26This test FAILS if any of the following is true: 27 - The Intel microarchitecture isn't defined in client/bin/utils.py 28 - The ME reports it's not in Post-Boot State. This is the main condition. 29 - The ME's firmware supports a sufficiently new protocol but returns 30 failure to execute the query, failure to understand the query, responded 31 to a different query or returns an unexpectedly formatted response. 32 - The kernel doesn't provide a /dev/mei0 device even though we expect 33 it to be there. 34 35This test reports NA if any of the following is true: 36 - The test is executed on non-Intel CPUs (e.g. AMD or ARM) 37 - The ME reports an old protocol version where we can't query the 38 state. (At least Sky Lake-E and older) 39""" 40 41job.run_test('firmware_CheckEOPState') 42