tests: bootloader: Add SB_CLEANUP_RAM tests

ahasztag · ahasztag · commit d97a84cfe1a8 · 2025-10-21T14:42:15.000+02:00
This commit adds tests to verify if the NSIB
RAM cleanup functionality works as expected.

Signed-off-by: Artur Hadasz &lt;artur.hadasz@nordicsemi.no&gt;
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/CMakeLists.txt b/tests/subsys/bootloader/b0_ram_cleanup/CMakeLists.txt
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_minimum_required(VERSION 3.20.0)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(NONE)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+target_include_directories(app PRIVATE .)
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/CMakeLists.txt b/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/CMakeLists.txt
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_minimum_required(VERSION 3.20.0)
+
+zephyr_library()
+zephyr_library_sources(src/b0_cleanup_ram_test_prepare.c)
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/module.yml b/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/module.yml
@@ -0,0 +1,2 @@
+build:
+  cmake: zephyr
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/src/b0_cleanup_ram_test_prepare.c b/tests/subsys/bootloader/b0_ram_cleanup/modules/b0_cleanup_ram_test_prepare/zephyr/src/b0_cleanup_ram_test_prepare.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/init.h>
+#include <zephyr/device.h>
+#include <zephyr/sys/printk.h>
+#include <hal/nrf_timer.h>
+#include <zephyr/linker/linker-defs.h>
+
+#define CLEANUP_RAM_GAP_START ((uint32_t)__ramfunc_start)
+#define CLEANUP_RAM_GAP_END ((uint32_t) __ramfunc_end)
+
+/* Only the RAM outside of the defined linker sections will be populated,
+ * as modifying the defined linker sections could lead to NSIB malfunction.
+ */
+#define RAM_TO_POPULATE_START ((uint32_t) _image_ram_end)
+#define RAM_TO_POPULATE_END (CONFIG_SRAM_SIZE * 1024)
+#define VALUE_TO_POPULATE 0xDEADBEAF
+
+/* As peripheral registers are not cleared during RAM cleanup, we can
+ * use a register of a peripheral unused by NSIB to save data which can then
+ * be read by the application.
+ * We use this trick to save the start and end addresses of the RAMFUNC region.
+ * This region is not erased during the RAM cleanup, as it contains the code responsible
+ * for performing the RAM cleanup, so it must be skipped when checking if the RAM cleanup
+ * has been successfully performed.
+ * The TIMER00 is not used by NSIB, and is therefore its CC[0] and CC[1] registers
+ * are used for this purpose.
+ */
+#define RAMFUNC_START_SAVE_REGISTER NRF_TIMER00->CC[0]
+#define RAMFUNC_END_SAVE_REGISTER NRF_TIMER00->CC[1]
+
+static int populate_ram(void)
+{
+	RAMFUNC_START_SAVE_REGISTER = CLEANUP_RAM_GAP_START;
+	RAMFUNC_END_SAVE_REGISTER = CLEANUP_RAM_GAP_END;
+
+	for (uint32_t addr = RAM_TO_POPULATE_START; addr < RAM_TO_POPULATE_END;
+		 addr += sizeof(uint32_t)) {
+		*(uint32_t *) addr = VALUE_TO_POPULATE;
+	}
+
+	return 0;
+}
+
+SYS_INIT(populate_ram, APPLICATION, CONFIG_APPLICATION_INIT_PRIORITY);
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/prj.conf b/tests/subsys/bootloader/b0_ram_cleanup/prj.conf
@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+CONFIG_ZTEST=y
+CONFIG_ARM_MPU=n
+CONFIG_SOC_EARLY_RESET_HOOK=y
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/src/main.c b/tests/subsys/bootloader/b0_ram_cleanup/src/main.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/ztest.h>
+#include <hal/nrf_timer.h>
+
+/* As peripheral registers are not cleared during RAM cleanup, we can
+ * use a register of a peripheral unused by NSIB to save data which can then
+ * be read by the application.
+ * We use this trick to save the start and end addresses of the RAMFUNC region.
+ * This region is not cleared during the RAM cleanup, as it contains the code responsible
+ * for performing the RAM cleanup, so it must be skipped when checking if the RAM cleanup
+ * has been successfully performed.
+ * The TIMER00 is not used by NSIB, and is therefore its CC[0] and CC[1] registers
+ * are used for this purpose.
+ */
+#define RAMFUNC_START_SAVE_REGISTER NRF_TIMER00->CC[0]
+#define RAMFUNC_END_SAVE_REGISTER NRF_TIMER00->CC[1]
+
+/* Using 2-byte magic values allows to load the whole value with movw */
+#define RAM_CLEANUP_SUCCESS_MAGIC 0x5678
+#define RAM_CLEANUP_FAILURE_MAGIC 0x4321
+
+static uint32_t __noinit ram_cleanup_result;
+static uint32_t __noinit uncleared_address;
+static uint32_t __noinit uncleared_value;
+
+/**
+ * This hook needs to have the attribute __attribute__((naked)),
+ * as otherwise the stack would be modified when calling it, leading to
+ * test failure, as part of the RAM in which the stack resides wouldn't
+ * be zeroed.
+ */
+__attribute__((naked)) void soc_early_reset_hook(void)
+{
+	__asm__ volatile (
+		/* Load zero (value used to clear memory) into r0 */
+		"   mov  r0, #0\n"
+		/*  Explicitly clear the ram_cleanup_result variable */
+		"   mov  r2, %6\n"
+		"   str  r0, [r2]\n"
+		/* Load the location of the saved ram func start address to r1 */
+		"   mov  r1, %0\n"
+		/* Load the ram func start address to r2 */
+		"   ldr  r2, [r1]\n"
+		/* Load the location of the saved ram func end address to r1 */
+		"   mov  r1, %1\n"
+		/* Load the ram func end address to r3*/
+		"   ldr  r3, [r1]\n"
+		/* Clear memory from ram func start to ram func end.
+		 * The area is skipped during the RAM cleanup,
+		 * so it is not cleared.
+		 * Simply cleaning it up here is quicker
+		 * than verifying if the current address is within the gap
+		 * in each iteration of the loop.
+		 */
+		"ram_func_zero_loop:\n"
+		"   cmp  r2, r3\n"
+		"   bge  ram_func_zero_loop_done\n"
+		"   str  r0, [r2]\n"
+		/* Increment the address by 4 (word size) */
+		"   add  r2, r2, #4\n"
+		"   b    ram_func_zero_loop\n"
+		"ram_func_zero_loop_done:\n"
+		/* Verify that all of the RAM memory has been cleared */
+		/* Load SRAM base address to r1 */
+		"   mov  r1, %2\n"
+		/* Load SRAM size to r2 */
+		"   mov  r2, %3\n"
+		/* Calculate SRAM end address (base + size) */
+		"   add  r2, r1, r2\n"
+		"verify_ram_loop:\n"
+		"   cmp  r1, r2\n"
+		"   bge  verify_ram_done\n"
+		/* Load value at current address and verify if it equals 0 */
+		"   ldr  r3, [r1]\n"
+		"   cmp  r3, #0\n"
+		"   bne  ram_cleanup_failed\n"
+		/* Increment the address by 4 (word size) */
+		"   add  r1, r1, #4\n"
+		"   b    verify_ram_loop\n"
+		"ram_cleanup_failed:\n"
+		/* Load RAM_CLEANUP_FAILURE_MAGIC into r0 */
+		"   movw r0, %4\n"
+		/* Save the uncleared address in uncleared_address variable */
+		"   mov  r2, %7\n"
+		"   str  r1, [r2]\n"
+		/* Save the uncleared value in uncleared_value variable */
+		"   mov  r2, %8\n"
+		"   str  r3, [r2]\n"
+		"   b    verification_done\n"
+		"verify_ram_done:\n"
+		/* Load RAM_CLEANUP_SUCCESS_MAGIC */
+		"   movw r0, %5\n"
+		"verification_done:\n"
+		/* Store result in ram_cleanup_result variable */
+		"   mov  r2, %6\n"
+		"   str  r0, [r2]\n"
+		/* __attribute__((naked)) requires manual branching  */
+		"   bx   lr\n"
+		:
+		: "r" (&RAMFUNC_START_SAVE_REGISTER),
+		  "r" (&RAMFUNC_END_SAVE_REGISTER),
+		  "r" (CONFIG_SRAM_BASE_ADDRESS),
+		  "r" (CONFIG_SRAM_SIZE * 1024),
+		  "i" (RAM_CLEANUP_FAILURE_MAGIC),
+		  "i" (RAM_CLEANUP_SUCCESS_MAGIC),
+		  "r" (&ram_cleanup_result),
+		  "r" (&uncleared_address),
+		  "r" (&uncleared_value)
+		: "r0", "r1", "r2", "r3", "lr", "memory"
+	);
+}
+
+ZTEST(b0_ram_cleanup, test_EARLY_RESET_HOOK)
+{
+	zassert_true((ram_cleanup_result == RAM_CLEANUP_SUCCESS_MAGIC) ||
+		     (ram_cleanup_result == RAM_CLEANUP_FAILURE_MAGIC),
+		     "RAM cleanup result should be either success or failure");
+	zassert_equal(ram_cleanup_result, RAM_CLEANUP_SUCCESS_MAGIC,
+		      "Uncleared word detected at address %p, value 0x%x", uncleared_address,
+		      uncleared_value);
+}
+
+ZTEST_SUITE(b0_ram_cleanup, NULL, NULL, NULL, NULL, NULL);
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/sysbuild.cmake b/tests/subsys/bootloader/b0_ram_cleanup/sysbuild.cmake
@@ -0,0 +1,9 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Adding a module to b0 is needed as a way to inject source code into
+# the non-default sysbuild image (in this case b0).
+set(b0_EXTRA_ZEPHYR_MODULES ${CMAKE_CURRENT_LIST_DIR}/modules/b0_cleanup_ram_test_prepare  CACHE INTERNAL "")
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/sysbuild.conf b/tests/subsys/bootloader/b0_ram_cleanup/sysbuild.conf
@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+SB_CONFIG_SECURE_BOOT_APPCORE=y
+SB_CONFIG_SECURE_BOOT_GENERATE_DEFAULT_KMU_KEYFILE=y
diff --git a/tests/subsys/bootloader/b0_ram_cleanup/testcase.yaml b/tests/subsys/bootloader/b0_ram_cleanup/testcase.yaml
@@ -0,0 +1,20 @@
+common:
+  sysbuild: true
+  tags:
+    - b0
+    - ci_tests_subsys_bootloader
+
+tests:
+  b0.cleanup_ram:
+    platform_allow:
+      - nrf54l15dk/nrf54l15/cpuapp
+      - nrf54l15dk/nrf54l10/cpuapp
+      - nrf54l15dk/nrf54l05/cpuapp
+      - nrf54lv10dk/nrf54lv10a/cpuapp
+      - nrf54lm20dk/nrf54lm20a/cpuapp
+    integration_platforms:
+      - nrf54l15dk/nrf54l15/cpuapp
+      - nrf54l15dk/nrf54l10/cpuapp
+      - nrf54l15dk/nrf54l05/cpuapp
+      - nrf54lv10dk/nrf54lv10a/cpuapp
+      - nrf54lm20dk/nrf54lm20a/cpuapp
