diff mbox series

[isar-cip-core] README.security-testing.md: Update steps to verify IEC layer on security image

Message ID 20250205133415.72913-1-Sai.Sathujoda@toshiba-tsip.com (mailing list archive)
State New
Headers show
Series [isar-cip-core] README.security-testing.md: Update steps to verify IEC layer on security image | expand

Commit Message

Sai.Sathujoda@toshiba-tsip.com Feb. 5, 2025, 1:34 p.m. UTC 
From: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>

Signed-off-by: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>
---
 doc/README.security-testing.md | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

Comments

Jan Kiszka Feb. 7, 2025, 9:37 a.m. UTC | #1 
On 05.02.25 14:34, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>
> 
> Signed-off-by: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>
> ---
>  doc/README.security-testing.md | 28 +++++++++-------------------
>  1 file changed, 9 insertions(+), 19 deletions(-)
> 
> diff --git a/doc/README.security-testing.md b/doc/README.security-testing.md
> index c9540be..213fc82 100644
> --- a/doc/README.security-testing.md
> +++ b/doc/README.security-testing.md
> @@ -1,34 +1,24 @@
>  # CIP security testing
>  This document explains how to verify basic implementations of [CIP security requirements](https://gitlab.com/cip-project/cip-documents/-/blob/master/security/security_requirements.md) in the isar-cip-core security image using [cip-security-tests](https://gitlab.com/cip-project/cip-testing/cip-security-tests).
>  
> -# Pre-requisite
> +# Pre-requisites
>  - Necessary debian packages to implement CIP security requirements, include them in the recipe [cip-core-image-security.bb](recipes-core/images/cip-core-image-security.bb)
>  
>  - Pre configurations in the image, should be added in the `postinst` script of security-customizations [security-customizations/files/postinst](recipes-core/security-customizations/files/postinst)
>  
> -- To run `cip-security-tests` the image should need additional package `sshpass` and rootfs size should need atleast 5GB, add the below configuration in kas/opt/security.yml file
> -    ```
> -    local_conf_header:
> -        security_testing: |
> -            IMAGE_PREINSTALL:append=" sshpass"
> -            ROOTFS_EXTRA="5120"
> -    ```
> -
> -
>  # Build CIP security Linux image
>  Clone isar-cip-core repository
>  ```
>  host$ git clone https://gitlab.com/cip-project/cip-core/isar-cip-core.git
>  host$ cd isar-cip-core
>  ```
> -Build Security Linux image by selecting necessary options
> +Build Security Linux image by selecting necessary options. The board, Kernel version and Debian release options chosen below are shown as an example.
>  ```
>  host$ ./kas-container menu
>      Select QEMU AMD64 (x86-64) as Target Board
> -    Select Kernel 5.10.x-cip as Kernel Options
> +    Select Kernel 5.10.x-cip as CIP Kernel version
>      Select bullseye (11) as Debian Release
> -    Select Flashable image as Image formats
> -    Select Security extensions Options
> +    Select Security extensions Option under Image features
>  Save & Build
>  ```
>  # Boot the Linux image
> @@ -41,22 +31,22 @@ host$ ./start-qemu.sh x86
>  ```
>  host$ git clone https://gitlab.com/cip-project/cip-testing/cip-security-tests
>  ```
> -- Add test user in Linux image to use while scp the `cip-security-tests`
> +- Add test user in Linux image to scp and run the `cip-security-tests`
>  ```
>  image$ adduser test
>  ```
>  - Copy `cip-security-tests` to Linux image using scp command
>  ```
> -host$  scp -r -P 22222 TCs/ test@127.0.0.1:/home/test/
> +host$ scp -r -P 22222 cip-security-tests/ test@127.0.0.1:/home/test/
>  ```
>  
> -# Run the test in Linux image
> +# Run the tests in Linux image
>  - Go to following directory and execute IEC Layer test
>  ```
> -image$ cd /home/test/TCs/cip-security-tests/iec-security-tests/singlenode-testcases/
> +image$ cd /home/test/cip-security-tests/iec-security-tests/singlenode-testcases/
>  image$ ./run_all.sh
>  ```
> -`run_all.sh` generates the test result in file `result_file.txt`, and output look like below.
> +`run_all.sh` generates the test result in file `result_file.txt`, and the output looks like below.
>  ```
>  TC_CR1.1-RE1_1+pass+11
>  TC_CR1.11_1+pass+22

Thanks, applied.

Jan
diff mbox series

Patch

diff --git a/doc/README.security-testing.md b/doc/README.security-testing.md
index c9540be..213fc82 100644
--- a/doc/README.security-testing.md
+++ b/doc/README.security-testing.md
@@ -1,34 +1,24 @@ 
 # CIP security testing
 This document explains how to verify basic implementations of [CIP security requirements](https://gitlab.com/cip-project/cip-documents/-/blob/master/security/security_requirements.md) in the isar-cip-core security image using [cip-security-tests](https://gitlab.com/cip-project/cip-testing/cip-security-tests).
 
-# Pre-requisite
+# Pre-requisites
 - Necessary debian packages to implement CIP security requirements, include them in the recipe [cip-core-image-security.bb](recipes-core/images/cip-core-image-security.bb)
 
 - Pre configurations in the image, should be added in the `postinst` script of security-customizations [security-customizations/files/postinst](recipes-core/security-customizations/files/postinst)
 
-- To run `cip-security-tests` the image should need additional package `sshpass` and rootfs size should need atleast 5GB, add the below configuration in kas/opt/security.yml file
-    ```
-    local_conf_header:
-        security_testing: |
-            IMAGE_PREINSTALL:append=" sshpass"
-            ROOTFS_EXTRA="5120"
-    ```
-
-
 # Build CIP security Linux image
 Clone isar-cip-core repository
 ```
 host$ git clone https://gitlab.com/cip-project/cip-core/isar-cip-core.git
 host$ cd isar-cip-core
 ```
-Build Security Linux image by selecting necessary options
+Build Security Linux image by selecting necessary options. The board, Kernel version and Debian release options chosen below are shown as an example.
 ```
 host$ ./kas-container menu
     Select QEMU AMD64 (x86-64) as Target Board
-    Select Kernel 5.10.x-cip as Kernel Options
+    Select Kernel 5.10.x-cip as CIP Kernel version
     Select bullseye (11) as Debian Release
-    Select Flashable image as Image formats
-    Select Security extensions Options
+    Select Security extensions Option under Image features
 Save & Build
 ```
 # Boot the Linux image
@@ -41,22 +31,22 @@  host$ ./start-qemu.sh x86
 ```
 host$ git clone https://gitlab.com/cip-project/cip-testing/cip-security-tests
 ```
-- Add test user in Linux image to use while scp the `cip-security-tests`
+- Add test user in Linux image to scp and run the `cip-security-tests`
 ```
 image$ adduser test
 ```
 - Copy `cip-security-tests` to Linux image using scp command
 ```
-host$  scp -r -P 22222 TCs/ test@127.0.0.1:/home/test/
+host$ scp -r -P 22222 cip-security-tests/ test@127.0.0.1:/home/test/
 ```
 
-# Run the test in Linux image
+# Run the tests in Linux image
 - Go to following directory and execute IEC Layer test
 ```
-image$ cd /home/test/TCs/cip-security-tests/iec-security-tests/singlenode-testcases/
+image$ cd /home/test/cip-security-tests/iec-security-tests/singlenode-testcases/
 image$ ./run_all.sh
 ```
-`run_all.sh` generates the test result in file `result_file.txt`, and output look like below.
+`run_all.sh` generates the test result in file `result_file.txt`, and the output looks like below.
 ```
 TC_CR1.1-RE1_1+pass+11
 TC_CR1.11_1+pass+22