Name Last Update
..
CVS Loading commit data...
Black_box_testing.htm Loading commit data...
Flash_Reenc.htm Loading commit data...
README_launch.txt Loading commit data...
entryexit.html Loading commit data...
index.html Loading commit data...
launch.html Loading commit data...
libbbc.html Loading commit data...
libcrypto_test.htm Loading commit data...
limited_play.html Loading commit data...
reenc_testing.html Loading commit data...
rl_tests.htm Loading commit data...
security_audits.htm Loading commit data...
sign_verify_test.htm Loading commit data...
test_support.htm Loading commit data...
viewer.html Loading commit data...
viewer2.html Loading commit data...
Launching via skapi:

This testapp is published with CID 0x00020000.

1) chain naming: the cert chains have correct signatures but the
     names do not match the expected for a cmd signer and ticket signer.

   Strategy is to use the regular cert.sys, but just have a BbTicket
   signed by the CP chain and a BbContentMetaData signed by a XS chain.
   Both these cases should fail. The fact that this test app itself has
   launched signifies that launch would succeed if there were no errors
   injected.

   In the cases below, the published app is just this testapp republished.
   Since it won't succeed this is fine, and is in line with the strategy
   statement that all would succeed if these errors were not injected.
   The signer is specified by the -S arg to pubrom.
   a) publish CID 0x00020001 with cmd signed by ticket chain
   b) publish CID 0x00020002 with ticket signed by cmd chain

   The testapp then attempts to launch both these and we should see failure.

   NOTE: the "attempt to launch" only uses skLaunchSetup(). So, and
         accidental failure won't actually cause an app launch.

2) bad cert sigs: the only error is that a cert in the chain has a bad
     sig.

   The testapp itself, as published (CID 0x00020000), is the target.

   The testapp will read cert.sys, alter a sig, then write cert.sys back
   (the good cert.sys should be copied somewhere so it may be restored
   after the test).

   The following signatures will have a byte altered (each is altered, the
   failure on launch is verified, then fixed before the next case is
   treated):
   a) XS cert
   b) XSCA cert
   c) CP cert
   d) CPCA cert

3) bad ticket sigs: the ticket and cmd sigs are altered as in "2)". This
     requires reading ticket.sys and altering, as was previously done for
     cert.sys, but for the cmd and ticket sigs on CID 0x00020000. (though
     in this case the ticket.sys doesn't actually need to be re-written
     since libultra/bb/sa doesn't read the tickets as it does for certs) 

4) ticket bbid mismatch: have makefile require BBCERT define. use bbcert
     with arg that will perform a bbid++ on the cert and write back out. Use
     this modified cert to publish the testapp with CID 0x00020003.
     Insure 0x00020003 fails to launch.

5) bad app hash: makefile generates rom2 with 0x00020004 which is same as 
     test rom but targetted to a load address that doesn't cause overwrite 
     of test app on launch. the rom2 app has been tested to launch successfully
     by test if no error in injected. the test reads alters a bit before
     attempting to launch to test hash. in this case the skLaunchSetup()
     succeeds, but the skLaunch() call should fail. A bit is changed in the
     first 4K (first byte) and the test insures the app failed accordingly
     (if it launches, that's pretty obvious, and should be interpretted as
     an error). the test is repeated for a byte past the first 4K (byte
     at 16KB into app).

------------------------------------------------------------------
Sysapp Launch:

the following are generated.

1) sysapp.tik/sysapp.aes: insure packaging works. launch with this and 
   insure success.
2) sysapp_xs.tik/sysapp_xs.aes: cmdh in sysapp ticket bundle signed
   by ticket server (instead of content publisher). insure sysapp fails
   to boot.
3) sysapp_sig.tik/sysapp_sig.aes: cmdh signature has error injected.
   insure failure.
4) sysapp_hash.tik/sysapp_hash.aes: hash error over sysapp rom, generated
   by appending a few bytes to the end of the sysapp rom prior to publishing.

NOTE: test "2)" insures the function verifyCertChain is called within
      the SK. since app-centric launch tests already tested errors in
      the cert sigs themselves, this is not retested for the sysapp
      case.