Add test cases for bootstrapstream (#4177)

marcushines · rohit-rp · web-flow · commit ce550033b94d · 2026-05-22T22:10:49.000+05:30
* update Readme * update json * update json * Modifying test to include post switchover validation (#5427) * Modifying test to include post switchover validation and increasing the scale * adding ipv6 and telemetry checks * fix last boot to be parse int --------- Co-authored-by: Rohit Rattan <rohitrattan@google.com>
diff --git a/feature/system/secure_boot/tests/bootz/README.md b/feature/system/secure_boot/tests/bootz/README.md
@@ -33,8 +33,8 @@ bootserver can initialize the devices configuration into the provided configurat
 | ID        | Case  | Result |
 | --------- | ------------- | --- |
 | bootz-1.1 | Missing configuration  | Device fails with status invalid parameter  |
-| bootz-1.2 |Invalid configuration  | Device fails with status invalid parameter  |
-| bootz-1.3 |Valid configuration  | Device succeded with status ok  |
+| bootz-1.2 | Invalid configuration  | Device fails with status invalid parameter  |
+| bootz-1.3 | Valid configuration  | Device succeded with status ok  |
 
 1. Provide bootstrap reponse configured as prescribed.
 2. Initiate bootz boot on device via gnoi.FactoryReset()
@@ -171,9 +171,198 @@ by the bootz process. If the artifacts are incomplete an error will be returned.
 | bootz-5.3 | gNSI ca auth policy provided | Device fails with status invalid parameter |
 | bootz-5.4 | gNSI Authz policy  | Device fails with invalid parameter |
 
+1. Provide bootstrap response configured as prescribed.
+2. Initiate bootz boot on device via gnoi.FactoryReset()
+3. Validate device sends bootz request to bootserver
+4. Validate the progress periodically by subscribing to `/system/bootz/state/status`
+    * The status should transition from:
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_CONFIGURATION_APPLIED
+        * BOOTZ_OK
+    * For error case device should report
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_OS_INVALID_IMAGE
+5. Validate device telemetry
+    * `/system/bootz/state/last-boot-attempt` is in expected state
+    * `/system/bootz/state/error-count` is in incremented if failure case
+    * `/system/bootz/state/status` is in expected state
+    * `/system/bootz/state/checksum` matches sent proto
+6. Validate device state
+    * System configuration is as expected.
+
+### bootz-6: Validate bootz.Bootstrap.BootstrapStream
+
+The purpose of this test is to validate BootstrapStream rpc. This
+RPC allows for only requiring a self-signed cert for TLS session.
+The rest of the stream will create trust for both client and server via
+the internal protocol documented at [BootstrapStream](https://github.com/openconfig/bootz/blob/main/proto/bootz.proto#L47).
+
+```mermaid
+sequenceDiagram
+   actor Device
+   actor Server
+   Device->Server: BootstrapStreamRequest.bootstrap_request
+   Note right of Server: Server will query OVGS to validate<br>the device and fetch needed keys<br>and build challenge
+   Server->Device: BootstrapStreamResponse.challenge
+   Note left of Device: Device will use private keys<br>to build the challenge reponse
+   Device->Server: BootstrapStreamRequest.response
+   Note right of Server: Server will validate the response and if valid<br>return bootstrap data
+   Server->Device: BootstrapStreamResponse.bootstrap_data
+```
+
+#### bootz-6.1: Validate minimum necessary bootz configuration
+
+This test validates that the device can start in bootz mode and upon getting a bootz response from
+bootserver can initialize the devices configuration into the provided configuration.
+
+| ID        | Case  | Result |
+| --------- | ------------- | --- |
+| bootz-6.1.1 | Missing configuration  | Device fails with status invalid parameter  |
+| bootz-6.1.2 | Invalid configuration  | Device fails with status invalid parameter  |
+| bootz-6.1.3 | Valid configuration  | Device succeded with status ok  |
+
 1. Provide bootstrap reponse configured as prescribed.
 2. Initiate bootz boot on device via gnoi.FactoryReset()
 3. Validate device sends bootz request to bootserver
+4. Validate device telemetry
+
+    * `/system/bootz/state/last-boot-attempt` is in expected state
+    * `/system/bootz/state/error-count` is in incremented if failure case
+    * `/system/bootz/state/status` is in expected state
+    * `/system/bootz/state/checksum` matches sent proto
+
+5. Validate device state
+
+    * OS version is the same
+    * System configuration is as expected.
+
+#### bootz-6.2: Validate Software image in bootz configuration
+
+This test validates the bootz behavior based changes to software version.
+
+| ID        | Case  | Result |
+| --------- | ------------- | --- |
+| bootz-6.2.1 | Software version is different  | Device is upgraded to the new version  |
+| bootz-6.2.2 | Invalid software image  | Device fails with status invalid parameter  |
+
+1. Validate the device is on a different version from the expected new version.
+2. Provide bootstrap reponse configured as prescribed.
+3. Initiate bootz boot on device via gnoi.FactoryReset()
+4. Validate device sends bootz request to bootserver
+5. Validate the progress periodically by polling `/system/bootz/state/status`
+    * The status should transition from:
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_OS_UPGRADE_IN_PROGRESS
+        * BOOTZ_OS_UPGRADE_COMPLETE
+        * BOOTZ_CONFIGURATION_APPLIED
+        * BOOTZ_OK
+    * For error case device should report
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_OS_UPGRADE_IN_PROGRESS
+        * BOOTZ_OS_INVALID_IMAGE
+6. Validate device telemetry
+    * `/system/bootz/state/last-boot-attempt` is in expected state
+    * `/system/bootz/state/error-count` is in incremented if failure case
+    * `/system/bootz/state/status` is in expected state
+    * `/system/bootz/state/checksum` matches sent proto
+7. Validate device state
+    * OS version is the same
+    * System configuration is as expected.
+
+### bootz-6.3: Validate Ownership Voucher in bootz configuration
+
+The purpose of this test is to validate that the ownership voucher can
+be sent to the device and properly handled.
+
+| ID        |Case  | Result |
+| --------- | ------------- | --- |
+| bootz-6.3.1 | No ownership voucher  | Device boots without OV present  |
+| bootz-6.3.2 | Invalid OV  | Device fails with status invalid parameter  |
+| bootz-6.3.3 | OV fails | Device fails with status invalid parameter |
+| bootz-6.3.4 | OV valid | Device boots with OV installed |
+
+1. Provide bootstrap reponse configured as prescribed.
+2. Initiate bootz boot on device via gnoi.FactoryReset()
+3. Validate device sends bootz request to bootserver
+4. Validate the progress periodically by polling `/system/bootz/state/status`
+    * The status should transition from:
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_CONFIGURATION_APPLIED
+        * BOOTZ_OK
+    * For error case device should report
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_OV_INVALID
+5. Validate device telemetry
+    * `/system/bootz/state/last-boot-attempt` is in expected state
+    * `/system/bootz/state/error-count` is in incremented if failure case
+    * `/system/bootz/state/status` is in expected state
+    * `/system/bootz/state/checksum` matches sent proto
+6. Validate device state
+    * System configuration is as expected.
+
+### bootz-6.4: Validate device properly resets if provided invalid image
+
+The purpose of this test is to validate that when providing an invalid or
+non bootable image the device properly handles this and resets itself into
+bootz mode.
+
+| ID        |Case  | Result |
+| --------- | ------------- | --- |
+| bootz-6.4.1 | no OS provided  | Device boots with existing image  |
+| bootz-6.4.2 | Invalid OS image provided  | Device fails with status invalid parameter  |
+| bootz-6.4.3 | failed to fetch image from remote URL | Device fails with status invalid parameter |
+| bootz-6.4.4 | OS checksum doesn't match | Device fails with invalid parameter |
+
+1. Provide bootstrap reponse configured as prescribed.
+2. Initiate bootz boot on device via gnoi.FactoryReset()
+3. Validate device sends bootz request to bootserver
+4. Validate the progress periodically by polling `/system/bootz/state/status`
+    * The status should transition from:
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_CONFIGURATION_APPLIED
+        * BOOTZ_OK
+    * For error case device should report
+        * BOOTZ_UNSPECIFIED
+        * BOOTZ_SENT
+        * BOOTZ_RECEIVED
+        * BOOTZ_OS_INVALID_IMAGE
+5. Validate device telemetry
+    * `/system/bootz/state/last-boot-attempt` is in expected state
+    * `/system/bootz/state/error-count` is in incremented if failure case
+    * `/system/bootz/state/status` is in expected state
+    * `/system/bootz/state/checksum` matches sent proto
+6. Validate device state
+    * System configuration is as expected.
+
+### bootz-6.5: Validate gNSI components in bootz configuration
+
+The purpose of this test is to validate that gNSI artifacts are properly loaded
+by the bootz process. If the artifacts are incomplete an error will be returned.
+
+| ID        |Case  | Result |
+| --------- | ------------- | --- |
+| bootz-6.5.1 | no gNSI artifacts are provided  | Device boots with services default security policies  |
+| bootz-6.5.2 | gNSI certz policy is sent CA trust bundle  | Device creates new policy with CA bundle set  |
+| bootz-6.5.3 | gNSI ca auth policy provided | Device fails with status invalid parameter |
+| bootz-6.5.4 | gNSI Authz policy  | Device fails with invalid parameter |
+
+1. Provide bootstrap response configured as prescribed.
+2. Initiate bootz boot on device via gnoi.FactoryReset()
+3. Validate device sends bootz request to bootserver
 4. Validate the progress periodically by subscribing to `/system/bootz/state/status`
     * The status should transition from:
         * BOOTZ_UNSPECIFIED
@@ -196,7 +385,6 @@ by the bootz process. If the artifacts are incomplete an error will be returned.
 
 ## OpenConfig Path and RPC Coverage
 
-
 ```yaml
 paths:
   /system/bootz/state/last-boot-attempt:
@@ -209,8 +397,25 @@ rpcs:
       on_change: true
   gnoi:
     bootconfig.BootConfig.GetBootConfig:
-    bootconfig.BootConfig.SetBootConfig:
   bootz:
     Bootstrap.GetBootstrapData:
     Bootstrap.ReportStatus:
+    Bootstrap.BootstrapStream:
 ```
+
+## Canonical OC
+
+```json
+{
+  "system": {
+    "bootz": {
+      "state": {
+        "last-boot-attempt": "0",
+        "error-count": "0",
+        "status": "BOOTZ_OK",
+        "checksum": ""
+      }
+    }
+  }
+}
+```
