From c5984f82a0cdbfad045a38a43e777c3d682c641c Mon Sep 17 00:00:00 2001
From: Anthony Chen <antchen@google.com>
Date: Wed, 13 Nov 2024 22:27:36 +0800
Subject: [PATCH] [manuf] Verify ROM_EXT UDS cert after personalization

This enhances the E2E perso flow test to verify that UDS certificate
is not invalid when the ROM_EXT first boots after personalization.

Signed-off-by: Anthony Chen <antchen@google.com>
(cherry picked from commit 79fdcc9f453b5b914739891b356666e10bea54f9)
---
 sw/host/provisioning/ft_lib/src/lib.rs | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/sw/host/provisioning/ft_lib/src/lib.rs b/sw/host/provisioning/ft_lib/src/lib.rs
index 89fb5c1f1f909..b95c9b26767f9 100644
--- a/sw/host/provisioning/ft_lib/src/lib.rs
+++ b/sw/host/provisioning/ft_lib/src/lib.rs
@@ -498,5 +498,30 @@ pub fn check_rom_ext_boot_up(
     let uart_console = transport.uart("console")?;
     let _ = UartConsole::wait_for(&*uart_console, r"Starting ROM_EXT.*\r\n", timeout)?;
 
+    // Timeout for waiting for a potential error message indicating invalid UDS certificate.
+    // This value is tested on fpga cw340 and could be potentially fine-tuned.
+    const UDS_CERT_INVALID_TIMEOUT: Duration = Duration::from_millis(200);
+
+    let result = UartConsole::wait_for(
+        &*uart_console,
+        r".*UDS certificate not valid.",
+        UDS_CERT_INVALID_TIMEOUT,
+    );
+
+    match result {
+        Ok(_captures) => {
+            // Error message found.
+            bail!("Invalid UDS certificate detected!");
+        }
+        Err(e) => {
+            if e.to_string().contains("Timed Out") {
+                // Error message not found after timeout. This is the expected behavior.
+            } else {
+                // An unexpected error occurred while waiting for the console output.
+                bail!(e);
+            }
+        }
+    }
+
     Ok(())
 }