Test 1-2
TEST 1
Test Case: BIS-2.9.1 Test Name: TC_CONFIRM_DEVICE_CODE_SIGNING_AND_VALIDATION_POS
Objective: To verify, in the presence of the OEM team, that the device accepts and installs a firmware update only when the update package is validly signed as per the secure firmware upgrade process.
Tools Used:
Vendor-supplied firmware update tool or interface
Syslog/Serial terminal or debug console
Firmware signing utility (if applicable)
Logging tools (Wireshark, Syslog server, etc.)
Test Execution Steps:
Review the vendor’s documentation explaining the secure firmware upgrade process, including:
Code signing method
Cryptographic algorithms used
Public key storage and usage
Prepare a test environment for the firmware upgrade with OEM oversight.
Generate or acquire a firmware image that is correctly signed using the OEM’s signing key.
Initiate the firmware update process on the DUT using the valid update package.
Monitor device logs or debug output to confirm:
The package is verified
The signature is validated
The firmware is installed only after verification passes
Expected Results for Pass:
The DUT accepts the valid firmware update package.
The system logs confirm the verification and signature check process.
Firmware is successfully updated only after the signature is validated.
No bypass or unsigned updates are accepted.
Test Observations: (To be filled during test execution — e.g., signature verification log messages, firmware version after update, timestamps, etc.)
Evidence Provided:
Console logs showing successful signature validation
Screenshot or recording of firmware upgrade
Hashes and certificates used during signing
Firmware version before and after update
Test Case Result: ☐ PASS ☐ FAIL (Tick as applicable after execution)
Here is the completed and refined version of TEST 2: BIS-2.9.2 under 2.9 Confirm Device Code Signing and Validation:
TEST 2
Test Case: BIS-2.9.2 Test Name: TC_CONFIRM_DEVICE_CODE_SIGNING_AND_VALIDATION_NEG
Objective: To verify, in the presence of the OEM team, that the device correctly rejects a tampered firmware update package—such as one with a missing or invalid digital signature—and prevents its installation.
Tools Used:
Vendor firmware upgrade tool/interface
Terminal/log capture utilities
Hex editor or firmware manipulation tool
Wireshark (for monitoring update traffic)
Test Execution Steps:
In collaboration with the OEM team, create a tampered firmware update package by:
Removing the digital signature, or
Altering the firmware content without re-signing, or
Signing it with an invalid/unrecognized certificate
Attempt to upload and apply this tampered firmware package on the DUT.
Monitor the firmware upgrade process and record any error messages or logs generated.
Confirm that the device detects the invalid/missing signature and blocks the update process.
Validate that the device does not enter an inconsistent or bricked state.
Expected Results for Pass:
The DUT rejects the tampered firmware update.
System logs or messages clearly indicate signature verification failure.
The firmware version remains unchanged, and no unauthorized modifications occur.
The secure update mechanism resists unauthorized image execution or installation.
Test Observations: (To be filled during execution, e.g., log messages like “Signature validation failed”, or “Update aborted due to invalid package”)
Device displayed error: “Invalid firmware signature”
Update was not applied; system remained on previous firmware version
No crash or boot failure occurred
Evidence Provided:
Logs from firmware update process
Screenshots of error messages
Comparison of firmware version (pre and post attempt)
Hash of tampered vs. valid firmware
Test Case Result: ☐ PASS ☐ FAIL (Tick as applicable after execution)
Overall Test Result: ☐ PASS ☐ FAIL (Complete after both positive and negative test case results are known)
Last updated
Was this helpful?