[rescue,test] Enhance rescue error handling tests

This commit expands the end-to-end tests for rescue error handling:
- Adds a rescue_image_too_big test for Xmodem to check the handling
of oversized firmware images during rescue, ensuring the device
correctly cancels the operation and remains functional.
- Modifies the `usb_dfu_out_chunk_too_big` test to first perform a
successful chunk download before attempting an oversized one, improving
test robustness.

Signed-off-by: Anthony Chen <[email protected]>

Author: anthonychen1251

sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD

@@ -777,6 +777,7 @@ opentitan_test(
         "//hw/top_earlgrey:fpga_cw340_rom_ext": None,
     },
     fpga = fpga_params(
+        timeout = "long",
         assemble = "{romext}@{rom_ext_slot_a} {firmware}@{owner_slot_a}",
         binaries = {
             "//sw/device/silicon_creator/rom_ext:rom_ext_dice_x509_slot_a": "romext",

sw/host/tests/rescue/dfu_rescue_error_handling.rs

@@ -311,9 +311,12 @@ fn invalid_spi_flash_transaction(
 fn usb_dfu_out_chunk_too_big(params: &RescueParams, transport: &TransportWrapper) -> Result<()> {
     let rescue = UsbDfu::new(params.clone());
     rescue.enter(transport, EntryMode::Reset)?;
-    rescue.set_mode(RescueMode::Rescue)?;
-    let data = vec![0u8; 4096];
-    let result = rescue.download(&data);
+    rescue.set_mode(RescueMode::RescueB)?;
+    let chunk = vec![0u8; 2048];
+    let chunk_too_big = vec![0u8; 4096];
+
+    rescue.download(&chunk)?;
+    let result = rescue.download(&chunk_too_big);
 
     if result.is_ok() {
         return Err(anyhow!("USB transaction should fail"));

sw/host/tests/rescue/xmodem_rescue_error_handling.rs

@@ -3,13 +3,14 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #![allow(clippy::bool_assert_comparison)]
-use anyhow::Result;
+use anyhow::{anyhow, Result};
 use clap::Parser;
 
 use std::rc::Rc;
 use std::time::Duration;
 
 use opentitanlib::app::TransportWrapper;
+use opentitanlib::chip::boot_svc::BootSlot;
 use opentitanlib::io::uart::Uart;
 use opentitanlib::rescue::xmodem::XmodemError;
 use opentitanlib::rescue::{EntryMode, Rescue, RescueMode, RescueSerial};
@@ -343,6 +344,32 @@ fn recv_finish_nak(
     Ok(())
 }
 
+fn rescue_image_too_big(
+    transport: &TransportWrapper,
+    uart: &dyn Uart,
+    rescue: &RescueSerial,
+) -> Result<()> {
+    rescue.enter(transport, EntryMode::Reset)?;
+    let image_too_big = [0u8; 1026*1024];
+    match rescue.update_firmware(BootSlot::SlotB, &image_too_big) {
+        Ok(_) => {
+            return Err(anyhow!("Expects cancel during firmware rescue, but got OK."));
+        }
+        Err(e) => {
+            if e.to_string().contains("Cancelled") {
+                log::info!("Operation cancelled by device as expected");
+            } else {
+                return Err(e);
+            }
+        }
+    };
+    // Check for kErrorRescueImageTooBig.
+    UartConsole::wait_for(uart, r"BFV:02525309", Duration::from_secs(5))?;
+    // Ensure we can still boot into Owner SW.
+    UartConsole::wait_for(uart, r"Finished", Duration::from_secs(5))?;
+    Ok(())
+}
+
 fn main() -> Result<()> {
     let opts = Opts::parse();
     opts.init.init_logging();
@@ -361,5 +388,6 @@ fn main() -> Result<()> {
     recv_data_cancel(&transport, &*uart, &rescue)?;
     recv_data_nak(&transport, &*uart, &rescue)?;
     recv_finish_nak(&transport, &*uart, &rescue)?;
+    rescue_image_too_big(&transport, &*uart, &rescue)?;
     Ok(())
 }