PBIT Test Reference¶
Complete reference for all 21 Power-On Built-In Tests (PBIT).
PBIT tests run once at system startup to validate hardware presence and configuration. They provide a "go/no-go" check that the system is ready for operation.
System Tests¶
pbit_bsp_version¶
Purpose: Verify BSP (Board Support Package) release version and model information.
What it checks:
- BSP release file exists (/etc/bsp-release)
- Version string matches expected format
- Model information is correct
Configuration:
[pbit_bsp_version]
enabled = true
expected_version = "1.0.0" # Optional
expected_model = "DevBoard" # Optional
Pass conditions: - BSP file readable and contains expected version/model - Warns if file missing but continues
Common issues: - File not present on non-BSP systems (expected) - Version mismatch after upgrade
pbit_checksum¶
Purpose: Verify checksums of critical system files haven't changed.
What it checks: - Calculates checksums of specified files - Compares against learned baseline values - Detects unauthorized modifications
Configuration:
[pbit_checksum]
enabled = true
[[file]]
path = "/etc/fstab"
checksum = "38f46022c28fe35e"
[[file]]
path = "/etc/passwd"
checksum = "019c94fe3330732f"
Pass conditions: - All file checksums match expected values
Common issues: - Legitimate file updates cause failures - Must regenerate checksums after system updates
pbit_dmesg_check¶
Purpose: Analyze kernel message log for errors and warnings at boot.
What it checks:
- Scans dmesg output for error patterns
- Identifies critical kernel errors
- Filters against ignore patterns
Configuration:
[pbit_dmesg_check]
enabled = true
learn_mode = false
error_patterns = ["error", "fail", "critical", "panic", "oops", "bug"]
warning_patterns = ["warn", "warning"]
ignore_patterns = [] # Add benign messages here
Pass conditions: - No critical error patterns found - Warnings logged but don't fail test
Common issues: - Requires root/sudo to read kernel buffer - Benign errors may need adding to ignore_patterns
Hardware Tests¶
pbit_cpu_cores¶
Purpose: Verify CPU core count matches expected value.
What it checks: - Counts available CPU cores - Compares against configured expected count - Detects CPU failures or misconfigurations
Configuration:
Pass conditions: - Actual core count equals expected_cores
Common issues: - Mismatch after hardware change - Hyperthreading configuration differences
pbit_disk_health¶
Purpose: Verify disk health using SMART data.
What it checks:
- Reads SMART attributes via smartctl
- Checks for disk failures or warnings
- Validates device accessibility
Configuration:
Pass conditions: - All disks accessible - SMART status reports healthy - No critical SMART errors
Common issues:
- Requires smartmontools package
- Some drives don't support SMART
- USB drives may not report SMART data
pbit_gpio¶
Purpose: Verify GPIO pins are in expected states.
What it checks: - Reads GPIO pin values from sysfs - Compares against expected HIGH/LOW states - Validates pin accessibility
Configuration:
[pbit_gpio]
enabled = true
[[gpio]]
pin = 17
expected_state = "high"
[[gpio]]
pin = 27
expected_state = "low"
Pass conditions: - All pins readable - Pin states match expectations - Empty GPIO list passes (no hardware)
Common issues: - Requires GPIO sysfs access - Pins must be exported first - Platform-specific GPIO numbering
pbit_gpu_loading¶
Purpose: Check GPU utilization at boot.
What it checks: - Queries GPU utilization percentage - Compares against threshold - Validates GPU driver accessibility
Configuration:
Pass conditions: - GPU utilization below threshold - GPU accessible and responding
Common issues: - Requires GPU drivers (NVIDIA, AMD, Intel) - May fail without discrete GPU - Driver not loaded at boot time
pbit_temperature¶
Purpose: Verify temperature sensors are within safe ranges.
What it checks:
- Reads thermal zones from /sys/class/thermal/
- Compares temperatures against thresholds
- Detects overheating at boot
Configuration:
[pbit_temperature]
enabled = true
[[thermal_zone]]
label = "Core 0"
threshold = 85.0
[[thermal_zone]]
label = "Package id 0"
threshold = 85.0
Pass conditions: - All sensors readable - Temperatures below thresholds
Common issues: - Sensor labels vary by platform - Some systems have limited sensors - Threshold too tight for warm environments
Resource Tests¶
pbit_cpu_usage¶
Purpose: Ensure CPU isn't overloaded at boot time.
What it checks: - Measures current CPU utilization - Compares against threshold - Validates boot-time resource availability
Configuration:
Pass conditions: - CPU usage below threshold percentage
Common issues: - High startup load may cause transient failures - Threshold too low for busy systems - Background services during boot
pbit_disk_usage¶
Purpose: Verify disk space availability.
What it checks: - Measures disk usage for specified partitions - Compares against per-disk thresholds - Ensures adequate free space
Configuration:
[pbit_disk_usage]
enabled = true
[[disk]]
disk = "/dev/sda1"
threshold = 80
[[disk]]
disk = "/dev/shm"
threshold = 80
Pass conditions: - All disks below threshold percentage
Common issues: - Logs or temporary files fill disk - Threshold too low for working systems - Mount points vs device names confusion
pbit_memory_usage¶
Purpose: Verify sufficient memory available.
What it checks: - Measures RAM usage - Checks swap usage - Validates minimum available memory
Configuration:
Pass conditions: - Memory usage below threshold - Swap usage below threshold - Available memory above minimum
Common issues: - Caching inflates "used" memory - Threshold too strict - Swap usage on systems without swap
pbit_power_test¶
Purpose: Monitor system power consumption and verify power supply.
What it checks: - Reads power consumption from hwmon - Validates voltage levels - Checks power supply status
Configuration:
[pbit_power_test]
enabled = true
min_voltage_mv = 3000
max_voltage_mv = 20000
max_power_uw = 150000000
Pass conditions: - Voltage within range - Power consumption within limits - Power supply accessible
Common issues: - Platform-specific hwmon paths - Not all systems expose power data - Laptop vs desktop differences
Network Tests¶
pbit_can¶
Purpose: Verify CAN bus interfaces are available.
What it checks:
- Detects CAN interfaces in /sys/class/net/
- Tests interface UP/DOWN control (with root)
- Validates interface accessibility
Configuration:
Pass conditions: - All interfaces exist - Interfaces controllable (if root) - Empty config passes (no hardware)
Common issues: - Requires root for interface control - CAN drivers must be loaded - Virtual CAN (vcan) vs physical CAN
pbit_ethernet¶
Purpose: Verify network interfaces exist and have expected status.
What it checks: - Discovers Ethernet interfaces - Checks link speed - Validates UP/DOWN state
Configuration:
[pbit_ethernet]
enabled = true
[[interface]]
name = "eth0"
expected_speed = 1000
expected_state = "up"
[[interface]]
name = "eth1"
expected_speed = 1000
expected_state = "down"
Pass conditions: - All interfaces exist - Link speeds match (if specified) - States match expectations
Common issues: - Interface naming varies (eth0, ens3, enp0s3) - Cable unplugged = state down - Virtual interfaces (docker0, virbr0)
pbit_serial_ports¶
Purpose: Verify serial ports are present and accessible.
What it checks:
- Scans for serial devices in /dev/
- Validates device file existence
- Checks device permissions
Configuration:
Pass conditions: - All specified ports exist - Ports are readable
Common issues: - USB-serial adapters not connected - Permission issues (dialout group) - Device naming differences (/dev/ttyS vs /dev/ttyUSB)
Security Tests¶
pbit_firewall_configuration¶
Purpose: Verify firewall is configured and active.
What it checks: - Detects firewall system (ufw, firewalld, iptables) - Checks if firewall is enabled - Validates firewall state
Configuration:
Pass conditions: - Expected firewall system detected - Firewall in expected state
Common issues: - Multiple firewall systems installed - Firewall disabled by policy - Container environments may not have firewall
pbit_pci_whitelist¶
Purpose: Verify only approved PCI devices are present.
What it checks:
- Scans PCI bus with lspci
- Compares devices against whitelist
- Detects unauthorized hardware
Configuration:
[pbit_pci_whitelist]
enabled = true
[[device]]
vendor_id = "8086"
device_id = "15d7"
manufacturer = "Intel Corporation"
device_description = "Ethernet Connection"
Pass conditions: - All detected devices in whitelist - No unexpected devices found
Common issues: - New hardware requires whitelist update - PCI hotplug devices - Virtualized environments differ
pbit_permissions_verification¶
Purpose: Verify file permissions on sensitive files.
What it checks: - Reads file permissions - Compares against expected mode - Detects permission changes
Configuration:
[pbit_permissions_verification]
enabled = true
[[file]]
path = "/etc/shadow"
mode = "0o640"
[[file]]
path = "/etc/passwd"
mode = "0o644"
Pass conditions: - All file permissions match expected values
Common issues: - Package updates change permissions - Different distros have different defaults - Must specify octal notation correctly
pbit_selinux_apparmor_status¶
Purpose: Verify SELinux or AppArmor security system is active.
What it checks: - Detects security system (SELinux or AppArmor) - Checks if enabled/enforcing - Validates security policy active
Configuration:
[pbit_selinux_apparmor_status]
enabled = true
expected_system = "apparmor"
expected_status = "enabled"
Pass conditions: - Expected security system detected - System in expected state (enabled/enforcing)
Common issues: - SELinux vs AppArmor platform differences - Permissive mode vs enforcing - Container environments may differ
pbit_ssh_configuration¶
Purpose: Verify SSH daemon configuration settings.
What it checks:
- Parses /etc/ssh/sshd_config
- Validates security-relevant settings
- Compares against expected values
Configuration:
[pbit_ssh_configuration]
enabled = true
[[setting]]
key = "PermitRootLogin"
value = "no"
[[setting]]
key = "PasswordAuthentication"
value = "no"
Pass conditions: - All settings match expected values - Config file readable and parseable
Common issues: - Commented-out settings vs actual values - Default values not in config file - Include directives complicate parsing
pbit_syslog_analysis¶
Purpose: Analyze system logs for critical errors.
What it checks: - Reads recent syslog entries - Searches for error patterns - Identifies critical system events
Configuration:
[pbit_syslog_analysis]
enabled = true
lines_to_check = 1000
error_patterns = ["error", "critical", "fail"]
ignore_patterns = []
Pass conditions: - No critical patterns in recent logs - Log file accessible
Common issues: - Varies by logging system (rsyslog, journald) - Log rotation timing - Verbose applications create noise
pbit_usb_whitelist¶
Purpose: Verify only approved USB devices are connected.
What it checks:
- Scans USB bus with lsusb
- Compares devices against whitelist
- Detects unauthorized devices
Configuration:
[pbit_usb_whitelist]
enabled = true
[[device]]
device_name = "USB Hub"
vendor_id = "1d6b"
device_id = "0002"
[[device]]
device_name = "Keyboard"
vendor_id = "046d"
device_id = "c52b"
Pass conditions: - All detected devices in whitelist - No unexpected devices found
Common issues: - USB device hotplug - Internal USB devices (webcam, Bluetooth) - Hub enumeration differences
Running PBIT Tests¶
All PBIT Tests¶
Specific PBIT Tests¶
# Hardware validation
bit-manager -t pbit_cpu_cores -t pbit_disk_health -t pbit_ethernet -o
# Security audit
bit-manager -t pbit_usb_whitelist -t pbit_pci_whitelist -t pbit_firewall_configuration -o
# Resource check
bit-manager -t pbit_cpu_usage -t pbit_memory_usage -t pbit_disk_usage -o
Next Steps¶
- CBIT Tests - Continuous monitoring tests
- FBIT Tests - Factory validation tests
- Test Overview - Complete test catalog
- Running Tests - Execution guide