Test: PSA Arch test for the split build
MVP for PSA arch tests for split build. Further work required but
builds and executes tests for ITS, ATESTATION, CRYPTO(hangs)
To execute need SPE binaries in CONFIG_SPE_PATH, ex. /prj/build-tfm/api_ns
and PSA Arch test repo in PSA_ARCH_TESTS_PATH ex ../pse-arch-tests then:
cmake -S . -B build -DCONFIG_SPE_PATH=/prj/build/api_ns -DPSA_ARCH_TESTS_PATH=<..>/psa-arch-tests
cmake --build build -- tfm_app_binaries
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I52c17144373ea6cb95277e3939e11213e9318729
diff --git a/app_test_psa_arch/CMakeLists.txt b/app_test_psa_arch/CMakeLists.txt
new file mode 100644
index 0000000..dbfa886
--- /dev/null
+++ b/app_test_psa_arch/CMakeLists.txt
@@ -0,0 +1,140 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+cmake_minimum_required(VERSION 3.15)
+
+#--- SPE artifacts -------------------------------------------------------------
+
+if (NOT DEFINED CONFIG_SPE_PATH OR NOT EXISTS ${CONFIG_SPE_PATH})
+ message(FATAL_ERROR "CONFIG_SPE_PATH = ${CONFIG_SPE_PATH} is not defined or incorrect. Please provide full path to TF-M build artifacts using -DCONFIG_SPE_PATH=")
+endif()
+
+if (NOT DEFINED CMAKE_TOOLCHAIN_FILE)
+ set(CROSS_COMPILE arm-none-eabi)
+ set(CMAKE_TOOLCHAIN_FILE ${CONFIG_SPE_PATH}/cmake/toolchain_ns_GNUARM.cmake)
+endif()
+
+set(CPU_ARCH ${PSA_API_TEST_CPU_ARCH})
+set(SUITE ${TEST_PSA_API})
+
+#--- NSPE side project ---------------------------------------------------------
+
+list(APPEND CMAKE_MODULE_PATH ${CONFIG_SPE_PATH}/cmake)
+
+project("TF-M PSA Arch tests" LANGUAGES C)
+
+add_executable(tfm_ns)
+
+add_subdirectory(../ns_interface ${CMAKE_BINARY_DIR}/ns_interface)
+
+list(APPEND PSA_INCLUDE_PATHS ${CONFIG_SPE_PATH}/interface/include)
+
+if(NOT TARGET)
+ if (NOT "${TEST_PSA_API}" STREQUAL "IPC")
+ set(TARGET tgt_dev_apis_tfm_${PSA_API_TEST_TARGET})
+ else()
+ set(TARGET tgt_ff_tfm_${PSA_API_TEST_TARGET})
+ endif()
+endif()
+
+if(NOT PSA_INCLUDE_PATHS)
+ set(PSA_INCLUDE_PATHS ${INTERFACE_INC_DIR}/
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/
+ ${CMAKE_BINARY_DIR}/generated/interface/include
+ )
+endif()
+
+set(SP_HEAP_MEM_SUPP 0)
+set(PLATFORM_PSA_ISOLATION_LEVEL ${TFM_ISOLATION_LEVEL})
+
+add_subdirectory(${PSA_ARCH_TESTS_PATH}/api-tests ${CMAKE_CURRENT_BINARY_DIR}/psa_api_tests)
+
+if (TEST_PSA_API STREQUAL IPC)
+ target_include_directories(tfm_partitions
+ INTERFACE
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests
+ )
+
+ target_sources(tfm_psa_rot_partition_driver_partition
+ PRIVATE
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/intermedia_driver_partition_psa.c
+ )
+ target_link_libraries(tfm_psa_rot_partition_driver_partition
+ PRIVATE
+ psa_interface
+ platform_s
+ )
+ target_compile_definitions(tfm_psa_rot_partition_driver_partition
+ PRIVATE
+ CONFIG_TFM_BUILDING_SPE=1
+ TFM_ISOLATION_LEVEL=${TFM_ISOLATION_LEVEL}
+ )
+
+ target_sources(tfm_app_rot_partition_client_partition
+ PRIVATE
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/intermedia_client_partition_psa.c
+ )
+ target_link_libraries(tfm_app_rot_partition_client_partition
+ PRIVATE
+ psa_interface
+ platform_s
+ )
+ target_compile_definitions(tfm_app_rot_partition_client_partition
+ PRIVATE
+ CONFIG_TFM_BUILDING_SPE=1
+ TFM_ISOLATION_LEVEL=${TFM_ISOLATION_LEVEL}
+ )
+
+ target_sources(tfm_app_rot_partition_server_partition
+ PRIVATE
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/intermedia_server_partition_psa.c
+ )
+ target_link_libraries(tfm_app_rot_partition_server_partition
+ PRIVATE
+ psa_interface
+ platform_s
+ )
+ target_compile_definitions(tfm_app_rot_partition_server_partition
+ PRIVATE
+ CONFIG_TFM_BUILDING_SPE=1
+ TFM_ISOLATION_LEVEL=${TFM_ISOLATION_LEVEL}
+ )
+
+ target_sources(tfm_partitions
+ INTERFACE
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/load_info_driver_partition_psa.c
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/load_info_client_partition_psa.c
+ ${CMAKE_BINARY_DIR}/generated/api-tests/platform/manifests/auto_generated/load_info_server_partition_psa.c
+ )
+
+ target_link_libraries(tfm_partitions
+ INTERFACE
+ tfm_psa_rot_partition_driver_partition
+ tfm_app_rot_partition_client_partition
+ tfm_app_rot_partition_server_partition
+ )
+endif()
+
+############################# TFM NS main app ##################################
+
+target_sources(tfm_ns
+ PRIVATE
+ test_app.c
+)
+
+target_link_libraries(tfm_ns
+ PRIVATE
+ tfm_test_broker
+ val_nspe
+ pal_nspe
+ test_combine
+)
+
+set_target_properties(tfm_ns PROPERTIES
+ SUFFIX ".axf"
+ RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin"
+)
+
diff --git a/app_test_psa_arch/config_spe.cmake b/app_test_psa_arch/config_spe.cmake
new file mode 100644
index 0000000..bc147c6
--- /dev/null
+++ b/app_test_psa_arch/config_spe.cmake
@@ -0,0 +1,45 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+#
+# This is a configuration files for building SPE, necessary for PSA API Arch tests.
+# It shall be passed to SPE build via TFM_EXTRA_CONFIG_PATH option.
+#-------------------------------------------------------------------------------
+
+# Do not forget to specify configuration file While building SPE via:
+# -DPROJECT_CONFIG_HEADER_FILE=<>/config_test_psa_api.h
+
+set(TEST_S OFF CACHE BOOL "Whether to build S regression tests")
+set(TFM_S_REG_TEST OFF CACHE BOOL "Enable S regression test")
+set(NS OFF CACHE BOOL "Enalbe NS side build")
+
+if ("${TEST_PSA_API}" STREQUAL "IPC")
+ # PSA Arch test partitions only support IPC model so far
+ set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
+ set(TFM_PARTITION_FF_TEST ON)
+else()
+ set(TFM_PARTITION_FF_TEST OFF)
+endif()
+
+if ("${TEST_PSA_API}" STREQUAL "INITIAL_ATTESTATION")
+ set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
+ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+ set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+ set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
+endif()
+
+if ("${TEST_PSA_API}" STREQUAL "CRYPTO")
+ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+ set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+ set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
+endif()
+
+if ("${TEST_PSA_API}" STREQUAL "STORAGE")
+ set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+ set(TFM_PARTITION_PROTECTED_STORAGE ON CACHE BOOL "Enable Protected Storage partition")
+ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+ set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
+endif()
diff --git a/app_test_psa_arch/config_test_psa_api.h b/app_test_psa_arch/config_test_psa_api.h
new file mode 100644
index 0000000..9127a33
--- /dev/null
+++ b/app_test_psa_arch/config_test_psa_api.h
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_TEST_PSA_API_H__
+#define __CONFIG_TEST_PSA_API_H__
+
+/* Platform Partition Configs */
+
+/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
+#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
+
+/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
+#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
+
+/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
+#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
+
+/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
+#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
+
+/* Crypto Partition Configs */
+
+/*
+ * Heap size for the crypto backend
+ * CRYPTO_ENGINE_BUF_SIZE needs to be much larger for PSA API tests.
+ */
+#ifndef CRYPTO_ENGINE_BUF_SIZE
+#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+#endif
+
+/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
+#define CRYPTO_CONC_OPER_NUM 8
+#endif
+
+/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
+#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
+#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
+#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
+#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
+#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
+#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
+#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
+#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
+#endif
+
+/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
+#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
+
+/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
+#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
+
+/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
+#define CRYPTO_NV_SEED 1
+#endif
+
+/*
+ * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
+ * to optimize memory footprint in resource-constrained devices.
+ */
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
+
+/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
+#define CRYPTO_STACK_SIZE 0x1B00
+#endif
+
+/* FWU Partition Configs */
+
+/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
+#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
+
+/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
+#define FWU_STACK_SIZE 0x600
+#endif
+
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#endif
+
+/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
+
+/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
+#define ATTEST_STACK_SIZE 0x700
+#endif
+
+/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
+
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
+#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
+#define ITS_RAM_FS 0
+#endif
+
+/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
+#ifdef PSA_API_TEST_CRYPTO
+/*
+ * When building for the PSA Crypto API tests, ensure the ITS max asset size is
+ * set to at least the size of the largest asset created by the tests.
+ */
+#define ITS_MAX_ASSET_SIZE 1229
+#else
+#define ITS_MAX_ASSET_SIZE 512
+#endif
+#endif
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#ifndef ITS_BUF_SIZE
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+#endif
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
+#define ITS_NUM_ASSETS 10
+#endif
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
+#define ITS_STACK_SIZE 0x720
+#endif
+
+/* PS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
+#define PS_CREATE_FLASH_LAYOUT 1
+#endif
+
+/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
+#define PS_RAM_FS 0
+#endif
+
+/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
+#define PS_ROLLBACK_PROTECTION 1
+#endif
+
+/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
+#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
+
+/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
+#define PS_MAX_ASSET_SIZE 2048
+#endif
+
+/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
+#define PS_NUM_ASSETS 10
+#endif
+
+/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
+#define PS_STACK_SIZE 0x700
+#endif
+
+/* SPM Partition Configs */
+
+/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
+#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
+
+/* Set the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
+#ifdef PSA_API_TEST_IPC
+/* IPC test suite uses IPC backend */
+#define CONFIG_TFM_DOORBELL_API 1
+#else
+#define CONFIG_TFM_DOORBELL_API 0
+#endif
+#endif
+
+#endif /* __CONFIG_TEST_PSA_API_H__ */
diff --git a/app_test_psa_arch/test_app.c b/app_test_psa_arch/test_app.c
new file mode 100644
index 0000000..80190bd
--- /dev/null
+++ b/app_test_psa_arch/test_app.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017-2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "test_app.h"
+#include "tfm_log.h"
+
+/**
+ * \brief This symbol is the entry point provided by the PSA API compliance
+ * test libraries
+ */
+extern void val_entry(void);
+
+/**
+ * \brief Services test thread
+ *
+ */
+__attribute__((noreturn))
+void test_app(void *argument)
+{
+ UNUSED_VARIABLE(argument);
+
+ val_entry();
+
+ /* Output EOT char for test environments like FVP. */
+ LOG_MSG("\x04");
+
+ /* End of test */
+ for (;;) {
+ }
+}