test: improve accelerated TFM configuration test and add reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 55ce05c..6a94cc6 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2780,31 +2780,55 @@
#tests/ssl-opt.sh
}
-component_test_tfm_config_p256m_driver_accel_ec () {
- msg "build: TFM config + p256m driver + accel ECDH(E)/ECDSA"
-
- # Replace "mbedtls_config.h" and "cypto_config.h" with TFM ones
+common_tfm_config () {
+ # Enable TF-M config
cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
- # Create a fake "mbedtls_entropy_nv_seed_config.h" which is required by
- # the TFM configuration. It will be deleted on exit.
- touch "include/mbedtls/mbedtls_entropy_nv_seed_config.h"
+ # Adjust for the fact that we're building outside the TF-M environment.
+ #
+ # TF-M has separation, our build doesn't
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ # TF-M provdes its own (dummy) implemenation, from their tree
+ scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT
+ scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT
+ # We have an OS that provides entropy, use it
+ scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY
+
+ # Other config adjustments to make the tests pass.
+ # Those are a surprise and should be investigated and fixed.
+ #
+ # pkparse.c and pkwrite.c fail to link without this
+ echo "#define MBEDTLS_OID_C" >> "$CONFIG_H"
+
+ # Config adjustements for better test coverage in our environment.
+ # These are not needed just to build and pass tests.
+ #
+ # Enable filesystem I/O for the benefit of PK parse/write tests.
+ echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
+}
+
+component_test_tfm_config_p256m_driver_accel_ec () {
+ msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
+
+ common_tfm_config
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
- # Unset PSA_CRYPTO_SPM because test and sample programs aren't equipped
- # for the modified names used when MBEDTLS_PSA_CRYPTO_SPM is active.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM
- # Use our implementation of AES
- scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT
- scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT
- # Configure entropy support
- scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY
- scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
- # Enable crypto storage
- scripts/config.py set MBEDTLS_PSA_CRYPTO_STORAGE_C
+ # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h"
+ #
+ # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
+ echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
+ # - ECP_C and BIGNUM because P256M does not have support for import and export
+ # of keys so we need the builtin support for that
+ echo "#define MBEDTLS_ECP_C" >> "$CONFIG_H"
+ echo "#define MBEDTLS_BIGNUM_C" >> "$CONFIG_H"
+ # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h
+ echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H"
+ echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H"
+ echo "#define MBEDTLS_OID_C" >> "$CONFIG_H"
# Set the list of accelerated components in order to remove them from
# builtin support. We don't set IMPORT and EXPORT because P256M does not
@@ -2815,23 +2839,9 @@
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
KEY_TYPE_ECC_PUBLIC_KEY"
loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h". All of
- # them fix missing items:
- # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
- # - FS_IO for the plaform + entropy modules
- # - ECP_C and BIGNUM because P256M does not have support for import and export
- # of keys so we need the builtin support for that
- # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h
- cflags="-DMBEDTLS_USE_PSA_CRYPTO \
- -DMBEDTLS_ASN1_PARSE_C \
- -DMBEDTLS_ASN1_WRITE_C \
- -DMBEDTLS_OID_C \
- -DMBEDTLS_FS_IO \
- -DMBEDTLS_ECP_C \
- -DMBEDTLS_BIGNUM_C \
- -DMBEDTLS_PSA_ITS_FILE_C"
+
# Build crypto library specifying we want to use P256M code for EC operations
- make CFLAGS="$cflags $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED -O0 -g"
+ make CFLAGS="$loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
#not grep mbedtls_ecdsa_ library/ecdsa.o # this is needed for deterministic ECDSA
@@ -2844,11 +2854,18 @@
#not grep mbedtls_mpi_ library/bignum.o # this is needed from ECP module
# Run the tests
- msg "test: TFM config + p256m driver + accel ECDH(E)/ECDSA"
+ msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
make test
+}
- # Remove unnecessary files generated for the test
- rm "include/mbedtls/mbedtls_entropy_nv_seed_config.h"
+component_test_tfm_config() {
+ common_tfm_config
+
+ msg "build: TF-M config"
+ make tests
+
+ msg "test: TF-M config"
+ make test
}
# Helper function used in: