ci: Update FIH tests for newer TFM
Update build to run on new TFM release to be used (eb8ff0d).
Refactor hardcoded path usage to all come from a main configuration
script.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/ci/fih_test_docker/execute_test.sh b/ci/fih_test_docker/execute_test.sh
index a110837..cc67d84 100755
--- a/ci/fih_test_docker/execute_test.sh
+++ b/ci/fih_test_docker/execute_test.sh
@@ -16,10 +16,7 @@
set -e
-WORKING_DIRECTORY=/root/work/tfm
-MCUBOOT_PATH=$WORKING_DIRECTORY/mcuboot
-TFM_DIR=$WORKING_DIRECTORY/trusted-firmware-m
-TFM_BUILD_DIR=$TFM_DIR/build
+source $(dirname "$0")/paths.sh
SKIP_SIZE=$1
BUILD_TYPE=$2
@@ -34,26 +31,31 @@
fi
# build TF-M with MCUBoot
-mkdir -p $TFM_BUILD_DIR
-cd $TFM_DIR
-cmake -B $TFM_BUILD_DIR \
- -DTFM_SPM_LOG_LEVEL=TFM_SPM_LOG_LEVEL_INFO \
- -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
- -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
+mkdir -p $TFM_BUILD_PATH $TFM_SPE_BUILD_PATH
+
+cmake -S $TFM_TESTS_PATH/tests_reg/spe \
+ -B $TFM_SPE_BUILD_PATH \
-DTFM_PLATFORM=arm/mps2/an521 \
- -DTEST_NS=ON \
+ -DCONFIG_TFM_SOURCE_PATH=$TFM_PATH \
+ -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
+ -DTFM_TOOLCHAIN_FILE=$TFM_PATH/toolchain_GNUARM.cmake \
-DTEST_S=ON \
+ -DTEST_NS=ON \
-DTFM_PSA_API=ON \
-DMCUBOOT_PATH=$MCUBOOT_PATH \
-DMCUBOOT_LOG_LEVEL=INFO \
- $CMAKE_FIH_LEVEL \
- .
-cd $TFM_BUILD_DIR
-make -j install
+ $CMAKE_FIH_LEVEL
+cmake --build $TFM_SPE_BUILD_PATH -- install
-BOOTLOADER_AXF='./install/outputs/bl2.axf'
+cmake -S $TFM_TESTS_PATH/tests_reg \
+ -B $TFM_BUILD_PATH \
+ -DCONFIG_SPE_PATH=$TFM_SPE_BUILD_PATH/api_ns \
+ -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
+ -DTFM_TOOLCHAIN_FILE=$TFM_SPE_BUILD_PATH/api_ns/cmake/toolchain_ns_GNUARM.cmake
+cmake --build $TFM_BUILD_PATH
-$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml
+cd $TFM_BUILD_PATH
+$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF_PATH $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml
echo ""
echo "test finished with"
diff --git a/ci/fih_test_docker/fi_tester_gdb.sh b/ci/fih_test_docker/fi_tester_gdb.sh
index a68aa66..ffb0bc7 100755
--- a/ci/fih_test_docker/fi_tester_gdb.sh
+++ b/ci/fih_test_docker/fi_tester_gdb.sh
@@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+source $(dirname "$0")/paths.sh
+
function skip_instruction {
local SKIP_ADDRESS=$1
@@ -40,7 +42,7 @@
cat >commands.gdb <<EOF
target remote localhost: 1234
-file $IMAGE_DIR/bl2.axf
+file $AXF_FILE
b boot_go_for_image_id if image_id == 0
continue
delete breakpoints 1
@@ -71,8 +73,8 @@
/usr/bin/qemu-system-arm \
-M mps2-an521 \
-s -S \
- -kernel $IMAGE_DIR/bl2.axf \
- -device loader,file=$IMAGE_DIR/tfm_s_ns_signed.bin,addr=0x10080000 \
+ -kernel $AXF_FILE \
+ -device loader,file=$TFM_IMAGE_PATH,addr=0x10080000 \
-chardev file,id=char0,path=$QEMU_LOG_FILE \
-serial chardev:char0 \
-display none \
@@ -100,7 +102,7 @@
#print the address that was skipped, and some context to the console
echo "" 1>&2
echo "Boot success: address: $SKIP_ADDRESS skipped: $SKIP_SIZE" 1>&2
- arm-none-eabi-objdump -d $IMAGE_DIR/bl2.axf --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
+ arm-none-eabi-objdump -d $AXF_FILE --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
echo "" 1>&2
echo "" 1>&2
else
@@ -142,8 +144,7 @@
#defaults
SKIP=2
-BIN_DIR=$(pwd)/install/outputs
-AXF_FILE=$BIN_DIR/bl2.axf
+AXF_FILE=${BOOTLOADER_AXF_PATH}
GDB=gdb-multiarch
BOOTLOADER=true
diff --git a/ci/fih_test_docker/paths.sh b/ci/fih_test_docker/paths.sh
new file mode 100644
index 0000000..6afeab7
--- /dev/null
+++ b/ci/fih_test_docker/paths.sh
@@ -0,0 +1,10 @@
+WORK_PATH=/root/work/tfm
+MCUBOOT_PATH=$WORK_PATH/mcuboot
+TFM_PATH=$WORK_PATH/trusted-firmware-m
+TFM_TESTS_PATH=$WORK_PATH/tf-m-tests
+TFM_SPE_BUILD_PATH=$TFM_PATH/build_spe
+TFM_BUILD_PATH=$TFM_PATH/build
+BOOTLOADER_AXF_PATH=$TFM_SPE_BUILD_PATH/bin/bl2.axf
+TFM_IMAGE_NAME=tfm_s_ns_signed.bin
+TFM_IMAGE_OUTPUT_PATH=$TFM_BUILD_PATH
+TFM_IMAGE_PATH=$TFM_IMAGE_OUTPUT_PATH/$TFM_IMAGE_NAME
diff --git a/ci/fih_test_docker/run_fi_test.sh b/ci/fih_test_docker/run_fi_test.sh
index 49567a2..5bf884c 100755
--- a/ci/fih_test_docker/run_fi_test.sh
+++ b/ci/fih_test_docker/run_fi_test.sh
@@ -28,16 +28,17 @@
SKIP_SIZES=$2
DAMAGE_TYPE=$3
+source $(dirname "$0")/paths.sh
+
# Take an image and make it unbootable. This is done by replacing one of the
# strings in the image with a different string. This causes the signature check
# to fail
function damage_image
{
- IMAGEDIR=$(dirname $MCUBOOT_AXF)
- local IMAGE_NAME=tfm_s_ns_signed.bin
- local BACKUP_IMAGE_NAME=tfm_s_ns_signed.bin.orig
- local IMAGE=$IMAGEDIR/$IMAGE_NAME
- mv $IMAGE $IMAGEDIR/$BACKUP_IMAGE_NAME
+ local IMAGE_NAME=${TFM_IMAGE_NAME}
+ local BACKUP_IMAGE_NAME=${TFM_IMAGE_NAME}.orig
+ local IMAGE=$TFM_IMAGE_OUTPUT_PATH/$IMAGE_NAME
+ mv $IMAGE $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME
if [ "$DAMAGE_TYPE" = "SIGNATURE" ]; then
DAMAGE_PARAM="--signature"
@@ -48,7 +49,7 @@
exit -1
fi
- python3 $DIR/damage_image.py -i $IMAGEDIR/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
+ python3 $DIR/damage_image.py -i $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
}
function run_test
@@ -73,7 +74,7 @@
END=$(printf "0x%X" $((END + PAD)))
# Invoke the fi tester script
- $DIR/fi_tester_gdb.sh $IMAGEDIR $START $END --skip $SKIP_SIZE
+ $DIR/fi_tester_gdb.sh $TFM_IMAGE_OUTPUT_PATH $START $END --skip $SKIP_SIZE
done
}