PSA Firmware Framework Architecture Test Suite

PSA Firmware Framework

PSA Firmware Framework (PSA-FF) defines a standard interface and framework to isolate trusted functionality within constrained IoT devices.

The framework provides:

  • Architecture that describes isolated runtime environments (partitions) for trusted and untrusted firmware.
  • A standard model for describing the functionality and resources in each partition.
  • A Secure IPC interface to request services from other partitions.
  • A model that describes how the partitions can interact with one another, as well as the hardware and the firmware framework implementation itself.
  • A standard interface for the PSA RoT services such as PSA RoT lifecycle service.

This specification enables the development of Secure firmware functionality which can be reused on different devices that use any conforming implementation of the Firmware Framework. For more information, download the PSA-FF Specification.

Architecture test suite

The architecture test suite is a set of examples of the invariant behaviors that are specified by the PSA-FF specification. Use this suite to verify whether these behaviors are implemented correctly in your system. This suite contains self-checking and portable C-based tests with directed stimulus. The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution.

This test suite is not a substitute for design verification. To review the test logs, Arm licensees can contact Arm directly through their partner managers.

For more information on architecture test suite specification, refer to the Validation Methodology document.

Tests scenarios

The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the Scenario Document present in the docs/ folder.

Getting started

Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests. Make sure you have all required software installed as explained in the Software Requirements.

Porting steps

Refer to the PSA-FF Test Suite Porting Guide document for porting steps.

Build steps

To build the test suite for your target platform, perform the following steps.

  1. Execute cd api-tests.

  2. Using your Secure partition build tool, parse the following test suite partition manifest files and generate manifest output files. The manifest parsing tool must be compliant with the manifest rules defined in the PSA FF specification.

    The test suite manifests to be parsed are:

    • platform/targets/<platform_name>/manifests/common/driver_partition_psa.json
    • platform/targets/<platform_name>/manifests/ipc/client_partition_psa.json
    • platform/targets/<platform_name>/manifests/ipc/server_partition_psa.json

  3. Compile the tests as shown below. 

   ./tools/scripts/setup.sh --target <platform_name> --cpu_arch <cpu_architecture_version> --suite <suite_name>  --build <build_dir> --include <include_path>  --archive_tests


where:

  • <platform_name> is the same as the name of the target specific directory created in the platform/targets/ directory.
  • <cpu_architecture_version> is the Arm Architecture version name for which the tests should be compiled. For example, Armv7M, Armv8M-Baseline and Armv8M-Mainline Architecture.
  • <suite_name> is the suite name which is the same as the suite name available in ff/ directory.
  • <build_dir> is a directory to store the build output files.
  • <include_path> is an additional directory to be included into the compiler search path.
    Note: To compile IPC tests, the include path must point to the path where psa/client.h, psa/service.h, psa/lifecycle.h and test partition manifest output files(psa_manifest/sid.h, psa_manifest/pid.h and psa_manifest/.h) are located in your build system.
  • Use --archive_tests option to create a combined test archive(test_combine.a) file by combining the available test objects files. Not using this option will create a combined test binary(test_elf_combine.bin) by combining the available test ELFs.

For more information about options, refer to ./tools/scripts/setup.sh --help.

To compile IPC tests for tgt_ff_mbedos_fvp_mps2_m4 platform, execute the following commands:

cd api-tests
./tools/scripts/setup.sh --target tgt_ff_mbedos_fvp_mps2_m4 --cpu_arch armv7m --suite ipc --build BUILD_IPC --include <include_path1> --include <include_path2> --archive_tests

Note: The default compilation flow includes the functional API tests to build the test suite. It does not include panic tests that check for the API's PROGRAMMER ERROR conditions as defined in the PSA-FF specification. You can include the panic tests for building the test suite just by passing --include_panic_tests option to script.

Build output

The test suite build generates the following binaries:

NSPE libraries:

  1. <build_dir>/BUILD/val/val_nspe.a
  2. <build_dir>/BUILD/platform/pal_nspe.a
  3. <build_dir>/BUILD/ff/<suite_name>/test_combine.a

SPE libraries explicitly for IPC test suite:

  1. <build_dir>/BUILD/partition/driver_partition.a
  2. <build_dir>/BUILD/partition/client_partition.a
  3. <build_dir>/BUILD/partition/server_partition.a

Integrating the libraries into your target platform

  1. Integrate the test partition (SPE archives) with your software stack containing SPM so that the partition code gets access to PSA-defined client and Secure partition APIs. This forms an SPE binary.
  2. Integrate val_nspe.a, pal_nspe.a and test_combine.a libraries with your Non-secure OS so that these libraries get access to PSA client APIs. This forms an NSPE binary.
  3. Load NSPE binary into Non-secure memory.
  4. Load SPE binary into Secure memory.

Test suite execution

The following steps describe the execution flow before the test execution:

  1. The target platform must load the above binaries into appropriate memory.
  2. The System Under Test (SUT) boots to an environment that initializes the SPM and the test suite partitions are ready to accept requests.
  3. On the Non-secure side, the SUT boot software gives control to the test suite entry point void val_entry(void); as an application entry point.
  4. The tests are executed sequentially in a loop in the test_dispatcher function.

For details on test suite integration, refer to the Integrating the test suite with the SUT section of Validation Methodology.

License

Arm PSA test suite is distributed under Apache v2.0 License.

Feedback, contributions, and support

  • For feedback, use the GitHub Issue Tracker that is associated with this repository.
  • For support, send an email to support-psa-arch-tests@arm.com with details.
  • Arm licensees can contact Arm directly through their partner managers.
  • Arm welcomes code contributions through GitHub pull requests.

Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.