Tests on non-secure side include headers from secure side
Open, Needs TriagePublic

Description

Non-secure software should not include any secure side internal headers (ex: from ./secure_fw/core/include) but only those that are exposed as APIs (./interface/include).

The following test suites on the non-secure side include internal headers from secure side:

Attestation:
attestation_ns_interface_testsuite.c

#include "secure_fw/services/initial_attestation/attestation.h"

Core Positive:
core_ns_positive_testsuite.c

#include "test/test_services/tfm_core_test/core_test_defs.h"
  #include "tfm_core.h"  // from ./secure_fw/core/include through core_test_defs.h
#include “tfm_plat_test.h  // from ./platform/include

Core Interactive:
core_ns_interactive_testsuite.c

#include "test/test_services/tfm_core_test/core_test_defs.h"
  #include "tfm_core.h"  // from ./secure_fw/core/include through core_test_defs.h

./app/tfm_integ_test.c:

#include "test/test_services/tfm_core_test/core_test_defs.h"
  #include "tfm_core.h"  // from ./secure_fw/core/include through core_test_defs.h

This actually causes a compile error in our build because tfm_core.h defines the LOG_MSG macro (through secure_utilities.h) which clashes with the inline static function LOG_MSG defined in tfm_integ_test.h. We had to patch the tfm_integ_test.c by adding #undef LOG_MSG after the secure header is indirectly included.

./app/main_ns.c:

#include "target_cfg.h" // from ./platform/ext/target/<target_name>

target_cfg.h from secure side also contains USART driver definitions for non-secure side. This should be decoupled and non-secure side should not include that header.

RobertRostohar triaged this task as High priority.
abhishek-pandit raised the priority of this task from High to Needs Triage.Oct 4 2019, 4:02 PM