Version 27 vs 65
Version 27 vs 65
Edits
Edits
- Edit by gyuri-szing, Version 65
- Oct 18 2023 12:55 PM
- Edit by jellesels-arm, Version 27
- Feb 25 2022 5:55 PM
Edit Older Version 27... | Edit Current Version 65... |
Content Changes
Content Changes
OP-TEE SPMC implementation
==========================
Introduction
------------
### OP-TEE SPMC implementation
This document describes the OP-TEE SPMC implementation. This
implementation is used to support the Trusted Services PSA SPs. The PSA
SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be
used as a reference S-EL1 implementation and the Trusted Service can be
used a reference S-EL0 SP implementations.
### FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed
to standardize the communication between the various software images.
Including the communication between the various software images in the
Secure world and Normal world. The current release of the OP-TEE SPMC is
based around the [FF-A v1.0
spec](https://developer.arm.com/documentation/den0077/latest.)
### OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE)
implementing the Arm TrustZone technology. More information can be found
at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-El1 SPMC. The current mainline
OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os)
### Trusted Services
The Trusted Services project provides a framework for developing and
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
[Trusted-Services](https://trusted-services.readthedocs.io/en/latest/)
Current Status
--------------
Currently the mainline OP-TEE SPMC is not yet fully compliant with the
FF-A V1.0 spec. It also doesn't support all of the Trusted Services
SPs.
### SPMC status
OP-TEE mainline SPMC FF-A status:
| Description | Status|
| --- | ----------- |
|SP loading | Supported |
|SP messaging | Supported |
|Manifest file | Not Supported |
|Memory management | Supported |
|Interrupts | Not supported |
OP-TEE mainline SPMC FF-A messages status:
------------------------------ -------------------------
|------------------------------|-----------|
| FFA_ERROR | Supported|
| FFA_SUCCESS | Supported|
| FFA_INTERRUPT | Not supported|
| FFA_VERSION | Supported|
| FFA_FEATURES | Supported|
| FFA_RX_RELEASE | Supported|
| FFA_RXTX_MAP | Supported|
| FFA_RXTX_UNMAP | Supported|
| FFA_PARTITION_INFO_GET | Supported|
| FFA_ID_GET | Supported|
| FFA_MSG_WAIT | Supported|
| FFA_YIELD | Not supported|
| FFA_RUN | Not supported|
| FFA_NORMAL_WORLD_RESUME | Not supported|
| FFA_MSG_SEND | Not supported|
| FFA_MSG_SEND_DIRECT_REQ | Supported|
| FFA_MSG_SEND_DIRECT_RESP | Supported|
| FFA_MSG_POLL | Not supported|
| FFA_MEM_DONATE | Not supported|
| FFA_MEM_LEND | Not supported|
| FFA_MEM_SHARE | Partially supported[^1]|
| FFA_MEM_RETRIEVE_REQ | Supported|
| FFA_MEM_RETRIEVE_RESP | Supported|
| FFA_MEM_RELINQUISH | Supported|
| FFA_MEM_RECLAIM | Supported|
[^1]: Device memory is not yet supported.
### Trusted Service status
Currently not all Trusted Service functionality is supported when using
the OP-TEE SPMC. We are planning to support all functionality over time.
Currently the OP-TEE SPMC supports the following PSA Trusted Services
SPs:
--------------------------- --------------------------------------------------------------------
|----------------------------|--------|
|internal-trusted-storage: |Supported|
|protected-storage: |Supported|
|crypto: |Supported with mock backend. A hardware trngs is not yet supported|
|attestation: |Not yet supported|
|smm-gateway: |Not yet supported|
Build
-----
The build process is based around the [OP-TEE build
process](https://optee.readthedocs.io/en/latest/building/gits/build.html)
with some extra steps.
### Requirements:
- The Trusted Services project has some extra
[requirements](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html)
from OP-TEE. It mainly depends on cmake.
- The current system uses the Arm FVP to run the test environment. The
latest version can be found at
[developer.arm.com](https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.16_16.tgz)
The default path for FVP in the build scripts is set to
/opt/fvp/latest
### Build steps
Get the manifest file:
rm -rf optee
mkdir optee
cd optee
repo init -u https://review.trustedfirmware.org/OP-TEE/manifest -m psa-sp-fvp.xml -b topics/spmc_mainline
repo sync -j4 --no-clone-bundle
Build the OP-TEE image:
The OP-TEE build will default be configure to use mainline OP-TEE SPMC.
To be able to build OP-TEE mainline version, it might be needed to
change the SPMC_VERSION to SPMC_VERSION=github in build/fvp_ffa.mk.
Build OP-TEE:
cd build
make toolchains
make
cd ..
Build TS apps:
make -C trusted-services/tools/b-test r-component-test-arm-linux \
r-psa-api-test-crypto-arm-linux \
r-psa-api-test-internal_trusted_storage-arm-linux \
r-psa-api-test-protected_storage-arm-linux \
r-ts-demo-arm-linux \
r-ts-service-test-arm-linux
Copy the TS apps to the shared directory:
cp -r trusted-services/tools/b-test/install/arm-linux shared
More info about building TS-apps can be found at the [Trusted Services
build
instructions](https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html)
Run fvp:
make -C build run-only
2 console windows should appear, 1 for the Secure World and 1 for the Normal World.
Login as root.
Set up the [fvp
environment](https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests):
cd /mnt/
sh load_module.sh
cp arm-linux/lib/libts.so.1 /usr/lib/
Run the PSA ServiceTests:
cd /mnt/arm-linux/bin
# Prepare tests
cd /mnt
./load_module.sh
cp arm-linux/lib/libts.so* /lib
# Run the TS demo
```
./arm-linux/bin/ts-demo
```
Result:
lines=8
Demonstrates use of trusted services from an application
---------------------------------------------------------
A client requests a set of crypto operations performed by
the Crypto service. Key storage for persistent keys is
provided by the Secure Storage service via the ITS client.
Generating random bytes length: 1
Operation successful
Random bytes:
2B
Generating random bytes length: 7
Operation successful
Random bytes:
68 CF 0C 5D 87 C7 11
Generating random bytes length: 128
Operation successful
Random bytes:
BF C6 85 27 81 02 5F 83
60 97 E9 2C A6 30 8E F7
C6 81 44 CB 26 32 8D F5
62 BA 0F DE B8 2C 69 E2
DD C0 FF A0 04 E2 D0 C0
DC EA 11 CE DD 7E 33 87
62 07 89 02 00 68 FC 24
AD D2 E4 86 40 3F 6E 65
83 46 33 9A F8 84 14 3B
72 11 8D 63 59 6F 69 96
70 D2 83 8D 60 6D 9F A2
B3 54 F6 3E 5E B3 FE 07
C9 51 F1 6A F5 B0 0E AA
08 B3 AE F5 06 73 6C 8B
95 73 B2 FF 72 C6 CF 84
12 7A 7A 1F 07 F2 58 71
Generating ECC signing key
Operation successful
Signing message: "The quick brown fox" using key: 256
Operation successful
Signature bytes:
F9 F7 0E D0 4A B2 77 DF
67 40 F5 36 4D 92 38 A3
13 5B 04 A0 6C BD 84 40
03 E2 43 EE BF 6F C6 C4
5B 5D A4 21 D9 EB 17 86
B9 71 0D C9 84 0C FE 55
71 8E 5C F7 D4 7D EB 04
9B 5A 11 D7 46 96 BD A6
Verify signature using original message: "The quick brown fox"
Operation successful
Verify signature using modified message: "!he quick brown fox"
Successfully detected modified message
Signing message: "jumps over the lazy dog" using key: 256
Operation successful
Signature bytes:
45 40 14 E3 39 0C 3B 8A
5F 05 C8 0C E0 B6 A6 D2
8B 5E E3 76 49 DD F1 9E
50 A0 77 6F 1B FA FF C8
38 66 6A 2D 40 B1 79 9C
43 BE 59 F4 48 45 A2 0E
D0 17 3F 1F D3 D7 C0 84
65 AC 9B 8A FB 6E B6 B6
Verify signature using original message: "jumps over the lazy dog"
Operation successful
Verify signature using modified message: "!umps over the lazy dog"
Successfully detected modified message
Generating RSA encryption key
Operation successful
Encrypting message: "Top secret" using RSA key: 257
Operation successful
Encrypted message:
42 B6 53 D8 A3 03 BB 64
66 C0 31 A5 42 2C F8 F3
B8 E3 9C 58 42 7C 2C E0
19 43 F6 02 EB 60 6A DC
Decrypting message using RSA key: 257
Operation successful
Decrypted message: "Top secret"
Exporting public key: 256
Operation successful
Public key bytes:
04 D0 9A AF 76 18 9B 3B
08 38 65 BA 5F 81 B0 85
6A 39 42 19 5F 0D 17 86
CD 7E 2A E6 A4 CC A2 E4
B3 78 89 76 F6 CA 02 12
CB 07 2B AB CF 03 59 B3
34 8D 5D 0F 31 53 E0 68
9D 25 E2 AF 2E 0C 2C BE
51
Destroying signing key: 256
Operation successful
Destroying encryption key: 257
Operation successful
# Run components test
```
./arm-linux/bin/component-test -v
```
Results:
lines=8
TEST(UefiVariableStoreTests, noRemoveCheck) - 2915 ms
TEST(UefiVariableStoreTests, readOnlycheck) - 492 ms
TEST(UefiVariableStoreTests, unsupportedAttribute) - 215 ms
TEST(UefiVariableStoreTests, failedNvSet) - 1076 ms
TEST(UefiVariableStoreTests, enumerateStoreContents) - 695 ms
TEST(UefiVariableStoreTests, runtimeAccess) - 542 ms
TEST(UefiVariableStoreTests, bootServiceAccess) - 634 ms
TEST(UefiVariableStoreTests, removePersistent) - 609 ms
TEST(UefiVariableStoreTests, removeVolatile) - 668 ms
TEST(UefiVariableStoreTests, persistentSetGet) - 807 ms
TEST(UefiVariableStoreTests, setGetRoundtrip) - 509 ms
TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - 303 ms
TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - 610 ms
TEST(UefiVariableIndexTests, checkIterator) - 592 ms
TEST(UefiVariableIndexTests, removeVariable) - 321 ms
TEST(UefiVariableIndexTests, dumpBufferTooSmall) - 269 ms
TEST(UefiVariableIndexTests, dumpLoadRoadtrip) - 270 ms
TEST(UefiVariableIndexTests, enumerateStore) - 284 ms
TEST(UefiVariableIndexTests, variableIndexFull) - 347 ms
TEST(UefiVariableIndexTests, addWithOversizedName) - 504 ms
TEST(UefiVariableIndexTests, emptyIndexOperations) - 335 ms
TEST(SfsTests, psCreateAndSetExtended) - 1429 ms
TEST(SfsTests, psCreateAndSet) - 359 ms
TEST(SfsTests, itsStorageLimitTest) - 327 ms
TEST(SfsTests, itsStoreNewItem) - 231 ms
TEST(MockStoreTests, psCreateAndSetExtended) - 223 ms
TEST(MockStoreTests, psCreateAndSet) - 200 ms
TEST(MockStoreTests, itsStorageLimitTest) - 164 ms
TEST(MockStoreTests, itsStoreNewItem) - 211 ms
TEST(SecureStorageProxyTests, psCreateAndSetExtended) - 961 ms
TEST(SecureStorageProxyTests, psCreateAndSet) - 299 ms
TEST(SecureStorageProxyTests, itsStorageLimitTest) - 178 ms
TEST(SecureStorageProxyTests, itsStoreNewItem) - 260 ms
TEST(SecureStorageClientTests, psCreateAndSetExtended) - 314 ms
TEST(SecureStorageClientTests, psCreateAndSet) - 240 ms
TEST(SecureStorageClientTests, itsStorageLimitTest) - 200 ms
TEST(SecureStorageClientTests, itsStoreNewItem) - 261 ms
TEST(CryptoProtocolPackedcChecks, checkKeyUsage) - 16 ms
TEST(CryptoProtocolPackedcChecks, checkKeyLifetime) - 46 ms
TEST(CryptoProtocolPackedcChecks, checkAlg) - 67 ms
TEST(CryptoProtocolPackedcChecks, checkDhGroup) - 40 ms
TEST(CryptoProtocolPackedcChecks, checkEccCurve) - 0 ms
TEST(CryptoProtocolPackedcChecks, checkKeyType) - 87 ms
TEST(CryptoProtocolProtobufChecks, checkKeyUsage) - 82 ms
TEST(CryptoProtocolProtobufChecks, checkKeyLifetime) - 0 ms
TEST(CryptoProtocolProtobufChecks, checkAlg) - 100 ms
TEST(CryptoProtocolProtobufChecks, checkDhGroup) - 51 ms
TEST(CryptoProtocolProtobufChecks, checkEccCurve) - 31 ms
TEST(CryptoProtocolProtobufChecks, checkKeyType) - 0 ms
TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) - 100 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 11447 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 2657 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 1247 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 1197 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 69981 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 954 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 37124 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 6279 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 13203 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 1146 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 2404 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 1703438 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 250259 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1049365 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1047903 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 88124 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 173495 ms
TEST(CryptoServicePackedcTests, purgeKey) - 86923 ms
TEST(CryptoServicePackedcTests, copyKey) - 195184 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 172863 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 173033 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 4193 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 4376499 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 232146 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1046828 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 88000 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 173672 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 173569 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 175136 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 19381686 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5279943 ms
TEST(CryptoFaultTests, randomNumbersWithBrokenStorage) - 379 ms
TEST(CryptoFaultTests, persistentKeysWithBrokenStorage) - 86573 ms
TEST(CryptoFaultTests, volatileKeyWithBrokenStorage) - 86913 ms
TEST(PocCryptoOpTests, checkOpSequence) - 272394 ms
TEST(CryptoMsgTests, SignHashOutMsgTest) - 378 ms
TEST(CryptoMsgTests, SignHashInMsgTest) - 379 ms
TEST(CryptoMsgTests, ExportPublicKeyOutMsgTest) - 82 ms
TEST(CryptoMsgTests, ExportPublicKeyInMsgTest) - 298 ms
TEST(CryptoMsgTests, GenerateKeyInMsgTest) - 434 ms
TEST(CryptoContextPoolTests, multipleContexts) - 39702 ms
TEST(CryptoContextPoolTests, singleContext) - 43 ms
TEST(CryptoContextPoolTests, checkEmptyPool) - 0 ms
TEST(AttestationProvisioningTests, provisionedIak) - 87233 ms
TEST(AttestationProvisioningTests, selfGeneratedIak) - 259560 ms
TEST(AttestationServiceTests, repeatedOperation) - 19794571 ms
TEST(AttestationServiceTests, invalidChallengeLen) - 174 ms
TEST(AttestationServiceTests, checkTokenSize) - 367889 ms
TEST(AttestationReporterTests, createReport) - 706592 ms
TEST(TcgEventLogTests, interateBootMeasurements) - 189 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 344 ms
TEST(ServiceNameTests, readService) - 366 ms
TEST(ServiceNameTests, checkFields) - 405 ms
TEST(ServiceNameTests, checkInvalidServiceNames) - 33 ms
TEST(ServiceNameTests, checkValidServiceNames) - 112 ms
TEST(ServiceFrameworkTests, serviceProviderChain) - 100 ms
TEST(ServiceFrameworkTests, serviceWithOps) - 84 ms
TEST(ServiceFrameworkTests, serviceWithNoOps) - 125 ms
TEST(RpcStatusProtocolChecks, checkProtobufRpcStatusCodes) - 100 ms
TEST(ConfigRamstoreTests, checkMultipleConfig) - 0 ms
TEST(ConfigRamstoreTests, checkSingleConfig) - 59 ms
TEST(ConfigRamstoreTests, checkEmptyConfig) - 39 ms
TEST(EndianTests, le64) - 53 ms
TEST(EndianTests, le32) - 19 ms
TEST(EndianTests, le16) - 47 ms
TEST(EndianTests, le8) - 87 ms
TEST(TlvTests, encodeWrongOrder) - 49 ms
TEST(TlvTests, encodeInsufficientSpace) - 0 ms
TEST(TlvTests, encodeRecords) - 75 ms
TEST(TlvTests, decodeBadRecords) - 77 ms
TEST(TlvTests, findAndDecodeMissingOptional) - 39 ms
TEST(TlvTests, findAndDecode) - 0 ms
TEST(TlvTests, decodeGoodRecords) - 95 ms
TEST(UuidTests, parseValidUuidToReversed) - 85 ms
TEST(UuidTests, parseError) - 82 ms
TEST(UuidTests, parseUuidInUrn) - 48 ms
TEST(UuidTests, parseValidUuidMixedCase) - 100 ms
TEST(UuidTests, parseValidUuidLowerCase) - 87 ms
TEST(TsDemoTests, runTsDemo) - 2330889 ms
OK (129 tests, 129 ran, 18192 checks, 0 ignored, 0 filtered out, 60117219 ms)
# Run psa-its-api-test
```
./arm-linux/bin/psa-its-api-test
```
Results:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Overload storage space
UID 13 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 13 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 10
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
# Run psa-ps-api-test
```
./arm-linux/bin/psa-ps-api-test
```
Result:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Overload storage space
UID 11 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 11 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
TEST: 411 | DESCRIPTION: Optional APIs: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 414 | DESCRIPTION: Optional APIs not supported check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Optional PS APIs are not supported.
[Check 1] Call to create API should fail as API not supported
Failed at Checkpoint: 1
Actual: 0
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 415 | DESCRIPTION: Create API write_once flag value check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 416 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 417 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 17
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 1
TOTAL SKIPPED : 6
******************************************
Entering standby..
./arm-linux/bin/psa-crypto-api-test
./arm-linux/bin/ts-service-test -v -xg Attestation
# Run ts-service-test:
```
./ts-service-test -v -sg ItsServiceTests
./ts-service-test -v -sg PsServiceTests
./ts-service-test -v -sg CryptoKeyDerivationServicePackedcTests
./ts-service-test -v -sg CryptoMacServicePackedcTests
./ts-service-test -v -sg CryptoCipherServicePackedcTests
./ts-service-test -v -sg CryptoHashServicePackedcTests
./ts-service-test -v -sg CryptoServiceProtobufTests
./ts-service-test -v -sg CryptoServiceLimitTests
./ts-service-test -v -sg DiscoveryServiceTests
./ts-service-test -v -sg CryptoServicePackedcTests
```
Result:
lines=8
TEST(PsServiceTests, createAndSetExtended) - 18029 ms
TEST(PsServiceTests, createAndSet) - 20259 ms
TEST(PsServiceTests, storeNewItem) - 18276 ms
TEST(ItsServiceTests, storeNewItem) - 11099 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 21819 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 23492 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 25032 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 19256 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 101831 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 19739 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 66694 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 23204 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 34243 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 17353 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 29636 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 2859988 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 234077 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1060967 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1072643 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 127551 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 199842 ms
TEST(CryptoServicePackedcTests, purgeKey) - 118558 ms
TEST(CryptoServicePackedcTests, copyKey) - 199131 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 213434 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 188038 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 31397 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 4241805 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 267644 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1073035 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 127099 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 200390 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 213373 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 189439 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 19765597 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5244688 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 12706 ms
OK (41 tests, 36 ran, 318 checks, 0 ignored, 5 filtered out, 38104375 ms)
Currently the attestation test fails due the lack of the attestation SP
support.
= OP-TEE SPMC implementation
== Introduction
==== OP-TEE SPMC implementation
This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations.
==== FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest).
==== OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os).
==== Trusted Services
The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/).
== Current Status
Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
For the OP-TEE release specific testing and results please see the following page:
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-4-0/ | OP-TEE 4.0.0 release ]]
== Important Changes of v4.0.0 release ==
- Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method.
- The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing.
- Bug fixes:
- The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result.
- The SPMC was clearing MBZ registers when making FFA_ERROR calls. This could result in incorrect operation.
- In some scenarios the destination of FFA_ERROR calls were set incorrectly.
- Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd.
==== SPMC status
For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html
==== Trusted Services status
All Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0
Trusted Services SP support status:
| Name | Status |
|--------------------------|-----------|
| internal-trusted-storage | Supported |
| protected-storage | Supported |
| crypto | Supported |
| attestation | Supported |
| firmware-update | Supported |
| block-storage | Supported |
| smm-gateway | Supported |
== Build
The build process follows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution). Additional information is needed for some steps:
- [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these.
- [Step 2](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-2-install-android-repo): -
- [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version.
`repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0`
- [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-toolchains): -
- [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): -
- [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, these steps are not necessary.
== Boot
The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).
Boot the system on the FVP:
make -C build run-only
Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries:
/mnt/host/out/linux-arm-ffa-tee/load_module.sh
/mnt/host/out/linux-arm-ffa-user/load_module.sh
cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib
To run the SPMC tests built into xtest (OP-TEE test suite):
xtest -t ffa_spmc
OP-TEE SPMC implementation
==========================
Introduction
------------
###= OP-TEE SPMC implementation
This document describes the OP-TEE SPMC implementation. This
implementation is used to support the Trusted Services PSA SPs. The PSA
SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be
used as a reference S-EL1 implementation and the Trusted Service can be
used a reference S-EL0 SP implementations.== Introduction
### FF-A==== OP-TEE SPMC implementation
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed
to standardize the communication between the various software images.
Including the communication between the various software images in the
Secure world and Normal worldThis document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. The current release of the OP-TEE SPMC is
based around the [FF-A v1.0
spec](https://developer.arm.com/documentation/den0077/latest.)is implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations.
### OP-TEE==== FF-A
OP-TEE is an open source Trusted Execution Environment (TEE)
implementing the Arm TrustZone technology. More information can be found
at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-El1 SPMC. The current mainlineArm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os)The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest).
### Trusted Services==== OP-TEE
The Trusted Services project provides a framework for developing andOP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
[Trusted-Services](https://trusted-services.readthedocs.io/en/latest/)This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os).
Current Status
--------------==== Trusted Services
Currently the mainline OP-TEE SPMC is not yet fully compliant with theThe Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
FF-A V1.0 spec. It also doesn't support all of the TMore information about Trusted Services can be found at [Trusted-Services](https://trusted S-services
SPs.
### SPMC status.readthedocs.io/en/latest/).
OP-TEE mainline SPMC FF-A s== Current Status:
| Description | Status|
| --- | ----------- |
|SP loading | Supported |Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
|SP messaging | Supported |
|Manifest file | Not Supported |
|Memory management | Supported |
|Interrupts | Not supported |
OP-TEE mainline SPMC FF-A messages statusFor the OP-TEE release specific testing and results please see the following page:
------------------------------ -------------------------
|------------------------------|-----------|
| FFA_ERROR | Supported|
| FFA_SUCCESS | Supported|
| FFA_INTERRUPT | Not supported|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]]
| FFA_VERSION | Supported|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]]
| FFA_FEATURES | Supported|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]]
| FFA_RX_RELEASE | Supported|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
| FFA_RXTX_MAP | Supported|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
| FFA_RXTX_UNMAP | Supported|
| FFA_PARTITION_INFO_GET | Supported|
| FFA_ID_GET | Supported|
| FFA_MSG_WAIT | Supported|
| FFA_YIELD | Not supported|
| FFA_RUN | Not supported|
| FFA_NORMAL_WORLD_RESUME | Not supported|
| FFA_MSG_SEND | Not supported|
| FFA_MSG_SEND_DIRECT_REQ | Supported|
| FFA_MSG_SEND_DIRECT_RESP | Supported|
| FFA_MSG_POLL | Not supported|
| FFA_MEM_DONATE | Not supported|
| FFA_MEM_LEND | Not supported|
| FFA_MEM_SHARE | Partially supported[^1]|
| FFA_MEM_RETRIEVE_REQ | Supported|
| FFA_MEM_RETRIEVE_RESP | Supported|
| FFA_MEM_RELINQUISH | Supported|
| FFA_MEM_RECLAIM | Supported|
[^1]: Device memory is not yet supported.- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-4-0/ | OP-TEE 4.0.0 release ]]
### Trusted Service status
Currently not all Trusted Service functionality is supported when using
the OP-TEE SPMC. We are planning to support all functionality over time.== Important Changes of v4.0.0 release ==
Currently the OP-TEE SPMC supports the following PSA Trusted Services- Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method.
- The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing.
- Bug fixes:
SPs:
--------------------------- --------------------------------------------------------------------
|----------------------------|--------|
|internal-trusted-storage: |Supported|
|protected-storage: |Supported| The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result.
|crypto: |Supported with mock backend - The SPMC was clearing MBZ registers when making FFA_ERROR calls. A hardware trngs is not yet supported|This could result in incorrect operation.
|attest - In some scenarios the destination: |Not yet supported| of FFA_ERROR calls were set incorrectly.
|smm-gateway: |Not yet supported| - Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd.
==== SPMC status
Build
-----For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html
==== Trusted Services status
The build process is based around the [OP-TEE build
process](https://optee.readthedocs.io/en/latest/building/gits/build.html)
with some extra steps.All Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0
### Requirements:Trusted Services SP support status:
- The Trusted Services project has some extra| Name | Status |
[requirements](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html)|--------------------------|-----------|
from OP-TEE. It mainly depends on cmake.| internal-trusted-storage | Supported |
- The current system uses the Arm FVP to run the test environment. The| protected-storage | Supported |
latest version can be found at| crypto | Supported |
[developer.arm.com](https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.16_16.tgz)| attestation | Supported |
The default path for FVP in the build scripts is set to| firmware-update | Supported |
/opt/fvp/latest| block-storage | Supported |
| smm-gateway | Supported |
###== Build steps
Get the manifest fileThe build process follows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution). Additional information is needed for some steps:
rm -rf optee
mkdir optee
cd optee
repo init -u https://review.trustedfirmware.org/OP-TEE/manifest -m psa-sp-fvp.xml -b topics/spmc_mainline
repo sync -j4 --no-clone-bundle- [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these.
B- [Step 2](https://optee.readthedocs.io/en/latest/build the OP-TEE image:ing/gits/build.html#step-2-install-android-repo): -
The OP-TEE build will default be configure to use mainline OP-TEE SPMC- [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version.
To be able to build OP-TEE mainline version, it might be needed to
change the SPMC_VERSION to SPMC_VERSION=github in build/fvp_ffa.mk.
Build OP-TEE:`repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0`
cd build
make toolchains
make
cd ..- [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-toolchains): -
Build TS apps:
make -C trusted-services/tools/b-test r-component-test-arm-linux \
r-psa-api-test-crypto-arm-linux \
r-psa-api-test-internal_trusted_storage-arm-linux \
r-psa-api-test-protected_storage-arm-linux \
r-ts-demo-arm-linux \
r-ts-service-test-arm-linux- [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): -
Copy the TS apps to the shared directory:- [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, these steps are not necessary.
cp -r trusted-services/tools/b-test/install/arm-linux shared== Boot
More info about building TS-apps can be found at the [Trusted Services
build
instructions](https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html)The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).
Run fvp:Boot the system on the FVP:
make -C build run-only
2Two console windows should appear, 1one for the Secure World and 1 for the Normal World.
Login as root.
Set up the [fvp
environment](https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests)one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries:
cd /mnt//mnt/host/out/linux-arm-ffa-tee/load_module.sh
sh /mnt/host/out/linux-arm-ffa-user/load_module.sh
cp cp -at /usr /mnt/host/out/ts-install/arm-linux/lib/libts.so.1 /usr/lib/bin /mnt/host/out/ts-install/arm-linux/lib
RTo run the PSA ServiceTests:SPMC tests built into xtest (OP-TEE test suite):
cd /mnt/arm-linux/bin
# Prepare tests
cd /mnt
./load_module.sh
cp arm-linux/lib/libts.so* /lib
# Run the TS demo
```
./arm-linux/bin/ts-demo
```
Result:
lines=8
Demonstrates use of trusted services from an application
---------------------------------------------------------
A client requests a set of crypto operations performed by
the Crypto service. Key storage for persistent keys is
provided by the Secure Storage service via the ITS client.
Generating random bytes length: 1
Operation successful
Random bytes:
2B
Generating random bytes length: 7
Operation successful
Random bytes:
68 CF 0C 5D 87 C7 11
Generating random bytes length: 128
Operation successful
Random bytes:
BF C6 85 27 81 02 5F 83
60 97 E9 2C A6 30 8E F7
C6 81 44 CB 26 32 8D F5
62 BA 0F DE B8 2C 69 E2
DD C0 FF A0 04 E2 D0 C0
DC EA 11 CE DD 7E 33 87
62 07 89 02 00 68 FC 24
AD D2 E4 86 40 3F 6E 65
83 46 33 9A F8 84 14 3B
72 11 8D 63 59 6F 69 96
70 D2 83 8D 60 6D 9F A2
B3 54 F6 3E 5E B3 FE 07
C9 51 F1 6A F5 B0 0E AA
08 B3 AE F5 06 73 6C 8B
95 73 B2 FF 72 C6 CF 84
12 7A 7A 1F 07 F2 58 71
Generating ECC signing key
Operation successful
Signing message: "The quick brown fox" using key: 256
Operation successful
Signature bytes:
F9 F7 0E D0 4A B2 77 DF
67 40 F5 36 4D 92 38 A3
13 5B 04 A0 6C BD 84 40
03 E2 43 EE BF 6F C6 C4
5B 5D A4 21 D9 EB 17 86
B9 71 0D C9 84 0C FE 55
71 8E 5C F7 D4 7D EB 04
9B 5A 11 D7 46 96 BD A6
Verify signature using original message: "The quick brown fox"
Operation successful
Verify signature using modified message: "!he quick brown fox"
Successfully detected modified message
Signing message: "jumps over the lazy dog" using key: 256
Operation successful
Signature bytes:
45 40 14 E3 39 0C 3B 8A
5F 05 C8 0C E0 B6 A6 D2
8B 5E E3 76 49 DD F1 9E
50 A0 77 6F 1B FA FF C8
38 66 6A 2D 40 B1 79 9C
43 BE 59 F4 48 45 A2 0E
D0 17 3F 1F D3 D7 C0 84
65 AC 9B 8A FB 6E B6 B6
Verify signature using original message: "jumps over the lazy dog"
Operation successful
Verify signature using modified message: "!umps over the lazy dog"
Successfully detected modified message
Generating RSA encryption key
Operation successful
Encrypting message: "Top secret" using RSA key: 257
Operation successful
Encrypted message:
42 B6 53 D8 A3 03 BB 64
66 C0 31 A5 42 2C F8 F3
B8 E3 9C 58 42 7C 2C E0
19 43 F6 02 EB 60 6A DC
Decrypting message using RSA key: 257
Operation successful
Decrypted message: "Top secret"
Exporting public key: 256
Operation successful
Public key bytes:
04 D0 9A AF 76 18 9B 3B
08 38 65 BA 5F 81 B0 85
6A 39 42 19 5F 0D 17 86
CD 7E 2A E6 A4 CC A2 E4
B3 78 89 76 F6 CA 02 12
CB 07 2B AB CF 03 59 B3
34 8D 5D 0F 31 53 E0 68
9D 25 E2 AF 2E 0C 2C BE
51
Destroying signing key: 256
Operation successful
Destroying encryption key: 257
Operation successful
# Run components test
```
./arm-linux/bin/component-test -v
```
Results:
lines=8
TEST(UefiVariableStoreTests, noRemoveCheck) - 2915 ms
TEST(UefiVariableStoreTests, readOnlycheck) - 492 ms
TEST(UefiVariableStoreTests, unsupportedAttribute) - 215 ms
TEST(UefiVariableStoreTests, failedNvSet) - 1076 ms
TEST(UefiVariableStoreTests, enumerateStoreContents) - 695 ms
TEST(UefiVariableStoreTests, runtimeAccess) - 542 ms
TEST(UefiVariableStoreTests, bootServiceAccess) - 634 ms
TEST(UefiVariableStoreTests, removePersistent) - 609 ms
TEST(UefiVariableStoreTests, removeVolatile) - 668 ms
TEST(UefiVariableStoreTests, persistentSetGet) - 807 ms
TEST(UefiVariableStoreTests, setGetRoundtrip) - 509 ms
TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - 303 ms
TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - 610 ms
TEST(UefiVariableIndexTests, checkIterator) - 592 ms
TEST(UefiVariableIndexTests, removeVariable) - 321 ms
TEST(UefiVariableIndexTests, dumpBufferTooSmall) - 269 ms
TEST(UefiVariableIndexTests, dumpLoadRoadtrip) - 270 ms
TEST(UefiVariableIndexTests, enumerateStore) - 284 ms
TEST(UefiVariableIndexTests, variableIndexFull) - 347 ms
TEST(UefiVariableIndexTests, addWithOversizedName) - 504 ms
TEST(UefiVariableIndexTests, emptyIndexOperations) - 335 ms
TEST(SfsTests, psCreateAndSetExtended) - 1429 ms
TEST(SfsTests, psCreateAndSet) - 359 ms
TEST(SfsTests, itsStorageLimitTest) - 327 ms
TEST(SfsTests, itsStoreNewItem) - 231 ms
TEST(MockStoreTests, psCreateAndSetExtended) - 223 ms
TEST(MockStoreTests, psCreateAndSet) - 200 ms
TEST(MockStoreTests, itsStorageLimitTest) - 164 ms
TEST(MockStoreTests, itsStoreNewItem) - 211 ms
TEST(SecureStorageProxyTests, psCreateAndSetExtended) - 961 ms
TEST(SecureStorageProxyTests, psCreateAndSet) - 299 ms
TEST(SecureStorageProxyTests, itsStorageLimitTest) - 178 ms
TEST(SecureStorageProxyTests, itsStoreNewItem) - 260 ms
TEST(SecureStorageClientTests, psCreateAndSetExtended) - 314 ms
TEST(SecureStorageClientTests, psCreateAndSet) - 240 ms
TEST(SecureStorageClientTests, itsStorageLimitTest) - 200 ms
TEST(SecureStorageClientTests, itsStoreNewItem) - 261 ms
TEST(CryptoProtocolPackedcChecks, checkKeyUsage) - 16 ms
TEST(CryptoProtocolPackedcChecks, checkKeyLifetime) - 46 ms
TEST(CryptoProtocolPackedcChecks, checkAlg) - 67 msxtest -t ffa_spmc
TEST(CryptoProtocolPackedcChecks, checkDhGroup) - 40 ms
TEST(CryptoProtocolPackedcChecks, checkEccCurve) - 0 ms
TEST(CryptoProtocolPackedcChecks, checkKeyType) - 87 ms
TEST(CryptoProtocolProtobufChecks, checkKeyUsage) - 82 ms
TEST(CryptoProtocolProtobufChecks, checkKeyLifetime) - 0 ms
TEST(CryptoProtocolProtobufChecks, checkAlg) - 100 ms
TEST(CryptoProtocolProtobufChecks, checkDhGroup) - 51 ms
TEST(CryptoProtocolProtobufChecks, checkEccCurve) - 31 ms
TEST(CryptoProtocolProtobufChecks, checkKeyType) - 0 ms
TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) - 100 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 11447 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 2657 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 1247 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 1197 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 69981 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 954 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 37124 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 6279 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 13203 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 1146 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 2404 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 1703438 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 250259 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1049365 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1047903 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 88124 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 173495 ms
TEST(CryptoServicePackedcTests, purgeKey) - 86923 ms
TEST(CryptoServicePackedcTests, copyKey) - 195184 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 172863 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 173033 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 4193 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 4376499 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 232146 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1046828 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 88000 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 173672 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 173569 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 175136 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 19381686 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5279943 ms
TEST(CryptoFaultTests, randomNumbersWithBrokenStorage) - 379 ms
TEST(CryptoFaultTests, persistentKeysWithBrokenStorage) - 86573 ms
TEST(CryptoFaultTests, volatileKeyWithBrokenStorage) - 86913 ms
TEST(PocCryptoOpTests, checkOpSequence) - 272394 ms
TEST(CryptoMsgTests, SignHashOutMsgTest) - 378 ms
TEST(CryptoMsgTests, SignHashInMsgTest) - 379 ms
TEST(CryptoMsgTests, ExportPublicKeyOutMsgTest) - 82 ms
TEST(CryptoMsgTests, ExportPublicKeyInMsgTest) - 298 ms
TEST(CryptoMsgTests, GenerateKeyInMsgTest) - 434 ms
TEST(CryptoContextPoolTests, multipleContexts) - 39702 ms
TEST(CryptoContextPoolTests, singleContext) - 43 ms
TEST(CryptoContextPoolTests, checkEmptyPool) - 0 ms
TEST(AttestationProvisioningTests, provisionedIak) - 87233 ms
TEST(AttestationProvisioningTests, selfGeneratedIak) - 259560 ms
TEST(AttestationServiceTests, repeatedOperation) - 19794571 ms
TEST(AttestationServiceTests, invalidChallengeLen) - 174 ms
TEST(AttestationServiceTests, checkTokenSize) - 367889 ms
TEST(AttestationReporterTests, createReport) - 706592 ms
TEST(TcgEventLogTests, interateBootMeasurements) - 189 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 344 ms
TEST(ServiceNameTests, readService) - 366 ms
TEST(ServiceNameTests, checkFields) - 405 ms
TEST(ServiceNameTests, checkInvalidServiceNames) - 33 ms
TEST(ServiceNameTests, checkValidServiceNames) - 112 ms
TEST(ServiceFrameworkTests, serviceProviderChain) - 100 ms
TEST(ServiceFrameworkTests, serviceWithOps) - 84 ms
TEST(ServiceFrameworkTests, serviceWithNoOps) - 125 ms
TEST(RpcStatusProtocolChecks, checkProtobufRpcStatusCodes) - 100 ms
TEST(ConfigRamstoreTests, checkMultipleConfig) - 0 ms
TEST(ConfigRamstoreTests, checkSingleConfig) - 59 ms
TEST(ConfigRamstoreTests, checkEmptyConfig) - 39 ms
TEST(EndianTests, le64) - 53 ms
TEST(EndianTests, le32) - 19 ms
TEST(EndianTests, le16) - 47 ms
TEST(EndianTests, le8) - 87 ms
TEST(TlvTests, encodeWrongOrder) - 49 ms
TEST(TlvTests, encodeInsufficientSpace) - 0 ms
TEST(TlvTests, encodeRecords) - 75 ms
TEST(TlvTests, decodeBadRecords) - 77 ms
TEST(TlvTests, findAndDecodeMissingOptional) - 39 ms
TEST(TlvTests, findAndDecode) - 0 ms
TEST(TlvTests, decodeGoodRecords) - 95 ms
TEST(UuidTests, parseValidUuidToReversed) - 85 ms
TEST(UuidTests, parseError) - 82 ms
TEST(UuidTests, parseUuidInUrn) - 48 ms
TEST(UuidTests, parseValidUuidMixedCase) - 100 ms
TEST(UuidTests, parseValidUuidLowerCase) - 87 ms
TEST(TsDemoTests, runTsDemo) - 2330889 ms
OK (129 tests, 129 ran, 18192 checks, 0 ignored, 0 filtered out, 60117219 ms)
# Run psa-its-api-test
```
./arm-linux/bin/psa-its-api-test
```
Results:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Overload storage space
UID 13 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 13 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 10
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
# Run psa-ps-api-test
```
./arm-linux/bin/psa-ps-api-test
```
Result:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Overload storage space
UID 11 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 11 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
TEST: 411 | DESCRIPTION: Optional APIs: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 414 | DESCRIPTION: Optional APIs not supported check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Optional PS APIs are not supported.
[Check 1] Call to create API should fail as API not supported
Failed at Checkpoint: 1
Actual: 0
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 415 | DESCRIPTION: Create API write_once flag value check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 416 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 417 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 17
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 1
TOTAL SKIPPED : 6
******************************************
Entering standby..
./arm-linux/bin/psa-crypto-api-test
./arm-linux/bin/ts-service-test -v -xg Attestation
# Run ts-service-test:
```
./ts-service-test -v -sg ItsServiceTests
./ts-service-test -v -sg PsServiceTests
./ts-service-test -v -sg CryptoKeyDerivationServicePackedcTests
./ts-service-test -v -sg CryptoMacServicePackedcTests
./ts-service-test -v -sg CryptoCipherServicePackedcTests
./ts-service-test -v -sg CryptoHashServicePackedcTests
./ts-service-test -v -sg CryptoServiceProtobufTests
./ts-service-test -v -sg CryptoServiceLimitTests
./ts-service-test -v -sg DiscoveryServiceTests
./ts-service-test -v -sg CryptoServicePackedcTests
```
Result:
lines=8
TEST(PsServiceTests, createAndSetExtended) - 18029 ms
TEST(PsServiceTests, createAndSet) - 20259 ms
TEST(PsServiceTests, storeNewItem) - 18276 ms
TEST(ItsServiceTests, storeNewItem) - 11099 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 21819 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 23492 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 25032 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 19256 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 101831 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 19739 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 66694 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 23204 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 34243 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 17353 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 29636 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 2859988 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 234077 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1060967 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1072643 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 127551 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 199842 ms
TEST(CryptoServicePackedcTests, purgeKey) - 118558 ms
TEST(CryptoServicePackedcTests, copyKey) - 199131 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 213434 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 188038 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 31397 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 4241805 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 267644 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1073035 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 127099 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 200390 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 213373 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 189439 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 19765597 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5244688 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 12706 ms
OK (41 tests, 36 ran, 318 checks, 0 ignored, 5 filtered out, 38104375 ms)
Currently the attestation test fails due the lack of the attestation SP
support.