Version 44 vs 65
Version 44 vs 65
Edits
Edits
- Edit by gyuri-szing, Version 65
- Oct 18 2023 12:55 PM
- Edit by balintdobszay, Version 44
- Jul 4 2022 1:43 PM
Edit Older Version 44... | Edit Current Version 65... |
Content Changes
Content Changes
= OP-TEE SPMC implementation
== Introduction
==== OP-TEE SPMC implementation
This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Service can be used a reference S-EL0 SP implementations.
==== FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest).
==== OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE) implementing the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os).
==== Trusted Services
The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/).
== Current Status
Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available in OP-TEE v3.18.
Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
==== SPMC status
OP-TEE SPMC FF-A status:
| Description | Status |
|-------------------|---------------|
| SP loading | Supported |
| SP messaging | Supported |
| SP manifest files | Supported |
| Memory management | Supported |
| Interrupts | Not supported |
OP-TEE SPMC FF-A messages status:
| Name | Status |
|--------------------------|--------------------------|
| FFA_ERROR | Supported |
| FFA_SUCCESS | Supported |
| FFA_INTERRUPT | Not supported |
| FFA_VERSION | Supported |
| FFA_FEATURES | Supported |
| FFA_RX_RELEASE | Supported |
| FFA_RXTX_MAP | Supported |
| FFA_RXTX_UNMAP | Supported |
| FFA_PARTITION_INFO_GET | Supported |
| FFA_ID_GET | Supported |
| FFA_MSG_WAIT | Supported |
| FFA_YIELD | Not supported |
| FFA_RUN | Not supported |
| FFA_NORMAL_WORLD_RESUME | Not supported |
| FFA_MSG_SEND | Not supported |
| FFA_MSG_SEND_DIRECT_REQ | Supported |
| FFA_MSG_SEND_DIRECT_RESP | Supported |
| FFA_MSG_POLL | Not supported |
| FFA_MEM_DONATE | Not supported |
| FFA_MEM_LEND | Not supported |
| FFA_MEM_SHARE | Partially supported [^1] |
| FFA_MEM_RETRIEVE_REQ | Supported |
| FFA_MEM_RETRIEVE_RESP | Supported |
| FFA_MEM_RELINQUISH | Supported |
| FFA_MEM_RECLAIM | Supported |
[^1]: Sharing device memory is not yet supported.
==== Trusted Services status
All Trusted Services Secure Partitions are supported with OP-TEE SPMC v3.18.
Trusted Services SP support status:
| Name | Status |
|--------------------------|-----------|
| internal-trusted-storage | Supported |
| protected-storage | Supported |
| crypto | Supported |
| attestation | Supported |
| smm-gateway | Supported |
== Build
The build process is based on the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html) with some extra steps.
==== Requirements
- The Trusted Services project has some extra [requirements](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html) from OP-TEE. It mainly depends on CMake v3.18.
- The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [developer.arm.com](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).
==== Build steps
Obtain sources using the `repo` tool:
mkdir optee-ts-workspace
cd optee-ts-workspace
repo init -u https://git.trustedfirmware.org/OP-TEE/manifest.git -m fvp-ts.xml
repo sync -j4 --no-clone-bundle
Download toolchains, build OP-TEE and all other components:
cd build
make toolchains
make
cd ..
More info about building Trusted Services apps can be found at the [Trusted Services build instructions](https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html).
Boot the system on the FVP:
make -C build run-only
Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root.
== Test
==== Setup
Set up the [FVP environment](https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests):
/mnt/host/out/linux-arm-ffa-tee/load_module.sh
/mnt/host/out/linux-arm-ffa-user/load_module.sh
cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib
==== Running tests
======Run ts-service-test
ts-service-test -v
Output:
lines=8
TEST(PsServiceTests, createAndSetExtended) - 17853 ms
TEST(PsServiceTests, createAndSet) - 20396 ms
TEST(PsServiceTests, storeNewItem) - 18289 ms
TEST(ItsServiceTests, storeNewItem) - 11008 ms
TEST(AttestationProvisioningTests, provisionedIak) - 98333 ms
TEST(AttestationProvisioningTests, selfGeneratedIak) - 184226 ms
TEST(AttestationServiceTests, repeatedOperation) - 22908192 ms
TEST(AttestationServiceTests, invalidChallengeLen) - 10365 ms
TEST(AttestationServiceTests, checkTokenSize) - 233939 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 21824 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 23731 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 25119 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 19607 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 102272 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 19815 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 67018 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 23439 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 34506 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 17466 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 30063 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 2014249 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 438315 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1066351 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1073917 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 127557 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 199140 ms
TEST(CryptoServicePackedcTests, purgeKey) - 119132 ms
TEST(CryptoServicePackedcTests, copyKey) - 225074 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 213158 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 189627 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 31655 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 3092427 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 279857 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1074455 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 128549 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 201531 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 214115 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 189163 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 20743593 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5251590 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 12895 ms
OK (41 tests, 41 ran, 747 checks, 0 ignored, 0 filtered out, 60788071 ms)
======Run uefi-test
uefi-test -v
Output:
lines=8
TEST(SmmVariableAttackTests, getCheckPropertyWithMaxSizeName) - 2575 ms
======Run psa-its-api-test
/mnt/arm-linux/bin/psa-its-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Overload storage space
UID 13 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 13 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 10
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
======Run psa-ps-api-test
/mnt/arm-linux/bin/psa-ps-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Overload storage space
UID 11 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 11 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
TEST: 411 | DESCRIPTION: Optional APIs: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 414 | DESCRIPTION: Optional APIs not supported check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Optional PS APIs are not supported.
[Check 1] Call to create API should fail as API not supported
Failed at Checkpoint: 1
Actual: 0
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 415 | DESCRIPTION: Create API write_once flag value check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 416 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 417 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 17
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 1
TOTAL SKIPPED : 6
******************************************
Entering standby..
======Run psa-crypto-api-test:
/mnt/arm-linux/bin/psa-crypto-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Crypto Suite
******************************************
TEST: 201 | DESCRIPTION: Testing crypto key management APIs | UT: psa_crypto_init
[Info] Executing tests from non-secure
[Check 1] Test calling crypto functions before psa_crypto_init
[Check 2] Test psa_crypto_init
[Check 3] Test multiple psa_crypto_init
TEST RESULT: PASSED
******************************************
TEST: 202 | DESCRIPTION: Testing crypto key management APIs | UT: psa_import_key
[Info] Executing tests from non-secure
[Check 1] Test psa_import_key 16 bytes AES
[Check 2] Test psa_import_key 24 bytes AES
[Check 3] Test psa_import_key 32 bytes AES
[Check 4] Test psa_import_key 2048 RSA public key
[Check 5] Test psa_import_key with RSA 2048 keypair
[Check 6] Test psa_import_key with DES 8 bytes key
[Check 7] Test psa_import_key with Triple DES 2-Key
[Check 8] Test psa_import_key with Triple DES 3-Key
[Check 9] Test psa_import_key with EC Public key
[Check 10] Test psa_import_key with EC keypair
[Check 11] Test psa_import_key 16 bytes AES with invalid bits
[Check 12] Test psa_import_key with key data greater than the algorithm size
[Check 13] Test psa_import_key with incorrect key data size
[Check 14] Test psa_import_key with invalid key type value
TEST RESULT: PASSED
******************************************
TEST: 203 | DESCRIPTION: Testing crypto key management APIs | UT: psa_export_key
[Info] Executing tests from non-secure
[Check 1] Test psa_export_key 16 Byte AES
[Check 2] Test psa_export_key 24 Byte AES
[Check 3] Test psa_export_key 32 Byte AES
[Check 4] Test psa_export_key 2048 RSA public key
[Check 5] Test psa_export_key with RSA 2048 keypair
[Check 6] Test psa_export_key with DES 64 bit key
[Check 7] Test psa_export_key with Triple DES 2-Key
[Check 8] Test psa_export_key with Triple DES 3-Key
[Check 9] Test psa_export_key with EC Public key
[Check 10] Test psa_export_key with EC keypair
[Check 11] Test psa_export_key with key policy verify
[Check 12] Test psa_export_key with less buffer size
TEST RESULT: PASSED
******************************************
TEST: 204 | DESCRIPTION: Testing crypto key management APIs | UT: psa_export_public_key
[Info] Executing tests from non-secure
[Check 1] Test psa_export_public_key 16 Byte AES
[Check 2] Test psa_export_public_key 24 Byte AES
[Check 3] Test psa_export_public_key 32 Byte AES
[Check 4] Test psa_export_public_key 2048 RSA public key
[Check 5] Test psa_export_public_key with RSA 2048 keypair
[Check 6] Test psa_export_public_key with DES 64 bit key
[Check 7] Test psa_export_public_key with Triple DES 2-Key
[Check 8] Test psa_export_public_key with Triple DES 3-Key
[Check 9] Test psa_export_public_key with EC Public key
[Check 10] Test psa_export_public_key with EC keypair
[Check 11] Test psa_export_public_key with less buffer size
TEST RESULT: PASSED
******************************************
TEST: 205 | DESCRIPTION: Testing crypto key management APIs | UT: psa_destroy_key
[Info] Executing tests from non-secure
[Check 1] Test psa_destroy_key 16 Byte AES
[Check 2] Test psa_destroy_key 24 Byte AES
[Check 3] Test psa_destroy_key 32 Byte AES
[Check 4] Test psa_destroy_key 2048 RSA public key
[Check 5] Test psa_destroy_key with RSA 2048 keypair
[Check 6] Test psa_destroy_key with DES 64 bit key
[Check 7] Test psa_destroy_key with Triple DES 2-Key
[Check 8] Test psa_destroy_key with Triple DES 3-Key
[Check 9] Test psa_destroy_key with EC Public key
[Check 10] Test psa_destroy_key with EC keypair
TEST RESULT: PASSED
******************************************
TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_compute
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compute with MD5 algorithm
[Check 2] Test psa_hash_compute with RIPEMD160 algorithm
[Check 3] Test psa_hash_compute with SHA1 algorithm
[Check 4] Test psa_hash_compute with SHA224 algorithm
[Check 5] Test psa_hash_compute with SHA256 algorithm
[Check 6] Test psa_hash_compute with SHA384 algorithm
[Check 7] Test psa_hash_compute with SHA512 algorithm
[Check 8] Test psa_hash_compute with small buffer size
[Check 9] Test psa_hash_compute with invalid algorithm
TEST RESULT: PASSED
******************************************
TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_compare
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compare with MD5 algorithm
[Check 2] Test psa_hash_compare with RIPEMD160 algorithm
[Check 3] Test psa_hash_compare with SHA1 algorithm
[Check 4] Test psa_hash_compare with SHA224 algorithm
[Check 5] Test psa_hash_compare with SHA256 algorithm
[Check 6] Test psa_hash_compare with SHA384 algorithm
[Check 7] Test psa_hash_compare with SHA512 algorithm
[Check 8] Test psa_hash_compare with incorrect hash
[Check 9] Test psa_hash_compare with incorrect hash length
[Check 10] Test psa_hash_compare with invalid algorithm
TEST RESULT: PASSED
******************************************
TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256
[Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF
[Check 3] Test psa_key_derivation_setup - bad key derivation algorithm
[Check 4] Test psa_key_derivation_setup - Invalid Algorithm
TEST RESULT: PASSED
******************************************
TEST: 209 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_input_bytes
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_input_bytes - Step as Info
[Check 2] Test psa_key_derivation_input_bytes - Step as secret
[Check 3] Test psa_key_derivation_input_bytes - Step as salt
[Check 4] Test psa_key_derivation_input_bytes - Step as label
[Check 5] Test psa_key_derivation_input_bytes - Step as seed
[Check 6] Test psa_key_derivation_input_bytes - Invalid step
TEST RESULT: PASSED
******************************************
TEST: 210 | DESCRIPTION: Testing crypto key attributes APIs | UT: psa_key_attributes_set_get
[Info] Executing tests from non-secure
[Check 1] Test psa_key_attributes_set_get key attributes
TEST RESULT: PASSED
******************************************
TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_setup with MD5 algorithm
Failed at Checkpoint: 4
Actual: 0
Expected: -137
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 212 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_update
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_update with MD5 algorithm
[Check 2] Test psa_hash_update with RIPEMD160 algorithm
[Check 3] Test psa_hash_update with SHA1 algorithm
[Check 4] Test psa_hash_update with SHA224 algorithm
[Check 5] Test psa_hash_update with SHA256 algorithm
[Check 6] Test psa_hash_update with SHA384 algorithm
[Check 7] Test psa_hash_update with SHA512 algorithm
[Check 8] Test psa_hash_update without hash setup
[Check 9] Test psa_hash_update with completed opertaion handle
TEST RESULT: PASSED
******************************************
TEST: 213 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_verify with MD5 algorithm
[Check 2] Test psa_hash_verify with RIPEMD160 algorithm
[Check 3] Test psa_hash_verify with SHA1 algorithm
[Check 4] Test psa_hash_verify with SHA224 algorithm
[Check 5] Test psa_hash_verify with SHA256 algorithm
[Check 6] Test psa_hash_verify with SHA384 algorithm
[Check 7] Test psa_hash_verify with SHA512 algorithm
[Check 8] Test psa_hash_verify with incorrect expected hash
[Check 9] Test psa_hash_verify with incorrect hash length
[Check 10] test psa_hash_verify with inactive & invalid operation handle
TEST RESULT: PASSED
******************************************
TEST: 214 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_finish with MD5 algorithm
[Check 2] Test psa_hash_finish with RIPEMD160 algorithm
[Check 3] Test psa_hash_finish with SHA1 algorithm
[Check 4] Test psa_hash_finish with SHA224 algorithm
[Check 5] Test psa_hash_finish with SHA256 algorithm
[Check 6] Test psa_hash_finish with SHA384 algorithm
[Check 7] Test psa_hash_finish with SHA512 algorithm
[Check 8] Test psa_hash_finish with invalid hash buffer size
[Check 9] test psa_hash_finish with inactive operation handle
TEST RESULT: PASSED
******************************************
TEST: 215 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_abort with MD5 algorithm
[Check 2] Test psa_hash_abort with RIPEMD160 algorithm
[Check 3] Test psa_hash_abort with SHA1 algorithm
[Check 4] Test psa_hash_abort with SHA224 algorithm
[Check 5] Test psa_hash_abort with SHA256 algorithm
[Check 6] Test psa_hash_abort with SHA384 algorithm
[Check 7] Test psa_hash_abort with SHA512 algorithm
[Check 8] Test psa_hash_finish after calling psa_hash_abort
TEST RESULT: PASSED
******************************************
TEST: 216 | DESCRIPTION: Testing crypto generator functions APIs | UT: psa_generate_key
[Info] Executing tests from non-secure
[Check 1] Test psa_generate_key 16 Byte AES
[Check 2] Test psa_generate_key 24 Byte AES
[Check 3] Test psa_generate_key 32 Byte AES
[Check 4] Test psa_generate_key with DES 64 bit key
[Check 5] Test psa_generate_key with Triple DES 2-Key
[Check 6] Test psa_generate_key with Triple DES 3-Key
[Check 7] Test psa_generate_key with RSA 2048 Keypair
[Check 8] Test psa_generate_key with ECC KeyPair
[Check 9] Test psa_generate_key with RSA 2048 Public key
Failed at Checkpoint: 3
Actual: -134
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 217 | DESCRIPTION: Testing crypto generation APIs | UT: psa_generate_random
[Info] Executing tests from non-secure
[Check 1] Test psa_generate_random to get 0 Byte data
[Check 2] Test psa_generate_random to get 16 Byte data
[Check 3] Test psa_generate_random to get 24 Byte data
[Check 4] Test psa_generate_random to get 32 Byte data
[Check 5] Test psa_generate_random to get 64 Byte data
[Check 6] Test psa_generate_random to get 128 Byte data
[Check 7] Test psa_generate_random to get 256 Byte data
[Check 8] Test psa_generate_random to get 512 Byte data
[Check 9] Test psa_generate_random to get 1000 Byte data
TEST RESULT: PASSED
******************************************
TEST: 218 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_input_key
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_input_key 16 Byte Key
[Check 2] Test psa_key_derivation_input_key with invalid usage
[Check 3] Test psa_key_derivation_input_key with step as label
[Check 4] Test psa_key_derivation_input_key with step as info
[Check 5] Test psa_key_derivation_input_key with step as seed
[Check 6] Test psa_key_derivation_input_key with step as salt
[Check 7] Test psa_key_derivation_input_key with key type as AES(not derive)
[Check 8] Test psa_key_derivation_input_key incorrect key algorithm
[Check 9] Test psa_key_derivation_input_key with key type as 2048 RSA public key
[Check 10] Test psa_key_derivation_input_key with key type as RSA 2048 keypair
[Check 11] Test psa_key_derivation_input_key with zero as step
[Check 12] Test psa_cipher_decrypt_setup - Invalid key handle
[Check 13] Test psa_cipher_decrypt_setup - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 219 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_key_agreement
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_key_agreement - ECDH SECP256R1
[Check 2] Test psa_key_derivation_key_agreement - Invalid step
[Check 3] Test psa_key_derivation_key_agreement - ECDH SECP384R1
[Check 4] Test psa_key_derivation_key_agreement - Invalid usage
[Check 5] Test psa_key_derivation_key_agreement - KDF not a key agreement alg
[Check 6] Test psa_key_derivation_key_agreement - Public key of different curve
[Check 7] Test psa_key_derivation_key_agreement - Pub key instead of Prv key
[Check 8] Test psa_key_derivation_key_agreement - Invalid handle
[Check 9] Test psa_key_derivation_key_agreement - Zero as handle
TEST RESULT: PASSED
******************************************
TEST: 220 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_output_bytes
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_output_bytes - HKDF
[Check 2] Test psa_key_derivation_output_bytes - optional salt
[Check 3] Test psa_key_derivation_output_bytes - capacity < output_length
[Check 4] Test psa_key_derivation_output_bytes - missing info
[Check 5] Test psa_key_derivation_output_bytes - missing salt/secret/info
[Check 6] Test psa_key_derivation_output_bytes - TLS12_PRF
[Check 7] Test psa_key_derivation_output_bytes - capacity < output_length
[Check 8] Test psa_key_derivation_output_bytes - missing seed/secret/label
TEST RESULT: PASSED
******************************************
TEST: 221 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_output_key
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_output_key - Key
[Check 2] Test psa_key_derivation_output_key - Info
[Check 3] Test psa_key_derivation_output_key - Salt
[Check 4] Test psa_key_derivation_output_key - Greater Capacity than available
[Check 5] Test psa_key_derivation_output_key - ECC Public key
[Check 6] Test psa_key_derivation_output_key - ECC keypair
[Check 7] Test psa_key_derivation_output_key - RSA Public Key[Check 8] Test psa_key_derivation_output_key - RSA keypair
[Check 9] Test psa_key_derivation_output_key - Invalid key size
TEST RESULT: PASSED
******************************************
TEST: 222 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_abort
TEST RESULT: PASSED
******************************************
TEST: 223 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_set_get_capacity
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_set_get_capacity - < operation's capacity
[Check 2] Test psa_key_derivation_set_get_capacity - = operation's capacity
[Check 3] Test psa_key_derivation_set_get_capacity - > operation's capacity
[Check 4] Test psa_key_derivation_set_get_capacity - unchanged capacity
TEST RESULT: PASSED
******************************************
TEST: 224 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_encrypt - CCM - AES - 13B nonce & 8B add data
Failed at Checkpoint: 4
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 225 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_decrypt - CCM - AES - 13B nonce & 8B add data
Failed at Checkpoint: 4
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 226 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_sign_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_sign_setup - HMAC - SHA256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 227 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_update
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_update - HMAC - SHA256 - 64 Byte
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 228 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_sign_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_sign_finish - HMAC - SHA224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 229 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify_setup - HMAC - SHA256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 230 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify_finish - HMAC - SHA224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 231 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_abort - HMAC - SHA224
[Check 2] Test psa_mac_abort - HMAC - SHA224 - Truncated 8 Byte
[Check 3] Test psa_mac_abort - HMAC - SHA256
[Check 4] Test psa_mac_abort - HMAC - SHA512
[Check 5] Test psa_mac_abort - CMAC - AES
[Check 6] Test psa_mac_sign_finish after calling psa_mac_abort
TEST RESULT: PASSED
******************************************
TEST: 232 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_encrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_encrypt_setup 16 Byte AES
[Check 2] Test psa_cipher_encrypt_setup 24 Byte AES
[Check 3] Test psa_cipher_encrypt_setup 32 Byte AES
[Check 4] Test psa_cipher_encrypt_setup DES 64 bit key
[Check 5] Test psa_cipher_encrypt_setup Triple DES 2-Key
[Check 6] Test psa_cipher_encrypt_setup Triple DES 3-Key
[Check 7] Test psa_cipher_encrypt_setup 16 Byte raw data
[Check 8] Test psa_cipher_encrypt_setup - not a cipher algorithm
[Check 9] Test psa_cipher_encrypt_setup - unknown cipher algorithm
[Check 10] Test psa_cipher_encrypt_setup - incompatible key ARC4
Failed at Checkpoint: 3
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 233 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_decrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_decrypt_setup 16 Byte AES
[Check 2] Test psa_cipher_decrypt_setup 24 Byte AES
[Check 3] Test psa_cipher_decrypt_setup 32 Byte AES
[Check 4] Test psa_cipher_decrypt_setup DES 64 bit key
[Check 5] Test psa_cipher_decrypt_setup Triple DES 2-Key
[Check 6] Test psa_cipher_decrypt_setup Triple DES 3-Key
[Check 7] Test psa_cipher_decrypt_setup 16 Byte raw data
[Check 8] Test psa_cipher_decrypt_setup - not a cipher algorithm
[Check 9] Test psa_cipher_decrypt_setup - unknown cipher algorithm
[Check 10] Test psa_cipher_decrypt_setup - incompatible key ARC4
Failed at Checkpoint: 3
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 234 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_generate_iv
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_generate_iv 16 Byte AES
[Check 2] Test psa_cipher_generate_iv 24 Byte AES
[Check 3] Test psa_cipher_generate_iv 32 Byte AES
[Check 4] Test psa_cipher_generate_iv DES 64 bit key
[Check 5] Test psa_cipher_generate_iv DES 2-Key
[Check 6] Test psa_cipher_generate_iv DES 3-Key
[Check 7] Test psa_cipher_generate_iv AES - small iv buffer
[Check 8] Test psa_cipher_generate_iv DES - small iv buffer
TEST RESULT: PASSED
******************************************
TEST: 235 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_set_iv
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_set_iv 16 Byte AES
[Check 2] Test psa_cipher_set_iv 24 Byte AES
[Check 3] Test psa_cipher_set_iv 32 Byte AES
[Check 4] Test psa_cipher_set_iv DES 64 bit key
[Check 5] Test psa_cipher_set_iv DES 2-Key
[Check 6] Test psa_cipher_set_iv DES 3-Key
[Check 7] Test psa_cipher_set_iv AES - small iv buffer
[Check 8] Test psa_cipher_set_iv DES - small iv buffer
[Check 9] Test psa_cipher_set_iv AES - large iv buffer
[Check 10] Test psa_cipher_set_iv DES - large iv buffer
TEST RESULT: PASSED
******************************************
TEST: 236 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_update
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING (Short in)
[Check 3] Test psa_cipher_update - Encrypt - AES CBC_PKCS7
[Check 4] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 (Short input)
[Check 5] Test psa_cipher_update - Encrypt - AES CTR
[Check 6] Test psa_cipher_update - Encrypt - DES CBC (nopad)
[Check 7] Test psa_cipher_update - Encrypt - 2-key 3DE -CBC (nopad)
[Check 8] Test psa_cipher_update - Encrypt - 3-key 3DE -CBC (nopad)
[Check 9] Test psa_cipher_update - Encrypt - small output buffer size
[Check 10] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING
[Check 11] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING (Short in)
[Check 12] Test psa_cipher_update - Decrypt - AES CBC_PKCS7
[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 (Short input)
[Check 14] Test psa_cipher_update - Decrypt - AES CTR
[Check 15] Test psa_cipher_update - Decrypt - DES CBC (nopad)
[Check 16] Test psa_cipher_update - Decrypt - 2-key 3DE -CBC (nopad)
[Check 17] Test psa_cipher_update - Decrypt - 3-key 3DE -CBC (nopad)
[Check 18] Test psa_cipher_update - Decrypt - small output buffer size
[Check 19] Test psa_cipher_update without cipher setup
TEST RESULT: PASSED
******************************************
TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in)
[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7
[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)
[Check 5] Test psa_cipher_finish - Encrypt - AES CTR
[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input)
[Check 7] Test psa_cipher_finish - Encrypt - DES CBC (nopad)
[Check 8] Test psa_cipher_finish - Encrypt - 2-key 3DE -CBC (nopad)
[Check 9] Test psa_cipher_finish - Encrypt - 3-key 3DE -CBC (nopad)
[Check 10] Test psa_cipher_finish - Encrypt - small output buffer size
[Check 11] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING
[Check 12] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in)
[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7
[Check 14] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 (Short input)
[Check 15] Test psa_cipher_finish - Decrypt - AES CTR
[Check 16] Test psa_cipher_finish - Decrypt - AES CTR (short input)
[Check 17] Test psa_cipher_finish - Decrypt - DES CBC (nopad)
[Check 18] Test psa_cipher_finish - Decrypt - 2-key 3DE -CBC (nopad)
[Check 19] Test psa_cipher_finish - Decrypt - 3-key 3DE -CBC (nopad)
TEST RESULT: PASSED
******************************************
TEST: 238 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_abort - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_abort - Encrypt - AES CBC_PKCS7
[Check 3] Test psa_cipher_abort - Encrypt - AES CTR
[Check 4] Test psa_cipher_abort - Encrypt - DES CBC (nopad)
[Check 5] Test psa_cipher_abort - Encrypt - 2-key 3DE -CBC (nopad)
[Check 6] Test psa_cipher_abort - Encrypt - 3-key 3DE -CBC (nopad)
[Check 7] Test psa_cipher_abort - Decrypt - AES CBC_NO_PADDING
[Check 8] Test psa_cipher_abort - Decrypt - AES CBC_PKCS7
[Check 9] Test psa_cipher_abort - Decrypt - AES CTR
[Check 10] Test psa_cipher_abort - Decrypt - DES CBC (nopad)
[Check 11] Test psa_cipher_abort - Decrypt - 2-key 3DE -CBC (nopad)
[Check 12] Test psa_cipher_abort - Decrypt - 3-key 3DE -CBC (nopad)
[Check 13] Test psa_cipher_update after psa_cipher_abort should fail
TEST RESULT: PASSED
******************************************
TEST: 239 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_asymmetric_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_asymmetric_encrypt - RSA PKCS1V15
[Check 2] Test psa_asymmetric_encrypt - RSA KEY_PAIR PKCS1V15
[Check 3] Test psa_asymmetric_encrypt - RSA OAEP SHA256
[Check 4] Test psa_asymmetric_encrypt - RSA OAEP SHA256 with label
[Check 5] Test psa_asymmetric_encrypt - RSA KEY_PAIR OAEP SHA256
[Check 6] Test psa_asymmetric_encrypt - RSA KEY_PAIR OAEP SHA256 with label
[Check 7] Test psa_asymmetric_encrypt - Small output buffer
[Check 8] Test psa_asymmetric_encrypt - Invalid algorithm
[Check 9] Test psa_asymmetric_encrypt - Invalid key type
[Check 10] Test psa_asymmetric_encrypt - Invalid usage
[Check 11] Test psa_asymmetric_encrypt - RSA PKCS1V15 - Salt
[Check 12] Test psa_asymmetric_encrypt - ECC public key
[Check 13] Test psa_asymmetric_encrypt - Invalid key handle
[Check 14] Test psa_asymmetric_encrypt - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 240 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_asymmetric_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_asymmetric_decrypt - RSA KEY_PAIR PKCS1V15
[Check 2] Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256
[Check 3] Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256 with label
[Check 4] Test psa_asymmetric_decrypt - Invalid key type (RSA public key)
[Check 5] Test psa_asymmetric_decrypt - Small output buffer
[Check 6] Test psa_asymmetric_decrypt - Invalid algorithm
[Check 7] Test psa_asymmetric_decrypt - Invalid key type (AES Key)
[Check 8] Test psa_asymmetric_decrypt - Invalid usage
[Check 9] Test psa_asymmetric_decrypt - RSA PKCS1V15 - Salt
[Check 10] Test psa_asymmetric_decrypt - Invalid key handle
[Check 11] Test psa_asymmetric_decrypt - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 241 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_sign_hash
[Info] Executing tests from non-secure
[Check 1] Test psa_sign_hash - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_sign_hash - RSA KEY_PAIR PKCS1V15 SHA-256
[Check 3] Test psa_sign_hash - ECDSA SECP256R1 SHA-256
[Check 4] Test psa_sign_hash - Invalid key type (RSA public key)
[Check 5] Test psa_sign_hash - Small output buffer
[Check 6] Test psa_sign_hash - Invalid algorithm
[Check 7] Test psa_sign_hash - Invalid key type (AES Key)
[Check 8] Test psa_sign_hash - Invalid usage
[Check 9] Test psa_sign_hash - Wrong hash size
[Check 10] Test psa_sign_hash - Invalid key handle
[Check 11] Test psa_sign_hash - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 242 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_verify_hash
[Info] Executing tests from non-secure
[Check 1] Test psa_verify_hash - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_verify_hash - RSA KEY_PAIR PKCS1V15 SHA-256
[Check 3] Test psa_verify_hash - ECDSA KEY_PAIR SECP256R1 SHA-256
[Check 4] Test psa_verify_hash - EC public key
[Check 5] Test psa_verify_hash - RSA public key
[Check 6] Test psa_verify_hash - Small output buffer
[Check 7] Test psa_verify_hash - Invalid algorithm
[Check 8] Test psa_verify_hash - Invalid key type (AES Key)
[Check 9] Test psa_verify_hash - Invalid usage
[Check 10] Test psa_verify_hash - Wrong hash size
[Check 11] Test psa_verify_hash - Wrong signature
[Check 12] Test psa_verify_hash - Wrong signature size
[Check 13] Test psa_verify_hash - Invalid key handle
[Check 14] Test psa_verify_hash - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_raw_key_agreement
[Info] Executing tests from non-secure
[Check 1] Test psa_raw_key_agreement - ECDH SECP256R1
[Check 2] Test psa_raw_key_agreement - Small buffer size
[Check 3] Test psa_raw_key_agreement - ECDH SECP384R1
[Check 4] Test psa_raw_key_agreement - Invalid usage
[Check 5] Test psa_raw_key_agreement - Unknown KDF
[Check 6] Test psa_raw_key_agreement - Not a key agreement alg
[Check 7] Test psa_raw_key_agreement - Public key on different curve
[Check 8] Test psa_raw_key_agreement - Public key instead of private key
[Check 9] Test psa_raw_key_agreement - Invalid key handle
[Check 10] Test psa_raw_key_agreement - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 244 | DESCRIPTION: Testing crypto key management APIs | UT: psa_copy_key
[Info] Executing tests from non-secure
[Check 1] Test psa_copy_key - 2048 RSA public key
[Check 2] Test psa_copy_key - RSA 2048 keypair
[Check 3] Test psa_copy_key - Incompatible target policy(source and target)
[Check 4] Test psa_copy_key - source key with no export usage
[Check 5] Test psa_copy_key - DES 64 bit key
[Check 6] Test psa_copy_key - Triple DES 2-Key
[Check 7] Test psa_copy_key - Triple DES 3-Key
[Check 8] Test psa_copy_key - EC Public key
[Check 9] Test psa_copy_key - EC keypair
TEST RESULT: PASSED
******************************************
TEST: 245 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_clone
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_clone - MD5 algorithm
[Check 2] Test psa_hash_clone - RIPEMD160 algorithm
[Check 3] Test psa_hash_clone - SHA1 algorithm
[Check 4] Test psa_hash_clone - SHA224 algorithm
[Check 5] Test psa_hash_clone - SHA256 algorithm
[Check 6] Test psa_hash_clone - SHA384 algorithm
[Check 7] Test psa_hash_clone - SHA512 algorithm
[Check 8] Test psa_hash_clone - from an inactive source operation
[Check 9] Test psa_hash_clone - on an active target operation
Failed at Checkpoint: 5
Actual: 0
Expected: -137
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 246 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_compute
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_compute HMAC SHA 224
[Check 2] Test psa_mac_compute - Incompactible HMAC for CMAC
[Check 3] Test psa_mac_compute - Invalid usage
[Check 4] Test psa_mac_compute - truncated MAC too small
[Check 5] Test psa_mac_compute - truncated MAC too large
[Check 6] Test psa_mac_compute - bad algorithm (unknown MAC algorithm)
[Check 7] Test psa_mac_compute HMAC SHA 256
[Check 8] Test psa_mac_compute HMAC SHA 512
[Check 9] Test psa_mac_compute HMAC SHA 224 (truncated to 8 Byte)
[Check 10] Test psa_mac_compute CMAC AES 128
[Check 11] Test psa_mac_compute small size buffer
[Check 12] Test psa_mac_compute - Invalid key type
TEST RESULT: PASSED
******************************************
TEST: 247 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify HMAC SHA 224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 248 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_encrypt - Encrypt - AES CBC_NO_PADDING
Failed at Checkpoint: 4
Actual: -137
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 249 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_decrypt - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING
Failed at Checkpoint: 4
Actual: -137
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 250 | DESCRIPTION: Testing crypto key management APIs | UT: psa_sign_message
[Info] Executing tests from non-secure
[Check 1] Test psa_sign_message - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_sign_message - ECDSA SECP256R1 SHA-256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 251 | DESCRIPTION: Testing crypto key management APIs | UT: psa_verify_message
[Info] Executing tests from non-secure
[Check 1] Test psa_verify_message - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_verify_message - RSA Public Key PKCS1V15 RAW
[Check 3] Test psa_verify_message - RSA KEY_PAIR PKCS1V15 SHA-256
Failed at Checkpoint: 4
Actual: -133
Expected: -149
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 252 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_encrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_encrypt_setup - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 253 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_decrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_decrypt_setup - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 254 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_generate_nonce
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_generate_nonce - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 255 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_set_nonce
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_set_nonce - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 256 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_set_lengths
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_set_lengths - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 257 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_update_ad
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_update_ad - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 258 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_update
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_update - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 259 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_finish - AES-CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 260 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_abort - Encrypt - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 261 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_verify - AES-CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 262 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_suspend
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_suspend - MD5
Failed at Checkpoint: 5
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 263 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_resume
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_resume - MD5
Failed at Checkpoint: 5
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
************ Crypto Suite Report **********
TOTAL TESTS : 63
TOTAL PASSED : 34
TOTAL SIM ERROR : 0
TOTAL FAILED : 29
TOTAL SKIPPED : 0
******************************************
Entering standby..
======Run psa-iat-api-test
/mnt/arm-linux/bin/psa-iat-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Attestation Suite
******************************************
TEST: 601 | DESCRIPTION: Testing attestation initial attestation APIs | UT: psa_initial_attestation
[Info] Executing tests from non-secure
[Check 1] Test psa_initial_attestation_get_token with Challenge 32
[Check 2] Test psa_initial_attestation_get_token with Challenge 48
[Check 3] Test psa_initial_attestation_get_token with Challenge 64
[Check 4] Test psa_initial_attestation_get_token with zero challenge size
[Check 5] Test psa_initial_attestation_get_token with small challenge size
[Check 6] Test psa_initial_attestation_get_token with invalid challenge size
[Check 7] Test psa_initial_attestation_get_token with large challenge size
[Check 8] Test psa_initial_attestation_get_token with zero as token size
[Check 9] Test psa_initial_attestation_get_token with small token size
[Check 10] Test psa_initial_attestation_get_token_size with Challenge 32
[Check 11] Test psa_initial_attestation_get_token_size with Challenge 48
[Check 12] Test psa_initial_attestation_get_token_size with Challenge 64
[Check 13] Test psa_initial_attestation_get_token_size with zero challenge size
[Check 14] Test psa_initial_attestation_get_token_size with small challenge size
[Check 15] Test psa_initial_attestation_get_token_size with invalid challenge size
[Check 16] Test psa_initial_attestation_get_token_size with large challenge size
TEST RESULT: PASSED
******************************************
************ Attestation Suite Report **********
TOTAL TESTS : 1
TOTAL PASSED : 1
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
======xtest
OP-TEE's built-in test solution (`xtest`) can be used to sanity check the system. This does invoke some parts of the SPMC, but none of the Trusted Services components. Expected result is 100% success:
lines=8
TEE test application started over default TEE instance
######################################################
#
# regression
#
######################################################
* regression_1001 Core self tests
o regression_1001.1 Core self tests
regression_1001.1 OK
o regression_1001.2 Core dt_driver self tests
regression_1001.2 OK
regression_1001 OK
* regression_1002 PTA parameters
regression_1002 OK
* regression_1003 Core internal read/write mutex
Number of parallel threads: 6 (2 writers and 4 readers)
Max read concurrency: 2
Max read waiters: 2
Mean read concurrency: 1.4
Mean read waiting: 1.0125
regression_1003 OK
<...>
<...>
regression_8001 OK
regression_8002 OK
regression_8101 OK
regression_8102 OK
regression_8103 OK
+-----------------------------------------------------
26258 subtests of which 0 failed
95 test cases of which 0 failed
0 test cases were skipped
TEE test application done!
= OP-TEE SPMC implementation
== Introduction
==== OP-TEE SPMC implementation
This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations.
==== FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest).
==== OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os).
==== Trusted Services
The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/).
== Current Status
Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
For the OP-TEE release specific testing and results please see the following page:
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-4-0/ | OP-TEE 4.0.0 release ]]
== Important Changes of v4.0.0 release ==
- Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method.
- The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing.
- Bug fixes:
- The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result.
- The SPMC was clearing MBZ registers when making FFA_ERROR calls. This could result in incorrect operation.
- In some scenarios the destination of FFA_ERROR calls were set incorrectly.
- Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd.
==== SPMC status
For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html
==== Trusted Services status
All Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0
Trusted Services SP support status:
| Name | Status |
|--------------------------|-----------|
| internal-trusted-storage | Supported |
| protected-storage | Supported |
| crypto | Supported |
| attestation | Supported |
| firmware-update | Supported |
| block-storage | Supported |
| smm-gateway | Supported |
== Build
The build process follows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution). Additional information is needed for some steps:
- [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these.
- [Step 2](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-2-install-android-repo): -
- [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version.
`repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0`
- [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-toolchains): -
- [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): -
- [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, these steps are not necessary.
== Boot
The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).
Boot the system on the FVP:
make -C build run-only
Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries:
/mnt/host/out/linux-arm-ffa-tee/load_module.sh
/mnt/host/out/linux-arm-ffa-user/load_module.sh
cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib
To run the SPMC tests built into xtest (OP-TEE test suite):
xtest -t ffa_spmc
= OP-TEE SPMC implementation
== Introduction
==== OP-TEE SPMC implementation
This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations.
==== FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest).
==== OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE) implementingrelying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os).
==== Trusted Services
The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/).
== Current Status
Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available insince OP-TEE v3.1819. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
Complete support for FF-A 1.0 and TS is planned for upcoming reFor the OP-TEE release specific testing and results pleases. See below for status. see the following page:
==== SPMC status
OP-TEE SPMC FF-A status:
| Description | Status |
|-------------------|---------------|- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]]
| SP loading | Supported |- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]]
| SP messaging | Supported |- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]]
| SP manifest files | Supported |- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
| Memory management | Supported |- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]]
| Interrupts | Not supported |- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-4-0/ | OP-TEE 4.0.0 release ]]
OP-TEE SPMC FF-A messages status:== Important Changes of v4.0.0 release ==
| Name | Status |
|--------------------------|--------------------------|
| FFA_ERROR | Supported |
| FFA_SUCCESS | Supported |
| FFA_INTERRUPT | Not supported |
| FFA_VERSION | Supported |
| FFA_FEATURES | Supported |
| FFA_RX_RELEASE | Supported |
| FFA_RXTX_MAP | Supported |
| FFA_RXTX_UNMAP | Supported |
| FFA_PARTITION_INFO_GET | Supported |
| FFA_ID_GET | Supported |
| FFA_MSG_WAIT | Supported |- Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method.
- The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing.
- Bug fixes:
| FFA_YIELD | Not supported | - The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result.
| FFA_RUN | Not supported | - The SPMC was clearing MBZ registers when making FFA_ERROR calls. This could result in incorrect operation.
| FFA_NORMAL_WORLD_RESUME | Not supported | - In some scenarios the destination of FFA_ERROR calls were set incorrectly.
| FFA_MSG_SEND | Not supported |
| FFA_MSG_SEND_DIRECT_REQ | Supported |
| FFA_MSG_SEND_DIRECT_RESP | Supported |
| FFA_MSG_POLL | Not supported |
| FFA_MEM_DONATE | Not supported |
| FFA_MEM_LEND | Not supported |
| FFA_MEM_SHARE | Partially supported [^1] |
| FFA_MEM_RETRIEVE_REQ | Supported |
| FFA_MEM_RETRIEVE_RESP | Supported |
| FFA_MEM_RELINQUISH | Supported |
| FFA_MEM_RECLAIM | Supported |
[^1]: Sharing device memory is not yet supported. - Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd.
==== SPMC status
For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html
==== Trusted Services status
All Trusted Services Secure Partitions are supported with OP-TEE SPMC v3.18.v4.0.0
Trusted Services SP support status:
| Name | Status |
|--------------------------|-----------|
| internal-trusted-storage | Supported |
| protected-storage | Supported |
| crypto | Supported |
| attestation | Supported |
| firmware-update | Supported |
| block-storage | Supported |
| smm-gateway | Supported |
== Build
The build process is based onfollows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html) with some extra#get-and-build-the-solution). Additional information is needed for some steps.:
==== Requirements- [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these.
- The Trusted Services project has some extra [requirements- [Step 2](https://trusted-servicesoptee.readthedocs.io/en/latest/developer/software-requirements.html) from OP-TEE. It mainly depends on CMake v3.18.
- The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [developer.arm.com](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).building/gits/build.html#step-2-install-android-repo): -
==== Build steps- [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version.
`repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0`
Obtain sources using the `repo` - [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-tool:chains): -
mkdir optee-ts-workspace
cd optee-ts-workspace
repo init -u https://git.trustedfirmware.org/OP-TEE/manifest.git -m fvp-ts.xml
repo sync -j4 --no-clone-bundle- [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): -
Download toolchains- [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, build OP-TEE and all other components:these steps are not necessary.
cd build
make toolchains
make
cd ..== Boot
More info about building Trusted Services apps can be found at the [Trusted Services build instructions](https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.htmlThe current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`).
Boot the system on the FVP:
make -C build run-only
Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root.
== Test
==== Setup
Set up the [FVP environment](https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests) Then run these commands to load the necessary kernel modules and install the TS test applications and libraries:
/mnt/host/out/linux-arm-ffa-tee/load_module.sh
/mnt/host/out/linux-arm-ffa-user/load_module.sh
cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib
==== Running tests
======Run ts-service-test
ts-service-test -v
Output:
lines=8
TEST(PsServiceTests, createAndSetExtended) - 17853 ms
TEST(PsServiceTests, createAndSet) - 20396 ms
TEST(PsServiceTests, storeNewItem) - 18289 ms
TEST(ItsServiceTests, storeNewItem) - 11008 ms
TEST(AttestationProvisioningTests, provisionedIak) - 98333 ms
TEST(AttestationProvisioningTests, selfGeneratedIak) - 184226 ms
TEST(AttestationServiceTests, repeatedOperation) - 22908192 ms
TEST(AttestationServiceTests, invalidChallengeLen) - 10365 ms
TEST(AttestationServiceTests, checkTokenSize) - 233939 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 21824 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 23731 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 25119 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 19607 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 102272 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 19815 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 67018 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 23439 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 34506 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 17466 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 30063 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 2014249 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 438315 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1066351 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1073917 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 127557 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 199140 ms
TEST(CryptoServicePackedcTests, purgeKey) - 119132 ms
TEST(CryptoServicePackedcTests, copyKey) - 225074 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 213158 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 189627 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 31655 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 3092427 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 279857 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1074455 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 128549 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 201531 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 214115 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 189163 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 20743593 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5251590 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 12895 ms
OK (41 tests, 41 ran, 747 checks, 0 ignored, 0 filtered out, 60788071 ms)
======Run uefi-test
uefi-test -v
Output:
lines=8
TEST(SmmVariableAttackTests, getCheckPropertyWithMaxSizeName) - 2575 ms
======Run psa-its-api-test
/mnt/arm-linux/bin/psa-its-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Overload storage space
UID 13 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 13 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************To run the SPMC tests built into xtest (OP-TEE test suite):
TEST: 405 | DESCRIPTION: Success scenarios check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: ITS
[Info] Executing tests from non-secure
[Info] Executing ITS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 10
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
======Run psa-ps-api-test
/mnt/arm-linux/bin/psa-ps-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Storage Suite
******************************************
TEST: 401 | DESCRIPTION: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5
TEST RESULT: PASSED
******************************************
TEST: 402 | DESCRIPTION: Write once error check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Update the flag of UID 1 with WRITE_ONCE flag
[Check 2] Try to remove the UID 1 having WRITE_ONCE flag
[Check 3] Create a new UID 2 with WRITE_ONCE flag
[Check 4] Try to remove the UID 2 having WRITE_ONCE flag
[Check 5] Try to change the length of write_once UID 2
[Check 6] Check UID removal still fails
[Check 7] Try to change the WRITE_ONCE flag to None for UID 2
[Check 8] Check UID removal still fails
TEST RESULT: PASSED
******************************************
TEST: 403 | DESCRIPTION: Insufficient space check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Overload storage space
UID 11 set failed due to insufficient space
Remove all registered UIDs
[Check 2] Overload storage again to verify all previous UID removed
UID 11 set failed due to insufficient space
Remove all registered UIDs
TEST RESULT: PASSED
******************************************
TEST: 404 | DESCRIPTION: Data Consistency check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with reduced length - TEST_BUFF_SIZE/2
[Check 2] Call get API with default length - TEST_BUFF_SIZE
TEST RESULT: PASSED
******************************************
TEST: 405 | DESCRIPTION: Success scenarios check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Set UID with data length zero and call storage APIs
[Check 2] Resetting the length check
TEST RESULT: PASSED
******************************************
TEST: 406 | DESCRIPTION: Check for storage create flags | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with flag - PSA_STORAGE_FLAG_NONE
[Check 2] Call set API with flag - PSA_STORAGE_FLAG_NO_CONFIDENTIALITY
[Check 3] Call set API with flag - PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION
TEST RESULT: PASSED
******************************************
TEST: 407 | DESCRIPTION: Incorrect Size check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Create a valid Storage - TEST_BUFF_SIZE/2
Increase the length of storage - TEST_BUFF_SIZE
[Check 1] Call get API with old length - TEST_BUFF_SIZE/2
[Check 2] Call get API with old length - TEST_BUFF_SIZE/4
Decrease the length of storage - TEST_BUFF_SIZE/4
[Check 3] Call get API with old length - TEST_BUFF_SIZE/2
[Check 4] Call get API with old length - TEST_BUFF_SIZE
[Check 5] Call get API with valid length - TEST_BUFF_SIZE/4
TEST RESULT: PASSED
******************************************
TEST: 408 | DESCRIPTION: Invalid offset check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Try to access data with varying valid offset
[Check 2] Try to access data with varying invalid offset
TEST RESULT: PASSED
******************************************
TEST: 409 | DESCRIPTION: Invalid Arguments check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Call set API with NULL pointer and data length 0
[Check 2] Call get API with NULL read buffer and data length 0
[Check 3] Remove the UID
[Check 4] Call get_info API to verify UID removed
[Check 5] Create UID with zero data_len and valid write buffer
[Check 8] Call get API with NULL read buffer and data length 0
[Check 9] Increase the length
TEST RESULT: PASSED
******************************************
TEST: 410 | DESCRIPTION: UID value zero check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
[Check 1] Creating storage with UID 0 should fail
[Check 2] Get_info for UID 0 should fail
[Check 3] Removing storage with UID 0 should fail
TEST RESULT: PASSED
******************************************
TEST: 411 | DESCRIPTION: Optional APIs: UID not found check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 412 | DESCRIPTION: Optional APIs: Invalid arguments and offset invalid | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 413 | DESCRIPTION: Set_Extended and Create api : Success | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 414 | DESCRIPTION: Optional APIs not supported check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Optional PS APIs are not supported.
[Check 1] Call to create API should fail as API not supported
Failed at Checkpoint: 1
Actual: 0
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 415 | DESCRIPTION: Create API write_once flag value check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs are not supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 416 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
TEST: 417 | DESCRIPTION: Storage assest capacity modification check | UT: PS
[Info] Executing tests from non-secure
[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.
TEST RESULT: SKIPPED (Skip Code=0x2b)
******************************************
************ Storage Suite Report **********
TOTAL TESTS : 17
TOTAL PASSED : 10
TOTAL SIM ERROR : 0
TOTAL FAILED : 1
TOTAL SKIPPED : 6
******************************************
Entering standby..
======Run psa-crypto-api-test:
/mnt/arm-linux/bin/psa-crypto-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Crypto Suite
******************************************
TEST: 201 | DESCRIPTION: Testing crypto key management APIs | UT: psa_crypto_init
[Info] Executing tests from non-secure
[Check 1] Test calling crypto functions before psa_crypto_init
[Check 2] Test psa_crypto_init
[Check 3] Test multiple psa_crypto_init
TEST RESULT: PASSED
******************************************
TEST: 202 | DESCRIPTION: Testing crypto key management APIs | UT: psa_import_key
[Info] Executing tests from non-secure
[Check 1] Test psa_import_key 16 bytes AES
[Check 2] Test psa_import_key 24 bytes AES
[Check 3] Test psa_import_key 32 bytes AES
[Check 4] Test psa_import_key 2048 RSA public key
[Check 5] Test psa_import_key with RSA 2048 keypair
[Check 6] Test psa_import_key with DES 8 bytes key
[Check 7] Test psa_import_key with Triple DES 2-Key
[Check 8] Test psa_import_key with Triple DES 3-Key
[Check 9] Test psa_import_key with EC Public key
[Check 10] Test psa_import_key with EC keypair
[Check 11] Test psa_import_key 16 bytes AES with invalid bits
[Check 12] Test psa_import_key with key data greater than the algorithm size
[Check 13] Test psa_import_key with incorrect key data size
[Check 14] Test psa_import_key with invalid key type value
TEST RESULT: PASSED
******************************************
TEST: 203 | DESCRIPTION: Testing crypto key management APIs | UT: psa_export_key
[Info] Executing tests from non-secure
[Check 1] Test psa_export_key 16 Byte AES
[Check 2] Test psa_export_key 24 Byte AES
[Check 3] Test psa_export_key 32 Byte AES
[Check 4] Test psa_export_key 2048 RSA public key
[Check 5] Test psa_export_key with RSA 2048 keypair
[Check 6] Test psa_export_key with DES 64 bit key
[Check 7] Test psa_export_key with Triple DES 2-Key
[Check 8] Test psa_export_key with Triple DES 3-Key
[Check 9] Test psa_export_key with EC Public key
[Check 10] Test psa_export_key with EC keypair
[Check 11] Test psa_export_key with key policy verify
[Check 12] Test psa_export_key with less buffer size
TEST RESULT: PASSED
******************************************
TEST: 204 | DESCRIPTION: Testing crypto key management APIs | UT: psa_export_public_key
[Info] Executing tests from non-secure
[Check 1] Test psa_export_public_key 16 Byte AES
[Check 2] Test psa_export_public_key 24 Byte AES
[Check 3] Test psa_export_public_key 32 Byte AES
[Check 4] Test psa_export_public_key 2048 RSA public key
[Check 5] Test psa_export_public_key with RSA 2048 keypair
[Check 6] Test psa_export_public_key with DES 64 bit key
[Check 7] Test psa_export_public_key with Triple DES 2-Key
[Check 8] Test psa_export_public_key with Triple DES 3-Key
[Check 9] Test psa_export_public_key with EC Public key
[Check 10] Test psa_export_public_key with EC keypair
[Check 11] Test psa_export_public_key with less buffer size
TEST RESULT: PASSED
******************************************
TEST: 205 | DESCRIPTION: Testing crypto key management APIs | UT: psa_destroy_key
[Info] Executing tests from non-secure
[Check 1] Test psa_destroy_key 16 Byte AES
[Check 2] Test psa_destroy_key 24 Byte AES
[Check 3] Test psa_destroy_key 32 Byte AES
[Check 4] Test psa_destroy_key 2048 RSA public key
[Check 5] Test psa_destroy_key with RSA 2048 keypair
[Check 6] Test psa_destroy_key with DES 64 bit key
[Check 7] Test psa_destroy_key with Triple DES 2-Key
[Check 8] Test psa_destroy_key with Triple DES 3-Key
[Check 9] Test psa_destroy_key with EC Public key
[Check 10] Test psa_destroy_key with EC keypair
TEST RESULT: PASSED
******************************************
TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_compute
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compute with MD5 algorithm
[Check 2] Test psa_hash_compute with RIPEMD160 algorithm
[Check 3] Test psa_hash_compute with SHA1 algorithm
[Check 4] Test psa_hash_compute with SHA224 algorithm
[Check 5] Test psa_hash_compute with SHA256 algorithm
[Check 6] Test psa_hash_compute with SHA384 algorithm
[Check 7] Test psa_hash_compute with SHA512 algorithm
[Check 8] Test psa_hash_compute with small buffer size
[Check 9] Test psa_hash_compute with invalid algorithm
TEST RESULT: PASSED
******************************************
TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_compare
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compare with MD5 algorithm
[Check 2] Test psa_hash_compare with RIPEMD160 algorithm
[Check 3] Test psa_hash_compare with SHA1 algorithm
[Check 4] Test psa_hash_compare with SHA224 algorithm
[Check 5] Test psa_hash_compare with SHA256 algorithm
[Check 6] Test psa_hash_compare with SHA384 algorithm
[Check 7] Test psa_hash_compare with SHA512 algorithm
[Check 8] Test psa_hash_compare with incorrect hash
[Check 9] Test psa_hash_compare with incorrect hash length
[Check 10] Test psa_hash_compare with invalid algorithm
TEST RESULT: PASSED
******************************************
TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256
[Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF
[Check 3] Test psa_key_derivation_setup - bad key derivation algorithm
[Check 4] Test psa_key_derivation_setup - Invalid Algorithm
TEST RESULT: PASSED
******************************************
TEST: 209 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_input_bytes
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_input_bytes - Step as Info
[Check 2] Test psa_key_derivation_input_bytes - Step as secret
[Check 3] Test psa_key_derivation_input_bytes - Step as salt
[Check 4] Test psa_key_derivation_input_bytes - Step as label
[Check 5] Test psa_key_derivation_input_bytes - Step as seed
[Check 6] Test psa_key_derivation_input_bytes - Invalid step
TEST RESULT: PASSED
******************************************
TEST: 210 | DESCRIPTION: Testing crypto key attributes APIs | UT: psa_key_attributes_set_get
[Info] Executing tests from non-secure
[Check 1] Test psa_key_attributes_set_get key attributes
TEST RESULT: PASSED
******************************************
TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_setup with MD5 algorithm
Failed at Checkpoint: 4
Actual: 0
Expected: -137
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 212 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_update
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_update with MD5 algorithm
[Check 2] Test psa_hash_update with RIPEMD160 algorithm
[Check 3] Test psa_hash_update with SHA1 algorithm
[Check 4] Test psa_hash_update with SHA224 algorithm
[Check 5] Test psa_hash_update with SHA256 algorithm
[Check 6] Test psa_hash_update with SHA384 algorithm
[Check 7] Test psa_hash_update with SHA512 algorithm
[Check 8] Test psa_hash_update without hash setup
[Check 9] Test psa_hash_update with completed opertaion handle
TEST RESULT: PASSED
******************************************
TEST: 213 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_verify with MD5 algorithm
[Check 2] Test psa_hash_verify with RIPEMD160 algorithm
[Check 3] Test psa_hash_verify with SHA1 algorithm
[Check 4] Test psa_hash_verify with SHA224 algorithm
[Check 5] Test psa_hash_verify with SHA256 algorithm
[Check 6] Test psa_hash_verify with SHA384 algorithm
[Check 7] Test psa_hash_verify with SHA512 algorithm
[Check 8] Test psa_hash_verify with incorrect expected hash
[Check 9] Test psa_hash_verify with incorrect hash length
[Check 10] test psa_hash_verify with inactive & invalid operation handle
TEST RESULT: PASSED
******************************************
TEST: 214 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_finish with MD5 algorithm
[Check 2] Test psa_hash_finish with RIPEMD160 algorithm
[Check 3] Test psa_hash_finish with SHA1 algorithm
[Check 4] Test psa_hash_finish with SHA224 algorithm
[Check 5] Test psa_hash_finish with SHA256 algorithm
[Check 6] Test psa_hash_finish with SHA384 algorithm
[Check 7] Test psa_hash_finish with SHA512 algorithm
[Check 8] Test psa_hash_finish with invalid hash buffer size
[Check 9] test psa_hash_finish with inactive operation handle
TEST RESULT: PASSED
******************************************
TEST: 215 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_abort with MD5 algorithm
[Check 2] Test psa_hash_abort with RIPEMD160 algorithm
[Check 3] Test psa_hash_abort with SHA1 algorithm
[Check 4] Test psa_hash_abort with SHA224 algorithm
[Check 5] Test psa_hash_abort with SHA256 algorithm
[Check 6] Test psa_hash_abort with SHA384 algorithm
[Check 7] Test psa_hash_abort with SHA512 algorithm
[Check 8] Test psa_hash_finish after calling psa_hash_abort
TEST RESULT: PASSED
******************************************
TEST: 216 | DESCRIPTION: Testing crypto generator functions APIs | UT: psa_generate_key
[Info] Executing tests from non-secure
[Check 1] Test psa_generate_key 16 Byte AES
[Check 2] Test psa_generate_key 24 Byte AES
[Check 3] Test psa_generate_key 32 Byte AES
[Check 4] Test psa_generate_key with DES 64 bit key
[Check 5] Test psa_generate_key with Triple DES 2-Key
[Check 6] Test psa_generate_key with Triple DES 3-Key
[Check 7] Test psa_generate_key with RSA 2048 Keypair
[Check 8] Test psa_generate_key with ECC KeyPair
[Check 9] Test psa_generate_key with RSA 2048 Public key
Failed at Checkpoint: 3
Actual: -134
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 217 | DESCRIPTION: Testing crypto generation APIs | UT: psa_generate_random
[Info] Executing tests from non-secure
[Check 1] Test psa_generate_random to get 0 Byte data
[Check 2] Test psa_generate_random to get 16 Byte data
[Check 3] Test psa_generate_random to get 24 Byte data
[Check 4] Test psa_generate_random to get 32 Byte data
[Check 5] Test psa_generate_random to get 64 Byte data
[Check 6] Test psa_generate_random to get 128 Byte data
[Check 7] Test psa_generate_random to get 256 Byte data
[Check 8] Test psa_generate_random to get 512 Byte data
[Check 9] Test psa_generate_random to get 1000 Byte data
TEST RESULT: PASSED
******************************************
TEST: 218 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_input_key
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_input_key 16 Byte Key
[Check 2] Test psa_key_derivation_input_key with invalid usage
[Check 3] Test psa_key_derivation_input_key with step as label
[Check 4] Test psa_key_derivation_input_key with step as info
[Check 5] Test psa_key_derivation_input_key with step as seed
[Check 6] Test psa_key_derivation_input_key with step as salt
[Check 7] Test psa_key_derivation_input_key with key type as AES(not derive)
[Check 8] Test psa_key_derivation_input_key incorrect key algorithm
[Check 9] Test psa_key_derivation_input_key with key type as 2048 RSA public key
[Check 10] Test psa_key_derivation_input_key with key type as RSA 2048 keypair
[Check 11] Test psa_key_derivation_input_key with zero as step
[Check 12] Test psa_cipher_decrypt_setup - Invalid key handle
[Check 13] Test psa_cipher_decrypt_setup - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 219 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_key_agreement
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_key_agreement - ECDH SECP256R1
[Check 2] Test psa_key_derivation_key_agreement - Invalid step
[Check 3] Test psa_key_derivation_key_agreement - ECDH SECP384R1
[Check 4] Test psa_key_derivation_key_agreement - Invalid usage
[Check 5] Test psa_key_derivation_key_agreement - KDF not a key agreement alg
[Check 6] Test psa_key_derivation_key_agreement - Public key of different curve
[Check 7] Test psa_key_derivation_key_agreement - Pub key instead of Prv key
[Check 8] Test psa_key_derivation_key_agreement - Invalid handle
[Check 9] Test psa_key_derivation_key_agreement - Zero as handle
TEST RESULT: PASSED
******************************************
TEST: 220 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_output_bytes
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_output_bytes - HKDF
[Check 2] Test psa_key_derivation_output_bytes - optional salt
[Check 3] Test psa_key_derivation_output_bytes - capacity < output_length
[Check 4] Test psa_key_derivation_output_bytes - missing info
[Check 5] Test psa_key_derivation_output_bytes - missing salt/secret/info
[Check 6] Test psa_key_derivation_output_bytes - TLS12_PRF
[Check 7] Test psa_key_derivation_output_bytes - capacity < output_length
[Check 8] Test psa_key_derivation_output_bytes - missing seed/secret/label
TEST RESULT: PASSED
******************************************
TEST: 221 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_output_key
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_output_key - Key
[Check 2] Test psa_key_derivation_output_key - Info
[Check 3] Test psa_key_derivation_output_key - Salt
[Check 4] Test psa_key_derivation_output_key - Greater Capacity than available
[Check 5] Test psa_key_derivation_output_key - ECC Public key
[Check 6] Test psa_key_derivation_output_key - ECC keypair
[Check 7] Test psa_key_derivation_output_key - RSA Public Key[Check 8] Test psa_key_derivation_output_key - RSA keypair
[Check 9] Test psa_key_derivation_output_key - Invalid key size
TEST RESULT: PASSED
******************************************
TEST: 222 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_abort
TEST RESULT: PASSED
******************************************
TEST: 223 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_key_derivation_set_get_capacity
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_set_get_capacity - < operation's capacity
[Check 2] Test psa_key_derivation_set_get_capacity - = operation's capacity
[Check 3] Test psa_key_derivation_set_get_capacity - > operation's capacity
[Check 4] Test psa_key_derivation_set_get_capacity - unchanged capacity
TEST RESULT: PASSED
******************************************
TEST: 224 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_encrypt - CCM - AES - 13B nonce & 8B add data
Failed at Checkpoint: 4
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 225 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_decrypt - CCM - AES - 13B nonce & 8B add data
Failed at Checkpoint: 4
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 226 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_sign_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_sign_setup - HMAC - SHA256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 227 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_update
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_update - HMAC - SHA256 - 64 Byte
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 228 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_sign_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_sign_finish - HMAC - SHA224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 229 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify_setup - HMAC - SHA256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 230 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify_finish - HMAC - SHA224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 231 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_abort - HMAC - SHA224
[Check 2] Test psa_mac_abort - HMAC - SHA224 - Truncated 8 Byte
[Check 3] Test psa_mac_abort - HMAC - SHA256
[Check 4] Test psa_mac_abort - HMAC - SHA512
[Check 5] Test psa_mac_abort - CMAC - AES
[Check 6] Test psa_mac_sign_finish after calling psa_mac_abort
TEST RESULT: PASSED
******************************************
TEST: 232 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_encrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_encrypt_setup 16 Byte AES
[Check 2] Test psa_cipher_encrypt_setup 24 Byte AES
[Check 3] Test psa_cipher_encrypt_setup 32 Byte AES
[Check 4] Test psa_cipher_encrypt_setup DES 64 bit key
[Check 5] Test psa_cipher_encrypt_setup Triple DES 2-Key
[Check 6] Test psa_cipher_encrypt_setup Triple DES 3-Key
[Check 7] Test psa_cipher_encrypt_setup 16 Byte raw data
[Check 8] Test psa_cipher_encrypt_setup - not a cipher algorithm
[Check 9] Test psa_cipher_encrypt_setup - unknown cipher algorithm
[Check 10] Test psa_cipher_encrypt_setup - incompatible key ARC4
Failed at Checkpoint: 3
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 233 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_decrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_decrypt_setup 16 Byte AES
[Check 2] Test psa_cipher_decrypt_setup 24 Byte AES
[Check 3] Test psa_cipher_decrypt_setup 32 Byte AES
[Check 4] Test psa_cipher_decrypt_setup DES 64 bit key
[Check 5] Test psa_cipher_decrypt_setup Triple DES 2-Key
[Check 6] Test psa_cipher_decrypt_setup Triple DES 3-Key
[Check 7] Test psa_cipher_decrypt_setup 16 Byte raw data
[Check 8] Test psa_cipher_decrypt_setup - not a cipher algorithm
[Check 9] Test psa_cipher_decrypt_setup - unknown cipher algorithm
[Check 10] Test psa_cipher_decrypt_setup - incompatible key ARC4
Failed at Checkpoint: 3
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 234 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_generate_iv
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_generate_iv 16 Byte AES
[Check 2] Test psa_cipher_generate_iv 24 Byte AES
[Check 3] Test psa_cipher_generate_iv 32 Byte AES
[Check 4] Test psa_cipher_generate_iv DES 64 bit key
[Check 5] Test psa_cipher_generate_iv DES 2-Key
[Check 6] Test psa_cipher_generate_iv DES 3-Key
[Check 7] Test psa_cipher_generate_iv AES - small iv buffer
[Check 8] Test psa_cipher_generate_iv DES - small iv buffer
TEST RESULT: PASSED
******************************************
TEST: 235 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_set_iv
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_set_iv 16 Byte AES
[Check 2] Test psa_cipher_set_iv 24 Byte AES
[Check 3] Test psa_cipher_set_iv 32 Byte AES
[Check 4] Test psa_cipher_set_iv DES 64 bit key
[Check 5] Test psa_cipher_set_iv DES 2-Key
[Check 6] Test psa_cipher_set_iv DES 3-Key
[Check 7] Test psa_cipher_set_iv AES - small iv buffer
[Check 8] Test psa_cipher_set_iv DES - small iv buffer
[Check 9] Test psa_cipher_set_iv AES - large iv buffer
[Check 10] Test psa_cipher_set_iv DES - large iv buffer
TEST RESULT: PASSED
******************************************
TEST: 236 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_update
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING (Short in)
[Check 3] Test psa_cipher_update - Encrypt - AES CBC_PKCS7
[Check 4] Test psa_cipher_update - Encrypt - AES CBC_PKCS7 (Short input)
[Check 5] Test psa_cipher_update - Encrypt - AES CTR
[Check 6] Test psa_cipher_update - Encrypt - DES CBC (nopad)
[Check 7] Test psa_cipher_update - Encrypt - 2-key 3DE -CBC (nopad)
[Check 8] Test psa_cipher_update - Encrypt - 3-key 3DE -CBC (nopad)
[Check 9] Test psa_cipher_update - Encrypt - small output buffer size
[Check 10] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING
[Check 11] Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING (Short in)
[Check 12] Test psa_cipher_update - Decrypt - AES CBC_PKCS7
[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7 (Short input)
[Check 14] Test psa_cipher_update - Decrypt - AES CTR
[Check 15] Test psa_cipher_update - Decrypt - DES CBC (nopad)
[Check 16] Test psa_cipher_update - Decrypt - 2-key 3DE -CBC (nopad)
[Check 17] Test psa_cipher_update - Decrypt - 3-key 3DE -CBC (nopad)
[Check 18] Test psa_cipher_update - Decrypt - small output buffer size
[Check 19] Test psa_cipher_update without cipher setup
TEST RESULT: PASSED
******************************************
TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in)
[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7
[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)
[Check 5] Test psa_cipher_finish - Encrypt - AES CTR
[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input)
[Check 7] Test psa_cipher_finish - Encrypt - DES CBC (nopad)
[Check 8] Test psa_cipher_finish - Encrypt - 2-key 3DE -CBC (nopad)
[Check 9] Test psa_cipher_finish - Encrypt - 3-key 3DE -CBC (nopad)
[Check 10] Test psa_cipher_finish - Encrypt - small output buffer size
[Check 11] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING
[Check 12] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in)
[Check 13] Test psa_cipher_update - Decrypt - AES CBC_PKCS7
[Check 14] Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 (Short input)
[Check 15] Test psa_cipher_finish - Decrypt - AES CTR
[Check 16] Test psa_cipher_finish - Decrypt - AES CTR (short input)
[Check 17] Test psa_cipher_finish - Decrypt - DES CBC (nopad)
[Check 18] Test psa_cipher_finish - Decrypt - 2-key 3DE -CBC (nopad)
[Check 19] Test psa_cipher_finish - Decrypt - 3-key 3DE -CBC (nopad)
TEST RESULT: PASSED
******************************************
TEST: 238 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_abort - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_abort - Encrypt - AES CBC_PKCS7
[Check 3] Test psa_cipher_abort - Encrypt - AES CTR
[Check 4] Test psa_cipher_abort - Encrypt - DES CBC (nopad)
[Check 5] Test psa_cipher_abort - Encrypt - 2-key 3DE -CBC (nopad)
[Check 6] Test psa_cipher_abort - Encrypt - 3-key 3DE -CBC (nopad)
[Check 7] Test psa_cipher_abort - Decrypt - AES CBC_NO_PADDING
[Check 8] Test psa_cipher_abort - Decrypt - AES CBC_PKCS7
[Check 9] Test psa_cipher_abort - Decrypt - AES CTR
[Check 10] Test psa_cipher_abort - Decrypt - DES CBC (nopad)
[Check 11] Test psa_cipher_abort - Decrypt - 2-key 3DE -CBC (nopad)
[Check 12] Test psa_cipher_abort - Decrypt - 3-key 3DE -CBC (nopad)
[Check 13] Test psa_cipher_update after psa_cipher_abort should fail
TEST RESULT: PASSED
******************************************
TEST: 239 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_asymmetric_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_asymmetric_encrypt - RSA PKCS1V15
[Check 2] Test psa_asymmetric_encrypt - RSA KEY_PAIR PKCS1V15
[Check 3] Test psa_asymmetric_encrypt - RSA OAEP SHA256
[Check 4] Test psa_asymmetric_encrypt - RSA OAEP SHA256 with label
[Check 5] Test psa_asymmetric_encrypt - RSA KEY_PAIR OAEP SHA256
[Check 6] Test psa_asymmetric_encrypt - RSA KEY_PAIR OAEP SHA256 with label
[Check 7] Test psa_asymmetric_encrypt - Small output buffer
[Check 8] Test psa_asymmetric_encrypt - Invalid algorithm
[Check 9] Test psa_asymmetric_encrypt - Invalid key type
[Check 10] Test psa_asymmetric_encrypt - Invalid usage
[Check 11] Test psa_asymmetric_encrypt - RSA PKCS1V15 - Salt
[Check 12] Test psa_asymmetric_encrypt - ECC public key
[Check 13] Test psa_asymmetric_encrypt - Invalid key handle
[Check 14] Test psa_asymmetric_encrypt - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 240 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_asymmetric_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_asymmetric_decrypt - RSA KEY_PAIR PKCS1V15
[Check 2] Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256
[Check 3] Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256 with label
[Check 4] Test psa_asymmetric_decrypt - Invalid key type (RSA public key)
[Check 5] Test psa_asymmetric_decrypt - Small output buffer
[Check 6] Test psa_asymmetric_decrypt - Invalid algorithm
[Check 7] Test psa_asymmetric_decrypt - Invalid key type (AES Key)
[Check 8] Test psa_asymmetric_decrypt - Invalid usage
[Check 9] Test psa_asymmetric_decrypt - RSA PKCS1V15 - Salt
[Check 10] Test psa_asymmetric_decrypt - Invalid key handle
[Check 11] Test psa_asymmetric_decrypt - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 241 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_sign_hash
[Info] Executing tests from non-secure
[Check 1] Test psa_sign_hash - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_sign_hash - RSA KEY_PAIR PKCS1V15 SHA-256
[Check 3] Test psa_sign_hash - ECDSA SECP256R1 SHA-256
[Check 4] Test psa_sign_hash - Invalid key type (RSA public key)
[Check 5] Test psa_sign_hash - Small output buffer
[Check 6] Test psa_sign_hash - Invalid algorithm
[Check 7] Test psa_sign_hash - Invalid key type (AES Key)
[Check 8] Test psa_sign_hash - Invalid usage
[Check 9] Test psa_sign_hash - Wrong hash size
[Check 10] Test psa_sign_hash - Invalid key handle
[Check 11] Test psa_sign_hash - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 242 | DESCRIPTION: Testing crypto asymmetric APIs | UT: psa_verify_hash
[Info] Executing tests from non-secure
[Check 1] Test psa_verify_hash - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_verify_hash - RSA KEY_PAIR PKCS1V15 SHA-256
[Check 3] Test psa_verify_hash - ECDSA KEY_PAIR SECP256R1 SHA-256
[Check 4] Test psa_verify_hash - EC public key
[Check 5] Test psa_verify_hash - RSA public key
[Check 6] Test psa_verify_hash - Small output buffer
[Check 7] Test psa_verify_hash - Invalid algorithm
[Check 8] Test psa_verify_hash - Invalid key type (AES Key)
[Check 9] Test psa_verify_hash - Invalid usage
[Check 10] Test psa_verify_hash - Wrong hash size
[Check 11] Test psa_verify_hash - Wrong signature
[Check 12] Test psa_verify_hash - Wrong signature size
[Check 13] Test psa_verify_hash - Invalid key handle
[Check 14] Test psa_verify_hash - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs | UT: psa_raw_key_agreement
[Info] Executing tests from non-secure
[Check 1] Test psa_raw_key_agreement - ECDH SECP256R1
[Check 2] Test psa_raw_key_agreement - Small buffer size
[Check 3] Test psa_raw_key_agreement - ECDH SECP384R1
[Check 4] Test psa_raw_key_agreement - Invalid usage
[Check 5] Test psa_raw_key_agreement - Unknown KDF
[Check 6] Test psa_raw_key_agreement - Not a key agreement alg
[Check 7] Test psa_raw_key_agreement - Public key on different curve
[Check 8] Test psa_raw_key_agreement - Public key instead of private key
[Check 9] Test psa_raw_key_agreement - Invalid key handle
[Check 10] Test psa_raw_key_agreement - Zero as key handle
TEST RESULT: PASSED
******************************************
TEST: 244 | DESCRIPTION: Testing crypto key management APIs | UT: psa_copy_key
[Info] Executing tests from non-secure
[Check 1] Test psa_copy_key - 2048 RSA public key
[Check 2] Test psa_copy_key - RSA 2048 keypair
[Check 3] Test psa_copy_key - Incompatible target policy(source and target)
[Check 4] Test psa_copy_key - source key with no export usage
[Check 5] Test psa_copy_key - DES 64 bit key
[Check 6] Test psa_copy_key - Triple DES 2-Key
[Check 7] Test psa_copy_key - Triple DES 3-Key
[Check 8] Test psa_copy_key - EC Public key
[Check 9] Test psa_copy_key - EC keypair
TEST RESULT: PASSED
******************************************
TEST: 245 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_clone
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_clone - MD5 algorithm
[Check 2] Test psa_hash_clone - RIPEMD160 algorithm
[Check 3] Test psa_hash_clone - SHA1 algorithm
[Check 4] Test psa_hash_clone - SHA224 algorithm
[Check 5] Test psa_hash_clone - SHA256 algorithm
[Check 6] Test psa_hash_clone - SHA384 algorithm
[Check 7] Test psa_hash_clone - SHA512 algorithm
[Check 8] Test psa_hash_clone - from an inactive source operation
[Check 9] Test psa_hash_clone - on an active target operation
Failed at Checkpoint: 5
Actual: 0
Expected: -137
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 246 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_compute
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_compute HMAC SHA 224
[Check 2] Test psa_mac_compute - Incompactible HMAC for CMAC
[Check 3] Test psa_mac_compute - Invalid usage
[Check 4] Test psa_mac_compute - truncated MAC too small
[Check 5] Test psa_mac_compute - truncated MAC too large
[Check 6] Test psa_mac_compute - bad algorithm (unknown MAC algorithm)
[Check 7] Test psa_mac_compute HMAC SHA 256
[Check 8] Test psa_mac_compute HMAC SHA 512
[Check 9] Test psa_mac_compute HMAC SHA 224 (truncated to 8 Byte)
[Check 10] Test psa_mac_compute CMAC AES 128
[Check 11] Test psa_mac_compute small size buffer
[Check 12] Test psa_mac_compute - Invalid key type
TEST RESULT: PASSED
******************************************
TEST: 247 | DESCRIPTION: Testing crypto MAC APIs | UT: psa_mac_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_mac_verify HMAC SHA 224
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 248 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_encrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_encrypt - Encrypt - AES CBC_NO_PADDING
Failed at Checkpoint: 4
Actual: -137
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 249 | DESCRIPTION: Testing crypto symmetric cipher APIs | UT: psa_cipher_decrypt
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_decrypt - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING
Failed at Checkpoint: 4
Actual: -137
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 250 | DESCRIPTION: Testing crypto key management APIs | UT: psa_sign_message
[Info] Executing tests from non-secure
[Check 1] Test psa_sign_message - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_sign_message - ECDSA SECP256R1 SHA-256
Failed at Checkpoint: 4
Actual: -133
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 251 | DESCRIPTION: Testing crypto key management APIs | UT: psa_verify_message
[Info] Executing tests from non-secure
[Check 1] Test psa_verify_message - RSA KEY_PAIR PKCS1V15 RAW
[Check 2] Test psa_verify_message - RSA Public Key PKCS1V15 RAW
[Check 3] Test psa_verify_message - RSA KEY_PAIR PKCS1V15 SHA-256
Failed at Checkpoint: 4
Actual: -133
Expected: -149
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 252 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_encrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_encrypt_setup - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 253 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_decrypt_setup
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_decrypt_setup - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 254 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_generate_nonce
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_generate_nonce - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 255 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_set_nonce
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_set_nonce - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 256 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_set_lengths
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_set_lengths - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 257 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_update_ad
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_update_ad - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 258 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_update
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_update - Encrypt - CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 259 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_finish
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_finish - AES-CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 260 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_abort
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_abort - Encrypt - CCM - AES
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 261 | DESCRIPTION: Testing crypto AEAD APIs | UT: psa_aead_verify
[Info] Executing tests from non-secure
[Check 1] Test psa_aead_verify - AES-CCM
Failed at Checkpoint: 4
Actual: -132
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 262 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_suspend
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_suspend - MD5
Failed at Checkpoint: 5
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
TEST: 263 | DESCRIPTION: Testing crypto hash functions APIs | UT: psa_hash_resume
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_resume - MD5
Failed at Checkpoint: 5
Actual: -134
Expected: 0
TEST RESULT: FAILED (Error Code=0x1)
******************************************
************ Crypto Suite Report **********
TOTAL TESTS : 63
TOTAL PASSED : 34
TOTAL SIM ERROR : 0
TOTAL FAILED : 29
TOTAL SKIPPED : 0
******************************************
Entering standby..
======Run psa-iat-api-test
/mnt/arm-linux/bin/psa-iat-api-test
Output:
lines=8
***** PSA Architecture Test Suite - Version 1.4 *****
Running.. Attestation Suite
******************************************
TEST: 601 | DESCRIPTION: Testing attestation initial attestation APIs | UT: psa_initial_attestation
[Info] Executing tests from non-secure
[Check 1] Test psa_initial_attestation_get_token with Challenge 32
[Check 2] Test psa_initial_attestation_get_token with Challenge 48
[Check 3] Test psa_initial_attestation_get_token with Challenge 64
[Check 4] Test psa_initial_attestation_get_token with zero challenge size
[Check 5] Test psa_initial_attestation_get_token with small challenge size
[Check 6] Test psa_initial_attestation_get_token with invalid challenge size
[Check 7] Test psa_initial_attestation_get_token with large challenge size
[Check 8] Test psa_initial_attestation_get_token with zero as token size
[Check 9] Test psa_initial_attestation_get_token with small token size
[Check 10] Test psa_initial_attestation_get_token_size with Challenge 32
[Check 11] Test psa_initial_attestation_get_token_size with Challenge 48
[Check 12] Test psa_initial_attestation_get_token_size with Challenge 64
[Check 13] Test psa_initial_attestation_get_token_size with zero challenge size
[Check 14] Test psa_initial_attestation_get_token_size with small challenge size
[Check 15] Test psa_initial_attestation_get_token_size with invalid challenge size
[Check 16] Test psa_initial_attestation_get_token_size with large challenge size
TEST RESULT: PASSED
******************************************
************ Attestation Suite Report **********
TOTAL TESTS : 1
TOTAL PASSED : 1
TOTAL SIM ERROR : 0
TOTAL FAILED : 0
TOTAL SKIPPED : 0
******************************************
Entering standby..
======xtest
OP-TEE's built-in test solution (`xtest`) can be used to sanity check the system. This does invoke some parts of the SPMC, but none of the Trusted Services components. Expected result is 100% success:
lines=8
TEE test application started over default TEE instance
######################################################
#
# regression
#
######################################################
* regression_1001 Core self tests
o regression_1001.1 Core self tests
regression_1001.1 OK
o regression_1001.2 Core dt_driver self tests
regression_1001.2 OK
regression_1001 OK
* regression_1002 PTA parameters
regression_1002 OK
* regression_1003 Core internal read/write mutex
Number of parallel threads: 6 (2 writers and 4 readers)
Max read concurrency: 2
Max read waiters: 2
Mean read concurrency: 1.4
Mean read waiting: 1.0125
regression_1003 OK
<...>
<...>
regression_8001 OK
regression_8002 OK
regression_8101 OK
regression_8102 OK
regression_8103 OK
+-----------------------------------------------------
26258 subtests of which 0 failed
95 test cases of which 0 failed
0 test cases were skipped
TEE test application done!xtest -t ffa_spmc