aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManish Pandey <manish.pandey2@arm.com>2022-03-02 14:58:05 +0100
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2022-03-02 14:58:05 +0100
commit9edbad6e741afee5f8c7e3a0603350f3fef82575 (patch)
tree9931bfbdd3121b2bfd4eb7bed90ed58c40563e16
parentc0adf67dd803b6313a1368c1b4a0993faba2aacc (diff)
parent82bbc57e7a496c6821eb1833cc1f8ce8354b3d9b (diff)
downloadtf-a-tests-9edbad6e741afee5f8c7e3a0603350f3fef82575.tar.gz
Merge changes from topic "od/invalid-access-tests"
* changes: test(tftf): prevent realm region access from nwd test(cactus): prevent realm region access from swd feat(fvp): enable test to access el3 memory feat(tftf): add tests to access invalid memory
-rw-r--r--include/common/test_helpers.h9
-rw-r--r--include/runtime_services/spm_common.h2
-rw-r--r--plat/arm/fvp/include/platform_def.h30
-rw-r--r--plat/arm/fvp/plat_setup.c2
-rw-r--r--spm/cactus/aarch64/cactus_exceptions.S27
-rw-r--r--spm/cactus/cactus.mk1
-rw-r--r--spm/cactus/cactus_main.c7
-rw-r--r--spm/cactus/cactus_tests/cactus_test_memory_sharing.c32
-rw-r--r--tftf/tests/misc_tests/test_invalid_access.c173
-rw-r--r--tftf/tests/runtime_services/secure_service/spm_common.c2
-rw-r--r--tftf/tests/runtime_services/secure_service/test_ffa_exceptions.c107
-rw-r--r--tftf/tests/tests-invalid-access.mk12
-rw-r--r--tftf/tests/tests-invalid-access.xml16
-rw-r--r--tftf/tests/tests-spm.mk6
-rw-r--r--tftf/tests/tests-spm.xml8
-rw-r--r--tftf/tests/tests-standard.mk1
-rw-r--r--tftf/tests/tests-standard.xml2
17 files changed, 416 insertions, 21 deletions
diff --git a/include/common/test_helpers.h b/include/common/test_helpers.h
index c628ee821..21c738d18 100644
--- a/include/common/test_helpers.h
+++ b/include/common/test_helpers.h
@@ -290,6 +290,15 @@ typedef test_result_t (*test_function_arg_t)(void *arg);
} \
} while (false)
+#define SKIP_TEST_IF_INVALID_ADDRESS(address) \
+ do { \
+ if (address == U(0xFFFFFFFF)) { \
+ tftf_testcase_printf("Platform has not provided " \
+ "valid address to access EL3\n"); \
+ return TEST_RESULT_SKIPPED; \
+ } \
+ } while (false)
+
/* Helper macro to verify if system suspend API is supported */
#define is_psci_sys_susp_supported() \
(tftf_get_psci_feature_info(SMC_PSCI_SYSTEM_SUSPEND) \
diff --git a/include/runtime_services/spm_common.h b/include/runtime_services/spm_common.h
index 398d01a4e..f187ed7d3 100644
--- a/include/runtime_services/spm_common.h
+++ b/include/runtime_services/spm_common.h
@@ -129,7 +129,7 @@ unsigned int get_ffa_feature_test_target(const struct ffa_features_test **test_t
bool memory_retrieve(struct mailbox_buffers *mb,
struct ffa_memory_region **retrieved, uint64_t handle,
ffa_id_t sender, ffa_id_t receiver,
- uint32_t mem_func, ffa_memory_region_flags_t flags);
+ ffa_memory_region_flags_t flags);
/**
* Helper to conduct a memory relinquish. The caller is usually the receiver,
diff --git a/plat/arm/fvp/include/platform_def.h b/plat/arm/fvp/include/platform_def.h
index 7fc147d4d..8555c1f37 100644
--- a/plat/arm/fvp/include/platform_def.h
+++ b/plat/arm/fvp/include/platform_def.h
@@ -57,6 +57,36 @@
#define NOR_FLASH_BLOCKS_COUNT 255
#define FLASH_SIZE (NOR_FLASH_BLOCK_SIZE * NOR_FLASH_BLOCKS_COUNT)
+/**********************************
+ * Addresses to test invalid access
+ **********************************/
+/*
+ * The top 16MB (or 64MB if RME is enabled) of DRAM1 is configured as
+ * follows for FVP platform:
+ * - L1 GPT DRAM: Reserved for L1 GPT if RME is enabled
+ * - REALM DRAM: Reserved for Realm world if RME is enabled
+ * - AP TZC DRAM: The remaining TZC secured DRAM reserved for AP use
+ *
+ * RME enabled(64MB) RME not enabled(16MB)
+ * 0xFC00_0000 -------------------- ------------------- 0xFF00_0000
+ * | | | |
+ * | AP Secure (~28MB)| | AP TZC (~14MB) |
+ * -------------------- ------------------- 0xFFE0_0000
+ * | | | |
+ * | REALM (32MB) | | EL3 TZC (2MB) |
+ * -------------------- ------------------- 0xFFFF_FFFF
+ * | |
+ * 0xFFE0_0000 | EL3 Root (3MB) |
+ * --------------------
+ * | L1 GPT (1MB) |
+ * | |
+ * 0xFFFF_FFFF --------------------
+ *
+ *
+ */
+/* For both RME & non-RME case top 2MB will be EL3 memory */
+#define EL3_MEMORY_ACCESS_ADDR U(0xFFE00000)
+
/*******************************************************************************
* Base address and size for the FIP that contains FWU images.
******************************************************************************/
diff --git a/plat/arm/fvp/plat_setup.c b/plat/arm/fvp/plat_setup.c
index fa978142b..814261150 100644
--- a/plat/arm/fvp/plat_setup.c
+++ b/plat/arm/fvp/plat_setup.c
@@ -34,6 +34,8 @@ static const mmap_region_t mmap[] = {
MAP_REGION_FLAT(FLASH_BASE, FLASH_SIZE, MT_DEVICE | MT_RW | MT_NS),
#endif
MAP_REGION_FLAT(DRAM_BASE, TFTF_BASE - DRAM_BASE, MT_MEMORY | MT_RW | MT_NS),
+ /* Not usable in tftf, Only for testing purpose */
+ MAP_REGION_FLAT(EL3_MEMORY_ACCESS_ADDR, PAGE_SIZE, MT_MEMORY | MT_RW | MT_NS),
{0}
};
#endif /* IMAGE_NS_BL1U */
diff --git a/spm/cactus/aarch64/cactus_exceptions.S b/spm/cactus/aarch64/cactus_exceptions.S
index 6aec16d3e..9b024f852 100644
--- a/spm/cactus/aarch64/cactus_exceptions.S
+++ b/spm/cactus/aarch64/cactus_exceptions.S
@@ -31,14 +31,16 @@ unhandled_exception serr_sp0
/*
* Current EL with SPx : 0x200 - 0x400.
*/
-unhandled_exception sync_spx
+vector_entry sync_spx
+ b sync_exception_vector_entry
+end_vector_entry sync_spx
vector_entry irq_spx
- b irq_vector_entry
+ b interrupt_vector_entry
end_vector_entry irq_spx
vector_entry fiq_spx
- b fiq_vector_entry
+ b interrupt_vector_entry
end_vector_entry fiq_spx
unhandled_exception serr_spx
@@ -98,23 +100,30 @@ unhandled_exception serr_a32
ldp x0, x1, [sp, #0x0]
.endm
-func irq_vector_entry
+func sync_exception_vector_entry
sub sp, sp, #0x100
save_gp_regs
- bl cactus_interrupt_handler
- restore_gp_regs
+ mov x19, sp
+ bl tftf_sync_exception_handler
+ cbnz x0, 0f
+ mov x0, x19
+ /* Save original stack pointer value on the stack */
+ add x1, x0, #0x100
+ str x1, [x0, #0xf8]
+ b print_exception
+0: restore_gp_regs
add sp, sp, #0x100
eret
-endfunc irq_vector_entry
+endfunc sync_exception_vector_entry
-func fiq_vector_entry
+func interrupt_vector_entry
sub sp, sp, #0x100
save_gp_regs
bl cactus_interrupt_handler
restore_gp_regs
add sp, sp, #0x100
eret
-endfunc fiq_vector_entry
+endfunc interrupt_vector_entry
func crash_dump
/* Save general-purpose registers on the stack. */
diff --git a/spm/cactus/cactus.mk b/spm/cactus/cactus.mk
index 41095795e..8970b292e 100644
--- a/spm/cactus/cactus.mk
+++ b/spm/cactus/cactus.mk
@@ -68,6 +68,7 @@ CACTUS_SOURCES += drivers/arm/pl011/${ARCH}/pl011_console.S \
lib/smc/${ARCH}/asm_smc.S \
lib/smc/${ARCH}/smc.c \
lib/smc/${ARCH}/hvc.c \
+ lib/exceptions/${ARCH}/sync.c \
lib/locks/${ARCH}/spinlock.S \
lib/utils/mp_printf.c \
${XLAT_TABLES_LIB_SRCS}
diff --git a/spm/cactus/cactus_main.c b/spm/cactus/cactus_main.c
index c80abd963..58186d1d5 100644
--- a/spm/cactus/cactus_main.c
+++ b/spm/cactus/cactus_main.c
@@ -181,13 +181,6 @@ static void register_secondary_entrypoint(void)
tftf_smc(&args);
}
-int tftf_irq_handler_dispatcher(void)
-{
- ERROR("%s\n", __func__);
-
- return 0;
-}
-
void __dead2 cactus_main(bool primary_cold_boot)
{
assert(IS_IN_EL1() != 0);
diff --git a/spm/cactus/cactus_tests/cactus_test_memory_sharing.c b/spm/cactus/cactus_tests/cactus_test_memory_sharing.c
index 69d62dd79..051208e65 100644
--- a/spm/cactus/cactus_tests/cactus_test_memory_sharing.c
+++ b/spm/cactus/cactus_tests/cactus_test_memory_sharing.c
@@ -14,6 +14,27 @@
#include <sp_helpers.h>
#include <xlat_tables_defs.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <sync.h>
+
+static volatile uint32_t data_abort_gpf_triggered;
+
+static bool data_abort_gpf_handler(void)
+{
+ uint64_t esr_el1 = read_esr_el1();
+
+ VERBOSE("%s count %u esr_el1 %llx elr_el1 %llx\n",
+ __func__, data_abort_gpf_triggered, esr_el1,
+ read_elr_el1());
+
+ /* Expect a data abort because of a GPF. */
+ if ((EC_BITS(esr_el1) == EC_DABORT_CUR_EL) &&
+ ((ISS_BITS(esr_el1) & ISS_DFSC_MASK) == DFSC_GPF_DABORT)) {
+ data_abort_gpf_triggered++;
+ return true;
+ }
+
+ return false;
+}
/**
* Each Cactus SP has a memory region dedicated to memory sharing tests
@@ -51,7 +72,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD)
cactus_mem_send_get_retrv_flags(*args);
uint32_t words_to_write = cactus_mem_send_words_to_write(*args);
- expect(memory_retrieve(mb, &m, handle, source, vm_id, mem_func,
+ expect(memory_retrieve(mb, &m, handle, source, vm_id,
retrv_flags), true);
composite = ffa_memory_region_get_composite(m, 0);
@@ -104,12 +125,17 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD)
}
}
+ data_abort_gpf_triggered = 0;
+ register_custom_sync_exception_handler(data_abort_gpf_handler);
+
/* Write mem_func to retrieved memory region for validation purposes. */
VERBOSE("Writing: %x\n", mem_func);
for (unsigned int i = 0U; i < words_to_write; i++) {
ptr[i] = mem_func;
}
+ unregister_custom_sync_exception_handler();
+
/*
* A FFA_MEM_DONATE changes the ownership of the page, as such no
* relinquish is needed.
@@ -120,7 +146,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD)
composite->constituents[0].page_count * PAGE_SIZE);
if (ret != 0) {
- ERROR("Failed first mmap_add_dynamic_region!\n");
+ ERROR("Failed to unmap received memory region(%d)!\n", ret);
return cactus_error_resp(vm_id, source,
CACTUS_ERROR_TEST);
}
@@ -139,7 +165,7 @@ CACTUS_CMD_HANDLER(mem_send_cmd, CACTUS_MEM_SEND_CMD)
}
return cactus_success_resp(vm_id,
- source, 0);
+ source, data_abort_gpf_triggered);
}
CACTUS_CMD_HANDLER(req_mem_send_cmd, CACTUS_REQ_MEM_SEND_CMD)
diff --git a/tftf/tests/misc_tests/test_invalid_access.c b/tftf/tests/misc_tests/test_invalid_access.c
new file mode 100644
index 000000000..2fb65421f
--- /dev/null
+++ b/tftf/tests/misc_tests/test_invalid_access.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <plat/common/platform.h>
+
+#include <arch.h>
+#include <arch_helpers.h>
+#include <arch_features.h>
+#include <debug.h>
+#ifdef __aarch64__
+#include <sync.h>
+#endif
+#include <test_helpers.h>
+#include <lib/aarch64/arch_features.h>
+#include <runtime_services/realm_payload/realm_payload_test.h>
+#include <tftf_lib.h>
+#include <platform_def.h>
+
+/*
+ * Using "__aarch64__" here looks weird but its unavoidable because of following reason
+ * This test is part of standard test which runs on all platforms but pre-requisite
+ * to run this test (custom sync exception handler) is only implemented for aarch64.
+ * TODO: Write a framework so that tests kept in standard list can be selectively
+ * run on a given architecture
+ */
+#ifdef __aarch64__
+
+#ifndef EL3_MEMORY_ACCESS_ADDR
+#define EL3_MEMORY_ACCESS_ADDR U(0xFFFFFFFF)
+#endif
+
+static volatile bool sync_exception_triggered;
+static volatile bool data_abort_triggered;
+
+static __aligned(PAGE_SIZE) uint64_t share_page[PAGE_SIZE / sizeof(uint64_t)];
+
+static bool data_abort_handler(void)
+{
+ uint64_t esr_elx = IS_IN_EL2() ? read_esr_el2() : read_esr_el1();
+ unsigned int rme_supported = get_armv9_2_feat_rme_support();
+
+ sync_exception_triggered = true;
+
+ VERBOSE("%s esr_elx %llx\n", __func__, esr_elx);
+
+ if (EC_BITS(esr_elx) == EC_DABORT_CUR_EL) {
+ if (rme_supported == 0) {
+ /* Synchronous external data abort triggered by trustzone controller */
+ if ((ISS_BITS(esr_elx) & ISS_DFSC_MASK) == DFSC_EXT_DABORT) {
+ VERBOSE("%s TZC Data Abort caught\n", __func__);
+ data_abort_triggered = true;
+ return true;
+ }
+ } else {
+ /* Synchronous data abort triggered by Granule protection */
+ if ((ISS_BITS(esr_elx) & ISS_DFSC_MASK) == DFSC_GPF_DABORT) {
+ VERBOSE("%s GPF Data Abort caught\n", __func__);
+ data_abort_triggered = true;
+ return true;
+ }
+ }
+ }
+
+ return false;
+}
+
+test_result_t access_el3_memory_from_ns(void)
+{
+ const uintptr_t test_address = EL3_MEMORY_ACCESS_ADDR;
+
+ SKIP_TEST_IF_INVALID_ADDRESS(test_address);
+
+ VERBOSE("Attempt to access el3 memory (0x%lx)\n", test_address);
+
+ data_abort_triggered = false;
+ register_custom_sync_exception_handler(data_abort_handler);
+ dsbsy();
+
+ *((volatile uint64_t *)test_address);
+
+ dsbsy();
+ unregister_custom_sync_exception_handler();
+
+ if (sync_exception_triggered == false) {
+ tftf_testcase_printf("No sync exception while accessing (0x%lx)\n", test_address);
+ return TEST_RESULT_SKIPPED;
+ }
+
+ if (data_abort_triggered == false) {
+ tftf_testcase_printf("Sync exception is not data abort\n");
+ return TEST_RESULT_FAIL;
+ }
+
+ return TEST_RESULT_SUCCESS;
+}
+
+/**
+ * @Test_Aim@ Check a realm region cannot be accessed from normal world.
+ *
+ * This test delegates a TFTF allocated buffer to Realm. It then attempts
+ * a read access to the region from normal world. This results in the PE
+ * triggering a GPF caught by a custom synchronous abort handler.
+ *
+ */
+test_result_t rl_memory_cannot_be_accessed_in_ns(void)
+{
+ test_result_t result = TEST_RESULT_FAIL;
+ u_register_t retmm;
+
+ if (get_armv9_2_feat_rme_support() == 0U) {
+ return TEST_RESULT_SKIPPED;
+ }
+
+ sync_exception_triggered = false;
+ data_abort_triggered = false;
+ register_custom_sync_exception_handler(data_abort_handler);
+
+ /* First read access to the test region must not fail. */
+ *((volatile uint64_t *)share_page);
+
+ if ((sync_exception_triggered != false) ||
+ (data_abort_triggered != false)) {
+ goto out_unregister;
+ }
+
+ /* Delegate the shared page to Realm. */
+ retmm = realm_granule_delegate((u_register_t)&share_page);
+ if (retmm != 0UL) {
+ ERROR("Granule delegate failed!\n");
+ goto out_unregister;
+ }
+
+ /* This access shall trigger a GPF. */
+ *((volatile uint64_t *)share_page);
+
+ if ((sync_exception_triggered != true) ||
+ (data_abort_triggered != true)) {
+ goto out_undelegate;
+ }
+
+ result = TEST_RESULT_SUCCESS;
+
+out_undelegate:
+ /* Undelegate the shared page. */
+ retmm = realm_granule_undelegate((u_register_t)&share_page);
+ if (retmm != 0UL) {
+ ERROR("Granule undelegate failed!\n");
+ }
+
+out_unregister:
+ unregister_custom_sync_exception_handler();
+
+ return result;
+}
+
+#else
+
+test_result_t access_el3_memory_from_ns(void)
+{
+ tftf_testcase_printf("Test not ported to AArch32\n");
+ return TEST_RESULT_SKIPPED;
+}
+
+test_result_t rl_memory_cannot_be_accessed_in_ns(void)
+{
+ tftf_testcase_printf("Test not ported to AArch32\n");
+ return TEST_RESULT_SKIPPED;
+}
+
+#endif /* __aarch64__ */
diff --git a/tftf/tests/runtime_services/secure_service/spm_common.c b/tftf/tests/runtime_services/secure_service/spm_common.c
index aa1d2eddc..fa4d1bc64 100644
--- a/tftf/tests/runtime_services/secure_service/spm_common.c
+++ b/tftf/tests/runtime_services/secure_service/spm_common.c
@@ -351,7 +351,7 @@ unsigned int get_ffa_feature_test_target(
bool memory_retrieve(struct mailbox_buffers *mb,
struct ffa_memory_region **retrieved, uint64_t handle,
ffa_id_t sender, ffa_id_t receiver,
- uint32_t mem_func, ffa_memory_region_flags_t flags)
+ ffa_memory_region_flags_t flags)
{
smc_ret_values ret;
uint32_t fragment_size;
diff --git a/tftf/tests/runtime_services/secure_service/test_ffa_exceptions.c b/tftf/tests/runtime_services/secure_service/test_ffa_exceptions.c
new file mode 100644
index 000000000..f68a5278c
--- /dev/null
+++ b/tftf/tests/runtime_services/secure_service/test_ffa_exceptions.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch_helpers.h>
+#include <cactus_test_cmds.h>
+#include <debug.h>
+#include <ffa_endpoints.h>
+#include <ffa_svc.h>
+#include <irq.h>
+#include <platform.h>
+#include <runtime_services/realm_payload/realm_payload_test.h>
+#include <smccc.h>
+#include <spm_common.h>
+#include <test_helpers.h>
+
+#define SENDER HYP_ID
+#define RECEIVER SP_ID(1)
+
+static __aligned(PAGE_SIZE) uint64_t share_page[PAGE_SIZE / sizeof(uint64_t)];
+
+static const struct ffa_uuid expected_sp_uuids[] = {
+ {PRIMARY_UUID}, {SECONDARY_UUID}, {TERTIARY_UUID}
+};
+
+/**
+ * @Test_Aim@ Check a realm region cannot be accessed from a secure partition.
+ *
+ * This test shares a TFTF allocated buffer with a secure partition through
+ * FF-A memory sharing operation. The buffer is initially marked NS in the GPT
+ * and transitioned to realm after sharing. Then, the SP is invoked to retrieve
+ * the region (map it to its S2 translation regime), and maps it to its secure
+ * S1 translation regime. It then attempts a read access which results in the
+ * PE triggering a GPF caught by a custom synchronous abort handler.
+ *
+ */
+test_result_t rl_memory_cannot_be_accessed_in_s(void)
+{
+ struct ffa_memory_region_constituent constituents[] = {
+ {
+ (void *)share_page, 1, 0
+ }
+ };
+ const uint32_t constituents_count = sizeof(constituents) /
+ sizeof(struct ffa_memory_region_constituent);
+ ffa_memory_handle_t handle;
+ struct mailbox_buffers mb;
+ smc_ret_values ret;
+ u_register_t retmm;
+
+ if (get_armv9_2_feat_rme_support() == 0U) {
+ return TEST_RESULT_SKIPPED;
+ }
+
+ CHECK_SPMC_TESTING_SETUP(1, 1, expected_sp_uuids);
+
+ GET_TFTF_MAILBOX(mb);
+
+ handle = memory_init_and_send((struct ffa_memory_region *)mb.send,
+ PAGE_SIZE, SENDER, RECEIVER,
+ constituents, constituents_count,
+ FFA_MEM_SHARE_SMC32, &ret);
+
+ if (handle == FFA_MEMORY_HANDLE_INVALID) {
+ return TEST_RESULT_FAIL;
+ }
+
+ VERBOSE("TFTF - Handle: %llx Address: %p\n",
+ handle, constituents[0].address);
+
+ /* Delegate the shared page to Realm. */
+ retmm = realm_granule_delegate((u_register_t)&share_page);
+ if (retmm != 0UL) {
+ ERROR("Granule delegate failed!\n");
+ return TEST_RESULT_FAIL;
+ }
+
+ /* Retrieve the shared page and attempt accessing it. */
+ ret = cactus_mem_send_cmd(SENDER, RECEIVER, FFA_MEM_SHARE_SMC32,
+ handle, 0, 1);
+
+ /* Undelegate the shared page. */
+ retmm = realm_granule_undelegate((u_register_t)&share_page);
+ if (retmm != 0UL) {
+ ERROR("Granule undelegate failed!\n");
+ return TEST_RESULT_FAIL;
+ }
+
+ if (is_ffa_call_error(ffa_mem_reclaim(handle, 0))) {
+ ERROR("Memory reclaim failed!\n");
+ return TEST_RESULT_FAIL;
+ }
+
+ /*
+ * Expect success response with value 1 hinting an exception
+ * triggered while the SP accessed the region.
+ */
+ if (!(cactus_get_response(ret) == CACTUS_SUCCESS &&
+ cactus_error_code(ret) == 1)) {
+ ERROR("Exceptions test failed!\n");
+ return TEST_RESULT_FAIL;
+ }
+
+ return TEST_RESULT_SUCCESS;
+}
diff --git a/tftf/tests/tests-invalid-access.mk b/tftf/tests/tests-invalid-access.mk
new file mode 100644
index 000000000..f4d23a53b
--- /dev/null
+++ b/tftf/tests/tests-invalid-access.mk
@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+TESTS_SOURCES += tftf/tests/misc_tests/test_invalid_access.c
+
+TESTS_SOURCES += \
+ $(addprefix tftf/tests/runtime_services/realm_payload/, \
+ realm_payload_test_helpers.c \
+ )
diff --git a/tftf/tests/tests-invalid-access.xml b/tftf/tests/tests-invalid-access.xml
new file mode 100644
index 000000000..96b924081
--- /dev/null
+++ b/tftf/tests/tests-invalid-access.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+ Copyright (c) 2022, Arm Limited. All rights reserved.
+
+ SPDX-License-Identifier: BSD-3-Clause
+-->
+
+<testsuites>
+ <testsuite name="Invalid memory access" description="Invalid memory access">
+ <testcase name="Access EL3 memory from NS world"
+ function="access_el3_memory_from_ns" />
+ <testcase name="Access Realm memory from NS world"
+ function="rl_memory_cannot_be_accessed_in_ns" />
+ </testsuite>
+</testsuites>
diff --git a/tftf/tests/tests-spm.mk b/tftf/tests/tests-spm.mk
index 79cfb6178..941758c35 100644
--- a/tftf/tests/tests-spm.mk
+++ b/tftf/tests/tests-spm.mk
@@ -16,4 +16,10 @@ TESTS_SOURCES += \
test_ffa_notifications.c \
test_spm_cpu_features.c \
test_spm_smmu.c \
+ test_ffa_exceptions.c \
+ )
+
+TESTS_SOURCES += \
+ $(addprefix tftf/tests/runtime_services/realm_payload/, \
+ realm_payload_test_helpers.c \
)
diff --git a/tftf/tests/tests-spm.xml b/tftf/tests/tests-spm.xml
index cc79ea0b5..9a78c8ac4 100644
--- a/tftf/tests/tests-spm.xml
+++ b/tftf/tests/tests-spm.xml
@@ -44,6 +44,14 @@
function="test_ffa_partition_info" />
</testsuite>
+ <testsuite name="SP exceptions"
+ description="SP exceptions" >
+
+ <testcase name="Access from a SP to a Realm region"
+ function="rl_memory_cannot_be_accessed_in_s" />
+
+ </testsuite>
+
<testsuite name="FF-A Direct messaging"
description="Test FF-A Direct messaging" >
diff --git a/tftf/tests/tests-standard.mk b/tftf/tests/tests-standard.mk
index a72207722..fac3fd902 100644
--- a/tftf/tests/tests-standard.mk
+++ b/tftf/tests/tests-standard.mk
@@ -24,6 +24,7 @@ TESTS_MAKEFILE := $(addprefix tftf/tests/, \
tests-uncontainable.mk \
tests-debugfs.mk \
tests-realm-payload.mk \
+ tests-invalid-access.mk \
)
include ${TESTS_MAKEFILE}
diff --git a/tftf/tests/tests-standard.xml b/tftf/tests/tests-standard.xml
index 384a5f4e0..1e8ed2762 100644
--- a/tftf/tests/tests-standard.xml
+++ b/tftf/tests/tests-standard.xml
@@ -25,6 +25,7 @@
<!ENTITY tests-pmu-leakage SYSTEM "tests-pmu-leakage.xml">
<!ENTITY tests-debugfs SYSTEM "tests-debugfs.xml">
<!ENTITY tests-realm-payload SYSTEM "tests-realm-payload.xml">
+ <!ENTITY tests-invalid-access SYSTEM "tests-invalid-access.xml">
]>
<testsuites>
@@ -45,5 +46,6 @@
&tests-pmu-leakage;
&tests-debugfs;
&tests-realm-payload;
+ &tests-invalid-access;
</testsuites>