AgeCommit message (Collapse)Author
4 daysRemove SP dev kit external componentintegrationImre Kis
Remove all references to SP dev kit from opteesp deployments and b-test files. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I3752ec4fc0046c576ab658bca81cad9a21cb1fa8
4 daysIntegrate newlib into opteesp environmentImre Kis
Use newlib external component in opteesp targeted builds along the necessary compiler and linker options. Also adding/modifying the source files for startup, heap handling and trace features. The sp.ld.S file is based on ta/arch/arm/ta.ld.S from optee_os 6be0dbcaa11394a2ad5a46ac77e2f76e31a41722. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ie9f3e8f0fb755bb88cc33feffda86fbbbf3c7fce
4 daysExtend compatibility of header filesImre Kis
Use standard macros for defining unsigned integer constants and add preprocessor conditions for macros that may come from C library headers depending on the exact implementation of the library. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ib84a2bca2869934fa2eb0fe29861dc8da1a50b92
4 daysAdd newlib as external componentImre Kis
Add component for fetching and compiling newlib into a minimalistic position independent library. It was necessary to introduce a patch file for allowing aarch64-linux-gnu-gcc to compile newlib which is the currently used compiler. Otherwise newlib would require a separate aarch64-none-elf toolchain to be able to recognize the bare metal target. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I12677bb89c4c46b81a29de8c087e7967908b8958
4 daysRemove OP-TEE dependency on trace functionsImre Kis
Introducing a custom trace component which replaces the one that comes from the SP dev kit. The new component provides the same DMSG, IMSG, EMSG macros for printing trace messages with different levels. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I5f9466c5a32fefeb9ef350b179dc22ee33324f7e
4 daysFix: stop overriding platform settingGyorgy Szing
The TS_PLATFORM variable was overwritten in the deployment files which made it impossible to change the platform from the command line. This change fixes that, and only sets a default value. Change-Id: I0c7cd8d3079996d3ce502d6c9474f24ee83c5f07
4 daysFix psa_key_handle_t typedefJulian Hall
When using the PSA Crypto API realized by the TS Crypto client, PSA interface definitions are used from components/service/crypto/include/psa. The version of crypto_types.h under this directory was incorrectly defining the psa_key_handle_t type as a uint16_t. This was leading to attestation service test failures because the t_cose library casts a key id to a psa_key_handle_t, resulting in a 32-bit value being truncated. This change fixes the definition of the psa_key_handle_t type. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Ia9d886b1cee1fa6877cc1f3be77a255b792b40b1
7 daysAdd version number for libtsBalint Dobszay
Read version number from file and apply to libts using the appropriate CMake properties. The version number represents the API version of libts and must be used according to the Semantic Versioning specification (https://semver.org). Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Change-Id: I09b12d71a95c874162be8ffee3b1b51a020725e4
7 daysAdd TsGetVersion CMake moduleBalint Dobszay
Add new module with helper functions to handle version number parsing. Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Change-Id: I459736b0ac4a0d4280187f3849fded028042497b
10 daysFix get operation for chained secure storage providersJulian Hall
The smm-gateway's use of a backend storage provider showed up an issue with the 'get' operation where the data_size parameter set by a client is based on the maximum payload size for the RPC interface between the client and in this case, the smm-gateway. The request then gets delegated to a storage SP. Because the RPC buffer sizes between the client->smm-gateway and smm-gateway->storage SP are not necessarily the same, the secure storage provider was rejecting a get request when the data size was bigger than its immediate RPC response buffer. The PC deployment of ts-service-test is modified to recreate the problem. The implemented fix in secure_storage_provider clips the incoming data_size value if it exceeds the size of the local response buffer. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I649d585df4ff3d8f6559b476bbcf6acbf256645b
10 daysAdd mm communicate service location strategyJulian Hall
To support service discovery and RPC session extablishment for SMM services reached via MM Communicate, a new service location strategy and service context has been added to the service locator. Client applications that need to use say the smm-variable service can now use the service locator to set-up a session. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I4a97af4763c6a48b9dbe2dcf87ec2c79654131de
10 daysAdd MM Communicate RPC callerJulian Hall
To enable service level testing from Linux userspace, an RPC caller that implements the MM Communicate protocol has been added. For compatibility with StMM, the same carve-out buffer scheme is used. Service level tests will be used for end-to-end testing of the smm-gateway. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: If5dc4e799d6461878c126cf3f73e8a2625f98f1d
10 daysTest smm_variable_mm_serviceImre Kis
Test mapping between the MM service and the RPC layer. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I8bff5cd71d4e7adbfd790f3679498f94a2392c1f
10 daysTest mm_communicate_call_epImre Kis
Add unit tests for mm_communicate_call_ep along with the necessary mocks and comparators for mm_service. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I87f2b503af014d70f9b88fb2888eea999b5042de
10 daysAdd mock RPC interfaceImre Kis
Add comparators for the RPC parameter types and mock RPC interface. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I9a927cc35a5dcb346d4c2e2a04b34c8a8d2460fb
10 daysAdd unit test deployment for SMM gatewayImre Kis
The deployment initializes the firmware test builder. Signed-off-by: Imre Kis <imre.kis@arm.com> Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> Change-Id: I7912b33642883dc44996bec73ce74642c80828b6
10 daysAdd support for 64-bit operation status valuesJulian Hall
For compatibility with 64-bit EFI status codes, opstatus values are now treated as 64-bit rather than 32-bit. A new rpc_opstatus_t type has been introduced in this change. Note that the FFARPC still maps the opstatus value to a 32-bit regsiter value but this is sign extended up to 64-bits in RPC callers. The MM Communicate RPC caller and endpoint handle 64-bit status values. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I06a0883394f370ccb543ebab797973bb604ff489
10 daysAdd checks for unsupported smm variable featuresJulian Hall
Checks added to defend against a client requesting unsupported features when setting a UEFI variable. For example, an attempt to set an unsupported variable attribute will result in EFI_UNSUPPORTED being returned. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: If9478e6924ed9356b363460b164655339655236a
10 daysExtend SMM Variable function supportJulian Hall
Extends base SMM Variable functions to support EDK2 specific functions for setting and getting variable check properties and for getting the maximum payload size. Includes the checking of constraints specified by variable check properties. Component and service level tests are extended to cover the new functionality. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I9a48908caf2b72d490270a32e2e7ad618b7b6707
10 daysAdd smm variable invalid length attack test casesJulian Hall
Adds service level test cases that check that invalid smm variable name and data sizes are defended against correctly by the smm variable provider. The tests showed up some fragility in parameter checking which is fixed in this commit. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I00f2c5f813172f8a68a0dd6aa75998b4730d2bcf
10 daysIntegrate MM communicate RPC layer to SMM gatewayImre Kis
Set up SMM variable service on top of the MM communicate RPC layer. Parse the address of the pre-shared MM communicate buffer from the SP configuration and accept MM communication calls through FF-A direct messages. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ic60825f6cf7ea7d8aabc93e70586dd159e3a57ec
10 daysAdd support for memory regions in SP configImre Kis
Parse memory region list from SP configuration and add them to config store. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I496cfd17f822ae1f6b90a0cf95d58d564c9306b5
10 daysCreate SMM variable MM serviceImre Kis
Create MM service for handling SMM variable service calls. This layer is called by the MM RPC layer and after parsing the SMM variable header it forwards the call to underlying the RPC interface. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I38c7d8957cc1fe91c5d6972e4ab8dbb96f51a865
10 daysImplement MM communicate RPC endpointImre Kis
Implement an RPC endpoint which accepts MM calls over FF-A direct messages using a pre-shared communication buffer. A new interface is introduced for describing MM communicate services so the RPC layer can forward the call to different handlers according to the GUID in the MM communicate header. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ie09b623e99de8a009d57cf39b98092b5316477d8
10 daysAdd MM communication protocol definitionsImre Kis
Add MM comminication SMC call function IDs, return codes and a structure the MM communicate message header. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: Ibccd60a131f897400a7aa955dc1502ed66be3025
10 daysAdd smm variable power fail recoveryJulian Hall
An error condition can occur when the smm variable index is written to NV storage but the corresponding data is not due to a power failure. This change adds detection and clean-up for this condition such that the variable index is always consistent with the data stored in the peristent storage backend. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Iec88bf0e8a856edf105487354b98d456ef8a60f5
10 daysExtend UEFI SetVariable to support removalJulian Hall
Extends UEFI variable support to include variable removal when a set operation is performed with zero length data. Test cases are added to check the new functionality. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I0f2138bf986b32f18b94e0d4395eee87aec53ce9
10 daysAdd smm-gateway SP deploymentJulian Hall
Adds a deployment for the smm-gateway for the opteesp environment. The smm-gateway integrates service providers for UEFI SMM services. Service backends are provided by other trusted services. This version only supports the SMM Variable service. This commit includes changes needed to run and pass service level tests running against the smm-gateway SP. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I530df8af7c8d47af8fa48c292d69d16a0b87006b
10 daysAdd smm-variable service level testsJulian Hall
Adds tests that use the public service access protocol to verify client access to the smm-variable service. A C++ client is added to facilitate testing. Service level tests may be run in a native PC environment or from Linux user-space on a real target. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I6f2ecdcb3517b1392d689b41eeb17bda7e58952c
10 daysAdd smm-variable standalone service contextJulian Hall
To support service-level testing of the smm-variable service in a native PC environment, a standalone service context has been added that allows the smm-variable service to be discovered and used via the service locator API exposed by libts. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I1998c0a80f325938498f5edf7b36abd170e06cc8
10 daysAdd smm_variable service providerJulian Hall
Adds an implementation of a service provider for the smm_variable service. Accepts uefi variable requests and uses the uefi_variable_store as the backend for storage. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I050fc26c03b4d0098ccc303a293b8faeab488419
10 daysAdd uefi variable store testsJulian Hall
Component tests for the uefi variable store are added and bugs fixed such that all added tests pass. Tests are added to the component-test deployment. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Idde768a9fac1f18b370069d104f823fac6456ae5
10 daysAdd basic uefi_variable_store implementationJulian Hall
Adds an implementation of the uefi_variable_store that forms the backend for the smm_variable service provider. Orphan variable index clean-up is not yet implemented. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I0924475a8819f488703065900d8efd01b48d42cf
10 daysAdd protocol definitions for smm_variableJulian Hall
Adds protocol definition for the SMM Variable service. Protocol files are based on EDK2 originals from: https://github.com/tianocore/edk2/commits/master b4da6c29f1d36031e04212f53277ce0dcba309f1 Structures and defines are required to be align for compatibility between EDK2 and TS components. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I3a478cdc5d3a849810abf6c699027f65594b4a83
10 daysFix: psa-api-test executable names clashGyorgy Szing
All psa-api-test executables used the same name which resulted in executables being overwritten when installing to the same location. As a result, b-test was not running all tests. This commit changes the CMake project name for psa-arch-test deployments, and the uses the PROJECT_NAME variable to create and configure the built executable. Change-Id: Idd80baf1cf7a9b16ad27b0d94abdb71c3179b169 Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
2021-11-19Allow NULL as data in storage client if length is 0Imre Kis
NULL data should not be treated as an invalid input if the length is also 0 in set/get calls of the secure storage client. This can be used to create an empty storage or check the existence of a storage uid. Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I21c3a261913d5c28ca11cf12755d8b1b5570ed7f
2021-11-18Add b-test improvementsGyorgy Szing
This patch - Makefile: - call make trough ${MAKE} to avoid jobserver warnings - run.sh: - enable ccache usage when available - run verbose builds to produce better log files - test_data.yaml - sort builds by name Change-Id: I1cbd63f10010d3d63733ce83e7cb007bfcfa6b5a Signed-off-by: Gyorgy Szing Gyorgy.Szing@arm.com
2021-11-11Use crypto sp as attestation sp crypto providerJulian Hall
Refactors attestation/opteesp deployment to discover and use the crypto service provided by an external service endpoint reachable over FFA. This is currently hardcoded to use the crypto SP but making this configurable is straight forward with this change. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I24a1373997e7cff70844a732b89e9917937f59c2
2021-10-06Improve reusability of service_name and uuid componentsJulian Hall
To allow the service_name and uuid components to be reused in constrained environments such as 'opteesp', the dependency on sscanf (stdio.h) is removed and replaced with a portable hex to byte and string to integer implementation. This allows the service locator to be used in SPs. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I51bf7849d13568ef506c6244cab108e79b8bd09a
2021-10-06Add service locator strategy for SP to SP discoverytopics/spmc_testJulian Hall
Using the service locator framework, a new service locator strategy is added that is suitable for use from within an SP to discover other service endpoints reachable via FFA. The required destination SP may be hardcoded in the client SP or passed in as a configuration parameter. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: If8cd3cd60e43b0f150c5f850211152fec0139f07
2021-10-06Fix service provider chain test caseJulian Hall
A test case to check chaining of service providers was building a chain of providers where each array of handlers was of zero length. This was leading to a test failure when running on an embedded platform but not natively on a PC. This change corrects the handler array sizes - test now passes on both embedded and PC platforms. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: If8e2bd1c9322ae034a79ba79b158ee9f5d3d2944
2021-10-06Align attestation API test behaviour between deploymentsJulian Hall
Adds a missing claim source so that the set of claims is aligned between the attestation/opteesp deployment and the PC standalone service. Also adds a missing psa crypto initalisation to the psa-api-test/initial_attestation deployment. Test behaviour is now aligned when psa api tests are run in the different environments. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I3529b0f5a7c9ecd2a62c32221db019f8423bd60c
2021-10-06Remove dependencies on deprecated PSA crypto functionalityJulian Hall
The attestation key manager and platform inspect application were using some deprecated PSA Crypto API funcationality related to use of the psa_key_handle_t type and psa_open_key and psa_close_key. Also aligns Mbed TLS configuration for Posix builds to changes in entropy related defines introduced in Mbed TLS 3.0.0. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Iba882c999470bf035f1d15d02ff90b43b63ac84e
2021-10-06Extend core crypto service level testsJulian Hall
Tests added for copy_key, purge_key and get_key_attributes operations that have been recently added. The copy_key test identified a bug in the client-side translation of key attributes retrieved from a service provider where the read key lifetime was always persistent. This is fixed in this commit. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I0ab7ca8c961c70a38627198c9a7556c34ce09dc9
2021-10-06Add key derivation service level testsJulian Hall
Adds end-to-end service tests for key derivation operations provided by a crypto provider. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I1fa0f0f269d9f32fc05ee116edf0ccea618dd17f
2021-10-06Add MAC service level testsJulian Hall
Adds end-to-end service tests for MAC operations provided by a crypto provider. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I037f0b88348bcbd9bad367230509e72f41351ac6
2021-10-06Add symmetric cipher service level testsJulian Hall
Adds end-to-end tests for cipher operations implemented by a crypto service provider. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I37c29095bac452ad7ac24fa44ac3df9b9e29457e
2021-10-06Establish pattern for extending crypto service testsJulian Hall
To match the modular extensions to the crypto service provider, this change establishes a pattern for extending service level tests in a similarly modular way. By componentizing groups of test cases, a subset of tests may be used to match the service provider under test. The hash crypto extension is used to establish the pattern. Note that because the Cpp crypto clients now use the same crypto caller as the PSA Crypto client, the explicit PSA Crypto API client is no longer needed and has been removed. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Ic8f975c9061f8aa0377dd59614862a4745a8c38c
2021-10-06Fix passing of multiple defines to psa_arch_testsJulian Hall
Fixes problem with passing multiple preprocessor defines into the psa_arch_tests external component via its cmake interface. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Ic21bce0846a447cb786bb7ea0c4ef9dab1c13218
2021-10-06Replace se-proxy service backends with stubsJulian Hall
To facilitate the development of proxy backends that will communicate with a remote secure element, the se-proxy deployment has been modified to use stub components that honour all service provider dependencies but don't do anything. This simplifies the se-proxy built image in preparation for adding the se service clients. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I2dac1e295814839d4c7dccf4120667186d7ea6de