test(realm): add tests for realm attestation
With this patch, TFTF adds two tests for realm attestation. One tests
the full process of retrieving the attestation token from the host. The
second one triggers a failure by calling RSI_ATTEST_TOKEN_CONTINUE
without calling RSI_ATTEST_TOKEN_INIT first.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I885402377af1f02ce7e90c80dbe1079fe4c1b178
diff --git a/realm/include/realm_helpers.h b/realm/include/realm_helpers.h
new file mode 100644
index 0000000..11c4423
--- /dev/null
+++ b/realm/include/realm_helpers.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef REALM_HELPERS_H
+#define REALM_HELPERS_H
+
+/* Generate 64-bit random number */
+unsigned long long realm_rand64(void);
+
+#endif /* REALM_HELPERS_H */
+
diff --git a/realm/include/realm_rsi.h b/realm/include/realm_rsi.h
index 92a078b..72ee80e 100644
--- a/realm/include/realm_rsi.h
+++ b/realm/include/realm_rsi.h
@@ -127,6 +127,21 @@
*/
#define RSI_IPA_STATE_GET SMC_RSI_FID(8U)
+/*
+ * ret0 == Status / error
+ * ret1 == Token maximum length
+ */
+#define RSI_ATTEST_TOKEN_INIT SMC_RSI_FID(4U)
+
+/*
+ * arg0 == Base of buffer to write the token to
+ * arg1 == Offset within the buffer
+ * arg2 == Size of the buffer
+ * ret0 == Status / error
+ * ret1 == Size of received token hunk
+ */
+#define RSI_ATTEST_TOKEN_CONTINUE SMC_RSI_FID(5U)
+
typedef enum {
RSI_EMPTY = 0U,
RSI_RAM,
@@ -162,6 +177,23 @@
/* This function will call the Host to request IPA of the NS shared buffer */
u_register_t rsi_get_ns_buffer(void);
+/* This function will initialize the attestation context */
+u_register_t rsi_attest_token_init(u_register_t challenge_0,
+ u_register_t challenge_1,
+ u_register_t challenge_2,
+ u_register_t challenge_3,
+ u_register_t challenge_4,
+ u_register_t challenge_5,
+ u_register_t challenge_6,
+ u_register_t challenge_7,
+ u_register_t *out_token_upper_bound);
+
+/* This function will retrieve the (or part of) attestation token */
+u_register_t rsi_attest_token_continue(u_register_t buffer_addr,
+ u_register_t offset,
+ u_register_t buffer_size,
+ u_register_t *bytes_copied);
+
/* This function call Host and request to exit Realm with proper exit code */
void rsi_exit_to_host(enum host_call_cmd exit_code);
diff --git a/realm/include/realm_tests.h b/realm/include/realm_tests.h
index a2cfc9b..2c1d3a1 100644
--- a/realm/include/realm_tests.h
+++ b/realm/include/realm_tests.h
@@ -28,6 +28,8 @@
bool test_realm_sme_read_id_registers(void);
bool test_realm_sme_undef_abort(void);
bool test_realm_sctlr2_ease(void);
+bool test_realm_attestation(void);
+bool test_realm_attestation_fault(void);
#endif /* REALM_TESTS_H */