Attest: Add support to different profiles
Support the following profiles:
- PSA_IOT_1
- PSA_2_0_0
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ib4097ddf21dabb895b6265c5ade295638c552b16
diff --git a/test/secure_fw/suites/attestation/attest_token_test.c b/test/secure_fw/suites/attestation/attest_token_test.c
index f70ec20..06816b4 100644
--- a/test/secure_fw/suites/attestation/attest_token_test.c
+++ b/test/secure_fw/suites/attestation/attest_token_test.c
@@ -89,107 +89,7 @@
}
#ifdef INCLUDE_TEST_CODE /* Remove them from release build */
-#ifdef SYMMETRIC_INITIAL_ATTESTATION
-/**
- * This is the expected output for the minimal test. It is the result
- * of creating a token with \ref TOKEN_OPT_SHORT_CIRCUIT_SIGN and \ref
- * TOKEN_OPT_OMIT_CLAIMS set. The nonce is the above constant string
- * \ref nonce_bytes. The token output is completely deterministic.
- *
- * 17(
- * [
- * / protected / h'A10105' / {
- * \ alg \ 1:5 \ HMAC-SHA256 \
- * } /,
- * / unprotected / {},
- * / payload / h'A13A000124FF5840000000C0000000000000000000000
- * 00000000000000000000000000000000000000000000000000000000000
- * 0000000000000000000000000000000000000000' / {
- * / arm_psa_nonce / -75008: h'000000C00000000000000000000
- * 0000000000000000000000000000000000000000000000000000000
- * 0000000000000000000000000000000000000000000000,
- * } /,
- * / tag / h'966840FC0A60AE968F906D7092E57B205D3BBE83ED47EBBC2
- * AD9D1CFB41C87F3'
- * ]
- * )
- *
- * The above is in CBOR Diagnostic notation. See RFC 8152.
- */
-static const uint8_t expected_minimal_token_bytes[] = {
- 0xD1, 0x84, 0x43, 0xA1, 0x01, 0x05, 0xA0, 0x58,
- 0x48, 0xA1, 0x3A, 0x00, 0x01, 0x24, 0xFF, 0x58,
- 0x40, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x58, 0x20, 0x96, 0x68, 0x40, 0xFC, 0x0A,
- 0x60, 0xAE, 0x96, 0x8F, 0x90, 0x6D, 0x70, 0x92,
- 0xE5, 0x7B, 0x20, 0x5D, 0x3B, 0xBE, 0x83, 0xED,
- 0x47, 0xEB, 0xBC, 0x2A, 0xD9, 0xD1, 0xCF, 0xB4,
- 0x1C, 0x87, 0xF3
-};
-#else /* SYMMETRIC_INITIAL_ATTESTATION */
-/**
- * This is the expected output for the minimal test. It is the result
- * of creating a token with \ref TOKEN_OPT_SHORT_CIRCUIT_SIGN and \ref
- * TOKEN_OPT_OMIT_CLAIMS set. The nonce is the above constant string
- * \ref nonce_bytes. The token output is completely deterministic.
- *
- * The implementation of TOKEN_OPT_SHORT_CIRCUIT_SIGN always uses the
- * kid
- * EF954B4BD9BDF670D0336082F5EF152AF8F35B6A6C00EFA6A9A71F49517E18C6.
- *
- * 18(
- * [
- * h'A10126', // protected headers
- * { // unprotected headers
- * 4: h'EF954B4BD9BDF670D0336082F5EF152AF8F35B6A6C00EFA6A9
- * A71F49517E18C6'
- * },
- * h'A13A000124FF5840000000C0000000000000000000000000000000000
- * 000000000000000000000000000000000000000000000000000000000
- * 000000000000000000000000000000',
- * h'CE52E46D564F1A6DBCEE106341CC80CDC0A3480999AFA8067747CA255
- * EEDFD8BCE52E46D564F1A6DBCEE106341CC80CDC0A3480999AFA80677
- * 47CA255EEDFD8B'
- * ]
- * )
- *
- * The above is in CBOR Diagnostic notation. See RFC 8152.
- */
-static const uint8_t expected_minimal_token_bytes[] = {
- 0xD2, 0x84, 0x43, 0xA1, 0x01, 0x26, 0xA1, 0x04,
- 0x58, 0x20, 0xEF, 0x95, 0x4B, 0x4B, 0xD9, 0xBD,
- 0xF6, 0x70, 0xD0, 0x33, 0x60, 0x82, 0xF5, 0xEF,
- 0x15, 0x2A, 0xF8, 0xF3, 0x5B, 0x6A, 0x6C, 0x00,
- 0xEF, 0xA6, 0xA9, 0xA7, 0x1F, 0x49, 0x51, 0x7E,
- 0x18, 0xC6, 0x58, 0x48, 0xA1, 0x3A, 0x00, 0x01,
- 0x24, 0xFF, 0x58, 0x40, 0x00, 0x00, 0x00, 0xC0,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x58, 0x40, 0x45, 0x0B,
- 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE,
- 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3,
- 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A,
- 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D, 0x45, 0x0B,
- 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE,
- 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3,
- 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A,
- 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D
-};
-#endif /* SYMMETRIC_INITIAL_ATTESTATION */
-
-
+static const uint8_t expected_minimal_token_bytes[] = {MINIMAL_TOKEN};
/*
* Public function. See token_test.h
*/
diff --git a/test/secure_fw/suites/attestation/attest_token_test_values.h b/test/secure_fw/suites/attestation/attest_token_test_values.h
index 90c9072..7227699 100644
--- a/test/secure_fw/suites/attestation/attest_token_test_values.h
+++ b/test/secure_fw/suites/attestation/attest_token_test_values.h
@@ -68,6 +68,200 @@
* bytes. They length must be the number of bytes in the first.
*/
+/**
+ * This is the expected output for the minimal test. It is the result
+ * of creating a token with \ref TOKEN_OPT_SHORT_CIRCUIT_SIGN and \ref
+ * TOKEN_OPT_OMIT_CLAIMS set. The nonce is the above constant string
+ * \ref nonce_bytes. The token output is completely deterministic.
+ * 17(
+ * [
+ * / protected / h'A10105' / {
+ * \ alg \ 1:5 \ HMAC-SHA256 \
+ * } /,
+ * / unprotected / {},
+ * / payload / h'A13A000124FF5840000000C0000000000000000000000
+ * 00000000000000000000000000000000000000000000000000000000000
+ * 0000000000000000000000000000000000000000' / {
+ * / arm_psa_nonce / -75008: h'000000C00000000000000000000
+ * 0000000000000000000000000000000000000000000000000000000
+ * 0000000000000000000000000000000000000000000000,
+ * } /,
+ * / tag / h'966840FC0A60AE968F906D7092E57B205D3BBE83ED47EBBC2
+ * AD9D1CFB41C87F3'
+ * ]
+ * )
+ *
+ * The above is in CBOR Diagnostic notation. See RFC 8152.
+ */
+#define SYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_IOT_1 \
+ 0xD1, 0x84, 0x43, 0xA1, 0x01, 0x05, 0xA0, 0x58, \
+ 0x48, 0xA1, 0x3A, 0x00, 0x01, 0x24, 0xFF, 0x58, \
+ 0x40, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x58, 0x20, 0x96, 0x68, 0x40, 0xFC, 0x0A, \
+ 0x60, 0xAE, 0x96, 0x8F, 0x90, 0x6D, 0x70, 0x92, \
+ 0xE5, 0x7B, 0x20, 0x5D, 0x3B, 0xBE, 0x83, 0xED, \
+ 0x47, 0xEB, 0xBC, 0x2A, 0xD9, 0xD1, 0xCF, 0xB4, \
+ 0x1C, 0x87, 0xF3
+
+/* The expected token in PSA_2_0_0 profile. The difference is caused because
+ * the key value of the nonce claim is modifed (-75008 -> 10) to be aligned with
+ * the EAT specification.
+ *
+ * 17(
+ * [
+ * / protected / h'A10105' / {
+ * \ alg \ 1:5 \ HMAC-SHA256 \
+ * } /,
+ * / unprotected / {},
+ * / payload / h'A10A5840000000C000000000000000000000000000000
+ * 00000000000000000000000000000000000000000000000000000000000
+ * 0000000000000000000000000000000' \ {
+ * / arm_psa_nonce / 10: h'000000C000000000000000000000000
+ * 0000000000000000000000000000000000000000000000000000000
+ * 000000000000000000000000000000000000000000,
+ * } /,
+ * / tag / h'AD01BB6AF91B2F13F8BF3C9BBB31079000CA8F117C800F50A
+ * C56ADB0E113749D'
+ * ]
+ * )
+ *
+ * The above is in CBOR Diagnostic notation. See RFC 8152.
+ */
+#define SYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_2_0_0_0 \
+ 0xD1, 0x84, 0x43, 0xA1, 0x01, 0x05, 0xA0, 0x58, \
+ 0x44, 0xA1, 0x0A, 0x58, 0x40, 0x00, 0x00, 0x00, \
+ 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x58, 0x20, 0xAD, \
+ 0x01, 0xBB, 0x6A, 0xF9, 0x1B, 0x2F, 0x13, 0xF8, \
+ 0xBF, 0x3C, 0x9B, 0xBB, 0x31, 0x07, 0x90, 0x00, \
+ 0xCA, 0x8F, 0x11, 0x7C, 0x80, 0x0F, 0x50, 0xAC, \
+ 0x56, 0xAD, 0xB0, 0xE1, 0x13, 0x74, 0x9D
+
+/**
+ * This is the expected output for the minimal test. It is the result
+ * of creating a token with \ref TOKEN_OPT_SHORT_CIRCUIT_SIGN and \ref
+ * TOKEN_OPT_OMIT_CLAIMS set. The nonce is the above constant string
+ * \ref nonce_bytes. The token output is completely deterministic.
+ *
+ * The implementation of TOKEN_OPT_SHORT_CIRCUIT_SIGN always uses the
+ * kid
+ * EF954B4BD9BDF670D0336082F5EF152AF8F35B6A6C00EFA6A9A71F49517E18C6.
+ * 18(
+ * [
+ * h'A10126', // protected headers
+ * { // unprotected headers
+ * 4: h'EF954B4BD9BDF670D0336082F5EF152AF8F35B6A6C00EFA6A9
+ * A71F49517E18C6'
+ * },
+ * h'A13A000124FF5840000000C0000000000000000000000000000000000
+ * 000000000000000000000000000000000000000000000000000000000
+ * 000000000000000000000000000000',
+ * h'CE52E46D564F1A6DBCEE106341CC80CDC0A3480999AFA8067747CA255
+ * EEDFD8BCE52E46D564F1A6DBCEE106341CC80CDC0A3480999AFA80677
+ * 47CA255EEDFD8B'
+ * ]
+ * )
+ *
+ * The above is in CBOR Diagnostic notation. See RFC 8152.
+ */
+#define ASYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_IOT_1 \
+ 0xD2, 0x84, 0x43, 0xA1, 0x01, 0x26, 0xA1, 0x04, \
+ 0x58, 0x20, 0xEF, 0x95, 0x4B, 0x4B, 0xD9, 0xBD, \
+ 0xF6, 0x70, 0xD0, 0x33, 0x60, 0x82, 0xF5, 0xEF, \
+ 0x15, 0x2A, 0xF8, 0xF3, 0x5B, 0x6A, 0x6C, 0x00, \
+ 0xEF, 0xA6, 0xA9, 0xA7, 0x1F, 0x49, 0x51, 0x7E, \
+ 0x18, 0xC6, 0x58, 0x48, 0xA1, 0x3A, 0x00, 0x01, \
+ 0x24, 0xFF, 0x58, 0x40, 0x00, 0x00, 0x00, 0xC0, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x58, 0x40, 0x45, 0x0B, \
+ 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE, \
+ 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3, \
+ 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A, \
+ 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D, 0x45, 0x0B, \
+ 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE, \
+ 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3, \
+ 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A, \
+ 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D
+
+/**
+ * 18(
+ * [
+ * h'A10126', // protected headers
+ * { // unprotected headers
+ * 4: h'EF954B4BD9BDF670D0336082F5EF152AF8F35B6A6C00EFA6A9
+ * A71F49517E18C6'
+ * },
+ * h'A10A5840000000C000000000000000000000000000000000000000000
+ * 000000000000000000000000000000000000000000000000000000000
+ * 0000000000000000000000',
+ * h'52B1D89EB3CBA0FF57291754F54A5927116E68CA32F28967BB41B04D2
+ * 167BFB352B1D89EB3CBA0FF57291754F54A5927116E68CA32F28967BB
+ * 41B04D2167BFB3'
+ * ]
+ * )
+ * The above is in CBOR Diagnostic notation. See RFC 8152.
+ */
+#define ASYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_2_0_0 \
+ 0xD2, 0x84, 0x43, 0xA1, 0x01, 0x26, 0xA1, 0x04, \
+ 0x58, 0x20, 0xEF, 0x95, 0x4B, 0x4B, 0xD9, 0xBD, \
+ 0xF6, 0x70, 0xD0, 0x33, 0x60, 0x82, 0xF5, 0xEF, \
+ 0x15, 0x2A, 0xF8, 0xF3, 0x5B, 0x6A, 0x6C, 0x00, \
+ 0xEF, 0xA6, 0xA9, 0xA7, 0x1F, 0x49, 0x51, 0x7E, \
+ 0x18, 0xC6, 0x58, 0x44, 0xA1, 0x0A, 0x58, 0x40, \
+ 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+ 0x58, 0x40, 0x52, 0xB1, 0xD8, 0x9E, 0xB3, 0xCB, \
+ 0xA0, 0xFF, 0x57, 0x29, 0x17, 0x54, 0xF5, 0x4A, \
+ 0x59, 0x27, 0x11, 0x6E, 0x68, 0xCA, 0x32, 0xF2, \
+ 0x89, 0x67, 0xBB, 0x41, 0xB0, 0x4D, 0x21, 0x67, \
+ 0xBF, 0xB3, 0x52, 0xB1, 0xD8, 0x9E, 0xB3, 0xCB, \
+ 0xA0, 0xFF, 0x57, 0x29, 0x17, 0x54, 0xF5, 0x4A, \
+ 0x59, 0x27, 0x11, 0x6E, 0x68, 0xCA, 0x32, 0xF2, \
+ 0x89, 0x67, 0xBB, 0x41, 0xB0, 0x4D, 0x21, 0x67, \
+ 0xBF, 0xB3
+
+/* The expected tokens in the minimal */
+#ifdef SYMMETRIC_INITIAL_ATTESTATION
+ #ifdef ATTEST_TOKEN_PROFILE_PSA_IOT_1
+ #define MINIMAL_TOKEN SYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_IOT_1
+ #else
+ /* PSA_2_0_0 */
+ #define MINIMAL_TOKEN SYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_2_0_0_0
+ #endif
+#else
+ #ifdef ATTEST_TOKEN_PROFILE_PSA_IOT_1
+ #define MINIMAL_TOKEN ASYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_IOT_1
+ #else
+ /* PSA_2_0_0 */
+ #define MINIMAL_TOKEN ASYM_KEY_SIGNED_MINIMAL_TOKEN_PSA_2_0_0
+ #endif
+#endif
+
/* The 64 byte special option-packed nonce where option flags
* are packed in at the start. Binary. */
#define TOKEN_TEST_NONCE_BYTES \
@@ -84,7 +278,6 @@
(uint8_t[]){TOKEN_TEST_NONCE_BYTES},\
64\
}
-#define TOKEN_TEST_REQUIRE_NONCE true /* Mandatory claim */
/* A 32 byte mostly random value. Binary. Value not checked */
#define TOKEN_TEST_VALUE_INSTANCE_ID NULL_Q_USEFUL_BUF_C
@@ -105,7 +298,32 @@
33\
}
*/
-#define TOKEN_TEST_REQUIRE_INSTANCE_ID true /* Mandatory claim */
+
+/* Common claims among all profiles */
+#define TOKEN_TEST_REQUIRE_NONCE true /* Mandatory claim */
+#define TOKEN_TEST_REQUIRE_INSTANCE_ID true /* Mandatory claim */
+#define TOKEN_TEST_REQUIRE_IMPLEMENTATION_ID true /* Mandatory claim */
+#define TOKEN_TEST_REQUIRE_SECURITY_LIFECYCLE true /* Mandatory claim */
+#define TOKEN_TEST_REQUIRE_VERIFICATION_SERVICE false /* Optional claim */
+
+/* Requirements of the mandatory and optional claims vary among profiles. False
+ * value means two things:
+ * - Claim is optional
+ * - Claim is not required at all
+ */
+#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \
+ defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */
+ #define TOKEN_TEST_REQUIRE_CLIENT_ID true /* Mandatory claim */
+ #define TOKEN_TEST_REQUIRE_CERT_REF false /* Optional claim */
+ #define TOKEN_TEST_REQUIRE_PROFILE_DEFINITION false /* Optional claim */
+#else
+ #error "Attestation token profile is incorrect"
+#endif
+
+/* An integer (can be positive or negative) */
+#define TOKEN_TEST_VALUE_CLIENT_ID 0 /* Invalid value to trigger check */
+
/* If defined, check for the constant values defined in
* platform/ext/common/template/attest_hal.c
@@ -126,10 +344,10 @@
32\
}
-/* A text string in EAN 13 format
+/* A text string in EAN13 + '-' + 5 format
* platform/ext/common/template/attest_hal.c
*/
-#define TOKEN_TEST_VALUE_CERT_REF "060456527282910010" /* Hard-coded value */
+#define TOKEN_TEST_VALUE_CERT_REF "0604565272829-10010" /* Hard-coded value */
/* A 32 byte mostly random value. Binary.
* platform/ext/common/template/attest_hal.c
@@ -148,8 +366,13 @@
/* Text string naming the profile definition:
* platform/ext/common/template/attest_hal.c
*/
+#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1)
#define TOKEN_TEST_VALUE_PROFILE_DEFINITION "PSA_IOT_PROFILE_1"
-
+#elif defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#define TOKEN_TEST_VALUE_PROFILE_DEFINITION "http://arm.com/psa/2.0.0"
+#else
+ #error "Attestation token profile is incorrect"
+#endif
/* Text string with verification URL or similar
* platform/ext/common/template/attest_hal.c
*/
@@ -173,17 +396,6 @@
#endif /* CLAIM_VALUE_CHECK */
-#define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */
-#define TOKEN_TEST_REQUIRE_CERT_REF false /* Optional claim */
-#define TOKEN_TEST_REQUIRE_IMPLEMENTATION_ID true /* Mandatory claim */
-#define TOKEN_TEST_REQUIRE_PROFILE_DEFINITION false /* Optional claim */
-#define TOKEN_TEST_REQUIRE_VERIFICATION_SERVICE false /* Optional claim */
-#define TOKEN_TEST_REQUIRE_SECURITY_LIFECYCLE true /* Mandatory claim */
-
-/* An integer (can be positive or negative) */
-#define TOKEN_TEST_VALUE_CLIENT_ID 0 /* Invalid value to trigger check */
-#define TOKEN_TEST_REQUIRE_CLIENT_ID true /* Mandatory claim */
-
/**
* \c TOKEN_TEST_REQUIRED_NUM_SWC can be either 0, 1, 2 or \c
* INT32_MAX