Test: Build TF-M SPE alone with NS test flags selected
Some usage scenarios, such as multi-core platforms, require to build
non-secure side and secure side separately. TF-M currently supports to
build TF-M secure side with secure tests only.
However, some non-secure tests also require secure test services.
Therefore, NS test flags shall be selected even during TF-M secure build
alone.
But if NS tests flags are selected while building TF-M secure side only,
the TF-M build with current tf-m-tests will fail since the tf-m-tests is
not decoupled well.
This commit supports to build TF-M secure side only with NS test flags
selected, to include secure test services to support NS tests.
If NS is not selected, skip NS test framework and test suites build by
temporarily unsetting corresponding flags.
Signed-off-by: David Hu <david.hu@arm.com>
Change-Id: I2ae1caab9d5b63f43bb17453a3392cb22963f85d
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 7d568d2..0427d99 100755
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -7,59 +7,13 @@
cmake_minimum_required(VERSION 3.13)
-add_library(tfm_ns_tests INTERFACE)
-add_library(tfm_test_framework_ns INTERFACE)
-add_library(tfm_test_framework_s INTERFACE)
-
-# For multi-core projects, the NS app can be run on a different CPU to the
-# Secure code. To facilitate this, we once again reload the compiler to load the
-# setting for the NS CPU. Cmake settings are directory scoped so this affects
-# anything loaded from or declared in this dir.
-if (TFM_MULTI_CORE_TOPOLOGY)
- include(${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload_ns.cmake)
- tfm_toolchain_reload_compiler()
-endif()
-
-add_subdirectory(test_services)
-
-add_subdirectory(suites/attestation)
-add_subdirectory(suites/audit)
-add_subdirectory(suites/core)
-add_subdirectory(suites/crypto)
-add_subdirectory(suites/extra)
-add_subdirectory(suites/its)
-add_subdirectory(suites/qcbor)
-add_subdirectory(suites/ps)
-add_subdirectory(suites/t_cose)
-add_subdirectory(suites/platform)
-add_subdirectory(suites/fwu)
-add_subdirectory(suites/irq)
-add_subdirectory(suites/nsid)
-
-if(TFM_PSA_API)
- add_subdirectory(suites/ipc)
-endif()
-if(TEST_NS_MULTI_CORE)
- add_subdirectory(suites/multi_core/non_secure)
-endif()
-
-if (TFM_FUZZER_TOOL_TESTS)
- if(NOT DEFINED TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH)
- # The location of the file needs to be defined either from command line
- # or from config cmake file.
- message(FATAL_ERROR "Incomplete build configuration: TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH is undefined.")
- else()
- add_subdirectory(${TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH} ${CMAKE_BINARY_DIR}/suites/tfm_fuzz)
- endif()
-endif()
-
add_library(tfm_test_framework_common INTERFACE)
target_sources(tfm_test_framework_common
INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework.c
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework_helpers.c
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework_integ_test_helper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework_helpers.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/test_framework_integ_test_helper.c
)
target_include_directories(tfm_test_framework_common
@@ -67,60 +21,8 @@
framework
)
-target_compile_definitions(tfm_test_framework_ns
- INTERFACE
- DOMAIN_NS=1
-)
+# Build test services and add secure test suite targets
+include(secure_tests.cmake)
-target_link_libraries(tfm_test_framework_ns
- INTERFACE
- tfm_test_framework_common
- tfm_api_ns
- tfm_ns_interface
- tfm_ns_log
-)
-
-target_sources(tfm_ns_tests
- INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/non_secure_suites.c
-)
-
-target_link_libraries(tfm_ns_tests
- INTERFACE
- tfm_test_framework_ns
- tfm_partition_defs
-)
-
-target_compile_definitions(tfm_ns_tests
- INTERFACE
- $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
- $<$<BOOL:${TFM_FUZZER_TOOL_TESTS}>:TFM_FUZZER_TOOL_TESTS>
-)
-
-####################### Secure #################################################
-
-target_link_libraries(tfm_test_framework_s
- INTERFACE
- psa_interface
- tfm_test_framework_common
- tfm_sp_log_raw
-)
-
-if (TEST_FRAMEWORK_S)
- target_sources(tfm_s_tests
- INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}/framework/secure_suites.c
- )
-
- target_link_libraries(tfm_s_tests
- INTERFACE
- tfm_test_framework_s
- tfm_partition_defs
- tfm_spm
- )
-
- target_compile_definitions(tfm_s_tests
- INTERFACE
- $<$<BOOL:${PS_TEST_NV_COUNTERS}>:PS_TEST_NV_COUNTERS>
- )
-endif()
+# Include test suites at last after other targets are setup.
+add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/suites)
diff --git a/test/config/check_config.cmake b/test/config/check_config.cmake
index 46dd60f..41f2c0b 100644
--- a/test/config/check_config.cmake
+++ b/test/config/check_config.cmake
@@ -51,15 +51,8 @@
tfm_invalid_config(TEST_NS_T_COSE AND SYMMETRIC_INITIAL_ATTESTATION)
tfm_invalid_config((NOT TFM_NS_MANAGE_NSID) AND TEST_NS_MANAGE_NSID)
-########################## Check Framework #####################################
-
-# In IPC model, NS regression test needs NS. Secure regression test can build
-# without NS.
-tfm_invalid_config(NOT NS AND TEST_FRAMEWORK_NS AND NOT TFM_LIB_MODEL)
-
-# In library model, when regression test(TEST_FRAMEWORK_NS or TEST_FRAMEWORK_S)
-# open, NS shall be ON.
-tfm_invalid_config(NOT NS AND (TEST_FRAMEWORK_NS OR TEST_FRAMEWORK_S) AND TFM_LIB_MODEL)
+# So far all NS regression tests are triggered from NS app
+tfm_invalid_config(NOT NS AND TEST_FRAMEWORK_NS)
########################## Check suites dependence #############################
diff --git a/test/config/set_config.cmake b/test/config/set_config.cmake
index 452af12..e059aab 100644
--- a/test/config/set_config.cmake
+++ b/test/config/set_config.cmake
@@ -70,14 +70,17 @@
########################## Test framework sync #################################
get_cmake_property(CACHE_VARS CACHE_VARIABLES)
-# Force TEST_FRAMEWORK_NS ON if single NS test ON
-foreach(CACHE_VAR ${CACHE_VARS})
- string(REGEX MATCH "^TEST_NS_.*" _NS_TEST_FOUND "${CACHE_VAR}")
- if (_NS_TEST_FOUND AND "${${CACHE_VAR}}")
- set(TEST_FRAMEWORK_NS ON CACHE BOOL "Whether to build NS regression tests framework")
- break()
- endif()
-endforeach()
+
+if (NS)
+ # Force TEST_FRAMEWORK_NS ON if single NS test ON
+ foreach(CACHE_VAR ${CACHE_VARS})
+ string(REGEX MATCH "^TEST_NS_.*" _NS_TEST_FOUND "${CACHE_VAR}")
+ if (_NS_TEST_FOUND AND "${${CACHE_VAR}}")
+ set(TEST_FRAMEWORK_NS ON CACHE BOOL "Whether to build NS regression tests framework")
+ break()
+ endif()
+ endforeach()
+endif()
# Force TEST_FRAMEWORK_S ON if single S test ON
foreach(CACHE_VAR ${CACHE_VARS})
@@ -110,6 +113,13 @@
include(${TFM_TEST_PATH}/config/default_s_test_config.cmake)
endif()
if (TEST_NS)
+ if (NOT NS)
+ # In this case, TEST_NS is used to configure corresponding test secure
+ # services during SPE build alone.
+ # Disable TEST_FRAMEWORK_NS if NS is OFF as NS test framework shall
+ # run inside NS environment
+ set(TEST_FRAMEWORK_NS OFF CACHE BOOL "Whether to build NS regression tests framework")
+ endif()
include(${TFM_TEST_PATH}/config/default_ns_test_config.cmake)
endif()
diff --git a/test/secure_tests.cmake b/test/secure_tests.cmake
new file mode 100644
index 0000000..e1111ab
--- /dev/null
+++ b/test/secure_tests.cmake
@@ -0,0 +1,79 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# Since the main test directory is a NS dir, this subdir is specifically made a
+# secure directory as it build the secure side tests and services
+if (TFM_MULTI_CORE_TOPOLOGY)
+ include(${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload.cmake)
+ tfm_toolchain_reload_compiler()
+endif()
+
+# Test services are also required by some NS regression tests.
+# Include test services at first no matter whether secure tests are enabled.
+add_subdirectory(test_services)
+
+if (NOT TEST_FRAMEWORK_S)
+ return()
+endif()
+
+add_library(tfm_test_framework_s INTERFACE)
+add_library(tfm_s_tests INTERFACE)
+
+target_link_libraries(tfm_test_framework_s
+ INTERFACE
+ psa_interface
+ tfm_test_framework_common
+ tfm_sp_log_raw
+)
+
+target_sources(tfm_s_tests
+ INTERFACE
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/secure_suites.c
+)
+
+target_link_libraries(tfm_s_tests
+ INTERFACE
+ tfm_test_framework_s
+ tfm_partition_defs
+ tfm_spm
+)
+
+target_compile_definitions(tfm_s_tests
+ INTERFACE
+ $<$<BOOL:${PS_TEST_NV_COUNTERS}>:PS_TEST_NV_COUNTERS>
+)
+
+############################# Secure tests #####################################
+
+# Add secure test library targets here to inherit secure side configurations
+if (TEST_S_CRYPTO)
+ add_library(tfm_test_suite_crypto_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_ATTESTATION)
+ add_library(tfm_test_suite_attestation_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_ITS)
+ add_library(tfm_test_suite_its_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_PS)
+ add_library(tfm_test_suite_ps_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_AUDIT)
+ add_library(tfm_test_suite_audit_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_PLATFORM)
+ add_library(tfm_test_suite_platform_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_IPC)
+ add_library(tfm_test_suite_ipc_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (TEST_S_FWU)
+ add_library(tfm_test_suite_fwu_s STATIC EXCLUDE_FROM_ALL)
+endif()
+if (EXTRA_S_TEST_SUITES_PATHS)
+ add_library(tfm_test_suite_extra_s STATIC EXCLUDE_FROM_ALL)
+endif()
diff --git a/test/suites/CMakeLists.txt b/test/suites/CMakeLists.txt
new file mode 100644
index 0000000..deafdd8
--- /dev/null
+++ b/test/suites/CMakeLists.txt
@@ -0,0 +1,96 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 3.13)
+
+if (NOT TEST_FRAMEWORK_NS AND NOT TEST_FRAMEWORK_S)
+ return()
+endif()
+
+# For multi-core projects, the NS app can be run on a different CPU to the
+# Secure code. To facilitate this, we once again reload the compiler to load the
+# setting for the NS CPU. Cmake settings are directory scoped so this affects
+# anything loaded from or declared in this dir.
+if (TFM_MULTI_CORE_TOPOLOGY)
+ include(${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload_ns.cmake)
+ tfm_toolchain_reload_compiler()
+endif()
+
+if (TEST_FRAMEWORK_NS)
+ add_library(tfm_ns_tests INTERFACE)
+ add_library(tfm_test_framework_ns INTERFACE)
+
+ target_compile_definitions(tfm_test_framework_ns
+ INTERFACE
+ DOMAIN_NS=1
+ )
+
+ target_link_libraries(tfm_test_framework_ns
+ INTERFACE
+ tfm_test_framework_common
+ tfm_api_ns
+ tfm_ns_interface
+ tfm_ns_log
+ )
+
+ target_sources(tfm_ns_tests
+ INTERFACE
+ ${TFM_TEST_PATH}/framework/non_secure_suites.c
+ )
+
+ target_link_libraries(tfm_ns_tests
+ INTERFACE
+ tfm_test_framework_ns
+ tfm_partition_defs
+ )
+
+ target_compile_definitions(tfm_ns_tests
+ INTERFACE
+ $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
+ $<$<BOOL:${TFM_FUZZER_TOOL_TESTS}>:TFM_FUZZER_TOOL_TESTS>
+ )
+else()
+ # Skip building NS regresstion test suites if TEST_FRAMEWORK_NS is OFF.
+ # NS test flags are kept to select corresponding test services. They are
+ # unset here to skip building NS regression test suites.
+ get_cmake_property(CACHE_VARS CACHE_VARIABLES)
+
+ foreach(CACHE_VAR ${CACHE_VARS})
+ string(REGEX MATCH "^TEST_NS_.*" _NS_TEST_FOUND "${CACHE_VAR}")
+ if (_NS_TEST_FOUND AND "${${CACHE_VAR}}")
+ unset(${CACHE_VAR} CACHE)
+ endif()
+ endforeach()
+endif()
+
+# Add test suites.
+# Secure test suite library targets shall already be added in secure_tests.cmake
+add_subdirectory(attestation)
+add_subdirectory(audit)
+add_subdirectory(core)
+add_subdirectory(crypto)
+add_subdirectory(extra)
+add_subdirectory(its)
+add_subdirectory(qcbor)
+add_subdirectory(ps)
+add_subdirectory(t_cose)
+add_subdirectory(platform)
+add_subdirectory(fwu)
+add_subdirectory(ipc)
+add_subdirectory(irq)
+add_subdirectory(multi_core/non_secure)
+add_subdirectory(nsid)
+
+if (TFM_FUZZER_TOOL_TESTS AND TEST_FRAMEWORK_NS)
+ if (NOT DEFINED TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH)
+ # The location of the file needs to be defined either from command line
+ # or from config cmake file.
+ message(FATAL_ERROR "Incomplete build configuration: TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH is undefined.")
+ else()
+ add_subdirectory(${TFM_FUZZER_TOOL_TESTS_CMAKE_INC_PATH} ${CMAKE_BINARY_DIR}/suites/tfm_fuzz)
+ endif()
+endif()
diff --git a/test/test_services/CMakeLists.txt b/test/test_services/CMakeLists.txt
index ea2c226..f2b6b8a 100644
--- a/test/test_services/CMakeLists.txt
+++ b/test/test_services/CMakeLists.txt
@@ -5,45 +5,10 @@
#
#-------------------------------------------------------------------------------
-# Since the main test directory is a NS dir, this subdir is specifically made a
-# secure directory as it build the secure side test services
-if (TFM_MULTI_CORE_TOPOLOGY)
- include(${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload.cmake)
- tfm_toolchain_reload_compiler()
-endif()
-
-if (TEST_FRAMEWORK_S)
- # Secure tests are declared in this dir so that it can use the secure CPU
- # definitions
- add_library(tfm_s_tests INTERFACE)
- if (TEST_S_CRYPTO)
- add_library(tfm_test_suite_crypto_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_ATTESTATION)
- add_library(tfm_test_suite_attestation_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_ITS)
- add_library(tfm_test_suite_its_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_PS)
- add_library(tfm_test_suite_ps_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_AUDIT)
- add_library(tfm_test_suite_audit_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_PLATFORM)
- add_library(tfm_test_suite_platform_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_IPC)
- add_library(tfm_test_suite_ipc_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (TEST_S_FWU)
- add_library(tfm_test_suite_fwu_s STATIC EXCLUDE_FROM_ALL)
- endif()
- if (EXTRA_S_TEST_SUITES_PATHS)
- add_library(tfm_test_suite_extra_s STATIC EXCLUDE_FROM_ALL)
- endif()
-endif()
+# Install directory for non-secure interface API of test services
+# NS can pick up those interface files to build non-secure test cases
+set(TEST_SERVICE_SRC_INSTALL_DIR ${TFM_INSTALL_PATH}/interface/src/test_service)
+set(TEST_SERVICE_INC_INSTALL_DIR ${TFM_INSTALL_PATH}/interface/include/test_service)
if (TEST_NS_ATTESTATION OR TEST_S_ATTESTATION)
add_subdirectory(tfm_attest_test_service)
diff --git a/test/test_services/tfm_attest_test_service/CMakeLists.txt b/test/test_services/tfm_attest_test_service/CMakeLists.txt
index 6280a5f..f757dd5 100644
--- a/test/test_services/tfm_attest_test_service/CMakeLists.txt
+++ b/test/test_services/tfm_attest_test_service/CMakeLists.txt
@@ -94,6 +94,12 @@
)
endif()
+# Export test service non-secure interface API
+install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tfm_attest_test_service_ns_api.c
+ DESTINATION ${TEST_SERVICE_SRC_INSTALL_DIR})
+install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tfm_attest_test_service_api.h
+ DESTINATION ${TEST_SERVICE_INC_INSTALL_DIR})
+
############################ Secure API ########################################
target_sources(tfm_secure_api
diff --git a/test/test_services/tfm_secure_client_service/CMakeLists.txt b/test/test_services/tfm_secure_client_service/CMakeLists.txt
index 2542f5c..00dc3d1 100644
--- a/test/test_services/tfm_secure_client_service/CMakeLists.txt
+++ b/test/test_services/tfm_secure_client_service/CMakeLists.txt
@@ -78,6 +78,14 @@
)
endif()
+# Export test service non-secure interface API in Library model
+if(TFM_LIB_MODEL)
+ install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tfm_secure_client_service_api.c
+ DESTINATION ${TEST_SERVICE_SRC_INSTALL_DIR})
+ install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tfm_secure_client_service_api.h
+ DESTINATION ${TEST_SERVICE_INC_INSTALL_DIR})
+endif()
+
############################ Partition Defs ####################################
target_link_libraries(tfm_partitions