Add build option for using hardcoded IAK
The attestation SP doesn't rely on having a hardcoded attestation key,
contrary to TF-M and PSA Arch test. Because of this we had a patch for
the PSA Arch test repo to stop it from using the hardcoded key. However,
as part of the corstone1000 platform enablement to make the SE proxy SP
work with TF-M as its backend, this patch was removed, breaking the 601
test case when ran against the attestation SP. This commit reintroduces
the mentioned patch to disable using the hardcoded key again. To keep
the SE Proxy SP functional at the same time, it adds a build option that
re-enables using the hardcoded key. This option should be used when
building for the corstone1000 platform.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I7df92a5ae6225e52c87cb011032a18f6979ff350
diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
new file mode 100644
index 0000000..55917fb
--- /dev/null
+++ b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
@@ -0,0 +1,28 @@
+From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Tue, 8 Feb 2022 17:06:37 +0000
+Subject: [PATCH 1/1] Disable using hard-coded attestation key
+
+Modify platform config to disable using a hard-coded attestation
+key.
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
+index 6112ba7..1cdf581 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
+@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t;
+ #define CRYPTO_VERSION_BETA3
+
+ /* Use hardcoded public key */
+-#define PLATFORM_OVERRIDE_ATTEST_PK
++//#define PLATFORM_OVERRIDE_ATTEST_PK
+
+ /*
+ * Include of PSA defined Header files
+--
+2.17.1
diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
index cd9d58e..5b403ef 100644
--- a/external/psa_arch_tests/psa_arch_tests.cmake
+++ b/external/psa_arch_tests/psa_arch_tests.cmake
@@ -14,10 +14,17 @@
GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
GIT_SHALLOW FALSE
+ PATCH_COMMAND git stash
+ COMMAND git tag -f ts-before-am
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
+ COMMAND git reset ts-before-am
)
-# Ensure list of defines is separated correctly
-string(REPLACE ";" " " PSA_ARCH_TEST_EXTERNAL_DEFS "${PSA_ARCH_TEST_EXTERNAL_DEFS}")
+# Default value matching TS psa-iat service implementation capabilities
+set(TS_PSA_ACS_IAT_OVERRIDE_PK Off CACHE BOOL "If psa-acs is using hardcoded IAT pubic key.")
+if(TS_PSA_ACS_IAT_OVERRIDE_PK)
+ list(APPEND PSA_ARCH_TEST_EXTERNAL_DEFS -DPLATFORM_OVERRIDE_ATTEST_PK)
+endif()
include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
LazyFetch_MakeAvailable(DEP_NAME psa_arch_tests