The ADAC specification defines the protocol that allows a target to securely authenticate a debug host. The specification targets software-only layers that are above the physical debug link.
The ADAC test suite checks if a device-side implementation conforms to the behavior described in the ADAC specification. The tests are self-checking, portable C-based tests with directed stimulus. The tests are expected to run on the host platform only. The tests drive the commands from the host platform through the debug link and verify the response obtained from the target platform.
The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2.0 license allowing for external contribution.
Release Version - 0.6
Code Quality: Alpha
The suite is in development. This indicates that the suite contains tests that have not been validated on any hardware platform. You can suggest enhancements and point out errors.
The ADAC tests are written for version Beta of the ADAC specification.
This test suite is not a substitute for design verification.
ADAC tests use a layered software-stack approach to enable porting across different test platforms. The constituents of the layered stack are:
These tests are written on top of VAL and PAL.
The abstraction layers provide platform information and runtime environment to enable execution of the tests.
In this release, PAL implementation uses Unix sockets as the link layer for sending commands and receiving responses.
You can also write your own abstraction layer implementations to allow ADAC tests to be run in other host platforms and support the debug link layer.
The mapping of the rules in the specification to the test cases and the steps followed in the tests are mentioned in the Scenario document present in the docs/ folder.
Follow the instructions in the subsequent sections to get a copy of the source code on your local machine and build the tests.
See Arm Authenticated Debug Access Control Test Suite User guide document to get details on the steps involved in porting the test suite to your platform. This test suite is provided as a separate directory within the psa-arch-tests repository.
Before starting the test suite build, ensure that the following requirements are met:
To download the master branch of the repository, type the following command:
git clone https://github.com/ARM-software/psa-arch-tests.git
To download the main branch of the psa-adac repository, type the following command:
git clone git@github.com:ARMmbed/psa-adac.git
Note: To obtain the access to the psa-adac repository and some of its dependent submodules, Arm Licensees may contact Arm through their partner managers.
See the Porting Guide document for porting steps for your host platform. See the User Guide document in the docs folder for additional details.
To build ADAC test suite for a given host platform, execute the following commands:
cd psa-arch-tests/secure-debug
git clone git@github.com:ARMmbed/psa-adac.git --recurse-submodules
cp adac_ats_alpha1.patch psa-adac/.
cd psa-adac/
git apply adac_ats_alpha1.patch
cd ..
mkdir <host_build_dir>
cd <host_build_dir>
cmake ../ -G<generator-name> -DTARGET=<target-name> -DSUITE=<suite-selection>
where:
- <generator-name> "Unix Makefiles" - to generate Makefiles for Linux and Cygwin
"MinGW Makefiles" - to generate Makefiles for cmd.exe on Windows
- <target-name> target to build, as created in the platform/hosts directory
- <suite-selection> ADAC - specify the ADAC suite
To build project
cmake --build .
To clean
cmake --build . -- clean
For example:
cmake ../ -G"Unix Makefiles" -DTARGET=hst_sdbg_stdc -DSUITE=ADAC
cmake --build .
Note: It is recommended to build different build configurations in separate directories.
The following ADAC test suite build outputs are available under host build directory, as created.
- psa_adac_test executable - val and platform layer libraries
The current release provides a reference implementation of ADAC target which communicates with the host platform using Unix sockets. To execute the test suite, follow the steps below:
cd psa-arch-tests/secure-debug/psa-adac make native
To launch the target to run as a server instance, run the target executable in another terminal as shown:
cd psa-arch-tests/secure-debug/psa-adac ./build/native/Debug/psa_adac_server coms.socket tools/test/resources/chains/chain.EcdsaP256-3
To run the test suite, execute the following command from your host build directory <host_build_dir>:
./psa_adac_test ../psa-adac/tools/test/resources/keys/EcdsaP256Key-3.pem \../psa-adac/tools/test/resources/chains/chain.EcdsaP256-3 ../psa-adac/coms.socket
Note:
ADAC test suite may run at higher privilege level. An attacker can utilize these tests to elevate privilege which can potentially reveal the platform Secure attests. To prevent such security vulnerabilities into the production system, it is recommended that ADAC test suite is run on development platforms. If it is run on production system, make sure system is scrubbed after running the test suite.
Arm ADAC Architecture test suite is distributed under Apache v2.0 License. The psa-adac code repository is distributed under BSD-3-Clause License.
Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.