Build: Add option to enable or disable Audit Log
Adds a build option that makes it possible to enable or disable the
TF-M Audit Log partition. The option TFM_PARTITION_AUDIT_LOG can be
provided in the CMake configure command, and is enabled by default if
not supplied.
Change-Id: Ib60f22aeb62652e34a1ac43a61154288e6d989b3
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index 668906b..6bb1f4f 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -115,6 +115,8 @@
set (TFM_LEGACY_API ON)
set (CORE_TEST_IPC OFF)
+option(TFM_PARTITION_AUDIT_LOG "Enable the TF-M Audit Log partition" ON)
+
if(${TARGET_PLATFORM} STREQUAL "AN521" OR ${TARGET_PLATFORM} STREQUAL "AN519")
set (REFERENCE_PLATFORM ON)
endif()
@@ -183,10 +185,6 @@
set(TFM_PARTITION_TEST_SECURE_SERVICES ON)
endif()
-if (TFM_PARTITION_TEST_SECURE_SERVICES)
- add_definitions(-DTFM_PARTITION_TEST_SECURE_SERVICES)
-endif()
-
if (SERVICE_TEST_NS)
add_definitions(-DSERVICES_TEST_NS)
set(TEST_FRAMEWORK_NS ON)
@@ -200,10 +198,22 @@
add_definitions(-DTEST_FRAMEWORK_NS)
endif()
+if (CORE_IPC)
+ set(TFM_PARTITION_AUDIT_LOG OFF)
+endif()
+
+if (TFM_PARTITION_AUDIT_LOG)
+ add_definitions(-DTFM_PARTITION_AUDIT_LOG)
+endif()
+
if (TFM_PARTITION_TEST_CORE)
add_definitions(-DTFM_PARTITION_TEST_CORE)
endif()
+if (TFM_PARTITION_TEST_SECURE_SERVICES)
+ add_definitions(-DTFM_PARTITION_TEST_SECURE_SERVICES)
+endif()
+
if (PSA_API_TEST)
add_definitions(-DPSA_API_TEST_NS)
set(PSA_API_TEST_NS ON)
@@ -294,4 +304,4 @@
set(MBEDTLS_C_FLAGS_BL2 "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"config-boot.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/bl2/ext/mcuboot/include")
if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
string(APPEND MBEDTLS_C_FLAGS_BL2 " -DMCUBOOT_SIGN_RSA_LEN=3072")
-endif()
\ No newline at end of file
+endif()
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 4e1e4fd..7ed68c8 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -38,19 +38,26 @@
message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
endif ()
+if (NOT DEFINED TFM_PARTITION_AUDIT_LOG)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_AUDIT_LOG is undefined.")
+endif()
+
set(NS_APP_SRC "${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Config/RTX_Config.c"
"${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Source/rtx_lib.c"
"${APP_DIR}/main_ns.c"
"${APP_DIR}/tfm_integ_test.c"
"${APP_DIR}/os_wrapper_rtx.c"
"${INTERFACE_DIR}/src/tfm_sst_api.c"
- "${INTERFACE_DIR}/src/tfm_audit_api.c"
"${INTERFACE_DIR}/src/tfm_crypto_api.c"
"${INTERFACE_DIR}/src/tfm_platform_api.c"
"${INTERFACE_DIR}/src/tfm_initial_attestation_api.c"
"${INTERFACE_DIR}/src/tfm_ns_lock_rtx.c"
)
+if (TFM_PARTITION_AUDIT_LOG)
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_audit_api.c")
+endif()
+
if (NOT DEFINED TFM_NS_CLIENT_IDENTIFICATION)
message(FATAL_ERROR "Incomplete build configuration: TFM_NS_CLIENT_IDENTIFICATION is undefined.")
elseif (TFM_NS_CLIENT_IDENTIFICATION)
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 1bbaf76..c365bbf 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -23,12 +23,14 @@
psa_status_t tfm_tfm_sst_remove_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_sst_get_support_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
psa_status_t tfm_audit_core_retrieve_record_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_audit_core_add_record_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_audit_core_get_info_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_audit_core_get_record_info_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_audit_core_delete_record_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
psa_status_t tfm_tfm_crypto_allocate_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct
index be87a0b..802d2c2 100644
--- a/platform/ext/common/armclang/tfm_common_s.sct
+++ b/platform/ext/common/armclang/tfm_common_s.sct
@@ -54,10 +54,12 @@
*(TFM_SP_STORAGE_ATTR_FN)
}
+#ifdef TFM_PARTITION_AUDIT_LOG
TFM_SP_AUDIT_LOG +0 ALIGN 32 {
*tfm_audit* (+RO)
*(TFM_SP_AUDIT_LOG_ATTR_FN)
}
+#endif /* TFM_PARTITION_AUDIT_LOG */
TFM_SP_CRYPTO +0 ALIGN 32 {
*tfm_crypto* (+RO)
@@ -194,6 +196,7 @@
}
#endif
+#ifdef TFM_PARTITION_AUDIT_LOG
TFM_SP_AUDIT_LOG_DATA +0 ALIGN 32 {
*tfm_audit* (+RW +ZI)
}
@@ -205,6 +208,7 @@
TFM_SP_AUDIT_LOG_STACK +0 ALIGN 128 EMPTY 0x0200 {
}
#endif
+#endif /* TFM_PARTITION_AUDIT_LOG */
TFM_SP_CRYPTO_DATA +0 ALIGN 32 {
*tfm_crypto* (+RW +ZI)
diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld
index fa31129..a6317b1 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld
+++ b/platform/ext/common/gcc/tfm_common_s.ld
@@ -72,9 +72,11 @@
LONG (LOADADDR(.TFM_SP_STORAGE_DATA))
LONG (ADDR(.TFM_SP_STORAGE_DATA))
LONG (SIZEOF(.TFM_SP_STORAGE_DATA))
+#ifdef TFM_PARTITION_AUDIT_LOG
LONG (LOADADDR(.TFM_SP_AUDIT_LOG_DATA))
LONG (ADDR(.TFM_SP_AUDIT_LOG_DATA))
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_DATA))
+#endif /* TFM_PARTITION_AUDIT_LOG */
LONG (LOADADDR(.TFM_SP_CRYPTO_DATA))
LONG (ADDR(.TFM_SP_CRYPTO_DATA))
LONG (SIZEOF(.TFM_SP_CRYPTO_DATA))
@@ -132,12 +134,14 @@
LONG (ADDR(.TFM_SP_STORAGE_STACK))
LONG (SIZEOF(.TFM_SP_STORAGE_STACK))
#endif
+#ifdef TFM_PARTITION_AUDIT_LOG
LONG (ADDR(.TFM_SP_AUDIT_LOG_BSS))
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_BSS))
#if defined(TFM_PSA_API) || (TFM_LVL != 1)
LONG (ADDR(.TFM_SP_AUDIT_LOG_STACK))
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_STACK))
#endif
+#endif /* TFM_PARTITION_AUDIT_LOG */
LONG (ADDR(.TFM_SP_CRYPTO_BSS))
LONG (SIZEOF(.TFM_SP_CRYPTO_BSS))
#if defined(TFM_PSA_API) || (TFM_LVL != 1)
@@ -246,6 +250,7 @@
Image$$TFM_SP_STORAGE$$Base = ADDR(.TFM_SP_STORAGE);
Image$$TFM_SP_STORAGE$$Limit = ADDR(.TFM_SP_STORAGE) + SIZEOF(.TFM_SP_STORAGE);
+#ifdef TFM_PARTITION_AUDIT_LOG
.TFM_SP_AUDIT_LOG : ALIGN(32)
{
*tfm_audit*:*(.text*)
@@ -257,6 +262,7 @@
Image$$TFM_SP_AUDIT_LOG$$RO$$Limit = ADDR(.TFM_SP_AUDIT_LOG) + SIZEOF(.TFM_SP_AUDIT_LOG);
Image$$TFM_SP_AUDIT_LOG$$Base = ADDR(.TFM_SP_AUDIT_LOG);
Image$$TFM_SP_AUDIT_LOG$$Limit = ADDR(.TFM_SP_AUDIT_LOG) + SIZEOF(.TFM_SP_AUDIT_LOG);
+#endif /* TFM_PARTITION_AUDIT_LOG */
.TFM_SP_CRYPTO : ALIGN(32)
{
@@ -547,6 +553,7 @@
#endif
+#ifdef TFM_PARTITION_AUDIT_LOG
.TFM_SP_AUDIT_LOG_DATA : ALIGN(32)
{
*tfm_audit*:*(.data*)
@@ -575,6 +582,7 @@
Image$$TFM_SP_AUDIT_LOG_STACK$$ZI$$Limit = ADDR(.TFM_SP_AUDIT_LOG_STACK) + SIZEOF(.TFM_SP_AUDIT_LOG_STACK);
#endif
+#endif /* TFM_PARTITION_AUDIT_LOG */
.TFM_SP_CRYPTO_DATA : ALIGN(32)
{
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 75a0a5e..bf41f38 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -31,6 +31,10 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
+if (NOT DEFINED TFM_PARTITION_AUDIT_LOG)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_AUDIT_LOG is undefined.")
+endif()
+
include(${SECURE_FW_DIR}/spm/CMakeLists.inc)
include(${SECURE_FW_DIR}/ns_callable/CMakeLists.inc)
#Involve all IPC related sources in ipc's CMakeLists.inc, and switch core between IPC and Library.
@@ -146,10 +150,12 @@
add_dependencies(${EXE_NAME} tfm_crypto)
add_dependencies(${EXE_NAME} tfm_storage)
- add_dependencies(${EXE_NAME} tfm_audit)
add_dependencies(${EXE_NAME} tfm_platform)
add_dependencies(${EXE_NAME} tfm_secure_tests)
add_dependencies(${EXE_NAME} tfm_attest)
+ if (TFM_PARTITION_AUDIT_LOG)
+ add_dependencies(${EXE_NAME} tfm_audit)
+ endif()
#Set macro definitions for the project.
embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} ${DEBUG_AUTHENTICATION} APPEND)
@@ -166,20 +172,27 @@
#FIXME Remove the explicit load and the above comment once the secure client
#test partition uses the generated veneers.
if((${COMPILER} STREQUAL "ARMCLANG") AND (NOT TFM_PSA_API))
- target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_platform $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_attest)
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_platform tfm_attest)
endif()
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_secure_tests tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_platform tfm_secure_tests tfm_attest)
endif()
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_platform tfm_attest)
endif()
+ if (TFM_PARTITION_AUDIT_LOG)
+ target_link_libraries(${EXE_NAME} tfm_audit)
+ endif()
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
+ if (TFM_PARTITION_AUDIT_LOG)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_AUDIT_LOG")
+ endif()
+
if (NOT DEFINED TFM_PARTITION_TEST_CORE)
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
elseif (TFM_PARTITION_TEST_CORE)
@@ -278,15 +291,17 @@
#Add the secure storage library target
add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
-#Add the audit logging library target
-add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
-
#Add the platform service library target
add_subdirectory(${SECURE_FW_DIR}/services/platform)
#Add the initial attestation service library target
add_subdirectory(${SECURE_FW_DIR}/services/initial_attestation)
+#Add the audit logging library target
+if (TFM_PARTITION_AUDIT_LOG)
+ add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
+endif()
+
if (LINK_TO_BOTH_MEMORY_REGION)
#Link to primary memory region
set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index c60c996..91f803a 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -24,9 +24,12 @@
endif()
set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c")
+if (TFM_PARTITION_AUDIT_LOG)
+ list(APPEND SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c")
+endif()
+
if (TFM_PSA_API)
list(APPEND SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_psa_api_veneers.c")
endif()
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index d1cb113..3519af6 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -17,12 +17,14 @@
psa_status_t tfm_sst_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_get_support_req(psa_invec *, size_t, psa_outvec *, size_t);
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
psa_status_t audit_core_retrieve_record(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_add_record(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_get_info(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_get_record_info(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_delete_record(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
psa_status_t tfm_crypto_allocate_key(psa_invec *, size_t, psa_outvec *, size_t);
@@ -125,12 +127,14 @@
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_remove_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_support_req)
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_retrieve_record)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_add_record)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_info)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_record_info)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_delete_record)
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_allocate_key)
diff --git a/secure_fw/services/audit_logging/CMakeLists.inc b/secure_fw/services/audit_logging/CMakeLists.inc
index ef491e7..31c401f 100644
--- a/secure_fw/services/audit_logging/CMakeLists.inc
+++ b/secure_fw/services/audit_logging/CMakeLists.inc
@@ -20,32 +20,23 @@
#Get the current directory where this file is located.
set(AUDIT_LOGGING_DIR ${CMAKE_CURRENT_LIST_DIR})
-#Check input variables
-if (NOT DEFINED ENABLE_AUDIT_LOGGING)
- message(FATAL_ERROR "Incomplete build configuration: ENABLE_AUDIT_LOGGING is undefined. ")
+if (NOT DEFINED TFM_ROOT_DIR)
+ message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-if (ENABLE_AUDIT_LOGGING)
- if (NOT DEFINED TFM_ROOT_DIR)
- message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
- endif()
+set (AUDIT_LOGGING_C_SRC
+ "${AUDIT_LOGGING_DIR}/tfm_audit_secure_api.c"
+ "${AUDIT_LOGGING_DIR}/audit_core.c"
+ "${AUDIT_LOGGING_DIR}/audit_wrappers.c"
+)
- set (AUDIT_LOGGING_C_SRC
- "${AUDIT_LOGGING_DIR}/tfm_audit_secure_api.c"
- "${AUDIT_LOGGING_DIR}/audit_core.c"
- "${AUDIT_LOGGING_DIR}/audit_wrappers.c"
- )
+#Append all our source files to global lists.
+list(APPEND ALL_SRC_C ${AUDIT_LOGGING_C_SRC})
+unset(AUDIT_LOGGING_C_SRC)
- #Append all our source files to global lists.
- list(APPEND ALL_SRC_C ${AUDIT_LOGGING_C_SRC})
- unset(AUDIT_LOGGING_C_SRC)
-
- #Setting include directories
- embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
-else()
- message(FATAL_ERROR "Build system currently doesn't support selectively disabling of a service.")
-endif()
+#Setting include directories
+embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
diff --git a/secure_fw/services/audit_logging/CMakeLists.txt b/secure_fw/services/audit_logging/CMakeLists.txt
index e7bfa82..d67c854 100644
--- a/secure_fw/services/audit_logging/CMakeLists.txt
+++ b/secure_fw/services/audit_logging/CMakeLists.txt
@@ -23,7 +23,6 @@
get_filename_component(TFM_ROOT_DIR "${AUDIT_LOGGING_DIR}/../../.." ABSOLUTE)
###Get the definition of what files we need to build
-set (ENABLE_AUDIT_LOGGING ON)
include(CMakeLists.inc)
if (NOT DEFINED TFM_LVL)
diff --git a/secure_fw/services/tfm_partition_defs.inc b/secure_fw/services/tfm_partition_defs.inc
index ab0cb28..e7b20e6 100644
--- a/secure_fw/services/tfm_partition_defs.inc
+++ b/secure_fw/services/tfm_partition_defs.inc
@@ -12,7 +12,9 @@
#define TFM_SP_STORAGE_ID (TFM_SP_BASE + 0)
+#ifdef TFM_PARTITION_AUDIT_LOG
#define TFM_SP_AUDIT_LOG_ID (TFM_SP_BASE + 1)
+#endif /* TFM_PARTITION_AUDIT_LOG */
#define TFM_SP_CRYPTO_ID (TFM_SP_BASE + 2)
diff --git a/secure_fw/services/tfm_partition_list.inc b/secure_fw/services/tfm_partition_list.inc
index f5edad6..f78052a 100644
--- a/secure_fw/services/tfm_partition_list.inc
+++ b/secure_fw/services/tfm_partition_list.inc
@@ -16,6 +16,7 @@
, "PSA-ROT", 0x00000100, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_STORAGE, tfm_sst_req_mngr_init);
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
PARTITION_DECLARE(TFM_SP_AUDIT_LOG, 0
, "PSA-ROT", 0x00000101, NORMAL);
@@ -23,6 +24,7 @@
#ifdef AUDIT_UART_REDIRECTION
PARTITION_ADD_PERIPHERAL(TFM_SP_AUDIT_LOG, TFM_PERIPHERAL_UART1);
#endif /* AUDIT_UART_REDIRECTION */
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
PARTITION_DECLARE(TFM_SP_CRYPTO, 0
diff --git a/test/CMakeLists.inc b/test/CMakeLists.inc
index ffc662c..0afe041 100644
--- a/test/CMakeLists.inc
+++ b/test/CMakeLists.inc
@@ -23,16 +23,27 @@
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
+if (NOT DEFINED ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
+ message(FATAL_ERROR "Incomplete build configuration: ENABLE_AUDIT_LOGGING_SERVICE_TESTS is undefined.")
+endif()
+
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
-# add the framework
+
+# Include the test framework
include(${CMAKE_CURRENT_LIST_DIR}/framework/CMakeLists.inc)
+
+# Include the test suites
include(${CMAKE_CURRENT_LIST_DIR}/suites/core/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/invert/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/sst/CMakeLists.inc)
-include(${CMAKE_CURRENT_LIST_DIR}/suites/audit/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/crypto/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/attestation/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/qcbor/CMakeLists.inc)
-include(${CMAKE_CURRENT_LIST_DIR}/test_services/CMakeLists.inc)
include(${CMAKE_CURRENT_LIST_DIR}/suites/ipc/CMakeLists.inc)
+if (ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
+ include(${CMAKE_CURRENT_LIST_DIR}/suites/audit/CMakeLists.inc)
+endif()
+
+# Include the test partitions
+include(${CMAKE_CURRENT_LIST_DIR}/test_services/CMakeLists.inc)
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 8f3fdf5..75ccb07 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -37,6 +37,10 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
+if (NOT DEFINED TFM_PARTITION_AUDIT_LOG)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_AUDIT_LOG is undefined.")
+endif()
+
#Configure our options as needed.
if (CORE_TEST_INTERACTIVE OR CORE_TEST_POSITIVE)
set(ENABLE_CORE_TESTS True)
@@ -52,6 +56,15 @@
set(ENABLE_INVERT_SERVICE_TESTS TRUE)
set(ENABLE_ATTESTATION_SERVICE_TESTS TRUE)
set(ENABLE_QCBOR_TESTS TRUE)
+
+if (NOT TFM_PARTITION_AUDIT_LOG)
+ set(ENABLE_AUDIT_LOGGING_SERVICE_TESTS FALSE)
+endif()
+
+if (ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
+ set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
+endif()
+
include(${CMAKE_CURRENT_LIST_DIR}/CMakeLists.inc)
if (NOT TARGET tfm_t_cose_verify)
diff --git a/test/framework/non_secure_suites.c b/test/framework/non_secure_suites.c
index ba37848..e0f9d13 100644
--- a/test/framework/non_secure_suites.c
+++ b/test/framework/non_secure_suites.c
@@ -55,8 +55,10 @@
* FixMe: skip below test cases temporary since target service is not
* IPC compatible yet.
*/
+#ifdef ENABLE_AUDIT_LOGGING_SERVICE_TESTS
/* Non-secure Audit Logging test cases */
{®ister_testsuite_ns_audit_interface, 0, 0, 0},
+#endif
#endif
diff --git a/test/framework/secure_suites.c b/test/framework/secure_suites.c
index 3c86fa2..8eda21f 100644
--- a/test/framework/secure_suites.c
+++ b/test/framework/secure_suites.c
@@ -46,8 +46,10 @@
* FixMe: since the following partitions haven't implement the IPC model,
* they will block the process. Skip them in IPC model.
*/
+#ifdef ENABLE_AUDIT_LOGGING_SERVICE_TESTS
/* Secure Audit Logging test cases */
{®ister_testsuite_s_audit_interface, 0, 0, 0},
+#endif
#endif
diff --git a/test/suites/audit/CMakeLists.inc b/test/suites/audit/CMakeLists.inc
index 5231381..b1a8f46 100644
--- a/test/suites/audit/CMakeLists.inc
+++ b/test/suites/audit/CMakeLists.inc
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -24,13 +24,9 @@
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-if (NOT DEFINED ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
- message(FATAL_ERROR "Incomplete build configuration: ENABLE_AUDIT_LOGGING_SERVICE_TESTS is undefined. ")
-elseif(ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
- list(APPEND ALL_SRC_C_S "${AUDIT_LOGGING_TEST_DIR}/secure/audit_s_interface_testsuite.c")
- list(APPEND ALL_SRC_C_NS "${AUDIT_LOGGING_TEST_DIR}/non_secure/audit_ns_interface_testsuite.c")
+list(APPEND ALL_SRC_C_S "${AUDIT_LOGGING_TEST_DIR}/secure/audit_s_interface_testsuite.c")
+list(APPEND ALL_SRC_C_NS "${AUDIT_LOGGING_TEST_DIR}/non_secure/audit_ns_interface_testsuite.c")
- #Setting include directories
- embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
-endif()
+#Setting include directories
+embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
diff --git a/tools/tfm_manifest_list.yaml b/tools/tfm_manifest_list.yaml
index 835b5f2..d01f5b7 100644
--- a/tools/tfm_manifest_list.yaml
+++ b/tools/tfm_manifest_list.yaml
@@ -23,6 +23,7 @@
"name": "TFM Audit Log Service",
"short_name": "TFM_Audit_Log",
"manifest": "secure_fw/services/audit_logging/manifest.yaml",
+ "conditional": "TFM_PARTITION_AUDIT_LOG",
"tfm_extensions": true,
"version_major": 0,
"version_minor": 1