TF-M Platform Security Architecture Test Sample
Overview
Run PSA test suites tests with Zephyr and TFM.
The PSA tests are implemented in the psa-arch-tests repo: https://github.com/ARM-software/psa-arch-tests
This sample is supported for platforms that have a port in psa-arch-tests. See sample.yaml for a list of supported platforms.
Building and Running
You must choose a suite via the CONFIG_TFM_PSA_TEST_* configs.
Only one of these suites can be run at a time, with the test suite set via one of the following kconfig options:
CONFIG_TFM_PSA_TEST_CRYPTOCONFIG_TFM_PSA_TEST_PROTECTED_STORAGECONFIG_TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGECONFIG_TFM_PSA_TEST_STORAGECONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION
You can indicate the desired test suite at build time via a config flag:
$ west build samples/tfm_integration/tfm_psa_test/ \ -p -b mps2_an521_ns -t run -- \ -DCONFIG_TFM_PSA_TEST_STORAGE=y
Note that not all test suites are valid on all boards.
On Target
Refer to TF-M IPC for detailed instructions.
On QEMU:
Refer to TF-M IPC for detailed instructions.
Following is an example based on west build
$ west build samples/tfm_integration/tfm_psa_test/ -p -b mps2_an521_ns -t run -- -DCONFIG_TFM_PSA_TEST_STORAGE=y
Sample Output
*** Booting Zephyr OS build zephyr-v2.5.0-456-g06f4da459a99 *** ***** PSA Architecture Test Suite - Version 1.0 ***** Running.. Storage Suite ****************************************** TEST: 401 | DESCRIPTION: UID not found check [Info] Executing tests from non-secure [Info] Executing ITS tests [Check 1] Call get API for UID 6 which is not set [Check 2] Call get_info API for UID 6 which is not set [Check 3] Call remove API for UID 6 which is not set [Check 4] Call get API for UID 6 which is removed [Check 5] Call get_info API for UID 6 which is removed [Check 6] Call remove API for UID 6 which is removed Set storage for UID 6 [Check 7] Call get API for different UID 5 [Check 8] Call get_info API for different UID 5 [Check 9] Call remove API for different UID 5 [Info] Executing PS tests [Check 1] Call get API for UID 6 which is not set [Check 2] Call get_info API for UID 6 which is not set [Check 3] Call remove API for UID 6 which is not set [Check 4] Call get API for UID 6 which is removed [Check 5] Call get_info API for UID 6 which is removed [Check 6] Call remove API for UID 6 which is removed Set storage for UID 6 [Check 7] Call get API for different UID 5 [Check 8] Call get_info API for different UID 5 [Check 9] Call remove API for different UID 5 TEST RESULT: PASSED ****************************************** [...] TEST: 417 | DESCRIPTION: Storage assest capacity modification check [Info] Executing tests from non-secure [Info] Executing PS tests Test Case skipped as Optional PS APIs not are supported. TEST RESULT: SKIPPED (Skip Code=0x0000002B) ****************************************** ************ Storage Suite Report ********** TOTAL TESTS : 17 TOTAL PASSED : 11 TOTAL SIM ERROR : 0 TOTAL FAILED : 0 TOTAL SKIPPED : 6 ****************************************** Entering standby..