TF-M: Platform security architecture test
The TF-M platform security architecture test sample provides a basis for validating compliance with PSA Certified requirements using the Arm® Platform Security Architecture (PSA) test suites.
Requirements
The test supports the following development kits:
Hardware platforms |
PCA |
Board name |
Build target |
|---|---|---|---|
PCA10095 |
|
||
PCA10090 |
|
Overview
The PSA tests are implemented in the psa-arch-tests repo: https://github.com/ARM-software/psa-arch-tests. Run PSA test suites tests with Zephyr and TFM.
To choose a test suite, use the CONFIG_TFM_PSA_TEST_* Kconfig options.
Only one of these suites can be run at a time.
Configuration
The following Kconfig options can be used to choose a test suite:
See Configuring your application for information about how to permanently or temporarily change the configuration.
Building and running
This test can be found under tests/tfm/tfm_psa_test/ in the nRF Connect SDK folder structure.
See Building on the command line for information about how to build and program the tests.
You can indicate the desired test suite by using a configuration flag when building (replace <build_target> with your board name, for example nrf5340dk_nrf5340_cpuapp_ns):
west build -b <build_target> nrf/tests/tfm/tfm_psa_test -- -DCONFIG_TFM_PSA_TEST_STORAGE=y
Note that not all test suites are valid on all boards.
Output
*** Booting Zephyr OS build zephyr-v2.5.0-456-g06f4da459a99 *** ***** PSA Architecture Test Suite - Version 1.0 ***** Running.. Storage Suite ****************************************** TEST: 401 | DESCRIPTION: UID not found check [Info] Executing tests from non-secure [Info] Executing ITS tests [Check 1] Call get API for UID 6 which is not set [Check 2] Call get_info API for UID 6 which is not set [Check 3] Call remove API for UID 6 which is not set [Check 4] Call get API for UID 6 which is removed [Check 5] Call get_info API for UID 6 which is removed [Check 6] Call remove API for UID 6 which is removed Set storage for UID 6 [Check 7] Call get API for different UID 5 [Check 8] Call get_info API for different UID 5 [Check 9] Call remove API for different UID 5 [Info] Executing PS tests [Check 1] Call get API for UID 6 which is not set [Check 2] Call get_info API for UID 6 which is not set [Check 3] Call remove API for UID 6 which is not set [Check 4] Call get API for UID 6 which is removed [Check 5] Call get_info API for UID 6 which is removed [Check 6] Call remove API for UID 6 which is removed Set storage for UID 6 [Check 7] Call get API for different UID 5 [Check 8] Call get_info API for different UID 5 [Check 9] Call remove API for different UID 5 TEST RESULT: PASSED ****************************************** [...] TEST: 417 | DESCRIPTION: Storage assest capacity modification check [Info] Executing tests from non-secure [Info] Executing PS tests Test Case skipped as Optional PS APIs not are supported. TEST RESULT: SKIPPED (Skip Code=0x0000002B) ****************************************** ************ Storage Suite Report ********** TOTAL TESTS : 17 TOTAL PASSED : 11 TOTAL SIM ERROR : 0 TOTAL FAILED : 0 TOTAL SKIPPED : 6 ****************************************** Entering standby..