TF-M Platform Security Architecture Test Sample

Overview

Run PSA test suites tests with Zephyr and TFM.

The PSA tests are implemented in the psa-arch-tests repo: https://github.com/ARM-software/psa-arch-tests

This sample is supported for platforms that have a port in psa-arch-tests. See sample.yaml for a list of supported platforms.

Building and Running

You must choose a suite via the CONFIG_TFM_PSA_TEST_* configs.

Only one of these suites can be run at a time, with the test suite set via one of the following kconfig options:

  • CONFIG_TFM_PSA_TEST_CRYPTO

  • CONFIG_TFM_PSA_TEST_PROTECTED_STORAGE

  • CONFIG_TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGE

  • CONFIG_TFM_PSA_TEST_STORAGE

  • CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION

You can indicate the desired test suite at build time via a config flag:

$ west build samples/tfm_integration/tfm_psa_test/ \
  -p -b mps2/an521/cpu0/ns -t run -- \
  -DCONFIG_TFM_PSA_TEST_STORAGE=y

Note that not all test suites are valid on all boards.

On Target

Refer to TF-M IPC for detailed instructions.

On QEMU:

Refer to TF-M IPC for detailed instructions. Following is an example based on west build

$ west build samples/tfm_integration/tfm_psa_test/ -p -b mps2/an521/cpu0/ns -t run -- -DCONFIG_TFM_PSA_TEST_STORAGE=y

Sample Output

*** Booting Zephyr OS build zephyr-v2.5.0-456-g06f4da459a99  ***

***** PSA Architecture Test Suite - Version 1.0 *****

Running.. Storage Suite
******************************************

TEST: 401 | DESCRIPTION: UID not found check
[Info] Executing tests from non-secure

[Info] Executing ITS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5

[Info] Executing PS tests
[Check 1] Call get API for UID 6 which is not set
[Check 2] Call get_info API for UID 6 which is not set
[Check 3] Call remove API for UID 6 which is not set
[Check 4] Call get API for UID 6 which is removed
[Check 5] Call get_info API for UID 6 which is removed
[Check 6] Call remove API for UID 6 which is removed
Set storage for UID 6
[Check 7] Call get API for different UID 5
[Check 8] Call get_info API for different UID 5
[Check 9] Call remove API for different UID 5

TEST RESULT: PASSED

******************************************

[...]

TEST: 417 | DESCRIPTION: Storage assest capacity modification check
[Info] Executing tests from non-secure

[Info] Executing PS tests
Test Case skipped as Optional PS APIs not are supported.

TEST RESULT: SKIPPED (Skip Code=0x0000002B)

******************************************

************ Storage Suite Report **********
TOTAL TESTS     : 17
TOTAL PASSED    : 11
TOTAL SIM ERROR : 0
TOTAL FAILED    : 0
TOTAL SKIPPED   : 6
******************************************

Entering standby..