Merge "feat(tc): add delegated attest and measurement tests" into integration

plat/arm/board/tc/include/platform_def.h

@@ -101,7 +101,7 @@
  * PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
  * plus a little space for growth.
  */
-#define PLAT_ARM_MAX_BL1_RW_SIZE	0xD000
+#define PLAT_ARM_MAX_BL1_RW_SIZE	0x12000
 
 /*
  * PLAT_ARM_MAX_ROMLIB_RW_SIZE is define to use a full page
@@ -129,7 +129,7 @@
  * BL2 and BL1-RW. Current size is considering that TRUSTED_BOARD_BOOT and
  * MEASURED_BOOT is enabled.
  */
-#define PLAT_ARM_MAX_BL31_SIZE		0x47000
+#define PLAT_ARM_MAX_BL31_SIZE		0x60000
 
 /*
  * Size of cacheable stacks
@@ -152,7 +152,7 @@
 # if SPM_MM
 #  define PLATFORM_STACK_SIZE		0x500
 # else
-#  define PLATFORM_STACK_SIZE		0x400
+#  define PLATFORM_STACK_SIZE		0xa00
 # endif
 #elif defined(IMAGE_BL32)
 # define PLATFORM_STACK_SIZE		0x440

plat/arm/board/tc/include/tc_plat.h

@@ -9,4 +9,8 @@
 
 void tc_bl31_common_platform_setup(void);
 
+#ifdef PLATFORM_TEST
+void run_platform_tests(void);
+#endif
+
 #endif /* TC_PLAT_H */

plat/arm/board/tc/plat_tc_mbedtls_config.h

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PLAT_TC_MBEDTLS_CONFIG_H
+#define PLAT_TC_MBEDTLS_CONFIG_H
+
+#include <mbedtls_config.h>
+#include <export/lib/utils_def_exp.h>
+
+#ifndef TF_MBEDTLS_HEAP_SIZE
+#error TF_MBEDTLS_HEAP_SIZE is not defined
+#else
+#define PLATFORM_TEST_MIN_MBEDTLS_HEAP_SIZE	(8 * 1024)
+/* Only change heap size if it is less then the minimum required. */
+#if TF_MBEDTLS_HEAP_SIZE < PLATFORM_TEST_MIN_MBEDTLS_HEAP_SIZE
+#undef TF_MBEDTLS_HEAP_SIZE
+#define TF_MBEDTLS_HEAP_SIZE	PLATFORM_TEST_MIN_MBEDTLS_HEAP_SIZE
+#endif
+#endif
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_TEST_NULL_ENTROPY
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+
+#endif /* PLAT_TC_MBEDTLS_CONFIG_H */

plat/arm/board/tc/platform.mk

@@ -193,6 +193,11 @@ PLAT_INCLUDES		+=	-Iinclude/lib/psa
 
 endif
 
+# Add this include as first, before arm_common.mk. This is necessary because
+# arm_common.mk builds Mbed TLS, and platform_test.mk can change the list of
+# Mbed TLS files that are to be compiled (LIBMBEDTLS_SRCS).
+include plat/arm/board/tc/platform_test.mk
+
 include plat/arm/common/arm_common.mk
 include plat/arm/css/common/css_common.mk
 include plat/arm/soc/common/soc_css.mk

plat/arm/board/tc/platform_test.mk

@@ -0,0 +1,80 @@
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+ifeq (${PLATFORM_TEST},1)
+
+    # The variables need to be set to compile the platform test:
+    ifeq (${TF_M_TESTS_PATH},)
+        # Example: ../rss/tf-m-tests
+        $(error Error: TF_M_TESTS_PATH not set)
+    endif
+    ifeq (${TF_M_EXTRAS_PATH},)
+        # Example: ../rss/tf-m-extras
+        $(error Error: TF_M_EXTRAS_PATH not set)
+    endif
+    ifeq (${MEASUREMENT_VALUE_SIZE},)
+        MEASUREMENT_VALUE_SIZE	:=	32
+    endif
+    ifeq (${MEASURED_BOOT_HASH_ALG},)
+        MEASURED_BOOT_HASH_ALG	:=	"PSA_ALG_SHA_256"
+    endif
+
+    DELEGATED_ATTEST_TESTS_PATH	=	$(TF_M_EXTRAS_PATH)/partitions/delegated_attestation/test
+    MEASURED_BOOT_TESTS_PATH	=	$(TF_M_EXTRAS_PATH)/partitions/measured_boot/test
+
+    MBEDTLS_CONFIG_FILE		=	"<plat_tc_mbedtls_config.h>"
+
+    LIBMBEDTLS_SRCS		+= 	$(addprefix ${MBEDTLS_DIR}/library/,	\
+					entropy.c				\
+					entropy_poll.c				\
+					hmac_drbg.c				\
+					psa_crypto.c				\
+					psa_crypto_client.c			\
+					psa_crypto_driver_wrappers.c		\
+					psa_crypto_hash.c			\
+					psa_crypto_rsa.c			\
+					psa_crypto_ecp.c			\
+					psa_crypto_slot_management.c		\
+					)
+
+    BL31_SOURCES	+=	${RSS_COMMS_SOURCES} 				\
+				plat/arm/common/arm_dyn_cfg.c 			\
+				${TC_BASE}/rss_ap_tests.c 			\
+				${TC_BASE}/rss_ap_testsuites.c 			\
+				${TC_BASE}/rss_ap_test_stubs.c			\
+				$(TF_M_TESTS_PATH)/test/framework/test_framework.c \
+				$(MEASURED_BOOT_TESTS_PATH)/measured_boot_common.c \
+				$(MEASURED_BOOT_TESTS_PATH)/measured_boot_tests_common.c \
+				$(DELEGATED_ATTEST_TESTS_PATH)/delegated_attest_test.c \
+				drivers/auth/mbedtls/mbedtls_common.c 		\
+				lib/psa/measured_boot.c 			\
+				lib/psa/delegated_attestation.c
+
+    PLAT_INCLUDES	+=	-I$(TF_M_EXTRAS_PATH)/partitions/measured_boot/interface/include \
+				-I$(TF_M_EXTRAS_PATH)/partitions/delegated_attestation/interface/include \
+				-I$(TF_M_TESTS_PATH)/test/framework 		\
+				-I$(TF_M_TESTS_PATH)/log 			\
+				-I$(TF_M_TESTS_PATH)/test/secure_fw/suites/extra \
+				-I$(MEASURED_BOOT_TESTS_PATH)/non_secure 	\
+				-I$(DELEGATED_ATTEST_TESTS_PATH) 		\
+				-I$(DELEGATED_ATTEST_TESTS_PATH)/non_secure \
+				-Iplat/arm/board/tc 				\
+				-Iinclude/drivers/auth/mbedtls 			\
+				-Iinclude/drivers/arm
+
+    # Some of the PSA functions are declared in multiple header files, that
+    # triggers this warning.
+    TF_CFLAGS		+=	-Wno-error=redundant-decls
+
+    # TODO: Created patch for warning in tf-m-tests
+    TF_CFLAGS		+=	-Wno-error=return-type
+
+    # Define macros that are used by the code coming from the tf-m-extras repo.
+    $(eval $(call add_define,MEASUREMENT_VALUE_SIZE))
+    $(eval $(call add_define,MEASURED_BOOT_HASH_ALG))
+    $(eval $(call add_define,DELEG_ATTEST_DUMP_TOKEN_AND_KEY))
+
+    $(eval $(call add_define,PLATFORM_TEST))
+endif

plat/arm/board/tc/region_defs.h

@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef REGION_DEFS_H
+#define REGION_DEFS_H
+
+#define PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE   0x800
+
+#endif /* REGION_DEFS_H */

plat/arm/board/tc/rss_ap_test_stubs.c

@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <delegated_attestation.h>
+#include <measured_boot.h>
+#include <psa/error.h>
+
+
+psa_status_t
+tfm_measured_boot_extend_measurement(uint8_t index,
+				     const uint8_t *signer_id,
+				     size_t signer_id_size,
+				     const uint8_t *version,
+				     size_t version_size,
+				     uint32_t measurement_algo,
+				     const uint8_t *sw_type,
+				     size_t sw_type_size,
+				     const uint8_t *measurement_value,
+				     size_t measurement_value_size,
+				     bool lock_measurement)
+{
+	return rss_measured_boot_extend_measurement(index,
+						    signer_id,
+						    signer_id_size,
+						    version,
+						    version_size,
+						    measurement_algo,
+						    sw_type,
+						    sw_type_size,
+						    measurement_value,
+						    measurement_value_size,
+						    lock_measurement);
+}
+
+psa_status_t
+tfm_measured_boot_read_measurement(uint8_t index,
+				   uint8_t *signer_id,
+				   size_t signer_id_size,
+				   size_t *signer_id_len,
+				   uint8_t *version,
+				   size_t version_size,
+				   size_t *version_len,
+				   uint32_t *measurement_algo,
+				   uint8_t *sw_type,
+				   size_t sw_type_size,
+				   size_t *sw_type_len,
+				   uint8_t *measurement_value,
+				   size_t measurement_value_size,
+				   size_t *measurement_value_len,
+				   bool *is_locked)
+{
+	return rss_measured_boot_read_measurement(index,
+						  signer_id,
+						  signer_id_size,
+						  signer_id_len,
+						  version,
+						  version_size,
+						  version_len,
+						  measurement_algo,
+						  sw_type,
+						  sw_type_size,
+						  sw_type_len,
+						  measurement_value,
+						  measurement_value_size,
+						  measurement_value_len,
+						  is_locked);
+}
+
+psa_status_t
+tfm_delegated_attest_get_token(const uint8_t *dak_pub_hash,
+			       size_t         dak_pub_hash_size,
+			       uint8_t       *token_buf,
+			       size_t         token_buf_size,
+			       size_t        *token_size)
+{
+	return rss_delegated_attest_get_token(dak_pub_hash,
+					      dak_pub_hash_size,
+					      token_buf,
+					      token_buf_size,
+					      token_size);
+}
+
+psa_status_t
+tfm_delegated_attest_get_delegated_key(uint8_t   ecc_curve,
+				       uint32_t  key_bits,
+				       uint8_t  *key_buf,
+				       size_t    key_buf_size,
+				       size_t   *key_size,
+				       uint32_t  hash_algo)
+{
+	return rss_delegated_attest_get_delegated_key(ecc_curve,
+						      key_bits,
+						      key_buf,
+						      key_buf_size,
+						      key_size,
+						      hash_algo);
+}
+
+int tfm_log_printf(const char *fmt, ...)
+{
+	int count;
+	va_list ap;
+
+	va_start(ap, fmt);
+	count = vprintf(fmt, ap);
+	va_end(ap);
+
+	return count;
+}
+
+void printf_set_color(int color_id)
+{
+	(void)color_id;
+}

plat/arm/board/tc/rss_ap_tests.c

@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdio.h>
+
+#include <mbedtls_common.h>
+#include <plat/common/platform.h>
+#include <psa/crypto.h>
+#include <rss_comms.h>
+
+#include "rss_ap_testsuites.h"
+
+static struct test_suite_t test_suites[] = {
+	{.freg = register_testsuite_delegated_attest},
+	{.freg = register_testsuite_measured_boot},
+};
+
+static void run_tests(void)
+{
+	enum test_suite_err_t ret;
+	psa_status_t status;
+	size_t i;
+
+	rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, PLAT_RSS_AP_RCV_MHU_BASE);
+	mbedtls_init();
+	status = psa_crypto_init();
+	if (status != PSA_SUCCESS) {
+		printf("\n\npsa_crypto_init failed (status = %d)\n", status);
+		assert(false);
+		plat_error_handler(-1);
+	}
+
+	for (i = 0; i < ARRAY_SIZE(test_suites); ++i) {
+		struct test_suite_t *suite = &(test_suites[i]);
+
+		suite->freg(suite);
+		ret = run_testsuite(suite);
+		if (ret != TEST_SUITE_ERR_NO_ERROR) {
+			printf("\n\nError during executing testsuite '%s'.\n", suite->name);
+			assert(false);
+			plat_error_handler(-1);
+		}
+	}
+	printf("\nAll tests are run.\n");
+}
+
+void run_platform_tests(void)
+{
+	size_t i;
+
+	run_tests();
+
+	printf("\n\n");
+
+	/* Print a summary of all the tests that had been run. */
+	printf("SUMMARY:\n");
+	for (i = 0; i < ARRAY_SIZE(test_suites); ++i) {
+
+		struct test_suite_t *suite = &(test_suites[i]);
+
+		switch (suite->val) {
+		case TEST_PASSED:
+			printf("    %s PASSED.\n", suite->name);
+			break;
+		case TEST_FAILED:
+			printf("    %s FAILED.\n", suite->name);
+			break;
+		case TEST_SKIPPED:
+			printf("    %s SKIPPED.\n", suite->name);
+			break;
+		default:
+			assert(false);
+			break;
+		}
+	}
+
+	printf("\n\n");
+}

plat/arm/board/tc/rss_ap_testsuites.c

@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*
+ * `delegated_attest_ns_interface_testsuite.c` and
+ * `measured_boot_ns_interface_testsuite.c` are not added to the build directly.
+ * but are included in this file, and this file is added to the build. This is
+ * necessary because both files define the function `extra_tests_init`, so a
+ * linker error occurs when both are linked to BL31. This file defines a macro
+ * that renames the colliding function names to something unique.
+ * `plat/arm/board/tc/rss_ap_tests.c` can call the test init functions with
+ * their new name.
+ */
+
+#define register_testsuite_extra_ns_interface \
+	register_testsuite_delegated_attest
+#include <delegated_attest_ns_interface_testsuite.c>
+
+#undef register_testsuite_extra_ns_interface
+#define register_testsuite_extra_ns_interface \
+	register_testsuite_measured_boot
+#include <measured_boot_ns_interface_testsuite.c>

plat/arm/board/tc/rss_ap_testsuites.h

@@ -0,0 +1,16 @@
+
+/*
+ * Copyright (c) 2022, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef RSS_AP_TESTSUITES_H
+#define RSS_AP_TESTSUITES_H
+
+#include <test_framework.h>
+
+void register_testsuite_measured_boot(struct test_suite_t *p_test_suite);
+void register_testsuite_delegated_attest(struct test_suite_t *p_test_suite);
+
+#endif /* RSS_AP_TESTSUITES_H */

plat/arm/board/tc/tc_bl31_setup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -52,6 +52,12 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
 void tc_bl31_common_platform_setup(void)
 {
 	arm_bl31_platform_setup();
+#ifdef PLATFORM_TEST
+	run_platform_tests();
+
+	/* Suspend booting */
+	plat_error_handler(-1);
+#endif
 }
 
 const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops)