@@ -171,6 +171,13 @@ qemuarm64-secureboot:
TCLIBC: [glibc, musl]
TESTING: testimage
+qemuarm64-secureboot-ts:
+ extends: .build
+ parallel:
+ matrix:
+ - TCLIBC: [glibc, musl]
+ TESTING: testimage
+
qemuarm64:
extends: .build
parallel:
new file mode 100644
@@ -0,0 +1,28 @@
+# Build qemuarm64-secureboot machine with
+# Trusted Services secure partition included into optee-os image.
+#
+# Run Trustes Services OEQA tests.
+
+header:
+ version: 11
+ includes:
+ - ci/base.yml
+ - ci/meta-openembedded.yml
+
+machine: qemuarm64-secureboot
+
+local_conf_header:
+ failing_tests: |
+ # software IO TLB: Cannot allocate buffer
+ DEFAULT_TEST_SUITES:remove = "parselogs"
+ trusted_services: |
+ TEST_SUITES:append = " trusted_services"
+ # Include TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
+ MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-attestation ts-smm-gateway"
+ # Include TS demo/test tools into image
+ IMAGE_INSTALL:append = " packagegroup-ts-tests"
+ # Include TS PSA Arch tests into image
+ IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+
+target:
+ - core-image-base
new file mode 100644
@@ -0,0 +1,50 @@
+#
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+class TrustedServicesTest(OERuntimeTestCase):
+
+ def run_test_tool(self, cmd, expected_status=0 ):
+ """ Run a test utility """
+
+ status, output = self.target.run(cmd)
+ self.assertEqual(status, expected_status, msg='\n'.join([cmd, output]))
+
+ @OEHasPackage(['ts-demo'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_00_ts_demo(self):
+ self.run_test_tool('ts-demo')
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_01_ts_service_test(self):
+ self.run_test_tool('ts-service-test')
+
+ @OEHasPackage(['ts-uefi-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_02_ts_uefi_test(self):
+ self.run_test_tool('uefi-test')
+
+ @OEHasPackage(['ts-psa-crypto-api-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_03_psa_crypto_api_test(self):
+ # There are a few expected PSA Crypto tests failing
+ self.run_test_tool('psa-crypto-api-test', expected_status=46)
+
+ @OEHasPackage(['ts-psa-its-api-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_04_psa_its_api_test(self):
+ self.run_test_tool('psa-its-api-test')
+
+ @OEHasPackage(['ts-psa-ps-api-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_05_psa_ps_api_test(self):
+ # There are a few expected PSA Storage tests failing
+ self.run_test_tool('psa-ps-api-test', expected_status=46)
+
+ @OEHasPackage(['ts-psa-iat-api-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_06_psa_iat_api_test(self):
+ self.run_test_tool('psa-iat-api-test')
@@ -10,7 +10,14 @@ TFA_PLATFORM:qemuarm64-secureboot = "qemu"
TFA_PLATFORM:qemu-generic-arm64 = "qemu_sbsa"
TFA_PLATFORM:qemuarm-secureboot = "qemu"
-TFA_SPD:qemuarm64-secureboot = "opteed"
+# Trusted Services secure partitions require arm-ffa machine feature.
+# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case
+TFA_SPD:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}"
+# Configure tf-a accordingly to TS requirements if included
+EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}"
+# Cortex-A57 supports Armv8.0 (no S-EL2 execution state).
+# The SPD SPMC component should run at the S-EL1 execution state.
+TFA_SPMD_SPM_AT_SEL2:qemuarm64-secureboot = "0"
TFA_UBOOT:qemuarm64-secureboot = "1"
TFA_UBOOT:qemuarm-secureboot = "1"
new file mode 100644
@@ -0,0 +1,26 @@
+SUMMARY = "Trusted Services test/demo linux tools"
+
+inherit packagegroup
+
+COMPATIBLE_HOST = "aarch64.*-linux"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+PACKAGES = "${PN} ${PN}-psa"
+
+RDEPENDS:${PN} = "\
+ ts-demo \
+ ts-service-test \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', 'ts-remote-test', '' , d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', 'ts-uefi-test', '' , d)} \
+"
+
+SUMMARY:${PN}-psa = "PSA certification tests (psa-arch-test) for TS SPs"
+RDEPENDS:${PN}-psa = "\
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', 'ts-psa-crypto-api-test', '' , d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', 'ts-psa-its-api-test', '' , d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', 'ts-psa-ps-api-test', '' , d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', 'ts-psa-iat-api-test', '' , d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+ 'ts-psa-crypto-api-test ts-psa-its-api-test ts-psa-ps-api-test ts-psa-iat-api-test', '' , d)} \
+"
new file mode 100644
@@ -0,0 +1,3 @@
+# Update MM communication buffer address for qemuarm64 machine
+SRC_URI:append:qemuarm64-secureboot = "file://0001-QEMU-MM-communication-buffer-address.patch \
+"
qemuarm64-secureboot-ts pipeline is based on qemuarm64-secureboot machine and additionaly includes: - TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image - TS demo/test tools - TS psa-arch-tests This commit also includes Trusted Services OEQA tests Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> --- .gitlab-ci.yml | 7 +++ ci/qemuarm64-secureboot-ts.yml | 28 +++++++++++ .../oeqa/runtime/cases/trusted_services.py | 50 +++++++++++++++++++ .../trusted-firmware-a_%.bbappend | 9 +++- .../packagegroups/packagegroup-ts-tests.bb | 26 ++++++++++ .../trusted-services/libts_%.bbappend | 3 ++ 6 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 ci/qemuarm64-secureboot-ts.yml create mode 100644 meta-arm/lib/oeqa/runtime/cases/trusted_services.py create mode 100644 meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb create mode 100644 meta-arm/recipes-security/trusted-services/libts_%.bbappend