rewrite history & replace readme

README.md

@@ -1,55 +1,3 @@
-
-# Arm Platform Security Architecture : Test Suite
-
-
-## Introduction
-
-This test suite is one of a set of resources provided by Arm that can help organizations develop products that meet the security requirements of PSA Certified on Arm-based platforms. The PSA Certified scheme provides a framework and methodology that helps silicon manufacturers, system software providers and OEMs to develop more secure products. Arm resources that support PSA Certified range from threat models, standard architectures that simplify development and increase portability, and open-source partnerships that provide ready-to-use software. You can read more about PSA Certified here at [psacertified web](https://www.psacertified.org/) and find more Arm resources here at [arm platform security resources](https://www.arm.com/architecture/security-features).
-
-For more information, visit the [PSA webpage](https://developer.arm.com/products/architecture/platform-security-architecture)
-
-### PSA Certified APIs specifications
-
-API specifications are placed in [PSA API github site](https://github.com/ARM-software/psa-api/).
-
-### PSA Certified API Compliance
-The [PSA Certified API tests](api-tests/dev_apis) are the basis for validating compliance with PSA Certified APIs. For more information on the certification program, see [psacertified.org](https://www.psacertified.org/functional-api-certification/)
-
-For more information about passing PSA Certified API compliance, what it means, what it requires, and how it relates to the PSA Certified initiative, please read the [Frequently Asked Questions about PSA Certified API compliance](api-tests/docs/FAQ-compliance.md).
-
-## GitHub branch
-  - For API certification, use the release branch and pick the appropriate release tag.
-  - To get the latest version of the code with bug fixes and new features, use the master branch.
-
-## Architecture test suite
-
-The current implementation of the Architecture test suite contains tests for following PSA Certified specifications. Arm licensees may contact their partner manager to obtain a copy of this specification. <br />
-
-Future versions of the test suite will be enhanced to include tests for other specifications of the Platform Security Architecture.
-
-The tests are available as open source. The tests and the corresponding abstraction layers are available with an Apache v2 license allowing for external contribution.
-
-### TBSA-v8M
-The test suite for this specification is located in the tbsa-v8m directory of this repository. See [TBSA-v8m Readme](tbsa-v8m/README.md) file for more details.
-
-### PSA APIs
-The test suite for this specification is located in the api-tests directory of this repository. See [PSA APIs Tests Readme](api-tests/README.md) file for more details.
-
-### Secure Debug
-The test suite for this specification is located in the secure-debug directory of this repository. See [Secure Debug Readme](secure-debug/README.md) file for more details.
-
-## License
-
-Arm PSA test suite is distributed under Apache v2.0 License.
-
-
-## Feedback, contributions, and support
-
- - For feedback, use the GitHub Issue Tracker that is associated with this repository.
- - For support, send an email to [email protected] with details.
- - Arm licensees can contact Arm directly through their partner managers.
- - Arm welcomes code contributions through GitHub pull requests.
-
---------------
-
-*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
+This repository is Zephyr's fork of [PSA Certified API tests](https://github.com/ARM-software/psa-arch-tests).
+
+It follows the commit tagging and synchronization guidelines described [here](https://github.com/zephyrproject-rtos/mbedtls#additional-patches).

api-tests/CMakeLists.txt

@@ -686,6 +686,9 @@ add_dependencies(${PSA_TARGET_GENERATE_DATABASE_POST}	${PSA_TARGET_GENERATE_DATA
 add_dependencies(${PSA_TARGET_PAL_NSPE_LIB} 		${PSA_TARGET_GENERATE_DATABASE_POST})
 add_dependencies(${PSA_TARGET_VAL_NSPE_LIB}		${PSA_TARGET_PAL_NSPE_LIB})
 add_dependencies(${PSA_TARGET_TEST_COMBINE_LIB}		${PSA_TARGET_VAL_NSPE_LIB})
+if(TARGET manifest_tool)
+	add_dependencies(${PSA_TARGET_TEST_COMBINE_LIB}		manifest_tool)
+endif()
 if(${SUITE} STREQUAL "IPC")
 add_dependencies(${PSA_TARGET_DRIVER_PARTITION_LIB}	${PSA_TARGET_TEST_COMBINE_LIB})
 add_dependencies(${PSA_TARGET_CLIENT_PARTITION_LIB}	${PSA_TARGET_DRIVER_PARTITION_LIB})

api-tests/dev_apis/crypto/suite.cmake

@@ -59,3 +59,7 @@ target_include_directories(${PSA_TARGET_TEST_COMBINE_LIB} PRIVATE
 	${PSA_ROOT_DIR}/platform/targets/${TARGET}/nspe
 	${PSA_SUITE_DIR}/common/
 )
+
+target_link_libraries(${PSA_TARGET_TEST_COMBINE_LIB} PRIVATE
+    psa_crypto_config
+)

api-tests/dev_apis/crypto/test_c041/test_c041.c

@@ -77,9 +77,12 @@ int32_t psa_sign_hash_test(caller_security_t caller __UNUSED)
                                       check1[i].signature,
                                       check1[i].signature_size,
                                       &get_signature_length);
-        TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+        TEST_ASSERT_DUAL(status,
+                         check1[i].expected_status[0],
+                         check1[i].expected_status[1],
+                         TEST_CHECKPOINT_NUM(4));
 
-        if (check1[i].expected_status != PSA_SUCCESS)
+        if (check1[i].expected_status[0] != PSA_SUCCESS)
         {
             /* Destroy the key */
             status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key);

api-tests/dev_apis/crypto/test_c041/test_data.h

@@ -30,7 +30,7 @@ typedef struct {
     size_t                  signature_size;
     const uint8_t          *expected_signature;
     size_t                  expected_signature_length;
-    psa_status_t            expected_status;
+    psa_status_t            expected_status[2];
 } test_data;
 
 static const test_data check1[] = {
@@ -49,7 +49,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = signature_1,
     .expected_signature_length = 128,
-    .expected_status           = PSA_SUCCESS,
+    .expected_status           = {PSA_SUCCESS,PSA_SUCCESS},
 },
 #endif
 
@@ -68,7 +68,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = signature_2,
     .expected_signature_length = 128,
-    .expected_status           = PSA_SUCCESS,
+    .expected_status           = {PSA_SUCCESS,PSA_SUCCESS},
 },
 #endif
 #endif
@@ -90,7 +90,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = signature_3,
     .expected_signature_length = 64,
-    .expected_status           = PSA_SUCCESS,
+    .expected_status           = {PSA_SUCCESS,PSA_SUCCESS},
 },
 #endif
 #endif
@@ -110,7 +110,7 @@ static const test_data check1[] = {
     .signature_size            = 128,
     .expected_signature        = NULL,
     .expected_signature_length = 0,
-    .expected_status           = PSA_ERROR_INVALID_ARGUMENT,
+    .expected_status           = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
 },
 
 {
@@ -126,7 +126,7 @@ static const test_data check1[] = {
     .signature_size            = 127,
     .expected_signature        = signature_1,
     .expected_signature_length = 128,
-    .expected_status           = PSA_ERROR_BUFFER_TOO_SMALL,
+    .expected_status           = {PSA_ERROR_BUFFER_TOO_SMALL,PSA_ERROR_BUFFER_TOO_SMALL}
 },
 #endif
 
@@ -143,7 +143,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = NULL,
     .expected_signature_length = 0,
-    .expected_status           = PSA_ERROR_INVALID_ARGUMENT,
+    .expected_status           = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_NOT_SUPPORTED}
 },
 #endif
 
@@ -162,7 +162,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = NULL,
     .expected_signature_length = 0,
-    .expected_status           = PSA_ERROR_INVALID_ARGUMENT,
+    .expected_status           = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
 },
 #endif
 #endif
@@ -183,7 +183,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = NULL,
     .expected_signature_length = 0,
-    .expected_status           = PSA_ERROR_NOT_PERMITTED,
+    .expected_status           = {PSA_ERROR_NOT_PERMITTED,PSA_ERROR_NOT_PERMITTED},
 },
 #endif
 
@@ -202,7 +202,7 @@ static const test_data check1[] = {
     .signature_size            = BUFFER_SIZE,
     .expected_signature        = NULL,
     .expected_signature_length = 0,
-    .expected_status           = PSA_ERROR_INVALID_ARGUMENT,
+    .expected_status           = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
 },
 #endif
 #endif

api-tests/dev_apis/crypto/test_c042/test_data.h

@@ -236,8 +236,8 @@ static const test_data check1[] = {
 {
     .test_desc        = "Test psa_verify_hash - PSA_ALG_RSA_PSS_ANY_SALT\n",
     .type             = PSA_KEY_TYPE_RSA_PUBLIC_KEY,
-    .data             = rsa_key_pair_public_key,
-    .data_length      = 162,
+    .data             = rsa_128_key_data,
+    .data_length      = 140,
     .usage_flags      = PSA_KEY_USAGE_VERIFY_HASH,
     .alg              = PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256),
     .hash             = hash,

api-tests/dev_apis/crypto/test_c061/test_c061.c

@@ -97,7 +97,8 @@ int32_t psa_aead_finish_test(caller_security_t caller __UNUSED)
 
         /* Finish encrypting a message in an AEAD operation */
         status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output + length,
-                 check1[i].output_size, &finish_length, tag, check1[i].tag_size, &tag_length);
+                 check1[i].output_size > length ? check1[i].output_size-length : check1[i].output_size,
+                 &finish_length, tag, check1[i].tag_size, &tag_length);
         TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
 
         if (check1[i].expected_status != PSA_SUCCESS)

api-tests/dev_apis/crypto/test_c063/test_c063.c

@@ -96,7 +96,8 @@ int32_t psa_aead_verify_test(caller_security_t caller __UNUSED)
 
         /* Finish authenticating and decrypting a message in an AEAD operation */
         status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output + length,
-                 check1[i].output_size, &verify_length, check1[i].tag, check1[i].tag_length);
+                check1[i].output_size > length ? check1[i].output_size - length : check1[i].output_size,
+                &verify_length, check1[i].tag, check1[i].tag_length);
         TEST_ASSERT_DUAL(status,
                          check1[i].expected_status[0],
                          check1[i].expected_status[1],

api-tests/dev_apis/crypto/testsuite.db

@@ -20,6 +20,7 @@
 
 (START)
 
+test_c016
 test_c001
 test_c002
 test_c003
@@ -35,7 +36,6 @@ test_c012
 test_c013
 test_c014
 test_c015
-test_c016
 test_c017
 test_c018
 test_c019

api-tests/platform/drivers/uart/cmsdk/pal_uart.h

@@ -36,17 +36,18 @@
 #define CMSDK_UART_INTSTATUS_TXIRQ_Pos  0   /* CMSDK_UART STATUS: TXIRQ Position */
 #define CMSDK_UART_INTSTATUS_TXIRQ_Msk       (0x01ul << CMSDK_UART_INTSTATUS_TXIRQ_Pos)
                                             /* CMSDK_UART STATUS: TXIRQ Mask */
+typedef volatile uint32_t vuint32_t;
 
 /* typedef's */
 typedef struct {
-    uint32_t  DATA;                     /* Offset: 0x000 (R/W) Data Register */
-    uint32_t  STATE;                    /* Offset: 0x004 (R/W) Status state */
-    uint32_t  CTRL;                     /* Offset: 0x008 (R/W) Control Register */
+    vuint32_t DATA;                     /* Offset: 0x000 (R/W) Data Register */
+    vuint32_t STATE;                    /* Offset: 0x004 (R/W) Status state */
+    vuint32_t CTRL;                     /* Offset: 0x008 (R/W) Control Register */
     union {
-        uint32_t INTSTATUS;             /* Offset: 0x00C (R/ ) Interrupt Status Register */
-        uint32_t INTCLEAR;              /* Offset: 0x00C ( /W) Interrupt Clear Register */
+        vuint32_t INTSTATUS;            /* Offset: 0x00C (R/ ) Interrupt Status Register */
+        vuint32_t INTCLEAR;             /* Offset: 0x00C ( /W) Interrupt Clear Register */
     };
-    uint32_t  BAUDDIV;                  /* Offset: 0x010 (R/W) Baud rate divider */
+    vuint32_t BAUDDIV;                  /* Offset: 0x010 (R/W) Baud rate divider */
 } uart_t;
 
 

api-tests/platform/drivers/watchdog/cmsdk/pal_wd_cmsdk.h

@@ -22,18 +22,20 @@
 
 #define WDOG_TIMER_MAX_VALUE           0xFFFFFFFF
 
+typedef volatile uint32_t vuint32_t;
+
 typedef struct {
-    uint32_t  LOAD;          /* Offset: 0x000 (R/W) Watchdog Load Register */
-    uint32_t  VALUE;         /* Offset: 0x004 (R/ ) Watchdog Value Register */
-    uint32_t  CTRL;          /* Offset: 0x008 (R/W) Watchdog Control Register */
-    uint32_t  INTCLR;        /* Offset: 0x00C ( /W) Watchdog Clear Interrupt Register */
-    uint32_t  RAWINTSTAT;    /* Offset: 0x010 (R/ ) Watchdog Raw Interrupt Status Register */
-    uint32_t  MASKINTSTAT;   /* Offset: 0x014 (R/ ) Watchdog Interrupt Status Register */
-    uint32_t  RESERVED0[762];
-    uint32_t  LOCK;          /* Offset: 0xC00 (R/W) Watchdog Lock Register */
-    uint32_t  RESERVED1[191];
-    uint32_t  ITCR;          /* Offset: 0xF00 (R/W) Watchdog Integration Test Control Register */
-    uint32_t  ITOP;          /* Offset: 0xF04 ( /W) Watchdog Integration Test Output Set Register */
+    vuint32_t LOAD;          /* Offset: 0x000 (R/W) Watchdog Load Register */
+    vuint32_t VALUE;         /* Offset: 0x004 (R/ ) Watchdog Value Register */
+    vuint32_t CTRL;          /* Offset: 0x008 (R/W) Watchdog Control Register */
+    vuint32_t INTCLR;        /* Offset: 0x00C ( /W) Watchdog Clear Interrupt Register */
+    vuint32_t RAWINTSTAT;    /* Offset: 0x010 (R/ ) Watchdog Raw Interrupt Status Register */
+    vuint32_t MASKINTSTAT;   /* Offset: 0x014 (R/ ) Watchdog Interrupt Status Register */
+    vuint32_t RESERVED0[762];
+    vuint32_t LOCK;          /* Offset: 0xC00 (R/W) Watchdog Lock Register */
+    vuint32_t RESERVED1[191];
+    vuint32_t ITCR;          /* Offset: 0xF00 (R/W) Watchdog Integration Test Control Register */
+    vuint32_t ITOP;          /* Offset: 0xF04 ( /W) Watchdog Integration Test Output Set Register */
 } wd_timer_t;
 
 /* WATCHDOG LOAD Register Definitions */

api-tests/platform/drivers/watchdog/rpi/pal_wd_rpi.c

@@ -0,0 +1,103 @@
+/** @file
+ * Copyright (c) 2024, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "pal_wd_rpi.h"
+
+
+#define REG_ALIAS_SET_BITS ((0x2u) << (12u))
+#define REG_ALIAS_CLR_BITS ((0x3u) << (12u))
+
+#define SET_ADDR_ALIAS(addr) ((void *)(REG_ALIAS_SET_BITS + (addr)))
+#define CLR_ADDR_ALIAS(addr) ((void *)(REG_ALIAS_CLR_BITS + (addr)))
+
+#define HW_SET_BITS(addr, mask) \
+    do{*(uint32_t *) SET_ADDR_ALIAS((volatile void *) addr) = mask;}while(0)
+
+#define HW_CLEAR_BITS(addr, mask) \
+    do{*(uint32_t *) CLR_ADDR_ALIAS((volatile void *) addr) = mask;}while(0)
+
+/**
+    @brief           - Initializes an hardware watchdog timer
+    @param           - base_addr       : Base address of the watchdog module
+                     - time_us         : Time in micro seconds
+                     - timer_tick_us   : Number of ticks per micro second
+    @return          - SUCCESS/FAILURE
+**/
+int pal_wd_rpi_init(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us)
+{
+    /* Disable Timer */
+    HW_CLEAR_BITS(&((wd_timer_t *)base_addr)->CTRL, WATCHDOG_CTRL_ENABLE_BITS);
+
+    uint32_t dbg_bits = WATCHDOG_CTRL_PAUSE_DBG0_BITS |
+                        WATCHDOG_CTRL_PAUSE_DBG1_BITS |
+                        WATCHDOG_CTRL_PAUSE_JTAG_BITS;
+    /* Pause on debug */
+    HW_SET_BITS(&((wd_timer_t *)base_addr)->CTRL, dbg_bits);
+
+    if (time_us == 0)
+    {
+        HW_SET_BITS(&((wd_timer_t *)base_addr)->CTRL, WATCHDOG_CTRL_TRIGGER_BITS);
+    }
+    else
+    {
+        uint32_t load_value = time_us * timer_tick_us;
+        if (load_value > WATCHDOG_LOAD_BITS)
+        {
+            load_value = WATCHDOG_LOAD_BITS;
+        }
+        /* Set Load value */
+        ((wd_timer_t *)base_addr)->LOAD = load_value;
+    }
+
+    return 0;
+}
+
+/**
+    @brief           - Enables a hardware watchdog timer
+    @param           - base_addr       : Base address of the watchdog module
+    @return          - SUCCESS/FAILURE
+**/
+int pal_wd_rpi_enable(addr_t base_addr)
+{
+    /* Enable counter */
+    HW_SET_BITS(&((wd_timer_t *)base_addr)->CTRL, WATCHDOG_CTRL_ENABLE_BITS);
+
+    return 0;
+}
+
+/**
+    @brief           - Disables a hardware watchdog timer
+    @param           - base_addr       : Base address of the watchdog module
+    @return          - SUCCESS/FAILURE
+**/
+int pal_wd_rpi_disable(addr_t base_addr)
+{
+    /* Disable Timer */
+    HW_CLEAR_BITS(&((wd_timer_t *)base_addr)->CTRL, WATCHDOG_CTRL_ENABLE_BITS);
+
+    return 0;
+}
+
+/**
+    @brief           - Checks whether hardware watchdog timer is enabled
+    @param           - base_addr       : Base address of the watchdog module
+    @return          - Enabled : 1, Disabled : 0
+**/
+int pal_wd_rpi_is_enabled(addr_t base_addr)
+{
+    return (((wd_timer_t *)base_addr)->CTRL & WATCHDOG_CTRL_ENABLE_BITS ? 1 : 0);
+}