Merge pull request #10067 from ARMmbed/release-candidate

 Release candidate for mbed-os-5.12.0-rc2

.astyleignore

@@ -24,6 +24,7 @@ components/802.15.4_RF
 components/wifi
 components/TARGET_PSA/TARGET_TFM
 tools
+components/TARGET_PSA/TESTS
 components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl
 components/TARGET_PSA/services/attestation/qcbor
-components/TARGET_PSA/services/attestation/attestation.h
+components/TARGET_PSA/services/attestation/attestation.h

TESTS/mbedmicro-rtos-mbed/heap_and_stack/main.cpp

@@ -204,7 +204,7 @@ void test_isr_stack_in_range(void)
 {
     // MSP stack should be very near end (test using within 128 bytes)
     uint32_t msp = __get_MSP();
-    bool result = inrange(msp, mbed_stack_isr_start + mbed_stack_isr_size - 128, 128);
+    bool result = inrange(msp, mbed_stack_isr_start + mbed_stack_isr_size - 0x400, 0x400);
 
     TEST_ASSERT_TRUE_MESSAGE(result, "Interrupt stack in wrong location");
 }

TESTS/mbedmicro-rtos-mbed/mail/main.cpp

@@ -33,7 +33,7 @@ using namespace utest::v1;
 #define THREAD_STACK_SIZE   512
 #elif defined(__ARM_FM)
 #define THREAD_STACK_SIZE   512
-#elif defined(TARGET_FUTURE_SEQUANA_PSA)
+#elif defined(TARGET_FUTURE_SEQUANA_PSA) || defined(TARGET_CY8CKIT_062_WIFI_BT_PSA)
 #define THREAD_STACK_SIZE   512
 #else
 #define THREAD_STACK_SIZE   320 /* larger stack cause out of heap memory on some 16kB RAM boards in multi thread test*/

TESTS/mbedmicro-rtos-mbed/malloc/main.cpp

@@ -41,7 +41,7 @@ volatile bool thread_should_continue = true;
 #define THREAD_STACK_SIZE   512
 #elif defined(__ARM_FM)
 #define THREAD_STACK_SIZE   512
-#elif defined(TARGET_FUTURE_SEQUANA_PSA)
+#elif defined(TARGET_FUTURE_SEQUANA_PSA) || defined(TARGET_CY8CKIT_062_WIFI_BT_PSA)
 #define THREAD_STACK_SIZE   512
 #else
 #define THREAD_STACK_SIZE   256

TESTS/mbedmicro-rtos-mbed/threads/main.cpp

@@ -36,7 +36,7 @@
 #define PARALLEL_THREAD_STACK_SIZE 512
 #elif defined(__ARM_FM)
 #define PARALLEL_THREAD_STACK_SIZE 512
-#elif defined(TARGET_FUTURE_SEQUANA_PSA)
+#elif defined(TARGET_FUTURE_SEQUANA_PSA) || defined(TARGET_CY8CKIT_062_WIFI_BT_PSA)
 #define PARALLEL_THREAD_STACK_SIZE   512
 #else
 #define PARALLEL_THREAD_STACK_SIZE 384

TESTS/psa/attestation/main.cpp

@@ -23,6 +23,7 @@
 #include "greentea-client/test_env.h"
 #include "unity/unity.h"
 #include "utest/utest.h"
+#include "psa/lifecycle.h"
 #include "psa_initial_attestation_api.h"
 #include "psa_attest_inject_key.h"
 #include <string.h>
@@ -128,17 +129,9 @@ utest::v1::status_t case_teardown_handler(const Case *const source, const size_t
 
 utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case)
 {
-    return greentea_case_setup_handler(source, index_of_case);
-}
-
-Case cases[] = {
-    Case("PSA attestation get token", check_initial_attestation_get_token, case_teardown_handler),
-};
-
-Specification specification(greentea_test_setup, cases);
-
-int main()
-{
+    psa_status_t status;
+    status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
 #if (defined(COMPONENT_PSA_SRV_IPC) || defined(MBEDTLS_ENTROPY_NV_SEED))
     uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0};
     /* inject some seed for test*/
@@ -149,5 +142,17 @@ int main()
     /* don't really care if this succeeds this is just to make crypto init pass*/
     mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
 #endif
+    return greentea_case_setup_handler(source, index_of_case);
+}
+
+
+Case cases[] = {
+    Case("PSA attestation get token", case_setup_handler, check_initial_attestation_get_token, case_teardown_handler),
+};
+
+Specification specification(greentea_test_setup, cases);
+
+int main()
+{
     return !Harness::run(specification);
 }

TESTS/psa/its_ps/main.cpp

@@ -157,7 +157,7 @@ utest::v1::status_t case_its_teardown_handler(const Case *const source, const si
 {
     psa_status_t status;
     status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
-    TEST_ASSERT_EQUAL(PSA_LIFECYCLE_SUCCESS, status);
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
     return greentea_case_teardown_handler(source, passed, failed, reason);
 }
 
@@ -167,7 +167,7 @@ utest::v1::status_t case_its_setup_handler(const Case *const source, const size_
     psa_status_t status;
     if (stype == its) {
         status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
-        TEST_ASSERT_EQUAL(PSA_LIFECYCLE_SUCCESS, status);
+        TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
     } else {
         status = psa_ps_reset();
         TEST_ASSERT_EQUAL(PSA_SUCCESS, status);

TESTS/psa/spm_client/COMPONENT_NSPE/main.cpp

@@ -460,14 +460,16 @@ Case cases[] = {
     Case("Testing client tx_buff_null", tx_buff_null),
     Case("Testing client rx_tx_null", rx_tx_null),
     Case("Testing client multiple_call from a single thread", multiple_call),
-    Case("Testing client exceed num of max channels allowed", exceed_num_of_max_channels),
     Case("Testing client close on NULL handle", client_close_null_handle),
     Case("Testing DROP_CONNECTION State", drop_connection),
     Case("Testing client psa_framework_version() API", verify_psa_framework_version),
     Case("Testing client psa_version() API on existing SID", psa_version_existing),
     Case("Testing client psa_version() API on non-existing SID", psa_version_non_existing),
     Case("Testing client psa_version() API to a service that is not NSPE callable", psa_version_secure_access_only),
     Case("Testing client multiple calls on different channels to the same SID", multi_thread_diff_handles),
+#if defined TARGET_MBED_SPM // TF-M issue: https://developer.trustedfirmware.org/T244
+    Case("Testing client exceed num of max channels allowed", exceed_num_of_max_channels),
+#endif
 };
 
 utest::v1::status_t test_setup(const size_t number_of_cases)

TESTS/psa/spm_server/COMPONENT_NSPE/main.cpp

@@ -264,7 +264,9 @@ Case cases[] = {
     SPM_UTEST_CASE("Try to skip more bytes than left while reading", skip_more_than_left),
     SPM_UTEST_CASE("Test rhandle implementation by calculating the factorial function", rhandle_factorial),
     SPM_UTEST_CASE("Test a call flow between 2 secure partitions", cross_partition_call),
+#if defined TARGET_MBED_SPM // TF-M issue: https://developer.trustedfirmware.org/T273
     SPM_UTEST_CASE("Test a common DOORBELL scenario", doorbell_test),
+#endif
 };
 
 //Declare your test specification with a custom setup handler

TESTS/psa/spm_server/COMPONENT_SPE/tests.c

@@ -698,6 +698,8 @@ psa_test_server_side_func test_list[] = {
     PSA_TEST_SERVER_NAME(skip_more_than_left),
     PSA_TEST_SERVER_NAME(rhandle_factorial),
     PSA_TEST_SERVER_NAME(cross_partition_call),
+#if defined TARGET_MBED_SPM // TF-M issue: https://developer.trustedfirmware.org/T273
     PSA_TEST_SERVER_NAME(doorbell_test),
+#endif
     NULL
 };

components/TARGET_PSA/TARGET_MBED_SPM/psa_defs.h

@@ -77,7 +77,6 @@ extern "C" {
 
 typedef uint32_t psa_signal_t;
 typedef int32_t psa_handle_t;
-typedef psa_status_t error_t;
 
 /* -------------------------------------- Structs ------------------------------------ */
 

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/mbed_lib.json

@@ -1,4 +1,11 @@
 {
     "name": "tfm-s",
-    "macros": ["MBED_FAULT_HANDLER_DISABLED", "BYPASS_NVSTORE_CHECK=1"]
+    "macros": ["MBED_FAULT_HANDLER_DISABLED", "BYPASS_NVSTORE_CHECK=1"],
+    "config": {
+        "max_ns_thread_count": {
+            "help": "maximum allowed number of non-secure threads",
+            "macro_name": "TFM_MAX_NS_THREAD_COUNT",
+            "value": 10
+        }
+    }
 }

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/ipc/include/tfm_svcalls.h

@@ -58,6 +58,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller);
  *                              handle, in_vec, in_len, out_vec, out_len.
  * \param[in] ns_caller         If 'non-zero', call from non-secure client.
  *                              Or from secure client.
+ * \param[in] lr                Link register to be stored
  *
  * \retval >=0                  RoT Service-specific status value.
  * \retval <0                   RoT Service-specific error code.
@@ -73,7 +74,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller);
  * \arg                           The message is unrecognized by the RoT
  *                                Service or incorrectly formatted.
  */
-psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller);
+psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr);
 
 /**
  * \brief SVC handler for \ref psa_close.
@@ -96,10 +97,11 @@ void tfm_svcall_psa_close(uint32_t *args, int32_t ns_caller);
  *
  * \param[in] svc_num           SVC number
  * \param[in] ctx               Argument context
+ * \param[in] lr                Link register to be stored
  *
  * \returns                     Return values from those who has,
  *                              or PSA_SUCCESS.
  */
-int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx);
+int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr);
 
 #endif

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/ipc/tfm_svcalls.c

@@ -107,7 +107,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller)
     return PSA_NULL_HANDLE;
 }
 
-psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller)
+psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr)
 {
     psa_handle_t handle;
     psa_invec *inptr, invecs[PSA_MAX_IOVEC];
@@ -124,14 +124,17 @@ psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller)
         in_num = (size_t)args[2];
         outptr = (psa_outvec *)args[3];
         /*
-         * FixMe: 5th parameter is pushed at stack top before SVC; plus
-         * exception stacked contents, 5th parameter is now at 8th position
-         * in SVC handler. However, if thread mode applies FloatPoint, then
-         * FloatPoint context is pushed into stack and then 5th parameter
-         * will not be args[8].
-         * Will refine it later.
+         * 5th parameter is pushed at stack top before SVC; plus exception stacked contents,
+         * 5th parameter is now at 8th position in SVC handler.
+         * However, if thread mode applies FloatPoint, then FloatPoint context is pushed into
+         * stack and then 5th parameter will be args[26].
          */
-         out_num = (size_t)args[8];
+        if (lr & EXC_RETURN_FPU_FRAME_BASIC) {
+            out_num = (size_t)args[8];
+        }
+        else {
+            out_num = (size_t)args[26];
+        }
     } else {
         /*
          * FixMe: From non-secure caller, vec and len are composed into a new
@@ -926,7 +929,7 @@ static void tfm_svcall_psa_eoi(uint32_t *args)
     /* FixMe: re-enable interrupt */
 }
 
-int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx)
+int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr)
 {
     switch (svc_num) {
     case TFM_SVC_SCHEDULE:
@@ -939,7 +942,7 @@ int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx)
     case TFM_SVC_PSA_CONNECT:
         return tfm_svcall_psa_connect(ctx, 0);
     case TFM_SVC_PSA_CALL:
-        return tfm_svcall_psa_call(ctx, 0);
+        return tfm_svcall_psa_call(ctx, 0, lr);
     case TFM_SVC_PSA_CLOSE:
         tfm_svcall_psa_close(ctx, 0);
         break;

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/tfm_handler.c

@@ -205,7 +205,7 @@ uint32_t SVCHandler_main(uint32_t *svc_args, uint32_t lr)
     case TFM_SVC_PSA_NOTIFY:
     case TFM_SVC_PSA_CLEAR:
     case TFM_SVC_PSA_EOI:
-        svc_args[0] = SVC_Handler_IPC(svc_number, svc_args);
+        svc_args[0] = SVC_Handler_IPC(svc_number, svc_args, lr);
         break;
 #endif
     default:

components/TARGET_PSA/TARGET_TFM/mbed_lib.json

@@ -17,7 +17,7 @@
         "rot_pool_size": {
             "help": "maximum number of RoT services allowed",
             "macro_name": "TFM_SPM_MAX_ROT_SERV_NUM",
-            "value": 30
+            "value": 32
         },
         "message_pool_size": {
             "help": "maximum number of active messages allowed",

components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md

@@ -0,0 +1,22 @@
+# PSA Initial Attestation Testcase checklist
+
+| Test      | Return value                         | API                                                               | Test Algorithm                                                                                                                                                  | Test Cases                                                                                                                                                                                             |
+|-----------|--------------------------------------|-------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| test_a001 | PSA_ATTEST_ERR_SUCCESS               | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide correct inputs to API with described challenge sizes  <br />2. Expect API to return this define as return value each time  <br />3. Verify the token | 1. Challenge_size = 32 <br />2. Challenge_size = 48 <br />3. Challenge_size = 64                                                                                                         |
+|           | PSA_ATTEST_ERR_INVALID_INPUT         | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide described challenge sizes to the API along with other valid parameters <br />2. Expect API to return this define as return value each time           | 1. Challenge_size is zero <br />2. Invalid challenge size between 0 and 32 <br />3. Invalid challenge size between 32 and 64  <br />4. Challenge_size is greater than MAX_CHALLENGE_SIZE |
+|           | PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW | psa_initial_attest_get_token()                                    | 1. Provide described taken size to the API along with other valid parameters <br />2. Expect API to return this define as return value each time                | Pass the token_size which less than actual/required token size                                                                                                                                        |
+|           | PSA_ATTEST_ERR_INIT_FAILED           | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where attestation initialisation fails                                                                             |                                                                                                                                                                                                       |
+|           | PSA_ATTEST_ERR_CLAIM_UNAVAILABLE     | psa_initial_attest_get_token()                                    | Can't simulate. Test can't generate stimulus where claim can unavailable                                                                                        |                                                                                                                                                                                                       |
+|           | PSA_ATTEST_ERR_GENERAL               | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where unexpected error happened during API operation                                                               |                                                                                                                                                                                                       |
+
+## Note
+
+1. In verifying the token, only the data type of claims and presence of the mandatory claims are checked and the values of the claims are not checked.
+2. Checks related to token signature validation will be part of future release
+
+# License
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.*

components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c

@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_a001(val_api_t *val_api, psa_api_t *psa_api); 
+
+int main(void)
+{
+    test_start(test_entry_a001, COMPLIANCE_TEST_ATTESTATION);
+}