Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PSA: Fix error codes masking in psa_attestation_inject_key() #9996

Merged
merged 2 commits into from Mar 10, 2019

Conversation

@orenc17
Copy link
Contributor

commented Mar 7, 2019

Description

psa_attestation_inject_key() IPC implementation was masking negative error codes as PSA_ERROR_COMMUNICATION_FAILURE instead of returning the actual error code.

Clear the ITS storage in test case setup handler to avoid a situation where a call for psa_attestation_inject_key() would fail for key already exists error.

Did not check regression yet.

Pull request type

[X] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@ARMmbed/mbed-os-psa @moranpeker @netanelgonen @itayzafrir @avolinski

Release Notes

TESTS/psa/attestation/main.cpp Outdated
@@ -128,11 +129,13 @@ utest::v1::status_t case_teardown_handler(const Case *const source, const size_t

utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case)
{
psa_status_t status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);

This comment has been minimized.

Copy link
@netanelgonen

netanelgonen Mar 7, 2019

Contributor

Need to choose the correct way to clean this test,
in tear down the test uses 'psa_destroy_key(handle);' and in init the test uses mbed_psa_reboot_and_request_new_security_state.

it seems the correct way is or both use 'mbed_psa_reboot_and_request_new_security_state' or both uses 'psa_destroy_key'

in addition, does the 'mbed_psa_reboot_and_request_new_security_state' will work if using protected storage and not secure internal storage?

This comment has been minimized.

Copy link
@orenc17

orenc17 Mar 7, 2019

Author Contributor

@netanelgonen
what does PS has to do with attestation? please elaborate

This comment has been minimized.

Copy link
@alzix

alzix Mar 7, 2019

Contributor

@netanelgonen, despite its name, the mbed_psa_reboot_and_request_new_security_state()API will not reboot the system when moving from PSA_LIFECYCLE_ASSEMBLY_AND_TEST to PSA_LIFECYCLE_ASSEMBLY_AND_TEST. The only effect it will have is to clean PSA RoT state. (currently just wiping out ITS).

This comment has been minimized.

Copy link
@netanelgonen

netanelgonen Mar 10, 2019

Contributor

@orenc17 @alzix, please choose 'mbed_psa_reboot_and_request_new_security_state' or both uses 'psa_destroy_key'

@ciarmcom ciarmcom requested review from avolinski, itayzafrir, moranpeker, netanelgonen and ARMmbed/mbed-os-maintainers Mar 7, 2019

@ciarmcom

This comment has been minimized.

Copy link
Member

commented Mar 7, 2019

@0xc0170

This comment has been minimized.

Copy link
Member

commented Mar 8, 2019

Set to 5.12.0-rc2

@orenc17 orenc17 changed the title PSA: Fix error codes making in psa_attestation_inject_key() PSA: Fix error codes masking in psa_attestation_inject_key() Mar 8, 2019

@0xc0170

This comment has been minimized.

Copy link
Member

commented Mar 8, 2019

This needs reviews ! I'll run CI meanwhile

@0xc0170 0xc0170 added needs: CI and removed needs: review labels Mar 8, 2019

@mbed-ci

This comment has been minimized.

Copy link

commented Mar 8, 2019

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 1
Build artifacts

@alzix

alzix approved these changes Mar 9, 2019

Copy link
Contributor

left a comment

LGTM

@0xc0170

This comment has been minimized.

Copy link
Member

commented Mar 9, 2019

Did not check regression yet.

Any findings?

@0xc0170 0xc0170 added ready for merge and removed needs: CI labels Mar 9, 2019

@0xc0170

0xc0170 approved these changes Mar 9, 2019

@orenc17 orenc17 force-pushed the kfnta:attest_ipc_fix branch 2 times, most recently Mar 10, 2019

@orenc17 orenc17 force-pushed the kfnta:attest_ipc_fix branch to d0021b5 Mar 10, 2019

@orenc17

This comment has been minimized.

Copy link
Contributor Author

commented Mar 10, 2019

Tested on K64F, CY8CKIT_062_WIFI_BT_PSA, FUTURE_SEQUANA_PSA

@mbed-ci

This comment has been minimized.

Copy link

commented Mar 10, 2019

Test run: FAILED

Summary: 1 of 13 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test
@mbed-ci

This comment has been minimized.

Copy link

commented Mar 10, 2019

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 3
Build artifacts

@NirSonnenschein NirSonnenschein merged commit de1f086 into ARMmbed:master Mar 10, 2019

28 checks passed

continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jenkins-ci/build-ARMC5 Success
Details
jenkins-ci/build-ARMC6 Success
Details
jenkins-ci/build-GCC_ARM Success
Details
jenkins-ci/build-IAR8 Success
Details
jenkins-ci/cloud-client-test Success
Details
jenkins-ci/dynamic-memory-usage RTOS ROM(+0 bytes) RAM(+0 bytes)
Details
jenkins-ci/exporter Success
Details
jenkins-ci/greentea-test Success
Details
jenkins-ci/mbed2-build-ARMC5 Success
Details
jenkins-ci/mbed2-build-ARMC6 Success
Details
jenkins-ci/mbed2-build-GCC_ARM Success
Details
jenkins-ci/mbed2-build-IAR8 Success
Details
jenkins-ci/unittests Success
Details
travis-ci/astyle Local astyle testing has passed
Details
travis-ci/docs Local docs testing has passed
Details
travis-ci/doxy-spellcheck Local doxy-spellcheck testing has passed
Details
travis-ci/events Passed, runtime is 9267 cycles (-973 cycles)
Details
travis-ci/gitattributestest Local gitattributestest testing has passed
Details
travis-ci/include_check Local include_check testing has passed
Details
travis-ci/licence_check Local licence_check testing has passed
Details
travis-ci/littlefs Passed, code size is 8408B (+0.00%)
Details
travis-ci/psa-autogen Local psa-autogen testing has passed
Details
travis-ci/tools-py2.7 Local tools-py2.7 testing has passed
Details
travis-ci/tools-py3.5 Local tools-py3.5 testing has passed
Details
travis-ci/tools-py3.6 Local tools-py3.6 testing has passed
Details
travis-ci/tools-py3.7 Local tools-py3.7 testing has passed
Details

@alzix alzix referenced this pull request Mar 10, 2019

Merged

platform reset API rename #9997

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.