OP-TEE sanity testsuite
The optee_test git contains the source code for the TEE sanity testsuite in Linux using the ARM(R) TrustZone(R) technology. It is distributed under the GPLv2 and BSD 2-clause open-source licenses. For a general overview of OP-TEE, please see the Notice.md file.
Get and build the software
HOWTO build the testsuite
xtest test suite comes with a standard test suite,
freely available. When installing OP-TEE through the
component provides the
xtest target which builds optee_test.
It makes use of the following environment variables:
CROSS_COMPILE_HOST: the cross compiler used to compile the Non-Secure Client Application (
CROSS_COMPILE_TA: the cross compiler used to compile the Trusted Applications (
TA_DEV_KIT_DIR: the path to the Trusted Application Dev Kit. It can be found in optee_os repository, once optee_os has been compiled.
O: the output repository
Extended test (Global Platform tests)
Developers can purchase the Global Platform Compliance Test suite. This test suite comes with .xml files describing the tests and the Trusted Applications.
Standard tests can be extended with the Global Platform test suite. The user must only:
- Install the Global Platform
make patch(or call make
buildrepository) before compiling xtest. This must be run a single time after the installation of OP-TEE.
- Create new Trusted Applications, that can be found in
- Create new tests in
host/xtest, as for example
xtest_7000.c, adding new tests.
Then the tests must be compiled with
It makes use of the following environment variable:
64if application shall be compiled in 32 bits mode on in 64 bits mode. If
COMPILE_NS_USERis not specificed, build relies on
CFG_ARM32_core=yfrom OP-TEE core build to assume applications are in 32 bits mode, Otherwise, 64 bits mode is assumed.
HOWTO run xtest
# all xtest boot and execute on your target $ ifconfig lo 127.0.0.1 $ tee-supplicant & $ xtest # single xtest boot and execute on your target $ ifconfig lo 127.0.0.1 $ tee-supplicant & $ xtest <testnumber> (i.e.: xtest 1001) # family xtest (i.e.: Family 1000) boot and execute on your target $ ifconfig lo 127.0.0.1 $ tee-supplicant & $ xtest _<family> (i.e.: xtest _1) # running all benchmarks (secured storage, aes/sha) boot and execute on your target $ tee-supplicant & $ xtest -t benchmark # running single benchmark boot and execute on your target $ tee-supplicant & $ xtest -t benchmark <benchmark_number> (i.e. xtest 2001)
HOWTO use SHA/AES benchmarking modules
It's also possible to run SHA/AES benchmarks by using sha-perf/aes-perf modules within xtest. These modules allow to run custom benchmarks with user-defined params.
# running sha-perf with default params boot and execute on your target $ tee-supplicant & $ xtest --sha-perf # getting usage details and list of possible options for sha-perf $ xtest --sha-perf -h
To be able to see the full command when building you could build using following flag:
$ make V=1
To state where build files are stored use the
$ make O=$HOME/foo
optee_test expects that
optee_client is located at the same
folder level. However if you build optee_client in another location, then you
also would need to use (or export) the following flag:
$ make OPTEE_CLIENT_EXPORT=$HOME/my_new_location/out/export
In this project we are trying to adhere to the same coding convention as used in the Linux kernel (see CodingStyle). We achieve this by running checkpatch from Linux kernel. However there are a few exceptions that we had to make since the code also follows GlobalPlatform standards. The exceptions are as follows:
- CamelCase for GlobalPlatform types are allowed.
- And we also exclude checking third party code that we might use in this project, such as LibTomCrypt, MPA, newlib (not in this particular git, but those are also part of the complete TEE solution). The reason for excluding and not fixing third party code is because we would probably deviate too much from upstream and therefore it would be hard to rebase against those projects later on (and we don't expect that it is easy to convince other software projects to change coding style).
Since checkpatch is licensed under the terms of GNU GPL License Version 2, we
cannot include this script directly into this project. Therefore we have
written the Makefile so you need to explicitly point to the script by exporting
an environment variable, namely CHECKPATCH. So, suppose that the source code for
the Linux kernel is at
$HOME/devel/linux, then you have to export like follows:
$ export CHECKPATCH=$HOME/devel/linux/scripts/checkpatch.pl
thereafter it should be possible to use one of the different checkpatch targets in the Makefile. There are targets for checking all files, checking against latest commit, against a certain base-commit etc. For the details, read the Makefile.