-
Notifications
You must be signed in to change notification settings - Fork 177
add initial version of PSA compliance test documents #966
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
GuyWi
merged 9 commits into
ARMmbed:development
from
NirSonnenschein:PSA_compliance_test_docs
Mar 13, 2019
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
f82a1c5
add initial version of PSA compliance test documents
54b4a20
Technical author review.
GuyWi 9ac350c
Update testing_psa_service_compliance.md
GuyWi 5b3b6ba
Update testing_psa_service_compliance.md
GuyWi d48aa61
Update testing_psa_service_compliance.md
GuyWi 496b6f5
Update testing_psa_service_compliance.md
GuyWi 6e6e1c0
Edit testing_psa_service_compliance.md
35b02bb
Added use of wildcards and custom config file.
GuyWi 9da5150
Updated sample test output.
GuyWi File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| <h2 id="crypto-port">Testing PSA service compliance</h2> | ||
|
|
||
| Mbed OS provides an integrated version of the Platform Security Architecture (PSA) test suite running over the Greentea test infrastructure. You can use these tests on PSA services that you develop or customize on PSA-enabled platforms to verify the compliance of the services to the PSA specification. | ||
|
|
||
| For information about PSA compliance tests, please see [the PSA compliance test repository](https://github.com/ARM-software/psa-arch-tests). | ||
|
|
||
| ### Test directory layout | ||
|
|
||
| The tests are divided into three groups, corresponding to the PSA services: | ||
|
|
||
| - Cryptography test suite (`components/TARGET_PSA/TESTS/compliance_crypto` in the Mbed OS directory). | ||
| - Internal trusted storage test suite (`components/TARGET_PSA/TESTS/compliance_its` in the Mbed OS directory). | ||
| - Initial attestation test suite (`components/TARGET_PSA/TESTS/compliance_attestation` in the Mbed OS directory). | ||
|
|
||
| Every test suite contains a folder for each of the test scenarios. Each test scenario may run one or more test vectors. | ||
|
|
||
| ### Compiling and running tests | ||
|
|
||
| To compile and run PSA compliance tests in Mbed OS, run the following command: | ||
|
|
||
| ``` | ||
| mbed test -t <toolchain> -m <target> -n components-target_psa-tests-compliance_<test suite>_<test case number> | ||
| ``` | ||
| Where: | ||
|
|
||
| - `<toolchain>` may be `ARM`, `ARMC6`, `GCC_ARM` or `IAR`. | ||
|
|
||
| - `<target>` is your PSA-compliant target platform. | ||
|
|
||
| - `<test suite>` is: | ||
| - For crypto tests: `crypto-test`. | ||
| - For internal trusted storage tests: `its-test`. | ||
| - For attestation tests: `attestation-test`. | ||
|
|
||
| - `<test case number>` is: | ||
| - For crypto tests: `c001`, `c002`, and so on. | ||
| - For internal trusted storage tests: `s001`, `s002`, and so on. | ||
| - For attestation tests: `a001`, `a002`, and so on. | ||
|
|
||
GuyWi marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| You can also use an asterisk (`*`), or other wildcards, to compile and run the entire set of PSA compliance tests: | ||
|
|
||
| ``` | ||
| mbed test -t <toolchain> -m <target> -n components-target_psa-tests-compliance_* | ||
| ``` | ||
|
|
||
| ### Cryptographic configuration | ||
|
|
||
| By default, the PSA compliance tests run using the default Mbed OS cryptography configuration. (You can find the configuration at `features/mbedtls/inc/mbedtls/config.h` in the Mbed OS directory). When you use the default configuration, only tests supported by the configuration run. | ||
|
|
||
| You can override the default Mbed OS cryptography configuration using an `mbed_app.json` file, or by passing the `MBEDTLS_USER_CONFIG_FILE=<path to your custom configuration file>` flag in the compilation command. | ||
|
|
||
| For an example of how to use an `mbed_app.json` file to override the default cryptography configuration, please see the [mbed-os-psa-compliance-tests-example repository](https://github.com/ARMmbed/mbed-os-psa-compliance-tests-example). | ||
|
|
||
| ### Sample test output | ||
|
|
||
GuyWi marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| When the tests run, they output state information to the serial output. Below is an example of a successful run: | ||
|
|
||
| ``` | ||
| mbedgt: mbed-host-test-runner: started | ||
| mbedgt: checking for GCOV data... | ||
| mbedgt: test on hardware with target id: 190000006c0f1507036c0f1500000000000000002e127069 | ||
| mbedgt: test suite 'components-target_psa-tests-compliance_its-test_s009' ............................ OK in 55.01 sec | ||
| test case: 'Check1' .......................................................................... OK in 0.40 sec | ||
| mbedgt: mbed-host-test-runner: started | ||
| mbedgt: checking for GCOV data... | ||
| mbedgt: test on hardware with target id: 190000006c0f1507036c0f1500000000000000002e127069 | ||
| mbedgt: test suite 'components-target_psa-tests-compliance_its-test_s008' ............................ OK in 55.21 sec | ||
| test case: 'Check1' .......................................................................... OK in 0.10 sec | ||
| test case: 'Check2' .......................................................................... OK in 0.09 sec | ||
|
|
||
| mbedgt: test suite report: | ||
| | target | platform_name | test suite | result | elapsed_time (sec) | copy_method | | ||
| |---------------------------------|---------------------|------------------------------------------------------|---------|--------------------|-------------| | ||
| | CY8CKIT_062_WIFI_BT_PSA-GCC_ARM | CY8CKIT_062_WIFI_BT | components-target_psa-tests-compliance_its-test_s001 | OK | 19.45 | default | | ||
| | CY8CKIT_062_WIFI_BT_PSA-GCC_ARM | CY8CKIT_062_WIFI_BT | components-target_psa-tests-compliance_its-test_s002 | OK | 55.34 | default | | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.