Skip to content

Commit

Permalink
ci: Update FIH tests for newer TFM
Browse files Browse the repository at this point in the history
Update build to run on new TFM release to be used (eb8ff0d).
Refactor hardcoded path usage to all come from a main configuration
script.

Signed-off-by: Fabio Utzig <[email protected]>
  • Loading branch information
utzig authored and d3zd3z committed Sep 9, 2024
1 parent 6810e35 commit f51a014
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 30 deletions.
36 changes: 19 additions & 17 deletions ci/fih_test_docker/execute_test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,7 @@

set -e

WORKING_DIRECTORY=/root/work/tfm
MCUBOOT_PATH=$WORKING_DIRECTORY/mcuboot
TFM_DIR=$WORKING_DIRECTORY/trusted-firmware-m
TFM_BUILD_DIR=$TFM_DIR/build
source $(dirname "$0")/paths.sh

SKIP_SIZE=$1
BUILD_TYPE=$2
Expand All @@ -34,26 +31,31 @@ else
fi

# build TF-M with MCUBoot
mkdir -p $TFM_BUILD_DIR
cd $TFM_DIR
cmake -B $TFM_BUILD_DIR \
-DTFM_SPM_LOG_LEVEL=TFM_SPM_LOG_LEVEL_INFO \
-DCMAKE_BUILD_TYPE=$BUILD_TYPE \
-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
mkdir -p $TFM_BUILD_PATH $TFM_SPE_BUILD_PATH

cmake -S $TFM_TESTS_PATH/tests_reg/spe \
-B $TFM_SPE_BUILD_PATH \
-DTFM_PLATFORM=arm/mps2/an521 \
-DTEST_NS=ON \
-DCONFIG_TFM_SOURCE_PATH=$TFM_PATH \
-DCMAKE_BUILD_TYPE=$BUILD_TYPE \
-DTFM_TOOLCHAIN_FILE=$TFM_PATH/toolchain_GNUARM.cmake \
-DTEST_S=ON \
-DTEST_NS=ON \
-DTFM_PSA_API=ON \
-DMCUBOOT_PATH=$MCUBOOT_PATH \
-DMCUBOOT_LOG_LEVEL=INFO \
$CMAKE_FIH_LEVEL \
.
cd $TFM_BUILD_DIR
make -j install
$CMAKE_FIH_LEVEL
cmake --build $TFM_SPE_BUILD_PATH -- install

BOOTLOADER_AXF='./install/outputs/bl2.axf'
cmake -S $TFM_TESTS_PATH/tests_reg \
-B $TFM_BUILD_PATH \
-DCONFIG_SPE_PATH=$TFM_SPE_BUILD_PATH/api_ns \
-DCMAKE_BUILD_TYPE=$BUILD_TYPE \
-DTFM_TOOLCHAIN_FILE=$TFM_SPE_BUILD_PATH/api_ns/cmake/toolchain_ns_GNUARM.cmake
cmake --build $TFM_BUILD_PATH

$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml
cd $TFM_BUILD_PATH
$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF_PATH $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml

echo ""
echo "test finished with"
Expand Down
13 changes: 7 additions & 6 deletions ci/fih_test_docker/fi_tester_gdb.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.

source $(dirname "$0")/paths.sh

function skip_instruction {

local SKIP_ADDRESS=$1
Expand All @@ -40,7 +42,7 @@ function skip_instruction {

cat >commands.gdb <<EOF
target remote localhost: 1234
file $IMAGE_DIR/bl2.axf
file $AXF_FILE
b boot_go_for_image_id if image_id == 0
continue
delete breakpoints 1
Expand Down Expand Up @@ -71,8 +73,8 @@ EOF
/usr/bin/qemu-system-arm \
-M mps2-an521 \
-s -S \
-kernel $IMAGE_DIR/bl2.axf \
-device loader,file=$IMAGE_DIR/tfm_s_ns_signed.bin,addr=0x10080000 \
-kernel $AXF_FILE \
-device loader,file=$TFM_IMAGE_PATH,addr=0x10080000 \
-chardev file,id=char0,path=$QEMU_LOG_FILE \
-serial chardev:char0 \
-display none \
Expand Down Expand Up @@ -100,7 +102,7 @@ EOF
#print the address that was skipped, and some context to the console
echo "" 1>&2
echo "Boot success: address: $SKIP_ADDRESS skipped: $SKIP_SIZE" 1>&2
arm-none-eabi-objdump -d $IMAGE_DIR/bl2.axf --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
arm-none-eabi-objdump -d $AXF_FILE --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
echo "" 1>&2
echo "" 1>&2
else
Expand Down Expand Up @@ -142,8 +144,7 @@ usage() {

#defaults
SKIP=2
BIN_DIR=$(pwd)/install/outputs
AXF_FILE=$BIN_DIR/bl2.axf
AXF_FILE=${BOOTLOADER_AXF_PATH}
GDB=gdb-multiarch
BOOTLOADER=true

Expand Down
10 changes: 10 additions & 0 deletions ci/fih_test_docker/paths.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
WORK_PATH=/root/work/tfm
MCUBOOT_PATH=$WORK_PATH/mcuboot
TFM_PATH=$WORK_PATH/trusted-firmware-m
TFM_TESTS_PATH=$WORK_PATH/tf-m-tests
TFM_SPE_BUILD_PATH=$TFM_PATH/build_spe
TFM_BUILD_PATH=$TFM_PATH/build
BOOTLOADER_AXF_PATH=$TFM_SPE_BUILD_PATH/bin/bl2.axf
TFM_IMAGE_NAME=tfm_s_ns_signed.bin
TFM_IMAGE_OUTPUT_PATH=$TFM_BUILD_PATH
TFM_IMAGE_PATH=$TFM_IMAGE_OUTPUT_PATH/$TFM_IMAGE_NAME
15 changes: 8 additions & 7 deletions ci/fih_test_docker/run_fi_test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,17 @@ MCUBOOT_AXF=$1
SKIP_SIZES=$2
DAMAGE_TYPE=$3

source $(dirname "$0")/paths.sh

# Take an image and make it unbootable. This is done by replacing one of the
# strings in the image with a different string. This causes the signature check
# to fail
function damage_image
{
IMAGEDIR=$(dirname $MCUBOOT_AXF)
local IMAGE_NAME=tfm_s_ns_signed.bin
local BACKUP_IMAGE_NAME=tfm_s_ns_signed.bin.orig
local IMAGE=$IMAGEDIR/$IMAGE_NAME
mv $IMAGE $IMAGEDIR/$BACKUP_IMAGE_NAME
local IMAGE_NAME=${TFM_IMAGE_NAME}
local BACKUP_IMAGE_NAME=${TFM_IMAGE_NAME}.orig
local IMAGE=$TFM_IMAGE_OUTPUT_PATH/$IMAGE_NAME
mv $IMAGE $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME

if [ "$DAMAGE_TYPE" = "SIGNATURE" ]; then
DAMAGE_PARAM="--signature"
Expand All @@ -48,7 +49,7 @@ function damage_image
exit -1
fi

python3 $DIR/damage_image.py -i $IMAGEDIR/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
python3 $DIR/damage_image.py -i $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
}

function run_test
Expand All @@ -73,7 +74,7 @@ function run_test
END=$(printf "0x%X" $((END + PAD)))

# Invoke the fi tester script
$DIR/fi_tester_gdb.sh $IMAGEDIR $START $END --skip $SKIP_SIZE
$DIR/fi_tester_gdb.sh $TFM_IMAGE_OUTPUT_PATH $START $END --skip $SKIP_SIZE
done
}

Expand Down

0 comments on commit f51a014

Please sign in to comment.