Intermittent test failure for test_csr() and test_signing()

[MrXinWang]

Hi,

We are currently seeing intermittent test failure when executing parsec-cli-tests.sh on the FVP platform. The intermittent failure test cases are always test_csr() and test_signing().

Reproducer:

#!/bin/sh

set -e

max=200
for i in `seq 1 $max`
do
    echo "--------------$i test-------------"
    parsec-cli-tests.sh -d
    echo "--------------$i test done-------------"
done

We've investigated a bit and below is what we found.

1. The test_csr() case:

Full log with debug info when the case fails:
test_csr_fail_full.txt

Full log with debug info when the case passes:
test_csr_pass_full.txt

It looks like when the test case fails, the generated CSR below

-----BEGIN CERTIFICATE REQUEST-----
MIIBEzCBugIBADAxMRswGQYDVQQDDBJwYXJhbGxheHNlY29uZC5jb20xEjAQBgNV
BAUMCUVaNFUyQ0lYTDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHqW3v6RNxNC
rq4aqQDXf/gUAKHe+MKRzwcaJWoWpt7+vJmNbZmToVfrCClM8epDHwA1U1q7gGYN
UtgVMXIGoCSgJzAlBgkqhkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9z
dDAKBggqhkjOPQQDAgNIADBFAiAAMbC74dHo2sHy9cizKtkjssaCsV1E4asBP6+r
TUqTYQIhAOPZEmPDeUq45f6KrHqhgZQw2HThIwhPVFAzxxFtPk6M
-----END CERTIFICATE REQUEST-----

is shorter than the passed CSR below:

-----BEGIN CERTIFICATE REQUEST-----
MIIBFDCBugIBADAxMRswGQYDVQQDDBJwYXJhbGxheHNlY29uZC5jb20xEjAQBgNV
BAUMCUVaNFUyQ0lYTDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFKFxB9RJfvx
rQlb8rRIh1tPAK5yW6/ycXKJVpFFkkk43NNJpHUmUZKSagGBZPAKIItCDnnCMxLz
qBogAsYjfWugJzAlBgkqhkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9z
dDAKBggqhkjOPQQDAgNJADBGAiEA/GXlRImox5nNyLZY3g73SjWo5UoWrMuxEEXQ
YqgYeGYCIQCdDLos2E6HIWv/rk0lz0OwXjgS/86Lcd+MMC8Ff2C4tw==
-----END CERTIFICATE REQUEST-----

2. The test_signing() case:
   Full log can be found below, and we suspect that maybe the issue is similar to the test_csr() case.
   test_signing_fail_full.txt

May I please ask some helps from the parsec experts? Thanks very much!

[anta5010]

Could you add more details please, so we can try to reproduce the issue:

• parsec and parsec-tool versions
• how parsec was built, manually or with Yocto recipes. If former then rust version, if latter then Yocto layers versions. Which providers were included when parsec was built. Which providers are configured in parsec config.
• FVP version
• how do you run FVP, manually or Yocto runfvp script? what FVP parameters do you use?
• do you see failures for ECC keys only or for RSA keys as well?
• how many failures do you see from the 200 runs?
• do you see failures if you add a few seconds pause between the runs?
• is the host where you run FVP is shared? can it be overloaded?