Hi Chris,

 

It does be a bit weird. I also tried on AN521 but didn’t reproduce the issue either.

But anyway I will merge Raef’s fix soon so you can proceed your job.

 

Best regards,

Hu Ziji

 

From: Chris.Brand@infineon.com <Chris.Brand@infineon.com>
Sent: Monday, October 18, 2021 11:31 PM
To: David Hu <David.Hu@arm.com>; tf-m@lists.trustedfirmware.org
Subject: RE: PSA Arch attestation test failure

 

Hi David,

 

That’s weird. My build command is nothing odd:

cmake -S . -B build_GNUARM_Release '-GUnix Makefiles' -DTFM_PLATFORM=cypress/psoc64 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Release -DTEST_PSA_API=INITIAL_ATTESTATION -DTFM_ISOLATION_LEVEL=2

 

Chris

 

From: David Hu <David.Hu@arm.com>
Sent: Monday, October 18, 2021 12:03 AM
To: Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: RE: PSA Arch attestation test failure

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Chris,

 

Sorry I tried both isolation level 1 and level 2 on PSoC64 with the latest TF-M but cannot reproduce the failure.

I tried both GNUARM 7.3.1 and 8.3.1. Both passed the test.

 

Can you please share your build command?

 

The log I got:

 

Starting Cortex-M4 at 0x10050400

Non-secure code running on non-secure core.

 

Cores sync success.

Non-Secure system starting...

 

***** PSA Architecture Test Suite - Version 1.2 *****

 

Running.. Attestation Suite

******************************************

 

TEST: 601 | DESCRIPTION: Testing attestation initial attestation APIs | UT: psa_initial_attestation

[Info] Executing tests from non-secure

[Check 1] Test psa_initial_attestation_get_token with Challenge 32

[Check 2] Test psa_initial_attestation_get_token with Challenge 48

[Check 3] Test psa_initial_attestation_get_token with Challenge 64

[Check 4] Test psa_initial_attestation_get_token with zero challenge size

[Check 5] Test psa_initial_attestation_get_token with small challenge size

[Check 6] Test psa_initial_attestation_get_token with invalid challenge size

[Check 7] Test psa_initial_attestation_get_token with large challenge size

[Check 8] Test psa_initial_attestation_get_token with zero as token size

[Check 9] Test psa_initial_attestation_get_token with small token size

[Check 10] Test psa_initial_attestation_get_token_size with Challenge 32

[Check 11] Test psa_initial_attestation_get_token_size with Challenge 48

[Check 12] Test psa_initial_attestation_get_token_size with Challenge 64

[Check 13] Test psa_initial_attestation_get_token_size with zero challenge size

[Check 14] Test psa_initial_attestation_get_token_size with small challenge size

[Check 15] Test psa_initial_attestation_get_token_size with invalid challenge size

[Check 16] Test psa_initial_attestation_get_token_size with large challenge size

 

TEST RESULT: PASSED

 

******************************************

 

************ Attestation Suite Report **********

TOTAL TESTS     : 1

TOTAL PASSED    : 1

TOTAL SIM ERROR : 0

TOTAL FAILED    : 0

TOTAL SKIPPED   : 0

******************************************

 

Entering standby..

 

Best regards,

Hu Ziji

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Monday, October 18, 2021 10:03 AM
To: Chris.Brand@infineon.com
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org
Subject: Re: [TF-M] PSA Arch attestation test failure

 

Hi Chris,

 

Thanks for reporting this issue. I will take care of it.

 

Best regards,

Hu Ziji

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of chris.brand--- via TF-M
Sent: Saturday, October 16, 2021 5:47 AM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] PSA Arch attestation test failure

 

Hi,

 

We’re seeing a failure in the PSA Arch attestation test, specifically:

TEST: 601 | DESCRIPTION: Testing attestation initial attestation APIs | UT: psa_initial_attestation

[Info] Executing tests from non-secure

[Check 1] Test psa_initial_attestation_get_token with Challenge 32

[Check 2] Test psa_initial_attestation_get_token with Challenge 48

        Failed at Checkpoint: 1

        Actual: -138

        Expected: 0

 

TEST RESULT: FAILED (Error Code=0x1)

 

The failure is seen on PSoC, but only the gcc Release build (armclang and the other three gcc builds are all fine. Haven’t tested IAR), which makes it tricky to debug. PSoC uses the common attest HAL code, though, so I imagine the issue may also be present on other platforms.

 

Bisecting the problem leads to commit 09d71ffd40368b978d428744ad7ba0d3963f8d1d (“Platform: Use OTP as backing for attestation data”).

 

-138 is PSA_ERROR_BUFFER_TOO_SMALL.

 

I’m running gcc-arm-none-eabi-7-2018-q2-update, in case that matters.

 

Chris Brand

 

Cypress Semiconductor (Canada), Inc.

Sr Prin Software Engr

CSCA CSS ICW SW PSW 1

Office: +1 778 234 0515

Chris.Brand@infineon.com