Hi Andrej,
The overhead of adding extra partitions is not all that high. The patch adding the partition adds 144 bytes of ROM and 544 bytes of RAM to a RegressionIPCTfmLevel2 binary built with -Os. RAM increase will be less with library model with shared secure stack.
Best wishes, Jamie
From: Andrej Butok andrey.butok@nxp.com Sent: 18 December 2019 11:47 To: Jamie Fox Jamie.Fox@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: RE: Adding a new test partition to test multi-partition scenarios
We already have about 7 test services/partitions. It's growing. To save resources. Is it possible to combine the test partitions to one or just few?
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Jamie Fox via TF-M Sent: Wednesday, December 18, 2019 12:34 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: [TF-M] Adding a new test partition to test multi-partition scenarios
Hi all,
There's a need to test service features in TF-M involving more than one partition taking certain actions. For example, the ITS service implements access control for assets in storage based on the partition ID of the client, so we want to test the case where one partition attempts to access an asset belonging to another. There is a similar scenario for Crypto involving access control for keys.
Previously we have tested the same feature in SST with multiple NS RTOS threads, relying on the NS RTOS to provide distinct client IDs for each, but as NS client identification may not always be available this is not the ideal solution.
I am proposing we add a 'Secure Client 2' test partition to act as slave for the Secure Client (1) test partition that executes the secure test suites. The new partition provides a service to call test functions by ID within its execution context and return the resulting status to the caller. The initial implementation is here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/2838https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2Ftrusted-firmware-m%2F%2B%2F2838&data=02%7C01%7Candrey.butok%40nxp.com%7Cad87b1049da341f98af408d783ae350d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637122656570916064&sdata=hGOTPuN0aw3KWghjC3%2BlOfIlOfhzp%2BcNo9DZwLlYIrw%3D&reserved=0 . For now it is as simple as possible, just provides one API to call functions by ID, no support for passing other arguments, but we can extend when there is a need for more features.
Here I have implemented a basic test for ITS access control using the new partition: https://review.trustedfirmware.org/c/trusted-firmware-m/+/2790https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2Ftrusted-firmware-m%2F%2B%2F2790&data=02%7C01%7Candrey.butok%40nxp.com%7Cad87b1049da341f98af408d783ae350d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637122656570916064&sdata=NVwOl1RHMoF2743lN5Jc3RxQCyDhQ6gkTdR9nZBCKkg%3D&reserved=0
Kind regards, Jamie