Hi Andrej,

 

Great, I will upstream the patch.

 

Tamas

 

Hi Tamas,

 

The patch has eliminated the test fail.

Thank you,

Andrej

 

 

Hi Andrej,

 

The value of boot_seed is compared against a hard coded value. This behaviour  can be turned off in test/suites/attestation/attest_token_test_values.h.

Then only the presence of boot_seed claim will be checked but its value not.

 

Could you test this patch:

 

diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h

index 5910524..fe2b9d4 100644

--- a/test/suites/attestation/attest_token_test_values.h

+++ b/test/suites/attestation/attest_token_test_values.h

@@ -110,6 +110,8 @@

/* A 32 byte mostly random value. Binary.

  *    platform/ext/common/template/attest_hal.c

  */

+#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C

+/*

#define TOKEN_TEST_VALUE_BOOT_SEED \

     (struct q_useful_buf_c) {\

         (uint8_t[]){ \

@@ -120,6 +122,7 @@

         },\

         32\

     }

+*/

#define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */

 

/* A text string in EAN 13 format

 

Tamas

 

Hello,

 

Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail.

The log:

Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)...

> Executing 'TFM_ATTEST_TEST_2004'

  Description: 'ECDSA signature test of attest token'

decode_test_normal_sig() returned: -55

  Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136)

  TEST FAILED!

 

Is it know issue?

Probably, it’s better to use  a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()?

 

Thank you,

Andrej Butok