Hi Tamas,
The patch has eliminated the test fail.
Thank you,
Andrej
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Tamas Ban via TF-M
Sent: Thursday, May 14, 2020 2:32 PM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Boot seed in TFM Attestation tests
Hi Andrej,
The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in
test/suites/attestation/attest_token_test_values.h.
Then only the presence of boot_seed claim will be checked but its value not.
Could you test this patch:
diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h
index 5910524..fe2b9d4 100644
--- a/test/suites/attestation/attest_token_test_values.h
+++ b/test/suites/attestation/attest_token_test_values.h
@@ -110,6 +110,8 @@
/* A 32 byte mostly random value. Binary.
* platform/ext/common/template/attest_hal.c
*/
+#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C
+/*
#define TOKEN_TEST_VALUE_BOOT_SEED \
(struct q_useful_buf_c) {\
(uint8_t[]){ \
@@ -120,6 +122,7 @@
},\
32\
}
+*/
#define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */
/* A text string in EAN 13 format
Tamas
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Andrej Butok via TF-M
Sent: 14 May 2020 12:06
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Boot seed in TFM Attestation tests
Hello,
Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail.
The log:
Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)...
> Executing 'TFM_ATTEST_TEST_2004'
Description: 'ECDSA signature test of attest token'
decode_test_normal_sig() returned: -55
Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136)
TEST FAILED!
Is it know issue?
Probably, it’s better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()?
Thank you,
Andrej Butok