samples: Add a sample for running PSA tests

Use the Kconfigs in TFM to enable the different suites.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>

samples/tfm_integration/tfm_psa_test/CMakeLists.txt

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2021 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+cmake_minimum_required(VERSION 3.13.1)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+
+project(tfm_psa_storage_test)
+
+target_sources(app PRIVATE src/main.c)

samples/tfm_integration/tfm_psa_test/README.rst

@@ -0,0 +1,99 @@
+.. _tfm_psa_test:
+
+TF-M Platform Security Architecture Test Sample
+###############################################
+
+Overview
+********
+
+Run PSA test suites tests with Zephyr and TFM.
+
+The PSA tests are implemented in the psa-arch-tests repo: https://github.com/ARM-software/psa-arch-tests
+
+This sample is supported for platforms that have a port in psa-arch-tests.
+See sample.yaml for a list of supported platforms.
+
+Building and Running
+********************
+
+You must choose a suite via the CONFIG_TFM_PSA_TEST_* configs.
+
+On Target
+=========
+
+Refer to :ref:`tfm_ipc` for detailed instructions.
+
+On QEMU:
+========
+
+Refer to :ref:`tfm_ipc` for detailed instructions.
+Following is an example based on ``west build``
+
+   .. code-block:: bash
+
+      $ west build samples/tfm_integration/tfm_psa_test/ -p -b mps2_an521_nonsecure -t run -- -DCONFIG_TFM_PSA_TEST_STORAGE=y
+
+Sample Output
+=============
+
+   .. code-block:: console
+
+      *** Booting Zephyr OS build zephyr-v2.5.0-456-g06f4da459a99  ***
+
+      ***** PSA Architecture Test Suite - Version 1.0 *****
+
+      Running.. Storage Suite
+      ******************************************
+
+      TEST: 401 | DESCRIPTION: UID not found check
+      [Info] Executing tests from non-secure
+
+      [Info] Executing ITS tests
+      [Check 1] Call get API for UID 6 which is not set
+      [Check 2] Call get_info API for UID 6 which is not set
+      [Check 3] Call remove API for UID 6 which is not set
+      [Check 4] Call get API for UID 6 which is removed
+      [Check 5] Call get_info API for UID 6 which is removed
+      [Check 6] Call remove API for UID 6 which is removed
+      Set storage for UID 6
+      [Check 7] Call get API for different UID 5
+      [Check 8] Call get_info API for different UID 5
+      [Check 9] Call remove API for different UID 5
+
+      [Info] Executing PS tests
+      [Check 1] Call get API for UID 6 which is not set
+      [Check 2] Call get_info API for UID 6 which is not set
+      [Check 3] Call remove API for UID 6 which is not set
+      [Check 4] Call get API for UID 6 which is removed
+      [Check 5] Call get_info API for UID 6 which is removed
+      [Check 6] Call remove API for UID 6 which is removed
+      Set storage for UID 6
+      [Check 7] Call get API for different UID 5
+      [Check 8] Call get_info API for different UID 5
+      [Check 9] Call remove API for different UID 5
+
+      TEST RESULT: PASSED
+
+      ******************************************
+
+      [...]
+
+      TEST: 417 | DESCRIPTION: Storage assest capacity modification check
+      [Info] Executing tests from non-secure
+
+      [Info] Executing PS tests
+      Test Case skipped as Optional PS APIs not are supported.
+
+      TEST RESULT: SKIPPED (Skip Code=0x0000002B)
+
+      ******************************************
+
+      ************ Storage Suite Report **********
+      TOTAL TESTS     : 17
+      TOTAL PASSED    : 11
+      TOTAL SIM ERROR : 0
+      TOTAL FAILED    : 0
+      TOTAL SKIPPED   : 6
+      ******************************************
+
+      Entering standby..

samples/tfm_integration/tfm_psa_test/prj.conf

@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2021 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+CONFIG_BUILD_WITH_TFM=y
+
+# Needed for CRYPTO and INITIAL_ATTESTATION
+CONFIG_MAIN_STACK_SIZE=4096

samples/tfm_integration/tfm_psa_test/sample.yaml

@@ -0,0 +1,19 @@
+common:
+    tags: tfm
+    platform_allow: mps2_an521_nonsecure v2m_musca_s1_nonsecure
+                    nrf5340dk_nrf5340_cpuappns nrf9160dk_nrf9160ns
+    harness: console
+    harness_config:
+      type: multi_line
+      regex:
+        - "\\*\\*\\*\\*\\* PSA Architecture Test Suite - Version .* \\*\\*\\*\\*\\*"
+        - "TOTAL FAILED *: 0"
+sample:
+  name: "TFM PSA Test"
+
+tests:
+  sample.tfm.psa_protected_storage_test:
+    extra_args: "CONFIG_TFM_PSA_TEST_PROTECTED_STORAGE=y"
+    timeout: 100
+  sample.tfm.psa_internal_trusted_storage_test:
+    extra_args: "CONFIG_TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGE=y"

samples/tfm_integration/tfm_psa_test/src/main.c

@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021 Nordic Semiconductor ASA.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr.h>
+
+/* Run the PSA test suite */
+void psa_test(void);
+
+__attribute__((noreturn))
+void main(void)
+{
+#ifdef CONFIG_TFM_PSA_TEST_NONE
+	#error "No PSA test suite set. Use Kconfig to enable a test suite.\n"
+#else
+	psa_test();
+#endif
+
+	for (;;) {
+	}
+}