Some names of the test cases are duplicated within the project.
This commit contains the proposed names of the test scenarios.
Signed-off-by: Katarzyna Giadla <katarzyna.giadla@nordicsemi.no>
Change the CPU_CORTEX_R kconfig option to CPU_AARCH32_CORTEX_R to
distinguish the armv7 version from the armv8 version of Cortex-R.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
This adds a filter to only tests platforms that has
CONFIG_X86_PC_COMPATIBLE enabled. ACPI, multiboot and
CMOS RTC are usually all present on PC compatible and
not embedded ones. So limit the scope here.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Use the set of headers that the TF-M build system places in the
install output. Not all public header files are available in the
interface/include directory and the TF-M build system uses the install
mechanism of cmake to include additional headers based on platform
or configuration.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Update the custom vector table to add the OS Event timer
interrupt which is used on RT595 as the kernel system timer
Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
For functions returning nothing, there is no need to document
with @return, as Doxgen complains about "documented empty
return type of ...".
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Due to a recent change in TFM, some more space should be allocated
to mcuboot flash partition (some space should be allocated for OTP)
(Cf commit db07170a34f ("Platform: Allocate space in flash for OTP")
in trusted-firmware-m repo)
Take this into account and increase mcuboot flash partition for
nucleo_l552ze_q_ns target.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
TFM disables the FPU on this target, so the test will usagefault
with a NOCP exception type when run.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
RT1xxx SOCs using the GPT timer require a custom ISR table for the arm
irq_vector_table test, since they use a custom system timer implemented
using the GPT peripheral. Implement the required vector tables within
the irq_vector_table test to enable it to run.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Split the zephyr project maintained repository trusted-firmware-m into
forks of the individual upstream repositories.
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
Upstream: TF-Mv1.4.1
Additions:
zephyr: module: Add zephyr module file
trusted-firmware-m: platform: lpcxpresso55s69: Update SDK
https://git.trustedfirmware.org/TF-M/tf-m-tests.git
Upstream: 51ff2bdfae043f6dd0813b000d928c4bda172660
Additions:
zephyr: module: Add module file for tf-m-tests
https://github.com/ARM-software/psa-arch-tests.git
Upstream: 60faad2ead1b967ec8e73accd793d3ed0e5c56bd
Additions:
zephyr: module: Add module file for psa-arch-tests
psa-arch-tests: Allow overriding of toolchain file
The organization of folders remain the same with the following
exceptions:
Moved:
root folder moved from modules/tee/tfm to modules/tee/tf-m to avoid
problems with west update.
zephyr/module.yml to trusted-firmware-m/zephyr/module.yml and
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR} points to what was previously
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m.
Added:
psa-arch-tests/zephyr/module.yml and ${ZEPHYR_PSA_ARCH_TESTS_MODULE_DIR}
tf-m-tests/zephyr/module/ and ${ZEPHYR_TF_M_TESTS_MODULE_DIR}
Removed:
init-git.sh
README.rst
Fixes: #39353
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add a simple ITS driver test allocating 8192 LPIs over 256 DeviceIDS
and 32 EventIDs per DeviceID to exercise the ITS for the MSI/MSI-X
usecase.
The test is set as `build_only: true` and whitelisted to the
fvp_base_revc_2xaemv8a board until the shipped Zephyr QEMU
has the ITS support.
Since `fvp_base_revc_2xaemv8a` needs FIP & BL1 files, test is marked
as `skip: true`.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
The ITS needs a number of table, so HEAP must be reserved for runtime
allocation (1MiB is a round and convenient value):
- Redistributor:
* 64K table for all redistributors
* 64k for each redistributors
- ITS:
* 4K collection table aligned on 4K
* 4K x 128 device table aligned on 4K
This makes 11x64K to permit all allocations to success.
Note, will need 64K HEAP_MEM per CPUs added.
This doesn't necessarily include the Interrupt Translation Table,
which are 256bytes aligned tables, for reference a 32 ITEs table
needs 256bytes.
With 14x64K HEAP, up to 116 ITT tables of 32 ITEs can be allocated.
A specific HEAP_MEM_POOL_SIZE as been added to arm64_gicv3_its test
for the fvp_base_revc_2xaemv8a board to satisfy all memory allocation
constraints for 256 ITT tables with 32 ITEs allocations.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Latel we have had several failures and regressions due to the setting of
CONFIG_SRAM_BASE_ADDRESS to really high values (over the 4GB boundary).
To try to catch these problems as early as possible we add a build-only
test based on the hello_world_user sample that tries to compile the test
using a combination of CONFIG_SRAM_BASE_ADDRESS and
CONFIG_KERNEL_VM_BASE set to high values in memory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each larger
areas in the linker script.
The symbols _image_text_start and _image_text_end sometimes includes
linker/kobject-text.ld. This mean there must be both the regular
__text_start and __text_end symbols for the pure text section, as well
as <group>_start and <group>_end symbols.
The symbols describing the text region which covers more than just the
text section itself will thus be changed to:
_image_text_start -> __text_region_start
_image_text_end -> __text_region_end
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each larger
areas in the linker script.
The symbols _image_rom_start and _image_rom_end corresponds to the group
ROMABLE_REGION defined in the ld linker scripts.
The symbols _image_rodata_start and _image_rodata_end is not placed as
independent group but covers common-rom.ld, thread-local-storage.ld,
kobject-rom.ld and snippets-rodata.ld.
This commit align those names and prepares for generation of groups in
linker scripts.
The symbols describing the ROMABLE_REGION will be renamed to:
_image_rom_start -> __rom_region_start
_image_rom_end -> __rom_region_end
The rodata will also use the group symbol notation as:
_image_rodata_start -> __rodata_region_start
_image_rodata_end -> __rodata_region_end
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each section,
and sometimes even size and LMA start symbols.
Generally, start and end symbols uses the following pattern, as:
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
However, this pattern is not followed consistently.
To allow for linker script generation and ensure consistent naming of
symbols then the following pattern is introduced consistently to allow
for cleaner linker script generation.
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
Section size symbol: __foo_size
Section LMA start symbol: __foo_load_start
This commit aligns the symbols for _ramfunc_ram/rom to other symbols and
in such a way they follow consistent pattern which allows for linker
script and scatter file generation.
The symbols are named according to the section name they describe.
Section name is `ramfunc`
The following symbols are aligned in this commit:
- _ramfunc_ram_start -> __ramfunc_start
- _ramfunc_ram_end -> __ramfunc_end
- _ramfunc_ram_size -> __ramfunc_size
- _ramfunc_rom_start -> __ramfunc_load_start
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
When demand paging is enabled and not all generic sections are
in physical memory at boot, only tests the permission up to the end
of the pinned section.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
This commit updates the `arm_no_multithreading` test to run on the
recently added `mps3_an547` board.
The `mps3_an547` SoC includes the Cortex-M55 processor which implements
the ARMv8.1-M architecture that is not covered by any of the boards in
the current "allowed platforms" list for this test.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit fixes the FPSCR register initialisation validation test
for the ARMv8.1-M architecture.
For ARMv8.1-M, the newly added LTPSIZE field in the FPSCR may always
read the value of 4 when the M-Profile Vector Extension (MVE) is not
implemented or FP context is not active, so we must ignore its value
when validating the FPSCR register initialisation.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit fixes the FPSCR register initialisation validation test
for the ARMv8.1-M architecture.
For ARMv8.1-M, the newly added LTPSIZE field in the FPSCR may always
read the value of 4 when the M-Profile Vector Extension (MVE) is not
implemented or FP context is not active, so we must ignore its value
when validating the FPSCR register initialisation.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The Cortex-R architecture uses the threads stack to save context.
However, that is a security hole since a userspace thread could
manipulate the stack pointer before performing a system call and cause
the kernel to write to memory that it should not. This test will sanity
check that the Cortex-R svc and isr routines do not write to a userspace
supplied stack.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Adding a new test-suite for HardFault validation,
for Cortex-M Mainline architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test case to verify that triggering a
PendSV will lead to a Reserved Exception and
a CPU error, in the no-multithreading case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to changes in flash_layout.h for STM32L562, in the current
TF-M module update, we need to modify the DTS overlay files in
the TF-M samples where the board is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In some platforms, such as the nucleo L552ZE_Q, the hash computation
is done very fast, before the delayed work manages to trigger (and
perform the assert-based validations). Increase the length of the
computations so this race condition can be avoided.
Also, this commit adds some messages in the assert statements for
ease of debugging.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix for Issue#35658.
Update the custom vector table to add the OS Event timer
interrupt which is used on RT685 as the kernel system timer
Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
The test case part in test_arm_interrupt, which is
triggering a SysTick IRQ (when SysTick is not used
for system timer implementation), to catch a spurious
interrupt is not really testing what it is designed
for. The reason is that the z_arm_exc_spurious has
be re-designed to be invoked only if the kernel is
built without support for system clock, i.e. with
CONFIG_SYS_CLOCK_EXISTS=n, but this configuration is
not compatible with ZTESTs and is, therefore, never
tested in this test, in any configuration. When the
SysTick is not implemented in the HW, it is not
possible to set the PendSTSET bit, so this is not
possible to execute this part of the test case, anyways.
What we have been catching as an error, here, is the
ASSERT in the sys_clock_isr() weak implementation, but
asserts are verified earlier in this test case, so this
part is really redundant.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Introduce the fpu tag to tests that explicitly enable
the FPU and FPU_SHARING Kconfig options. The tag could
be used to run all FPU-related tests in the tree.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The AUDIT_LOG partition cannot be used in TF-M builds
with the IPC mode (CONFIG_TFM_IPC=y); we have added a
relevant dependency for this. So we can cleanup the
CONFIG_TFM_PARTITION_AUDIT_LOG=n from the configuration
files of the samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The existing test puts the same value into all FP registers, runs a
secure service which is then interrupted by a thread that clobbers the
registers.
This patch instead puts different values into each register to test
that each register is restored in the right order.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Minor fix to the name for the arm_irq_vector_table
test suite, removing the 'interrupt' from the name.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Shrink the name of the hidden cortex-m option for the
null-pointer dereference detection feature.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When loaded via EFI, we obviously don't have a multiboot info pointer
available (we might have an EFI system table, but zefi doesn't pass
that through yet). Don't try to parse the "whatever garbage was in
%rbp" as a multiboot table.
The configuration is a little clumsy, as strictly our EFI kconfig just
says we're "building for" EFI but not that we'll boot that way. And
tests like arch/x86/info are trying to set CONFIG_MULTIBOOT=n
unconditionally, when it really should be something they detect from
devicetree or wherever.
Fixes#33545
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the tfm tag to the arm_thread_swap_tz test,
since the test is running with TF-M by default.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Correct thee dt overlays for the STM32 boards, so the Zephyr
image starting address is in accordance with what TF-m expects
it to be.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Decrease the submitted work delay, to ensure that the PSA
crypto operation will be preempted when the work fires. The
modification is required for devices with fast crypto
operations. Also minor corrections to the test ase name,
so it is not the same with the other arm_thread_swap test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For testing secure->non-secure thread swapping.
This also tests that the FP context is correctly preserved
when calling a secure function.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This adds code to swap_helper.S which does special handling of LR when
the interrupt came from secure. The LR value is stored to memory, and
put back into LR when swapping back to the relevant thread.
Also, add special handling of FP state when switching from secure to
non-secure, since we don't know whether the original non-secure thread
(which called a secure service) was using FP registers, so we always
store them, just in case.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
When multithreading is off, kernel source files like sem.c (samphore
implementation) are not present in the build. Some platforms by default
fetch modules or drivers that are using multithreading primitives and
because of that fails to compile when multithreading is off.
Limit the test to only qemu platforms since test is arch specific.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Extend the stress test of stacking error, to cover
the case of an active FP context.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Check that the index returned by the function that looks
for an available IRQ line is non-negative, and do not just
rely on catching this with an ASSERT. That suppresses a
Coverity out-of-bounds warning.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
