RT1xxx SOCs using the GPT timer require a custom ISR table for the arm
irq_vector_table test, since they use a custom system timer implemented
using the GPT peripheral. Implement the required vector tables within
the irq_vector_table test to enable it to run.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Split the zephyr project maintained repository trusted-firmware-m into
forks of the individual upstream repositories.
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
Upstream: TF-Mv1.4.1
Additions:
zephyr: module: Add zephyr module file
trusted-firmware-m: platform: lpcxpresso55s69: Update SDK
https://git.trustedfirmware.org/TF-M/tf-m-tests.git
Upstream: 51ff2bdfae043f6dd0813b000d928c4bda172660
Additions:
zephyr: module: Add module file for tf-m-tests
https://github.com/ARM-software/psa-arch-tests.git
Upstream: 60faad2ead1b967ec8e73accd793d3ed0e5c56bd
Additions:
zephyr: module: Add module file for psa-arch-tests
psa-arch-tests: Allow overriding of toolchain file
The organization of folders remain the same with the following
exceptions:
Moved:
root folder moved from modules/tee/tfm to modules/tee/tf-m to avoid
problems with west update.
zephyr/module.yml to trusted-firmware-m/zephyr/module.yml and
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR} points to what was previously
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m.
Added:
psa-arch-tests/zephyr/module.yml and ${ZEPHYR_PSA_ARCH_TESTS_MODULE_DIR}
tf-m-tests/zephyr/module/ and ${ZEPHYR_TF_M_TESTS_MODULE_DIR}
Removed:
init-git.sh
README.rst
Fixes: #39353
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Cleanup and preparation commit for linker script generator.
Zephyr linker scripts provides start and end symbols for each section,
and sometimes even size and LMA start symbols.
Generally, start and end symbols uses the following pattern, as:
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
However, this pattern is not followed consistently.
To allow for linker script generation and ensure consistent naming of
symbols then the following pattern is introduced consistently to allow
for cleaner linker script generation.
Section name: foo
Section start symbol: __foo_start
Section end symbol: __foo_end
Section size symbol: __foo_size
Section LMA start symbol: __foo_load_start
This commit aligns the symbols for _ramfunc_ram/rom to other symbols and
in such a way they follow consistent pattern which allows for linker
script and scatter file generation.
The symbols are named according to the section name they describe.
Section name is `ramfunc`
The following symbols are aligned in this commit:
- _ramfunc_ram_start -> __ramfunc_start
- _ramfunc_ram_end -> __ramfunc_end
- _ramfunc_ram_size -> __ramfunc_size
- _ramfunc_rom_start -> __ramfunc_load_start
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit updates the `arm_no_multithreading` test to run on the
recently added `mps3_an547` board.
The `mps3_an547` SoC includes the Cortex-M55 processor which implements
the ARMv8.1-M architecture that is not covered by any of the boards in
the current "allowed platforms" list for this test.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit fixes the FPSCR register initialisation validation test
for the ARMv8.1-M architecture.
For ARMv8.1-M, the newly added LTPSIZE field in the FPSCR may always
read the value of 4 when the M-Profile Vector Extension (MVE) is not
implemented or FP context is not active, so we must ignore its value
when validating the FPSCR register initialisation.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit fixes the FPSCR register initialisation validation test
for the ARMv8.1-M architecture.
For ARMv8.1-M, the newly added LTPSIZE field in the FPSCR may always
read the value of 4 when the M-Profile Vector Extension (MVE) is not
implemented or FP context is not active, so we must ignore its value
when validating the FPSCR register initialisation.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The Cortex-R architecture uses the threads stack to save context.
However, that is a security hole since a userspace thread could
manipulate the stack pointer before performing a system call and cause
the kernel to write to memory that it should not. This test will sanity
check that the Cortex-R svc and isr routines do not write to a userspace
supplied stack.
Signed-off-by: Bradley Bolen <bbolen@lexmark.com>
Adding a new test-suite for HardFault validation,
for Cortex-M Mainline architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test case to verify that triggering a
PendSV will lead to a Reserved Exception and
a CPU error, in the no-multithreading case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to changes in flash_layout.h for STM32L562, in the current
TF-M module update, we need to modify the DTS overlay files in
the TF-M samples where the board is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In some platforms, such as the nucleo L552ZE_Q, the hash computation
is done very fast, before the delayed work manages to trigger (and
perform the assert-based validations). Increase the length of the
computations so this race condition can be avoided.
Also, this commit adds some messages in the assert statements for
ease of debugging.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix for Issue#35658.
Update the custom vector table to add the OS Event timer
interrupt which is used on RT685 as the kernel system timer
Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
The test case part in test_arm_interrupt, which is
triggering a SysTick IRQ (when SysTick is not used
for system timer implementation), to catch a spurious
interrupt is not really testing what it is designed
for. The reason is that the z_arm_exc_spurious has
be re-designed to be invoked only if the kernel is
built without support for system clock, i.e. with
CONFIG_SYS_CLOCK_EXISTS=n, but this configuration is
not compatible with ZTESTs and is, therefore, never
tested in this test, in any configuration. When the
SysTick is not implemented in the HW, it is not
possible to set the PendSTSET bit, so this is not
possible to execute this part of the test case, anyways.
What we have been catching as an error, here, is the
ASSERT in the sys_clock_isr() weak implementation, but
asserts are verified earlier in this test case, so this
part is really redundant.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Introduce the fpu tag to tests that explicitly enable
the FPU and FPU_SHARING Kconfig options. The tag could
be used to run all FPU-related tests in the tree.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The AUDIT_LOG partition cannot be used in TF-M builds
with the IPC mode (CONFIG_TFM_IPC=y); we have added a
relevant dependency for this. So we can cleanup the
CONFIG_TFM_PARTITION_AUDIT_LOG=n from the configuration
files of the samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The existing test puts the same value into all FP registers, runs a
secure service which is then interrupted by a thread that clobbers the
registers.
This patch instead puts different values into each register to test
that each register is restored in the right order.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Minor fix to the name for the arm_irq_vector_table
test suite, removing the 'interrupt' from the name.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Shrink the name of the hidden cortex-m option for the
null-pointer dereference detection feature.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the tfm tag to the arm_thread_swap_tz test,
since the test is running with TF-M by default.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Correct thee dt overlays for the STM32 boards, so the Zephyr
image starting address is in accordance with what TF-m expects
it to be.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Decrease the submitted work delay, to ensure that the PSA
crypto operation will be preempted when the work fires. The
modification is required for devices with fast crypto
operations. Also minor corrections to the test ase name,
so it is not the same with the other arm_thread_swap test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For testing secure->non-secure thread swapping.
This also tests that the FP context is correctly preserved
when calling a secure function.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This adds code to swap_helper.S which does special handling of LR when
the interrupt came from secure. The LR value is stored to memory, and
put back into LR when swapping back to the relevant thread.
Also, add special handling of FP state when switching from secure to
non-secure, since we don't know whether the original non-secure thread
(which called a secure service) was using FP registers, so we always
store them, just in case.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
When multithreading is off, kernel source files like sem.c (samphore
implementation) are not present in the build. Some platforms by default
fetch modules or drivers that are using multithreading primitives and
because of that fails to compile when multithreading is off.
Limit the test to only qemu platforms since test is arch specific.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Extend the stress test of stacking error, to cover
the case of an active FP context.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Check that the index returned by the function that looks
for an available IRQ line is non-negative, and do not just
rely on catching this with an ASSERT. That suppresses a
Coverity out-of-bounds warning.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Flag was present only when ZLI was enabled. That resulted in additional
ifdefs needed whenever code supports ZLI and non-ZLI mode.
Removed ifdefs, added build assert to irq connections to fail at
compile time if IRQ_ZERO_LATENCY is set but ZLI is disabled. Additional
clean up made which resulted from removing the ifdef.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
In the arch/arm test suite there are tests running with
CONFIG_NO_OPTIMIZATIONS enabled, and may require a
larger idle thread stack size.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Temporarily save and restore all callee-saved registers
in the sub-routine, not only the frame pointer, to avoid
errors if compiler chooses to use them in the alternative
thread function. The callee-saved regs are restored after
the alternative thread switches back in.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a test case for the null pointer dereferencing detection
feature in Cortex-M. The test case is added in arm_interrupt
test suite and the README file is updated accordingly.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
arm_psci test suite is specific to ARM64, while
all other test suites in tests/arch/arm directory
are supported in Cortex-M architecture only. We
move arm_psci to arm64 directory, effectively,
separating tests suites for AARCH32 and AARCH64.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Clear Floating Point Status and Control Register (FPSCR),
to prevent from having the interrupt line set to pending again,
in case FPU IRQ is selected by the test as "Available IRQ line"
Fixes#31982
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Enable interrupts before switching to main()
in cortex-m builds with single-thread mode
(CONFIG_MULTITHREADING=n).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
According to comment memset() should be used instead of memcpy().
There is no need to access to address 0x0.
Fixes#28691
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Some test suites depend on determining at run-time
an available IRQ line which can then be used to execute
the test suite. This logic cannot used if the available
IRQ line is not targeting the current security state.
Therefore, filter out the _ns Cortex-m boards from
running these tests suites (i.e. when building with
CONFIG_TRUSTED_EXECUTION_NONSECURE=y) since we can not
contol the target state of the NVIC interrupt lines.
These tests suites test generic ARM features, that do
not depend on TrustZone-M configuration, so it is OK
that they are only executed on ARM platforms without
the NONSECURE configration set.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit reworks the .yaml files in Cortex-M
test suites, by grouping the common configuration
under the common: section. This considerably cleans
up the test suite configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Read a volatile status into a local variable to
discard a side effect in assertion. This fixes
an issue reported by Coverity: CID: 214210.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To improve Zephyr security, I decided to create a test
test_after_syscall_cpu_scrubs_regs
I think necessary to check upon exit of a system call back
to the calling thread, the kernel scrubs CPU registers for sensitive
data.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Provide a TZ_SAFE_ENTRY_FUNC() macro for wrapping non-secure entry
functions in calls to k_sched_lock()/k_sched_unlock()
Provide a __TZ_WRAP_FUNC() macro which helps in creating a function
that "wraps" another in a preface and postface function call.
int foo(char *arg); // Implemented somewhere else.
int __attribute__((naked)) foo_wrapped(char *arg)
{
WRAP_FUNC(bar, foo, baz);
}
is equivalent to
int foo(char *arg); // Implemented somewhere else.
int foo_wrapped(char *arg)
{
bar();
int res = foo(arg);
baz();
return res;
}
This commit also adds tests for __TZ_WRAP_FUNC().
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
It should be nrfx_power_clock_irq_handler, not nrfx_clock_irq_handler.
The latter is only present as a function if both nrfx CLOCK and POWER
drivers are used and it is then called from the actual IRQ handler,
which is always named nrfx_power_clock_irq_handler (also when only
the nrfx CLOCK driver is used as in case of this test).
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Remove special handling of the ARM Cortex-M1 DesignStart FPGA reference
design running on the Digilent Arty after CONFIG_NUM_IRQS was reduced
from 8 to 7.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
