diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d5eb4afe068f6f553fb78daf503bfe3d0fa40ffa..022ec98153b6393e8d3b1ddd04217cbf3bcc8650 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,7 +22,7 @@ variables: FORCE_TESTS: value: none description: Comma seperated list of tests that must be run - (all, ptest, acs) + (all, ptest, acs, sanity) FREQUENCY: value: adhoc description: How frequently is this build run diff --git a/.gitlab/ci/corstone1000-image-builds.yml b/.gitlab/ci/corstone1000-image-builds.yml index 712120d34dcbdaa669d03d23b776171b340d9e0d..d0fd4ca55cc24ef98508301743d057ce37b8657e 100644 --- a/.gitlab/ci/corstone1000-image-builds.yml +++ b/.gitlab/ci/corstone1000-image-builds.yml @@ -1,4 +1,5 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT --- @@ -12,7 +13,7 @@ cassini/tests/corstone1000-mps3: extends: .corstone1000_generator variables: - RUN_TESTS: sanity + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || @@ -23,7 +24,7 @@ cassini/tests/corstone1000-mps3: cassini/security/tests/corstone1000-mps3: extends: .corstone1000_generator variables: - RUN_TESTS: sanity + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || @@ -34,7 +35,7 @@ cassini/security/tests/corstone1000-mps3: cassini-dev/tests/corstone1000-mps3: extends: .corstone1000_generator variables: - RUN_TESTS: sanity + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || @@ -44,7 +45,7 @@ cassini-dev/tests/corstone1000-mps3: cassini-dev/security/tests/corstone1000-mps3: extends: .corstone1000_generator variables: - RUN_TESTS: sanity + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || diff --git a/.gitlab/ci/n1sdp-image-builds.yml b/.gitlab/ci/n1sdp-image-builds.yml index 6cfb5039515a64c0c04e19b2c19d501358e34e25..4c5364ebeedef4f37800675e4c9f3aee5cd5a4fb 100644 --- a/.gitlab/ci/n1sdp-image-builds.yml +++ b/.gitlab/ci/n1sdp-image-builds.yml @@ -1,4 +1,5 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT --- @@ -12,7 +13,7 @@ cassini/tests/n1sdp: extends: .generator-n1sdp variables: - RUN_TESTS: ptest,acs + RUN_TESTS: ptest,acs,sanity NUMBER_OF_SEQUENCE_FILES: 10 rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && @@ -23,7 +24,7 @@ cassini/tests/n1sdp: cassini/security/tests/n1sdp: extends: .generator-n1sdp variables: - RUN_TESTS: ptest + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || $BUILD_PLATFORM =~ /n1sdp/)' @@ -33,7 +34,7 @@ cassini/security/tests/n1sdp: cassini-dev/tests/n1sdp: extends: .generator-n1sdp variables: - RUN_TESTS: ptest + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || $BUILD_PLATFORM =~ /n1sdp/) && @@ -42,7 +43,7 @@ cassini-dev/tests/n1sdp: cassini-dev/security/tests/n1sdp: extends: .generator-n1sdp variables: - RUN_TESTS: ptest + RUN_TESTS: 'ptest,sanity' rules: - if: '($BUILD_IMAGE =~ /all-images/ || $BUILD_IMAGE =~ /k3s/) && ($BUILD_PLATFORM =~ /all-platforms/ || $BUILD_PLATFORM =~ /n1sdp/) && diff --git a/.gitlab/lava/corstone1000-mps3/ptest.yml.j2 b/.gitlab/lava/corstone1000-mps3/ptest.yml.j2 new file mode 100644 index 0000000000000000000000000000000000000000..9a702f62a0f421da05fc119184486663fa5b5668 --- /dev/null +++ b/.gitlab/lava/corstone1000-mps3/ptest.yml.j2 @@ -0,0 +1,189 @@ +# Copyright (c) 2023 Arm Limited and/or its affiliates. +# +# +# SPDX-License-Identifier: MIT +--- +device_type: mps3 +job_name: {{ CI_JOB_NAME }} +timeouts: + job: + minutes: 620 + +metadata: + source: {{ CI_PROJECT_URL }} + path: .gitlab/lava/corstone1000-mps3/sanity_job.yml.j2 + gitlab-job-url: {{ CI_JOB_URL }} + +priority: medium +visibility: + group: + - cassini + +notify: + criteria: + status: finished + callbacks: + - url: "{{ CI_API_V4_URL }}/projects/{{ CI_PROJECT_ID }}/jobs/{{ TEST_COMPLETE_JOB_ID }}/play" + method: POST + token: "{{ LAVA_CALLBACK_TOKEN }}" + header: "PRIVATE-TOKEN" + dataset: minimal + +actions: + +- boot: + namespace: uart0 + method: new_connection + connection: uart0 + +- boot: + namespace: uart1 + method: new_connection + connection: uart1 + +- boot: + namespace: uart3 + method: new_connection + connection: uart3 + +# Booting the mps3 test suite +- deploy: + to: flasher + images: + recovery_image: + url: "{{ FIRMWARE_ARTIFACT }}" + namespace: target + timeout: + minutes: 5 + +# Run kernel in Flash to copy rootfs overlay to USB stick +- boot: + namespace: target + method: u-boot + timeout: + minutes: 30 + commands: + - run retrieve_kernel_load_addr + - echo Loading kernel from $kernel_addr to memory ... + - unzip $kernel_addr 0x90000000 + - loadm 0x90000000 $kernel_addr_r 0xd00000 + - bootefi $kernel_addr_r $fdtcontroladdr + auto_login: + login_prompt: 'CASSINI unstable corstone1000-mps3' + username: root + prompts: + - '(.*)corstone1000-mps3:' + +# +# Fudge to enable bmap-tool usage +# +- deploy: + namespace: poky + timeout: + minutes: 5 + to: usb + os: oe + images: + image: + url: "{{ UTIL_ARTIFACT }}" + compression: bz2 + uniquify: false + device: usb_storage_device + download: + tool: /usr/bin/wget + options: --no-check-certificate -O - {DOWNLOAD_URL} + prompt: "Connecting to .+" + writer: + tool: /bin/tar + options: -C / -xf - + prompt: 'writing to stdout' + tool: + prompts: + - 'written to stdout' + +# +# Deploy the cassini uefi image stored as artifacts by the build job +# +- deploy: + namespace: secondary_media + timeout: + minutes: 300 + to: usb + os: oe + images: + image: + url: "{{ IMAGE_ARTIFACT }}" + compression: gz + bmap: + url: "{{ BMAP_ARTIFACT }}" + uniquify: false + device: usb_storage_device + writer: + tool: /usr/bin/bmaptool + options: copy {DOWNLOAD_URL} /dev/sda + prompt: 'bmaptool: info' + tool: + prompts: ['copying time: [0-9hms\.\ ]+, copying speed [0-9\.]+ [MK]iB\/sec'] + +- boot: + namespace: secondary_media + method: minimal + timeout: + minutes: 480 + auto_login: + login_prompt: 'CASSINI unstable corstone1000-mps3 ttyAMA0' + username: cassini + login_commands: + - cassini123 + - cassini123 + - sudo su + prompts: + - 'New password: ' + - 'Re-enter new password: ' + - '(.*)corstone1000-mps3:' + transfer_overlay: + download_command: wget -S + unpack_command: tar -C / -xzf + +- test: + namespace: secondary_media + timeout: + minutes: 60 + definitions: + - repository: + metadata: + format: Lava-Test Test Definition 1.0 + name: cassini-integration-tests + description: "Run Cassini integration tests" + os: + - oe + scope: + - functional + run: + steps: + - lava-test-case cassini-integration-tests --shell "ptest-runner - t 3600" + - jfrog-cli config add artifactory-aws --interactive=false --artifactory-url={{ ARTIFACTORY_AWS_URL }} --user={{ ARTIFACTORY_USER }} --password={{ ARTIFACTORY_PASS }}; + - | + cat << EOF > ./upload_spec.json + { + "files": [ + { + "pattern": "/home/test/runtime-integration-tests-logs/", + "target": "oss-cassini.lava-images-temp/ptest-runner-results/", + "flat": "true", + "recursive": "true" + } + ] + } + EOF + - build_name="oss-cassini/{{ CI_PROJECT_PATH }}/{{ CI_JOB_NAME }}" + - jfrog-cli rt upload --spec=upload_spec.json --build-name="${build_name}" --build-number="{{ CI_JOB_ID }}" + # Collect environment variables and attach them to a build. + - jfrog-cli rt build-collect-env "${build_name}" "{{ CI_JOB_ID }}" + # Publish build info to Artifactory + - jfrog-cli rt build-publish "${build_name}" "{{ CI_JOB_ID }}" --build-url="{{ CI_PROJECT_URL }}" + # Discard builds and artifacts previously published to Artifactory + - jfrog-cli rt build-discard "${build_name}" --max-builds=10 --delete-artifacts --async + from: inline + name: cassini-integration-tests + path: inline/cassini-integration-tests.yaml diff --git a/.gitlab/lava/n1sdp/ptest.yml.j2 b/.gitlab/lava/n1sdp/ptest.yml.j2 index 2dc7bb7fc32bea3afe44e74baf568f881341098d..3646c7b96af3eae57e2f6b374f11b675841d64fc 100644 --- a/.gitlab/lava/n1sdp/ptest.yml.j2 +++ b/.gitlab/lava/n1sdp/ptest.yml.j2 @@ -1,4 +1,5 @@ -# Copyright (c) 2022-2023, Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT --- @@ -6,7 +7,7 @@ device_type: n1sdp job_name: {{ CI_JOB_NAME }} timeouts: job: - minutes: 40 + minutes: 90 priority: medium visibility: group: @@ -180,7 +181,7 @@ actions: - test: namespace: secondary_media timeout: - minutes: 10 + minutes: 30 definitions: - repository: metadata: @@ -193,7 +194,7 @@ actions: - functional run: steps: - - lava-test-case cassini-integration-tests --shell "ptest-runner" + - lava-test-case cassini-integration-tests --shell "ptest-runner -t 1800" - jfrog-cli config add artifactory-aws --interactive=false --artifactory-url={{ ARTIFACTORY_AWS_URL }} --user={{ ARTIFACTORY_USER }} --password={{ ARTIFACTORY_PASS }}; - | cat << EOF > ./upload_spec.json diff --git a/.gitlab/lava/n1sdp/sanity_job.yml.j2 b/.gitlab/lava/n1sdp/sanity_job.yml.j2 new file mode 100644 index 0000000000000000000000000000000000000000..a56d7d6682d282534261e6e4d0cf8ca0bb795fa7 --- /dev/null +++ b/.gitlab/lava/n1sdp/sanity_job.yml.j2 @@ -0,0 +1,178 @@ +# Copyright (c) 2023 Arm Limited and/or its affiliates. +# +# +# SPDX-License-Identifier: MIT +--- +device_type: n1sdp +job_name: {{ CI_JOB_NAME }} +timeouts: + job: + minutes: 60 +priority: medium +visibility: + group: + - cassini + +metadata: + source: {{ CI_PROJECT_URL }} + path: .gitlab/lava/n1sdp/sanity.yml.j2 + gitlab-job-url: {{ CI_JOB_URL }} + +notify: + criteria: + status: finished + callbacks: + - url: "{{ CI_API_V4_URL }}/projects/{{ CI_PROJECT_ID }}/jobs/{{ TEST_COMPLETE_JOB_ID }}/play" + method: POST + token: "{{ LAVA_CALLBACK_TOKEN }}" + header: "PRIVATE-TOKEN" + dataset: minimal + +context: + extra_nfsroot_args: ',vers=3' + extra_kernel_args: rootwait + +actions: + +# +# Deploy a firmware bundle with the customised "uefi.bin" installed. This +# enables an EFI network driver, allowing us to TFTP boot from GRUB. +# +- deploy: + namespace: recovery + timeout: + minutes: 10 + failure_retry: 2 + to: flasher + images: + recovery_image: + url: {{ LAVA_STATIC_FILES_SERVER_URL }}//downloads/lava/health-checks/n1sdp/4/n1sdp-board-firmware-force-netboot.zip + compression: zip + +- deploy: + namespace: debian + timeout: + minutes: 10 + failure_retry: 2 + to: tftp + os: debian + kernel: + url: {{ LAVA_STATIC_FILES_SERVER_URL }}//downloads/lava/health-checks/n1sdp/4/debian/linux + type: image + ramdisk: + url: {{ LAVA_STATIC_FILES_SERVER_URL }}//downloads/lava/health-checks/n1sdp/4/debian/ramdisk.img + nfsrootfs: + url: {{ LAVA_STATIC_FILES_SERVER_URL }}//downloads/lava/health-checks/n1sdp/4/debian/debian-buster-arm64-rootfs.tar.xz + compression: xz + +- boot: + namespace: recovery + timeout: + minutes: 5 + method: minimal + parameters: + kernel-start-message: '' + prompts: ['Cmd>'] + +- boot: + namespace: uart1 + method: new_connection + connection: uart1 + +- boot: + namespace: uart3 + method: new_connection + connection: uart3 + +- boot: + namespace: debian + connection-namespace: uart1 + timeout: + minutes: 5 + method: grub + commands: nfs + prompts: + - '/ # ' + +- test: + namespace: debian + timeout: + minutes: 5 + definitions: + - repository: + metadata: + format: Lava-Test Test Definition 1.0 + name: install-dependancies + description: '"Install dependancies for secondary media deployment"' + os: + - debian + scope: + - functional + run: + steps: + - apt-get update -q + - apt-get install -qy bmap-tools + - find /dev/disk + from: inline + name: install-dependancies + path: inline/install-dependancies.yaml + +# +# Deploy the primary board firmware bundle (this time without the additinal +# network driver). +# +- deploy: + namespace: recovery + to: flasher + timeout: + minutes: 2 + images: + recovery_image: + url: "{{ FIRMWARE_ARTIFACT }}" + compression: zip + +- deploy: + namespace: secondary_media + connection-namespace: uart1 + timeout: + minutes: 15 + to: usb + os: oe + images: + image: + url: "{{ IMAGE_ARTIFACT }}" + compression: gz + bmap: + url: "{{ BMAP_ARTIFACT }}" + uniquify: false + device: usb_storage_device + writer: + tool: /usr/bin/bmaptool + options: copy {DOWNLOAD_URL} {DEVICE} + prompt: 'bmaptool: info' + tool: + prompts: ['copying time: [0-9ms\.\ ]+, copying speed [0-9\.]+ MiB\/sec'] + +# +# Do not verify the flash second time around as cached serial output on the +# connection will immediately match the prompt. +# + +- boot: + namespace: secondary_media + timeout: + minutes: 15 + method: minimal + auto_login: + login_prompt: '(.*)login:' + username: cassini + login_commands: + - cassini123 + - cassini123 + prompts: + - 'New password: ' + - 'Re-enter new password: ' + - '(.*)n1sdp:' + transfer_overlay: + download_command: wget -S + unpack_command: tar -C / -xzf diff --git a/meta-cassini-bsp/conf/layer.conf b/meta-cassini-bsp/conf/layer.conf index eb46b43c213f414ea073bc73a8605cf7fb6ece2b..610679b785b366c63ea55d1fde4709c59209762e 100644 --- a/meta-cassini-bsp/conf/layer.conf +++ b/meta-cassini-bsp/conf/layer.conf @@ -1,4 +1,5 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT @@ -7,8 +8,10 @@ BBPATH .= ":${LAYERDIR}" # Recipes and append files depend on configured platform BBFILES_DYNAMIC += " \ - meta-arm-bsp:${LAYERDIR}/meta-arm/meta-arm-bsp/*/*/*.bbappend \ - meta-arm-bsp:${LAYERDIR}/meta-arm/meta-arm-bsp/*/*/*.bb \ + meta-arm-bsp:${LAYERDIR}/meta-arm/meta-arm-bsp/recipes-*/*/*.bbappend \ + meta-arm-bsp:${LAYERDIR}/meta-arm/meta-arm-bsp/recipes-*/*/*.bb \ + parsec-layer:${LAYERDIR}/meta-security/meta-parsec/recipes-*/*/*.bbappend \ + parsec-layer:${LAYERDIR}/meta-security/meta-parsec/recipes-*/*/*.bb \ " BBFILE_COLLECTIONS += "meta-cassini-bsp" diff --git a/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/files/0001-cassini-bsp-Enable-parse-service-to-use-TS.patch b/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/files/0001-cassini-bsp-Enable-parse-service-to-use-TS.patch new file mode 100644 index 0000000000000000000000000000000000000000..ca12801a0fc588143b90d91ecf827755eb2b943b --- /dev/null +++ b/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/files/0001-cassini-bsp-Enable-parse-service-to-use-TS.patch @@ -0,0 +1,86 @@ +From 6f1550a522f0589d39c1765bc3b524e4803ca591 Mon Sep 17 00:00:00 2001 +From: Vikas Katariya +Date: Fri, 10 Feb 2023 14:23:50 +0000 +Subject: [PATCH] cassini-bsp: Enable parse service to use TS + +Update the default `config.toml` to use trusted service provider for +parsec-service. + +Signed-off-by: Vikas Katariya +--- + config.toml | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/config.toml b/config.toml +index 9532f32..d65bdbe 100644 +--- a/config.toml ++++ b/config.toml +@@ -21,7 +21,7 @@ + #log_level = "warn" + + # Control whether log entries contain a timestamp. +-#log_timestamp = false ++log_timestamp = true + + # Decide how large (in bytes) request bodies can be before they get rejected automatically. + # Defaults to 1MB. +@@ -30,7 +30,7 @@ + # Decide whether detailed information about errors occuring should be included in log messages. + # WARNING: the details might include sensitive information about the keys used by Parsec clients, + # such as key names or policies +-#log_error_details = false ++log_error_details = true + + # Decide how large (in bytes) buffers inside responses from this provider can be. Requests that ask + # for buffers larger than this threshold will be rejected. Defaults to 1MB. +@@ -48,13 +48,13 @@ listener_type = "DomainSocket" + + # (Required) Timeout of the read and write operations on the IPC channel. After the + # timeout expires, the connection is dropped. +-timeout = 200 # in milliseconds ++timeout = 600 # in milliseconds + + # Specify the Unix Domain Socket path. The path is fixed and should always be the default one for + # clients to connect. However, it is useful to change it for tests. + # WARNING: If a file already exists at that path, the service will remove it before creating the + # socket file. +-#socket_path = "/run/parsec/parsec.sock" ++socket_path = "/run/parsec/parsec.sock" + + # (Required) Authenticator configuration. + # WARNING: the authenticator MUST NOT be changed if there are existing keys stored in Parsec. +@@ -126,10 +126,10 @@ manager_type = "SQLite" + # ⚠ WARNING: Changing provider name after use will lead to loss of existing keys. + # ⚠ + # (Optional) The name of the provider +-name = "mbed-crypto-provider" ++#name = "mbed-crypto-provider" + + # (Required) Type of provider. +-provider_type = "MbedCrypto" ++#provider_type = "MbedCrypto" + + # (Required) Name of key info manager that will support this provider. + # NOTE: The key info manager only holds mappings between Parsec key name and Mbed Crypto ID, along +@@ -137,7 +137,7 @@ provider_type = "MbedCrypto" + # Crypto library by default within the working directory of the service, NOT in the same location + # as the mappings mentioned previously. If you want the keys to be persisted across reboots, ensure + # that the working directory is not temporary. +-key_info_manager = "sqlite-manager" ++#key_info_manager = "sqlite-manager" + + # Example of a PKCS 11 provider configuration + #[[provider]] +@@ -287,9 +287,9 @@ key_info_manager = "sqlite-manager" + # ⚠ WARNING: Changing provider name after use will lead to loss of existing keys. + # ⚠ + # (Optional) The name of the provider +-#name = "trusted-service-provider" ++name = "trusted-service-provider" + # (Required) Type of provider. +-#provider_type = "TrustedService" ++provider_type = "TrustedService" + + # (Required) Name of key info manager that will support this provider. +-#key_info_manager = "sqlite-manager" ++key_info_manager = "sqlite-manager" diff --git a/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend b/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..9d9da4245dc6908105f78f2a0aea416b6b752872 --- /dev/null +++ b/meta-cassini-bsp/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend @@ -0,0 +1,13 @@ +# Copyright (c) 2023 Arm Limited and/or its affiliates. +# +# +# SPDX-License-Identifier: MIT + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +# Check for platforms with or without secure enclave +_IS_TS_ENABLED = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto ts-its', \ + '1', bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', '1', '', d), d)}" + +SRC_URI:append:cassini := "${@bb.utils.contains('_IS_TS_ENABLED', '1', \ + ' file://0001-cassini-bsp-Enable-parse-service-to-use-TS.patch', '', d)}" diff --git a/meta-cassini-distro/conf/distro/include/cassini-parsec.inc b/meta-cassini-distro/conf/distro/include/cassini-parsec.inc index ca3bc765e7891a6a026bb87572997215b15625fa..c45ddaf7748723e829692a2361fce8d2bff52e8a 100644 --- a/meta-cassini-distro/conf/distro/include/cassini-parsec.inc +++ b/meta-cassini-distro/conf/distro/include/cassini-parsec.inc @@ -1,9 +1,14 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT # Config specifc to the cassini-parsec distro feature, enabled using # DISTRO_FEATURES +# Check for platforms with or without secure enclave +PACKAGECONFIG:pn-parsec-service = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto ts-its', \ + 'TS', bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', 'TS', '', d), d)}" + IMAGE_INSTALL:append = " parsec-service \ parsec-tool" diff --git a/meta-cassini-distro/conf/distro/include/cassini-test.inc b/meta-cassini-distro/conf/distro/include/cassini-test.inc index b814a559646eea8c9dba33794108f5f73179c526..d2c0c7a3119c0f1e052d1b4bf38422048a2456b3 100644 --- a/meta-cassini-distro/conf/distro/include/cassini-test.inc +++ b/meta-cassini-distro/conf/distro/include/cassini-test.inc @@ -1,4 +1,5 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT @@ -16,3 +17,5 @@ IMAGE_INSTALL:append:libc-glibc = " jfrog-cli \ ${@bb.utils.contains('DISTRO_FEATURES',\ 'cassini-parsec', 'parsec-simple-e2e-tests-ptest', '', d)} \ " + +EXTRA_USERS_PARAMS:prepend:libc-glibc = "usermod -aG teeclnt ${CASSINI_TEST_ACCOUNT};" diff --git a/meta-cassini-tests/recipes-tests/runtime-integration-tests/parsec-simple-e2e-tests/parsec-simple-e2e-tests.bats b/meta-cassini-tests/recipes-tests/runtime-integration-tests/parsec-simple-e2e-tests/parsec-simple-e2e-tests.bats index 13b46ce0514347fee4be168ac4719f40cd1e1dcd..b4cb1c965f7cf2360f52c1edecd789b80f95f4d7 100644 --- a/meta-cassini-tests/recipes-tests/runtime-integration-tests/parsec-simple-e2e-tests/parsec-simple-e2e-tests.bats +++ b/meta-cassini-tests/recipes-tests/runtime-integration-tests/parsec-simple-e2e-tests/parsec-simple-e2e-tests.bats @@ -1,6 +1,7 @@ #!/usr/bin/env bats # -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited and/or its affiliates. +# # # SPDX-License-Identifier: MIT @@ -28,6 +29,50 @@ clean_test_environment() { : } +@test 'List all providers for parsec-service' { + + _run /usr/bin/parsec-tool list-providers + if [ "${status}" -ne 0 ]; then + log "FAIL" + return 1 + else + log "PASS" + fi +} + +@test 'Check if Core provider is enabled for parsec-service' { + + _run /usr/bin/parsec-tool list-providers + if echo "${output}" | grep "ID: 0x00 (Core provider)" ; then + log "PASS" + else + log "FAIL" + return 1 + fi +} + +@test 'Check if trusted-service provider is enabled for parsec-service' { + + _run /usr/bin/parsec-tool list-providers + if echo "${output}" | grep "ID: 0x04 (Trusted Service provider)" ; then + log "PASS" + else + log "FAIL" + return 1 + fi +} + +@test 'Check if Mbed-crypto provider is disabled for parsec-service' { + + _run /usr/bin/parsec-tool list-providers + if echo "${output}" | grep "ID: 0x01 (Mbed Crypto provider)" ; then + log "FAIL" + return 1 + else + log "PASS" + fi +} + @test 'simple end to end tests for PARSEC service' { _run /usr/bin/parsec-cli-tests.sh