1################################################
2Run TF-M tests and applications on Arm platforms
3################################################
4Instructions for how to run TF-M tests and applications on Arm platforms.
5
6Follow :doc:`build instruction <tfm_build_instruction>` to build the binaries.
7Follow :doc:`secure boot </design_docs/booting/tfm_secure_boot>` to build the
8binaries with or without BL2 bootloader.
9
10.. _tf-m_regression_tests:
11
12****************************************************
13Execute TF-M regression tests on MPS2 boards and FVP
14****************************************************
15The BL2 bootloader and TF-M example application and tests have been verified
16using the reference model for MPS2 (AN521), in  `Keil MDK`_ ,
17`Fixed Virtual Platforms`_ and `Arm Development Studio`_ .
18
19.. Note::
20    The name of the reference model's executable can vary depending on toolchain.
21
22    - SMM-SSE-200 for `Keil MDK`_
23
24    - FVP_MPS2_AEMv8M for `Fixed Virtual Platforms`_ and `Arm Development Studio`_
25
26    For more information please refer to the appropriate toolchain's
27    documentation:  `Keil MDK Documentation`_ ,
28    `Fixed Virtual Platforms Documentation`_ ,
29    `Arm Development Studio Documentation`_
30
31To run the example code on an SSE-200 Fast-Model
32================================================
33Using FVP_MPS2_AEMv8M provided by `Arm Development Studio`_ 2019.1.
34
35Example application and regression tests without BL2 bootloader
36---------------------------------------------------------------
37Add ``tfm_s.axf`` and ``tfm_ns.axf`` to symbol files in Debug Configuration
38menu.
39
40.. code-block:: bash
41
42    <DS_PATH>/sw/models/bin/FVP_MPS2_AEMv8M \
43    --parameter fvp_mps2.platform_type=2 \
44    --parameter cpu0.baseline=0 \
45    --parameter cpu0.INITVTOR_S=0x10000000 \
46    --parameter cpu0.semihosting-enable=0 \
47    --parameter fvp_mps2.DISABLE_GATING=0 \
48    --parameter fvp_mps2.telnetterminal0.start_telnet=1 \
49    --parameter fvp_mps2.telnetterminal1.start_telnet=0 \
50    --parameter fvp_mps2.telnetterminal2.start_telnet=0 \
51    --parameter fvp_mps2.telnetterminal0.quiet=0 \
52    --parameter fvp_mps2.telnetterminal1.quiet=1 \
53    --parameter fvp_mps2.telnetterminal2.quiet=1 \
54    --application cpu0=<build_dir>/bin/tfm_s.axf \
55    --data cpu0=<build_dir>/bin/tfm_ns.bin@0x00100000
56
57Example application and regression tests with BL2 bootloader
58------------------------------------------------------------
59To test TF-M with bootloader, one must apply the following changes:
60
61- Add ``bl2.axf`` to symbol files in DS-5 in Debug Configuration
62  menu.
63- Replace the last two lines of the previous command with this:
64
65.. code-block:: bash
66
67    --application cpu0=<build_dir>/bin/bl2.axf \
68    --data cpu0=<build_dir>/tfm_s_ns_signed.bin@0x10080000
69
70Test software upgrade with BL2 bootloader
71^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
72BL2 bootloader is mandatory to test software update. Furthermore, two TF-M blobs
73must be built. Outputs of example application and regression test can be used to
74test it. Load output of example application to the primary slot (0x10080000) and
75output of regression test to the secondary slot (0x10180000). Add the following
76line to the end of the previous chapter:
77
78.. code-block:: bash
79
80    --data cpu0=<build_dir>/tfm_s_ns_signed.bin@0x10180000
81
82To run the example code on SSE 200 FPGA on MPS2 board
83=====================================================
84FPGA image is available to download
85`here <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps2>`__
86
87To run BL2 bootloader and TF-M example application and tests in the MPS2 board,
88it is required to have SMM-SSE-200 for MPS2 (AN521) image in the MPS2 board SD
89card. The image should be located in
90``<MPS2 device name>/MB/HBI0263<board revision letter>/AN521``
91
92The MPS2 board tested is HBI0263C referred also as MPS2+.
93
94.. Warning::
95
96    If you change the exe names, MPS2 expects file names in 8.3 format.
97
98Example application
99-------------------
100#. Copy ``bl2.bin`` and ``tfm_s_ns_signed.bin`` files from
101   ``<build_dir>/bin`` to
102   ``<MPS2 device name>/SOFTWARE/``
103#. Open ``<MPS2 device name>/MB/HBI0263C/AN521/images.txt``
104#. Update the ``AN521/images.txt`` file as follows::
105
106       TITLE: Versatile Express Images Configuration File
107       [IMAGES]
108       TOTALIMAGES: 2                     ;Number of Images (Max: 32)
109       IMAGE0ADDRESS: 0x10000000
110       IMAGE0FILE: \Software\bl2.bin  ; BL2 bootloader
111       IMAGE1ADDRESS: 0x10080000
112       IMAGE1FILE: \Software\tfm_s_ns_signed.bin ; TF-M example application binary blob
113
114#. Close ``<MPS2 device name>/MB/HBI0263C/AN521/images.txt``
115#. Unmount/eject the ``<MPS2 device name>`` unit
116#. Reset the board to execute the TF-M example application
117#. After completing the procedure you should be able to visualize on the serial
118   port (baud 115200 8n1) the following messages::
119
120    [INF] Starting bootloader
121    [INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
122    [INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xcf
123    [INF] Boot source: primary slot
124    [INF] Swap type: none
125    [INF] Bootloader chainload address offset: 0x80000
126    [INF] Jumping to the first image slot
127    [Sec Thread] Secure image initializing!
128
129Regression tests
130----------------
131After completing the procedure you should be able to visualize on the serial
132port (baud 115200 8n1) the following messages::
133
134    [INF] Starting bootloader
135    [INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
136    [INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xcf
137    [INF] Boot source: primary slot
138    [INF] Swap type: none
139    [INF] Bootloader chainload address offset: 0x80000
140    [INF] Jumping to the first image slot
141    [Sec Thread] Secure image initializing!
142
143    #### Execute test suites for the protected storage service ####
144    Running Test Suite PS secure interface tests (TFM_PS_TEST_2XXX)...
145
146    > Executing 'TFM_PS_TEST_2001'
147      Description: 'Create interface'
148      TEST PASSED!
149    > Executing 'TFM_PS_TEST_2002'
150      Description: 'Get handle interface (DEPRECATED)'
151    This test is DEPRECATED and the test execution was SKIPPED
152      TEST PASSED!
153    > Executing 'TFM_PS_TEST_2003'
154      Description: 'Get handle with null handle pointer (DEPRECATED)'
155    This test is DEPRECATED and the test execution was SKIPPED
156      TEST PASSED!
157    > Executing 'TFM_PS_TEST_2004'
158      Description: 'Write interface'
159      TEST PASSED!
160    > Executing 'TFM_PS_TEST_2005'
161      Description: 'Read interface'
162    ....
163
164.. Note::
165
166    PS reliability tests take a few minutes to run on the MPS2.
167
168Example application without BL2 bootloader
169------------------------------------------
170#. Copy ``tfm_s.bin`` and ``tfm_ns.bin`` files from
171   ``<build_dir>/bin`` to
172   ``<MPS2 device name>/SOFTWARE/``
173#. Open ``<MPS2 device name>/MB/HBI0263C/AN521/images.txt``
174#. Update the ``AN521/images.txt`` file as follows::
175
176       TITLE: Versatile Express Images Configuration File
177       [IMAGES]
178       TOTALIMAGES: 2                   ;Number of Images (Max: 32)
179       IMAGE0ADDRESS: 0x10000000
180       IMAGE0FILE: \Software\tfm_s.bin  ; Secure code
181       IMAGE1ADDRESS: 0x00100000
182       IMAGE1FILE: \Software\tfm_ns.bin ; Non-secure code
183
184#. Close ``<MPS2 device name>/MB/HBI0263C/AN521/images.txt``
185#. Unmount/eject the ``<MPS2 device name>`` unit
186#. Reset the board to execute the TF-M example application
187#. After completing the procedure you should be able to visualize on the serial
188   port (baud 115200 8n1) the following messages::
189
190    [Sec Thread] Secure image initializing!
191
192Regression tests without BL2 bootloader
193---------------------------------------
194After completing the procedure you should be able to visualize on the serial
195port (baud 115200 8n1) the following messages::
196
197    [Sec Thread] Secure image initializing!
198
199    #### Execute test suites for the protected storage service ####
200    Running Test Suite PS secure interface tests (TFM_PS_TEST_2XXX)...
201
202    > Executing 'TFM_PS_TEST_2001'
203      Description: 'Create interface'
204      TEST PASSED!
205    > Executing 'TFM_PS_TEST_2002'
206      Description: 'Get handle interface (DEPRECATED)'
207    This test is DEPRECATED and the test execution was SKIPPED
208      TEST PASSED!
209    > Executing 'TFM_PS_TEST_2003'
210      Description: 'Get handle with null handle pointer (DEPRECATED)'
211    This test is DEPRECATED and the test execution was SKIPPED
212      TEST PASSED!
213    > Executing 'TFM_PS_TEST_2004'
214      Description: 'Write interface'
215      TEST PASSED!
216    > Executing 'TFM_PS_TEST_2005'
217      Description: 'Read interface'
218    ....
219
220*******************************************************
221Execute TF-M regression tests on Musca test chip boards
222*******************************************************
223.. Note::
224
225    Before executing any images on Musca-B1 board, please check the
226    :doc:`target platform readme </platform/arm/musca_b1/readme>`
227    to have the correct setup.
228
229    Install SRecord for Musca test chip boards:
230
231    - Windows: `SRecord v1.63 <https://sourceforge.net/projects/srecord/>`__
232    - Linux: ``sudo apt-get install -y srecord``
233
234Example application with BL2 bootloader
235=======================================
236
237#. Create a unified hex file comprising of both ``bl2.bin`` and
238   ``tfm_s_ns_signed.bin`` for Musca-B1 or Musca-S1 platforms::
239
240     srec_cat bin/bl2.bin -Binary -offset 0xA000000 bin/tfm_s_ns_signed.bin -Binary -offset 0xA020000 -o tfm.hex -Intel
241
242#. Power up the Musca board by connecting it to a computer with a USB lead.
243   Press the ``PBON`` button if the green ``ON`` LED does not immediately turn
244   on. The board should appear as a USB drive.
245#. Copy ``tfm.hex`` to the USB drive. The orange ``PWR`` LED should start
246   blinking.
247#. Once the ``PWR`` LED stops blinking, power cycle or reset the board to boot
248   from the new image.
249#. After completing the procedure you should see the following messages on the
250   DAPLink UART (baud 115200 8n1)::
251
252    [INF] Starting bootloader
253    [INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
254    [INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xd9
255    [INF] Boot source: primary slot
256    [INF] Swap type: none
257    [INF] Bootloader chainload address offset: 0x20000
258    [INF] Jumping to the first image slot
259    [Sec Thread] Secure image initializing!
260
261Regression tests with BL2 bootloader
262====================================
263.. note::
264
265    As the Internal Trusted Storage and Protected Storage tests use persistent
266    storage, it is recommended to erase the storage area before running the
267    tests. Existing data may prevent the tests from running to completion if,
268    for example, there is not enough free space for the test data or the UIDs
269    used by the tests have already been created with the write-once flag set.
270    Repeated test runs can be done without erasing between runs.
271
272    To erase the storage when flashing an image, ``-fill 0xFF <start_addr>
273    <end_addr>`` can be added to the ``srec_cat`` command used to create the
274    combined hex file. The ``<start_addr>`` and ``<end_addr>`` are the start and
275    end addresses of the storage area, found in the board's ``flash_layout.h``
276    file. The board's flash can also be erased via a debugger; see your IDE's
277    documentation for instructions.
278
279After completing the procedure you should see the following messages on the
280DAPLink UART (baud 115200 8n1)::
281
282    [INF] Starting bootloader
283    [INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
284    [INF] Scratch: magic=bad, copy_done=0x5, image_ok=0x9
285    [INF] Boot source: primary slot
286    [INF] Swap type: none
287    [INF] Bootloader chainload address offset: 0x20000
288    [INF] Jumping to the first image slot
289    [Sec Thread] Secure image initializing!
290
291    #### Execute test suites for the protected storage service ####
292    Running Test Suite PS secure interface tests (TFM_PS_TEST_2XXX)...
293    > Executing 'TFM_PS_TEST_2001'
294      Description: 'Create interface'
295      TEST PASSED!
296    > Executing 'TFM_PS_TEST_2002'
297      Description: 'Get handle interface (DEPRECATED)'
298    This test is DEPRECATED and the test execution was SKIPPED
299      TEST PASSED!
300    > Executing 'TFM_PS_TEST_2003'
301      Description: 'Get handle with null handle pointer (DEPRECATED)'
302    This test is DEPRECATED and the test execution was SKIPPED
303      TEST PASSED!
304    > Executing 'TFM_PS_TEST_2004'
305      Description: 'Get attributes interface'
306      TEST PASSED!
307    > Executing 'TFM_PS_TEST_2005'
308      Description: 'Get attributes with null attributes struct pointer'
309    ....
310
311PSA API tests
312=============
313Follow the build instructions for the PSA API tests and then follow the above
314procedures for flashing the image to the board. The PSA API tests are linked
315into the TF-M binaries and will automatically run. A log similar to the
316following should be visible on the UART; it is normal for some tests to be
317skipped but there should be no failed tests::
318
319    [Sec Thread] Secure image initializing!
320    Booting TFM v1.1
321    Non-Secure system starting...
322
323    ***** PSA Architecture Test Suite - Version 1.0 *****
324
325    Running.. Storage Suite
326    ******************************************
327
328    TEST: 401 | DESCRIPTION: UID not found check
329    [Info] Executing tests from non-secure
330
331    [Info] Executing ITS tests
332    [Check 1] Call get API for UID 6 which is not set
333    [Check 2] Call get_info API for UID 6 which is not set
334    [Check 3] Call remove API for UID 6 which is not set
335    [Check 4] Call get API for UID 6 which is removed
336    [Check 5] Call get_info API for UID 6 which is removed
337    [Check 6] Call remove API for UID 6 which is removed
338    [Check 7] Call get API for different UID 5
339    [Check 8] Call get_info API for different UID 5
340    [Check 9] Call remove API for different UID 5
341
342    [Info] Executing PS tests
343    [Check 1] Call get API for UID 6 which is not set
344    [Check 2] Call get_info API for UID 6 which is not set
345    [Check 3] Call remove API for UID 6 which is not set
346    [Check 4] Call get API for UID 6 which is removed
347    [Check 5] Call get_info API for UID 6 which is removed
348    [Check 6] Call remove API for UID 6 which is removed
349    [Check 7] Call get API for different UID 5
350    [Check 8] Call get_info API for different UID 5
351    [Check 9] Call remove API for different UID 5
352
353    TEST RESULT: PASSED
354
355    ******************************************
356
357    <further tests removed from log for brevity>
358
359    ************ Storage Suite Report **********
360    TOTAL TESTS     : 17
361    TOTAL PASSED    : 11
362    TOTAL SIM ERROR : 0
363    TOTAL FAILED    : 0
364    TOTAL SKIPPED   : 6
365    ******************************************
366
367.. note::
368    The Internal Trusted Storage and Protected Storage flash areas must be wiped
369    before running the Storage test suites.
370
371    Many IDEs for embedded development (such as Keil µVision) offer a function
372    to erase a device's flash. Refer to your IDE's documentation for
373    instructions.
374
375    Another way this can be achieved is by using ``srec_cat`` with the ``-fill``
376    parameter to fill the corresponding area in the binary with the erase value
377    of the flash (``0xFF``).
378
379    Refer to the platform flash layout for appropriate addresses to erase on
380    other platforms.
381
382    This step is not required on targets that emulate flash storage in RAM, as
383    it will be erased each time the device is reset. Note, however, that a warm
384    reset may not clear SRAM contents, so it may be necessary to power the
385    device off and on again between test runs.
386
387Example application or regression tests on Musca-B1 without BL2 bootloader
388==========================================================================
389
390Follow the above procedures, but create a unified hex file out of ``tfm_s.bin``
391and ``tfm_ns.bin``:
392
393- Windows::
394
395    srec_cat.exe bin\tfm_s.bin -Binary -offset 0xA000000 bin\tfm_ns.bin -Binary -offset 0xA080000 -o tfm.hex -Intel
396
397- Linux::
398
399    srec_cat bin/tfm_s.bin -Binary -offset 0xA000000 bin/tfm_ns.bin -Binary -offset 0xA080000 -o tfm.hex -Intel
400
401********************************************************
402Execute TF-M example and regression tests on MPS3 boards
403********************************************************
404
405To run the example code on CoreLink SSE-200 Subsystem for MPS3 (AN524)
406======================================================================
407FPGA image is available to download `here <https://www.arm.com/products/development-tools/development-boards/mps3>`__
408
409To run BL2 bootloader and TF-M example application and tests in the MPS3 board,
410it is required to have SMM-SSE-200 for MPS3 (AN524) image in the MPS3 board
411SD card. The image should be located in
412``<MPS3 device name>/MB/HBI<BoardNumberBoardrevision>/AN524``
413
414And the current boot memory for AN524 is QSPI flash, so you need to set the
415correct REMAP option in
416``<MPS3 device name>/MB/HBI<BoardNumberBoardrevision>/AN524/an524_v1.txt``
417
418::
419
420    REMAP: QSPI                 ;REMAP boot device BRAM/QSPI.  Must match REMAPVAL below.
421    REMAPVAL: 1                 ;REMAP register value e.g. 0-BRAM. 1-QSPI
422
423The MPS3 board tested is HBI0309B.
424
425.. Note::
426    If you change the exe names, MPS3 expects file names in 8.3 format.
427
428Example application
429-------------------
430#. Copy ``bl2.bin`` and ``tfm_s_ns_signed.bin`` files from
431   build dir to ``<MPS3 device name>/SOFTWARE/``
432#. Open ``<MPS3 device name>/MB/HBI0309B/AN524/images.txt``
433#. Update the ``images.txt`` file as follows::
434
435    TITLE: Arm MPS3 FPGA prototyping board Images Configuration File
436
437    [IMAGES]
438    TOTALIMAGES: 2                     ;Number of Images (Max: 32)
439
440    IMAGE0UPDATE: AUTO                 ;Image Update:NONE/AUTO/FORCE
441    IMAGE0ADDRESS: 0x00000000          ;Please select the required executable program
442    IMAGE0FILE: \SOFTWARE\bl2.bin
443    IMAGE1UPDATE: AUTO
444    IMAGE1ADDRESS: 0x00040000
445    IMAGE1FILE: \SOFTWARE\tfm_s_ns_signed.bin
446
447#. Close ``<MPS3 device name>/MB/HBI0309B/AN524/images.txt``
448#. Unmount/eject the ``<MPS3 device name>`` unit
449#. Reset the board to execute the TF-M example application
450#. After completing the procedure you should be able to visualize on the serial
451   port (baud 115200 8n1) the following messages::
452
453    [INF] Starting bootloader
454    [INF] Image 0: magic= good, copy_done=0xff, image_ok=0xff
455    [INF] Scratch: magic=unset, copy_done=0x43, image_ok=0xff
456    [INF] Boot source: slot 0
457    [INF] Swap type: none
458    [INF] Bootloader chainload address offset: 0x40000
459    [INF] Jumping to the first image slot
460    [Sec Thread] Secure image initializing!
461
462.. note::
463
464   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` is set then the provisioning bundle has to
465   be placed on the ``0x001CB000`` address.
466
467
468Regression tests
469----------------
470After completing the procedure you should be able to visualize on the serial
471port (baud 115200 8n1) the following messages::
472
473    [INF] Starting bootloader
474    [INF] Image 0: magic= good, copy_done=0xff, image_ok=0xff
475    [INF] Scratch: magic=unset, copy_done=0x9, image_ok=0xff
476    [INF] Boot source: slot 0
477    [INF] Swap type: none
478    [INF] Bootloader chainload address offset: 0x40000
479    [INF] Jumping to the first image slot
480    [Sec Thread] Secure image initializing!
481
482    #### Execute test suites for the Secure area ####
483    Running Test Suite PSA protected storage S interface tests (TFM_PS_TEST_2XXX)...
484    > Executing 'TFM_PS_TEST_2001'
485      Description: 'Set interface'
486      TEST PASSED!
487    > Executing 'TFM_PS_TEST_2002'
488      Description: 'Set interface with create flags'
489      TEST PASSED!
490    > Executing 'TFM_PS_TEST_2003'
491      Description: 'Set interface with NULL data pointer'
492      TEST PASSED!
493    > Executing 'TFM_PS_TEST_2004'
494      Description: 'Set interface with invalid data length'
495      TEST PASSED!
496    ....
497
498.. Note::
499    Some of the attestation tests take a few minutes to run on the MPS3.
500
501Example application without BL2 bootloader
502------------------------------------------
503#. Copy ``tfm_s.bin`` and ``tfm_ns.bin`` files from
504   build dir to ``<MPS3 device name>/SOFTWARE/``
505#. Open ``<MPS3 device name>/MB/HBI0309B/AN524/images.txt``
506#. Update the ``images.txt`` file as follows::
507
508    TITLE: Arm MPS3 FPGA prototyping board Images Configuration File
509
510    [IMAGES]
511    TOTALIMAGES: 2                     ;Number of Images (Max: 32)
512
513    IMAGE0UPDATE: AUTO                 ;Image Update:NONE/AUTO/FORCE
514    IMAGE0ADDRESS: 0x00000000          ;Please select the required executable program
515    IMAGE0FILE: \SOFTWARE\tfm_s.bin
516    IMAGE1UPDATE: AUTO
517    IMAGE1ADDRESS: 0x000C0000
518    IMAGE1FILE: \SOFTWARE\tfm_ns.bin
519
520#. Close ``<MPS3 device name>/MB/HBI0309B/AN521/images.txt``
521#. Unmount/eject the ``<MPS3 device name>`` unit
522#. Reset the board to execute the TF-M example application
523#. After completing the procedure you should be able to visualize on the serial
524   port (baud 115200 8n1) the following messages::
525
526    [Sec Thread] Secure image initializing!
527
528Regression tests without BL2 bootloader
529---------------------------------------
530After completing the procedure you should be able to visualize on the serial
531port (baud 115200 8n1) the following messages::
532
533    [Sec Thread] Secure image initializing!
534
535    #### Execute test suites for the Secure area ####
536    Running Test Suite PSA protected storage S interface tests (TFM_PS_TEST_2XXX)...
537    > Executing 'TFM_PS_TEST_2001'
538      Description: 'Set interface'
539      TEST PASSED!
540    > Executing 'TFM_PS_TEST_2002'
541      Description: 'Set interface with create flags'
542      TEST PASSED!
543    > Executing 'TFM_PS_TEST_2003'
544      Description: 'Set interface with NULL data pointer'
545      TEST PASSED!
546    > Executing 'TFM_PS_TEST_2004'
547      Description: 'Set interface with invalid data length'
548      TEST PASSED!
549    ....
550
551Firmware upgrade and image validation with BL2 bootloader
552=========================================================
553High level operation of BL2 bootloader and instructions for testing firmware
554upgrade is described in :doc:`secure boot </design_docs/booting/tfm_secure_boot>`.
555
556--------------
557
558.. _Arm Development Studio: https://developer.arm.com/tools-and-software/embedded/arm-development-studio
559.. _Arm Development Studio Documentation: https://developer.arm.com/tools-and-software/embedded/arm-development-studio/learn/docs
560.. _Fixed Virtual Platforms: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
561.. _Fixed Virtual Platforms Documentation: https://developer.arm.com/documentation/100966/latest
562.. _Keil MDK: http://www2.keil.com/mdk5
563.. _Keil MDK Documentation: https://www2.keil.com/mdk5/docs
564
565*Copyright (c) 2017-2024, Arm Limited. All rights reserved.*
566