settings: its: enable tf-m PSA headers and run more tests #94881
Conversation
dsseng
commented
Aug 22, 2025
dsseng
commented
- settings: its: enable tf-m PSA headers
- tests: settings: its: run on mps2/an521/cpu0/ns
| if (CONFIG_SETTINGS_TFM_ITS) | ||
| # For psa/internal_trusted_storage.h in case of TF-M implementation | ||
| zephyr_library_link_libraries_ifdef(CONFIG_BUILD_WITH_TFM tfm_api) | ||
| endif() |
There was a problem hiding this comment.
mbedtls and entropy modules do the same. There's also a more verbose option which I preferred not to use since CMake can handle it all with link_libraries:
if (CONFIG_BUILD_WITH_TFM)
zephyr_library_include_directories(
$<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
)
endif()
dsseng
force-pushed
the
fix-tfm-its-build
branch
2 times, most recently
from
e34c692 to
a9dc16e
Compare
dsseng
changed the title
dsseng
force-pushed
the
fix-tfm-its-build
branch
from
6c4c736 to
318ccb2
Compare
Avoid missing headers on some platforms like mps2/an521/cpu0/ns. Signed-off-by: Dmitrii Sharshakov <[email protected]>
Run on QEMU to make sure this is tested in the CI. Signed-off-by: Dmitrii Sharshakov <[email protected]>
Make sure ITS backend is tested in the CI. Signed-off-by: Dmitrii Sharshakov <[email protected]>
This private header can be used by tests for information on UID ranges that should be cleaned for testing. Signed-off-by: Dmitrii Sharshakov <[email protected]>
Run on mps2/an521/cpu0/ns. Signed-off-by: Dmitrii Sharshakov <[email protected]>
dsseng
force-pushed
the
fix-tfm-its-build
branch
from
318ccb2 to
7754a2a
Compare
|
| psa_status_t status; | ||
|
|
||
| /* Remove all potentially accessed ITS entries in the UID range */ | ||
| for (int i = 0; i < (sizeof(entries) / CONFIG_TFM_ITS_MAX_ASSET_SIZE) + 1; i++) { | ||
| status = psa_its_remove(ZEPHYR_PSA_SETTINGS_TFM_ITS_UID_RANGE_BEGIN + i); | ||
| zassert_true((status == PSA_SUCCESS) || (status == PSA_ERROR_DOES_NOT_EXIST), | ||
| "psa_its_remove failed"); | ||
| } |
There was a problem hiding this comment.
For this to actually work and clear the in-memory storage it should either reboot the system or call the load function in a hacky way to reload in runtime. Another option would be to skip this for now as we only run this integration test with ITS on a QEMU target which boots with empty NVS.
| @@ -16,3 +16,8 @@ zephyr_sources_ifdef(CONFIG_SETTINGS_SHELL settings_shell.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_ZMS settings_zms.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_TFM_ITS settings_its.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_RETENTION settings_retention.c) | |||
|
|
|||
| if (CONFIG_SETTINGS_TFM_ITS) | |||
There was a problem hiding this comment.
| if (CONFIG_SETTINGS_TFM_ITS) | |
| if(CONFIG_SETTINGS_TFM_ITS) |
| @@ -16,3 +16,8 @@ zephyr_sources_ifdef(CONFIG_SETTINGS_SHELL settings_shell.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_ZMS settings_zms.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_TFM_ITS settings_its.c) | |||
| zephyr_sources_ifdef(CONFIG_SETTINGS_RETENTION settings_retention.c) | |||
|
|
|||
| if (CONFIG_SETTINGS_TFM_ITS) | |||
| # For psa/internal_trusted_storage.h in case of TF-M implementation | |||
There was a problem hiding this comment.
| # For psa/internal_trusted_storage.h in case of TF-M implementation | |
| # For psa/internal_trusted_storage.h in case of TF-M ITS backend |
? or well maybe it's redundant because of the if()
| - mps2/an521/cpu0/ns | ||
| extra_args: | ||
| - CONFIG_SETTINGS_TFM_ITS=y | ||
| - CONFIG_TFM_ITS_MAX_ASSET_SIZE_OVERRIDE=y |
There was a problem hiding this comment.
Why are we not also setting CONFIG_TFM_ITS_MAX_ASSET_SIZE here?
| platform_allow: | ||
| - mps2/an521/cpu0/ns |
There was a problem hiding this comment.
How about having a filter instead like the test? (CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
| CONFIG_ZTEST=y | ||
|
|
||
| CONFIG_SETTINGS=y | ||
| CONFIG_SETTINGS_RUNTIME=y |
| @@ -0,0 +1,6 @@ | |||
| /* SPDX-License-Identifier: Apache-2.0 */ | |||
| /* Copyright (c) 2022 Dmitrii Sharshakov <[email protected]> */ | |||
| platform_allow: | ||
| - mps2/an521/cpu0/ns |
There was a problem hiding this comment.
Same comments than for the sample.
| psa_status_t status; | ||
|
|
||
| /* Remove all potentially accessed ITS entries in the UID range */ | ||
| for (int i = 0; i < (sizeof(entries) / CONFIG_TFM_ITS_MAX_ASSET_SIZE) + 1; i++) { |
| /* Remove all potentially accessed ITS entries in the UID range */ | ||
| for (int i = 0; i < (sizeof(entries) / CONFIG_TFM_ITS_MAX_ASSET_SIZE) + 1; i++) { | ||
| status = psa_its_remove(ZEPHYR_PSA_SETTINGS_TFM_ITS_UID_RANGE_BEGIN + i); | ||
| zassert_true((status == PSA_SUCCESS) || (status == PSA_ERROR_DOES_NOT_EXIST), |
| size_t val_len; | ||
| }; | ||
|
|
||
| static struct setting_entry entries[CONFIG_SETTINGS_TFM_ITS_NUM_ENTRIES]; |
There was a problem hiding this comment.
Having static struct setting_entry entries in the header file is wrong as we'll end up with multiple definitions of entries for every source file including this header. It's not that big of a problem right now as the test which includes this just uses sizeof(entries), but it's still not great.
Actually to make matters simpler why not just remove this line and move it back to settings_its.c and in the test use sizeof(struct settings_entry) * CONFIG_SETTINGS_TFM_ITS_NUM_ENTRIES?
