Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure_storage: fix tests #2494

Merged
merged 10 commits into from
Mar 24, 2025
Merged

secure_storage: fix tests #2494

merged 10 commits into from
Mar 24, 2025

Conversation

tomi-font
Copy link
Contributor

@tomi-font tomi-font commented Feb 13, 2025
edited
Loading

@NordicBuilder NordicBuilder mentioned this pull request Feb 13, 2025
Closed
@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from 2bffacd to ff3d3e5 Compare February 13, 2025 14:39
@shanthanordic shanthanordic requested a review from magnev February 14, 2025 07:20
@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from ff3d3e5 to 9f0260a Compare February 14, 2025 14:46
@nordic-piks
Copy link
Contributor

@tomi-font Any update here? We see failures in CI with those tests.

@tomi-font
Copy link
Contributor Author

@tomi-font Any update here? We see failures in CI with those tests.

This is still a WIP. Part of the issues have been fixed.

@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch 3 times, most recently from 8854ce6 to 04dac73 Compare March 3, 2025 15:36
@NordicBuilder NordicBuilder mentioned this pull request Mar 3, 2025
Merged
@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from 04dac73 to 804577c Compare March 4, 2025 09:23
@tomi-font
Copy link
Contributor Author

@nordic-piks FYI everything is now fixed with nrfconnect/sdk-nrf#20710.

@Vge0rge
Copy link
Contributor

Vge0rge commented Mar 13, 2025

Code looks ok, you just need to update the commit message for the dynamic slots as you did in the upstream pr.

@alxelax
Copy link
Contributor

alxelax commented Mar 13, 2025

@tomi-font, will you add Zephyr's key ID distribution approach?

@tomi-font
Copy link
Contributor Author

Code looks ok, you just need to update the commit message for the dynamic slots as you did in the upstream pr.

Yeah, I'm planning to do the cherry picking again when the upstream PR is merged to have the commits be fromtrees.

@tomi-font, will you add Zephyr's key ID distribution approach?

Yes. I'll do all the changes at once.

@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from 804577c to 0be8c38 Compare March 17, 2025 07:59
@tomi-font
Copy link
Contributor Author

Converted the fromlists to fromtrees and rebased.

@tomi-font tomi-font requested review from Vge0rge and alxelax March 17, 2025 08:00
@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from 0be8c38 to e833532 Compare March 17, 2025 14:13
frkv
frkv approved these changes Mar 18, 2025
View reviewed changes
Copy link
Contributor

@frkv frkv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tomi-font and others added 9 commits March 20, 2025 13:03
@tomi-font
Revert "[nrf noup] samples: psa: Fix issues"
97a9385 
This reverts commit 8a64a2e.

We shouldn't have noups to fix things that can
and should be fixed elsewhere/differently.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
Revert "[nrf noup] tests: secure_storage: Fix issues"
3f76438 
This reverts commit fcb4238.

We shouldn't have noups to fix things that can
and should be fixed elsewhere/differently.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@ozersa @tomi-font
[nrf fromtree] tests: subsys: secure_storage: Add filter for small pr…
bf0cb4b 
…ofile

TF-M small profile does not support secure storage (know as Protected
storage), this commit add filter for tfm test case to pass it
incase of small profile been set, see tf-m profiles in below link

https://tf-m-user-guide.trustedfirmware.org/configuration/profiles/index.html

Signed-off-by: Sadik Ozer <sadik.ozer@analog.com>
(cherry picked from commit 6932885)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] secure_storage: improve tests' compatibility in TF-M-e…
bfa652c 
…nabled scenarios

Explicitly set the TF-M profile to not rely on the build system defaults
which might differ.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit 62fe34dd02f053fc2fe0feb44dd5cb874a9c1a37)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] tests: secure_storage: psa: crypto: improve compatibility
b27c0ea 
The psa_key_attributes_t type is implementation-defined according to
the PSA Crypto spec.
Compare its fields individually instead of doing a memcmp() over the
entire struct.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit 744e9f70f44af3386be079e79189f946465f8517)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] secure_storage: enable CONFIG_ENTROPY_GENERATOR in sam…
1d84a57 
…ples/tests

Explicitly enable CONFIG_ENTROPY_GENERATOR instead of relying on the
build system's defaults.

This:
- Makes sure the filtering works properly between entropy_driver and
entropy_not_secure test scenarios for the samples.
- Helps with TF-M builds in certain scenarios where key generation (via
`psa_generate_key()`) would fail due to the RNG functionality being
disabled.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit 25ad578694b7e3f6eb74a78f7e219a576845ea24)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] secure_storage: use hybrid key store in samples/tests
b9cd3eb 
Use dynamic allocation for key material for
better compatibility as a fully static key store is a new
feature that not all PSA Crypto implementations support.

Explicitly enable CONFIG_MBEDTLS_ENABLE_HEAP to ensure that Mbed TLS uses
heap for the PSA keys' data (instead of failing at runtime).
This will turn off CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS, making the
implementation default to dynamic key slots.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit eb1ed1205fbd2898b6b67988483bbbdd0449a5a9)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] modules: mbedtls: add promptless CONFIG_MBEDTLS_PSA_CR…
60f2375 
…YPTO_STORAGE_C

Add a Kconfig option to match the Mbed TLS define
instead of defining it based on CONFIG_SECURE_STORAGE.

This gives more flexibility regarding the potential re-definition of the
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C Kconfig option.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit 8627250d3ce537593ae986b76c95ed35200cb5b9)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] tests: secure_storage: its: increase stack sizes
53e1d61 
Some implementations require more stack than others.
Increase the Ztest and main stack sizes to accommodate them.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit f50c3d9d261f4a3c82ffc262936396136ca062fd)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
[nrf fromtree] tests: secure_storage: enable entropy driver if available
d6fe2d1 
On top of enabling and allowing test entropy sources, enable
CONFIG_ENTROPY_GENERATOR so that a real driver and entropy source gets
used if available.
This is needed for some PSA Crypto implementations that have random number
generation conditionally compiled in.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
(cherry picked from commit b920686812042da84bb485a91a2b7810ea5530b4)
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font tomi-font force-pushed the secure_storage_fix_tests branch from e833532 to d6fe2d1 Compare March 20, 2025 11:03
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

frkv
frkv approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@frkv frkv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM

Vge0rge
Vge0rge approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@Vge0rge Vge0rge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked and these are clean cherry picks.

@nordicjm nordicjm merged commit ee5c856 into nrfconnect:main Mar 24, 2025
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vge0rge Vge0rge Vge0rge approved these changes

@frkv frkv frkv approved these changes

@magnev magnev Awaiting requested review from magnev

@alxelax alxelax Awaiting requested review from alxelax

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@tomi-font @nordic-piks @Vge0rge @alxelax @frkv @nordicjm @ozersa