Update TF-M version to eb8ff0d

ci/fih-tests_run.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -x
 
-# Copyright (c) 2020-2023 Arm Limited
+# Copyright (c) 2020-2024 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,7 +21,12 @@ source $(dirname "$0")/fih-tests_version.sh
 pushd .. &&\
    git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git &&\
    pushd trusted-firmware-m &&\
-   git checkout 8faae452712b630dc69c24da61e84c88a901d2d4 &&\
+   git checkout eb8ff0db7d657b77abcd0262d5bf7f38eb1e1cdc &&\
+   source lib/ext/tf-m-tests/version.txt &&\
+   popd &&\
+   git clone https://git.trustedfirmware.org/TF-M/tf-m-tests.git &&\
+   pushd tf-m-tests &&\
+   git checkout $version &&\
    popd
 
 if [[ $GITHUB_ACTIONS == true ]]; then

ci/fih_test_docker/execute_test.sh

@@ -16,10 +16,7 @@
 
 set -e
 
-WORKING_DIRECTORY=/root/work/tfm
-MCUBOOT_PATH=$WORKING_DIRECTORY/mcuboot
-TFM_DIR=$WORKING_DIRECTORY/trusted-firmware-m
-TFM_BUILD_DIR=$TFM_DIR/build
+source $(dirname "$0")/paths.sh
 
 SKIP_SIZE=$1
 BUILD_TYPE=$2
@@ -34,26 +31,31 @@ else
 fi
 
 # build TF-M with MCUBoot
-mkdir -p $TFM_BUILD_DIR
-cd $TFM_DIR
-cmake -B $TFM_BUILD_DIR \
-    -DTFM_SPM_LOG_LEVEL=TFM_SPM_LOG_LEVEL_INFO \
-    -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
-    -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
+mkdir -p $TFM_BUILD_PATH $TFM_SPE_BUILD_PATH
+
+cmake -S $TFM_TESTS_PATH/tests_reg/spe \
+    -B $TFM_SPE_BUILD_PATH \
     -DTFM_PLATFORM=arm/mps2/an521 \
-    -DTEST_NS=ON \
+    -DCONFIG_TFM_SOURCE_PATH=$TFM_PATH \
+    -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
+    -DTFM_TOOLCHAIN_FILE=$TFM_PATH/toolchain_GNUARM.cmake \
     -DTEST_S=ON \
+    -DTEST_NS=ON \
     -DTFM_PSA_API=ON \
     -DMCUBOOT_PATH=$MCUBOOT_PATH \
     -DMCUBOOT_LOG_LEVEL=INFO \
-    $CMAKE_FIH_LEVEL \
-    .
-cd $TFM_BUILD_DIR
-make -j install
+    $CMAKE_FIH_LEVEL
+cmake --build $TFM_SPE_BUILD_PATH -- install
 
-BOOTLOADER_AXF='./install/outputs/bl2.axf'
+cmake -S $TFM_TESTS_PATH/tests_reg \
+    -B $TFM_BUILD_PATH \
+    -DCONFIG_SPE_PATH=$TFM_SPE_BUILD_PATH/api_ns \
+    -DCMAKE_BUILD_TYPE=$BUILD_TYPE \
+    -DTFM_TOOLCHAIN_FILE=$TFM_SPE_BUILD_PATH/api_ns/cmake/toolchain_ns_GNUARM.cmake
+cmake --build $TFM_BUILD_PATH
 
-$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml
+cd $TFM_BUILD_PATH
+$MCUBOOT_PATH/ci/fih_test_docker/run_fi_test.sh $BOOTLOADER_AXF_PATH $SKIP_SIZE $DAMAGE_TYPE> fih_test_output.yaml
 
 echo ""
 echo "test finished with"

ci/fih_test_docker/fi_tester_gdb.sh

@@ -14,6 +14,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+source $(dirname "$0")/paths.sh
+
 function skip_instruction {
 
     local SKIP_ADDRESS=$1
@@ -40,7 +42,7 @@ function skip_instruction {
 
     cat >commands.gdb <<EOF
 target remote localhost: 1234
-file $IMAGE_DIR/bl2.axf
+file $AXF_FILE
 b boot_go_for_image_id if image_id == 0
 continue
 delete breakpoints 1
@@ -71,8 +73,8 @@ EOF
     /usr/bin/qemu-system-arm \
         -M mps2-an521 \
         -s -S \
-        -kernel $IMAGE_DIR/bl2.axf \
-        -device loader,file=$IMAGE_DIR/tfm_s_ns_signed.bin,addr=0x10080000 \
+        -kernel $AXF_FILE \
+        -device loader,file=$TFM_IMAGE_PATH,addr=0x10080000 \
         -chardev file,id=char0,path=$QEMU_LOG_FILE \
         -serial chardev:char0 \
         -display none \
@@ -100,7 +102,7 @@ EOF
                 #print the address that was skipped, and some context to the console
                 echo "" 1>&2
                 echo "Boot success: address: $SKIP_ADDRESS skipped: $SKIP_SIZE" 1>&2
-                arm-none-eabi-objdump -d $IMAGE_DIR/bl2.axf --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
+                arm-none-eabi-objdump -d $AXF_FILE --start-address=$SKIP_ADDRESS -S | tail -n +7 | head -n 14 1>&2
                 echo "" 1>&2
                 echo "" 1>&2
             else
@@ -142,8 +144,7 @@ usage() {
 
 #defaults
 SKIP=2
-BIN_DIR=$(pwd)/install/outputs
-AXF_FILE=$BIN_DIR/bl2.axf
+AXF_FILE=${BOOTLOADER_AXF_PATH}
 GDB=gdb-multiarch
 BOOTLOADER=true
 

ci/fih_test_docker/paths.sh

@@ -0,0 +1,10 @@
+WORK_PATH=/root/work/tfm
+MCUBOOT_PATH=$WORK_PATH/mcuboot
+TFM_PATH=$WORK_PATH/trusted-firmware-m
+TFM_TESTS_PATH=$WORK_PATH/tf-m-tests
+TFM_SPE_BUILD_PATH=$TFM_PATH/build_spe
+TFM_BUILD_PATH=$TFM_PATH/build
+BOOTLOADER_AXF_PATH=$TFM_SPE_BUILD_PATH/bin/bl2.axf
+TFM_IMAGE_NAME=tfm_s_ns_signed.bin
+TFM_IMAGE_OUTPUT_PATH=$TFM_BUILD_PATH
+TFM_IMAGE_PATH=$TFM_IMAGE_OUTPUT_PATH/$TFM_IMAGE_NAME

ci/fih_test_docker/run_fi_test.sh

@@ -28,16 +28,17 @@ MCUBOOT_AXF=$1
 SKIP_SIZES=$2
 DAMAGE_TYPE=$3
 
+source $(dirname "$0")/paths.sh
+
 # Take an image and make it unbootable. This is done by replacing one of the
 # strings in the image with a different string. This causes the signature check
 # to fail
 function damage_image
 {
-    IMAGEDIR=$(dirname $MCUBOOT_AXF)
-    local IMAGE_NAME=tfm_s_ns_signed.bin
-    local BACKUP_IMAGE_NAME=tfm_s_ns_signed.bin.orig
-    local IMAGE=$IMAGEDIR/$IMAGE_NAME
-    mv $IMAGE $IMAGEDIR/$BACKUP_IMAGE_NAME
+    local IMAGE_NAME=${TFM_IMAGE_NAME}
+    local BACKUP_IMAGE_NAME=${TFM_IMAGE_NAME}.orig
+    local IMAGE=$TFM_IMAGE_OUTPUT_PATH/$IMAGE_NAME
+    mv $IMAGE $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME
 
     if [ "$DAMAGE_TYPE" = "SIGNATURE" ]; then
         DAMAGE_PARAM="--signature"
@@ -48,7 +49,7 @@ function damage_image
         exit -1
     fi
 
-    python3 $DIR/damage_image.py -i $IMAGEDIR/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
+    python3 $DIR/damage_image.py -i $TFM_IMAGE_OUTPUT_PATH/$BACKUP_IMAGE_NAME -o $IMAGE $DAMAGE_PARAM 1>&2
 }
 
 function run_test
@@ -73,7 +74,7 @@ function run_test
         END=$(printf "0x%X" $((END + PAD)))
 
         # Invoke the fi tester script
-        $DIR/fi_tester_gdb.sh $IMAGEDIR $START $END --skip $SKIP_SIZE
+        $DIR/fi_tester_gdb.sh $TFM_IMAGE_OUTPUT_PATH $START $END --skip $SKIP_SIZE
     done
 }