Skip to content

Latest commit

 

History

History
22 lines (19 loc) · 14 KB

attestation_measurement_scenarios.md

File metadata and controls

22 lines (19 loc) · 14 KB

Arm RMM ACS Attestation and Measurement Testcase checklist

This document presents the mapping of the rules in the RMM specification to the test cases and the steps followed in the tests. This also provides the information about the test coverage scenarios that are implemented in the current release of ACS and the scenarios that are planned for the future releases.

Test Number Test Name Test Assertion Test Steps Validated By ACS
1 measurement_immutable_rim RIM is immutable when realm changes from new to active 1. Get the RIM after the realm got activated
2. add and destroy the granules to the realm
3. try getting the RIM 
4. both should be equal or else the test failsot activated		 Yes
2 measurement_rim_order RIM depends on the order of RMM operations executed during realm construction 1. construct realm A with as follows
2. rd, rtt, ripas init, data create with exact image size. Before activating realm add one rec and one page.
3. Repeat step 1. In step 2 first add data granule and than rec before activating the realm
4. both RIM should be different, otherwise, the test fails

note:-

another variant of this scenario is as follows.

1. create realm with different creation configurations like IPA size and protected ipa contents, 
2. observe the RIM and RIM should be different, otherwise test case fails		 Yes
3 measurement_initial_rem_is_zero  The initial value of REM is 0 1. activate realm
2. content of RSI_MEASUREMENT_READ should return 0, otherwise, test fails		 Yes
4 attestation_token_init Token init terminates an ongoing attestation generation operation 1. activate realm
2. call RSI_ATTESTATION_TOKEN_INIT with challenge1.
3. call RSI_ATTESTATION_TOKEN_INIT again with different challenge i.e. challenge2.
4. call RSI_ATTESTATION_TOKEN_CONTINUE
5. check the after token generation which should verify with challenge2.		 Yes
5 attestation_challenge_data_verification challenge data verification 1. activate realm
2. get the token and check the challenge value with the token challenge.
3. If challenge values are not same test fails.		 Yes
6 attestation_rec_exit_irq If a physical interrupt becomes pending during the execution of RSI_ATTESTATION_TOKEN_CONTINUE, a REC
exit due to IRQ can occur.

On the next entry to the REC:
• If a virtual interrupt is pending on that REC, it is taken to the REC’s exception handler
• RSI_ATTESTATION_TOKEN_CONTINUE returns RSI_INCOMPLETE
• The REC should call RSI_ATTESTATION_TOKEN_CONTINUE again		 1. Register IRQ handler and enable IRQ interrupt. activate  realm
2. Go to realm side.
3. call RSI_ATTESTATION_TOKEN_INIT 
4. Go back to host side. 
5. Program and enable EL2 timer. and go to realm side. 
6. call RSI_ATTESTATION_TOKEN_CONTINUE
7. make sure that the timer triggers. 
8. check rec exit due to IRQ at host side.t
9. If correct flags are set and interrut is triggered set the flag and go back to realm.
10. check RSI_INCOMPLETE received for the call RSI_ATTESTATION_TOKEN_CONTINUE
11. re-issue the call RSI_ATTESTATION_TOKEN_CONTINUE
12. all above passes then the test passes else fails		 Yes
7 attestation_token_verify verify the attestation token format 1. activate realm
2. call RSI_ATTESTATION_TOKEN_INIT 
3. call RSI_ATTESTATION_TOKEN_CONTINUE
4. decode the CBOR-encoded token.
5. verify the mandatory realm and platform token formats and claims are satisfied		 Yes
8 attestation_rpv_value verify RPV that's provided as input during realm creation is the same as that reported in the realm token 1.  create realm with RPV value and verify the RPVs reported in the realm token correspond to the supplied input rpv value during realm creation. Yes
9 attestation_rem_extend_check
attestation_rem_extend_check_realm_token		 REM Extend check attestation_rem_extend_check:
1. Create and activate realm.
2. Add known content through RSI_MEASUREMENT_EXTEND. Read the REM value through MEASUREMENT_READ.
3. Compare REM values with zero and check REM values are not zero.
4. If REM values are zero test failes else pass.
attestation_rem_extend_check_realm_token:
1. Create and activate realm.
2. Add known content through RSI_MEASUREMENT_EXTEND.
3. Call RSI_TOKEN_INIT and CONTINUE and get token.
4. Decode token and get REM value.
5. Compare REM values with zero and check REM values are not zero.
6. If REM values are zero test failes else pass.		 Yes
10 attestation_realm_measurement_type Realm measurement type ( cca-realm-measurement-type) should be either 32, 48, 64 byte 1. activate realm
2. get the measurement and check the measurement type size as mentioned		 Yes
11 attestation_platform_challenge_size platform attestation challenge size should be either 32, 48, 64 1. activate realm
2. get the attestation token  and check the platform attestation challenge size as mentioned		 Yes