Test for the TAs avb and trusted_keys in optee_os.git

[jenswi-linaro]

It seems that optee_test.git has no tests at all for the two TAs avb and trusted_keys in optee_os.git

Since they are part of the optee_os.git they should be tested here in optee_test.git.
Where is the best place for these tests?

1. In just another test case in the regression suite?
2. In a new suite (the PKCS#11 TA has its own suite) one for each TA?
3. In a new catch all suite to cover stuff not covered by the present suites, regression, pkcs11 or gp?

2 might not scale too well if we end up with many TAs.
3 is sort of like 1 it's just that it's separated so I'm not sure it makes much sense over 1.

2 would have an advantage In case we can't avoid disturbing the normal services by avb and trusted_keys.
@igoropaniuk, @b49020 what are your thoughts on this?

[b49020]

For trusted_keys TA, kernel patches are still under review upstream. Once they are merged I do plan to add keyctl tests to optee_test.git. Another option would be to pull kernel patches in linaro-swg/linux tree and then add those tests, your views?

[jenswi-linaro]

I believe we can wait until those patches has landed, unless you think it's more urgent.

[b49020]

Sure we can wait for kernel patches to land.

[github-actions]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note that you can always re-open a closed issue at any time.

[b49020]

@jenswi-linaro @jforissier So the kernel patches landed upstream [1] for Trusted Keys feature. Would you like to pick up this feature for linaro-swg/linux tree? After that I could add corresponding keyctl tests to optee_test.git.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a95ebc91305a5f2400e9080911e8d240b6b05ca

[jforissier]

@b49020 this patch depends on other patches introduced in kernel v5.12 if I'm not mistaken. Our optee branch is currently based on v5.9 and upgrading to anything newer than v5.10-rc1 is problematic because ION was removed upstream (related discussion).
I'm not sure if I should try to cherry-pick the dependent patches or if I should upgrade to v5.12 first (thus breaking OP-TEE's SDP).

[b49020]

Yes, it depends on this trusted keys generic framework commit [1] which does a lot of code refactoring and could be a pain to backport to older kernel versions considering all the changes that goes into trusted keys subsystem. Although, backporting to v5.12 should be straight forward.

So, upgrading to v5.12 first should be preferred approach. Although, if we can directly upgrade to v5.13 once it is released would be great.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d0682be318910e028bdf57c90a1695ffc34be37

[jforissier]

So, upgrading to v5.12 first should be preferred approach.

Right. Unless someone objects, I will do that soon-ish, and at the same time I will cherry-pick your Trusted Keys patch.

[jforissier]

So, upgrading to v5.12 first should be preferred approach.

Right. Unless someone objects, I will do that soon-ish, and at the same time I will cherry-pick your Trusted Keys patch.

@b49020 see https://github.com/linaro-swg/linux/commits/wip/optee-v5.12 and let me know if that works for you. I am not force-pushing to branch optee yet.

[b49020]

Thanks @jforissier. It works for me. BTW, it would be nice if you can backport documentation patch [1] as well as it would make it easier for users.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c429805fdf70cce1d4bd56f1099909acfb45ff12

[jforissier]

@b49020 done.

[jforissier]

@b49020 I have force-pushed linaro-swg/linux.git branch wip/optee-v5.12 to branch optee, in other words optee is rebased onto upstream kernel v5.12 and in addition your trusted keys patches are cherry-picked on top.

[b49020]

Thanks @jforissier for the heads up. I will try to integrate trusted keys feature in OP-TEE build setup and write some tests for xtest.