LCA14: LCA14-418: Testing a secure framework
Upcoming SlideShare
Loading in...5

LCA14: LCA14-418: Testing a secure framework



Resource: LCA14

Resource: LCA14
Name: LCA14-418: Testing a secure framework
Date: 06-03-2014
Speaker: Joakim Bech



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

LCA14: LCA14-418: Testing a secure framework LCA14: LCA14-418: Testing a secure framework Presentation Transcript

  • Thur-6-Mar, 5:05pm, Joakim Bech LCA14-418: Testing a secure framework
  • • Background • GlobalPlatform and XML-files • Functional testing vs other testing • LAVA, Builds & Baselines • Open discussion: Pros and cons Agenda
  • • There is no test framework for download that test secure world APIs • Test suite coming from ST-Ericsson which is now owned by STMicroelectronics • Testing secure world GlobalPlatform APIs Background
  • • GlobalPlatform have a list of Qualified Test Tools covering much more than just secure APIs • Comprehensive functional test of a TEE framework • Initial TEE Configuration v1.0 • Trusted Core Framework API • Trusted Storage API • Cryptographic operations API • Time API • Arithmetical API • Compliance Test Suite (including all minor updates for 2 years) - $6 200 USD! • A set of XML-files that specifies how functions should be called and what result to expect • Linaro don’t want to compete with existing test firms (Galitt, FIME) • Using a test suite from Linaro != GlobalPlatform qualified GlobalPlatform Test Suite
  • • Using GoogleTest framework • Not to reinvent the wheel • Able to launch a single test, several times, in random order,... • Used to test infrastructure cost and corner-cases • Example of some of the tests: • Performance: cost of going to the secure environment • Tests for memory leakage detection / garbage collector • Static TA testing (built-in extensions) • ... Extended Functional Testing
  • • The GlobalPlatform based test suite has good coverage on functional testing, but lacks doing security- and stress-testing for example • Not in scope initially • Timing attacks: For how long will function X run? • Power analysis: Variations in power consumption could leak information • Fuzz testing: like Trinity for example (Linux kernel syscall testing) • Stress tests: Is everything still stable as the load increases? • Multi-TAs / Multi-Threaded • Involving HW • SMP Only functional testing?
  • LAVA and Builds and Baseline integration Build CI job Test suites jenkins lava lava job test results
  • Do we need ... • … specialized hardware? • … specialized network setup? • … tests involving more than one hardware device in coordination (multinode jobs)? • … ? LAVA - what are the requirements?
  • • Example topics that could be discussed • Does it sound like the current plan seems sane? • Will the fee to get GlobalPlatform XML-files be a problem? • What about side channel attacks? • How about other TEEs? How to test those? • Performance testing? • Will it be a standalone project? • ... Open discussion
  • More about Linaro Connect: More about Linaro: More about Linaro engineering: Linaro members: