TF-Fuzz (Trusted-Firmware Fuzzer) guide

Introduction

TF-Fuzz is a TF-M fuzzing tool, at the PSA-call level. At the time of writing this at least, presentations available at:

(These presentation materials may not all be viewable by all parties.)

A suite generator tool is also provided to make tests output by TF-Fuzz runnable as a test suite in the regression tester.

Note

These instructions assume the use of Ubuntu Linux.

The following dependencies are required to build TF-Fuzz:

sudo apt-get update
sudo apt-get install build-essential bison flex

To build TF-Fuzz, simply type make in this directory. The executable, called tfz, is placed in the bin/ directory.

Requirements: Python 3.8 or later; a built tfz binary.

The suite generator is installable as a Python package through pip:

cd <path/to/tf-tools>/tf_fuzz
pip3 install tfz-suitegen

Once installed, tfz-suitegen can be ran by typing python3 -m tfz-suitegen.

Full usage information can be found by running ./bin/tfz and python3 -m tfz-suitegen --help .

The demo folder contains some example test specifications. The below steps describe how to build and run these with the TF-M regression tester.

Turn the test specifications into a test suite:
```
python3 -m tfz-suitegen <path/to/tf_fuzz> <path/to/tf_fuzz>/demo build_suite
```
This creates an out-of-tree test suite containing all the tests in the demo folder.

Note

Only files with the .test extension are included in the test suite.
Build the regression tests as normal, adding the following CMake flag to the SPE build:
```
-DEXTRA_NS_TEST_SUITE_PATH=<absolute_path_to>/build_suite
```
For full instructions on how to build and run tests see Build Tests and Run TF-M tests and applications on Arm platforms.

Warning

Some of the provided demos are expected to fail.

To run the regression test suite:

cd <path/to/tf-tools>/tf_fuzz/tfz-cpp
make
cd regression
bash regress

Table of Contents