Make hardcoded attestation key optional

[balint-dobszay-arm]

In the Linux platform configuration (api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h) the PLATFORM_OVERRIDE_ATTEST_PK option is enabled by default. This is problematic since not all platforms use the hardcoded attestation key, and there is no way of disabling this except patching the psa-arch-tests repo which is not ideal.

Please provide a way to make this feature optional. E.g.:

#ifndef PLATFORM_HAS_ATTEST_PK
#define PLATFORM_OVERRIDE_ATTEST_PK
#endif

This way the default behaviour is unchanged, but platforms using a custom attestation key could work without modifying the psa-arch-tests source.

[jk-arm]

@balint-dobszay-arm agreed, we will provide the same around 1st week of april,

[balint-dobszay-arm]

Okay, thanks!

[jk-arm]

@balint-dobszay-arm its done, the suggestion is incorporated

[jk-arm]

@balint-dobszay-arm its done, the suggestion is incorporated

[git-wat]

Hi, I have a question, related to PLATFORM_HAS_ATTEST_PK define. The proposed request and solution makes sense. But I think, along with it, there is one more update required in pal_attestation_crypto.c file, for the case, when PLATFORM_HAS_ATTEST_PK is defined, then there is no declaration found for: tfm_initial_attest_get_public_key(...). I think, the declaration shall come from psa-arch-tests, but the definition will come from a particular platform. Can you please share comments/feedback? If you suggest, I can then report a new issue.

Thanks.

[balint-dobszay-arm]

Hi, yes that makes sense, the declaration should be part of some header file in this repo. Please open a new issue or PR for this.