add hsm tests for NXP ELE (New)

[stanley31huang]

Description

Add a new NXP EdgeLock Enclave (ELE) Checkbox test suite for oem-imx-secure-enclave, including dynamic test-vector discovery, per-vector
templated execution, and ELE performance testing.

What this PR adds

1. New ELE test script

• units/secure-element/nxp_ele_test.py
• Supports:
• --list-tv: enumerate available PSA test vectors and export resource attributes
• --run-tv : run a single test vector
• --run-perf: run ele_hsm_perf_test
• Implements required NVM daemon lifecycle for each run:
• stop daemon
• cleanup persisted test data
• start daemon
• execute test
• stop daemon
• Auto-detects daemon unit names (including snap systemd units).

2. New Checkbox job definitions

• units/secure-element/nxp-secure-element.pxu
• Adds:
• resource job: nxp_ele_list_tv_files
• templated TV job family: nxp_ele_run_tv_*
• perf job: nxp_ele_run_perf
• Uses template-engine: jinja2 for nxp_ele_run_tv template rendering.

3. New ELE test plan

• units/secure-element/test-plan.pxu
• Adds top-level nxp-ele plan with:
• resource bootstrap include
• perf test include
• all generated TV jobs include via regex.

Resolved issues

Documentation

reference: https://github.com/nxp-imx/imx-secure-enclave

Tests

https://certification.canonical.com/hardware/202601-38315/submission/490071/

[baconYao]

Hi @stanley31huang, I made some refactor like below

Separation of Concerns (SoC)
The nvm_daemon_lifecycle context manager is now solely responsible for service state management and data cleanup, while run_with_nvm_lifecycle focuses exclusively on command execution and exit code handling.

Prevention of Exception Masking
Inside nvm_daemon_lifecycle, if cleanup_nvm_data() fails and throws an error, the execution aborts immediately with the correct traceback. This prevents the finally block from attempting to stop an already-stopped service, which could raise a secondary RuntimeError and mask the root cause.

Cleaner Caller Interfaces
By streamlining the arguments for run_with_nvm_lifecycle, caller functions no longer need to construct verbose, repetitive strings for success_message and fail_label. Standardizing the output with a single test_label and a prefixed [NXP_ELE] PASS: adheres to the DRY (Don't Repeat Yourself) principle.

Improved Maintainability
If NXP introduces new lifecycle requirements in the future (e.g., adding an extra health check stage to the daemon), you only need to update the nvm_daemon_lifecycle context manager. The actual test execution logic for performance and TV files remains completely untouched.

[baconYao]

LGTM

[stanley31huang]

@copilot resolve the merge conflicts in this pull request

[Copilot]

@copilot resolve the merge conflicts in this pull request

Resolved. I merged origin/main into this branch and fixed the conflict in contrib/checkbox-ce-oem/checkbox-provider-ce-oem/tox.ini in commit dcb601d.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.49%. Comparing base (f2aa6e7) to head (5539d43).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2550   +/-   ##
=======================================
  Coverage   59.49%   59.49%           
=======================================
  Files         480      480           
  Lines       48505    48505           
  Branches     8675     8675           
=======================================
  Hits        28859    28859           
  Misses      18737    18737           
  Partials      909      909           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[baconYao]

+1