From 2117a26cb1e0d988a3141f7d02f3ab906307a5c6 Mon Sep 17 00:00:00 2001 From: Moran Peker Date: Sun, 17 Feb 2019 16:12:36 +0200 Subject: [PATCH] Get security lifecycle by psa_security_lifecycle_state function -Add bug fix for psa_security_lifecycle_state function - PR #9745 -Remove lifecycle data from temp boot status data -Update attesttation_partition_json file to use PSA_PLATFORM_LC_GET and generate partition code - auto generated files update --- .../psa/spm_client/COMPONENT_SPE/psa_setup.c | 2 +- .../psa/spm_server/COMPONENT_SPE/psa_setup.c | 2 +- TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c | 2 +- .../TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c | 2 +- .../attest_iat_claims_loader.c | 28 +++++++++++++++++-- .../attestation_bootloader_data.c | 6 ++-- .../psa_attest_srv_partition.c | 4 ++- .../COMPONENT_SPE/psa_attest_srv_partition.h | 2 +- .../attestation_partition_psa.json | 3 +- 9 files changed, 38 insertions(+), 13 deletions(-) diff --git a/TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c b/TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c index 67a6b1ccd0..b2278a823d 100644 --- a/TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c +++ b/TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c @@ -33,7 +33,7 @@ #include "psa_platform_partition.h" #include "psa_its_partition.h" -extern const uint32_t attest_srv_external_sids[6]; +extern const uint32_t attest_srv_external_sids[7]; extern const uint32_t crypto_srv_external_sids[4]; extern const uint32_t platform_external_sids[1]; diff --git a/TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c b/TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c index 0a5d05d53b..cb2bc9d9ef 100644 --- a/TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c +++ b/TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c @@ -35,7 +35,7 @@ #include "psa_its_partition.h" extern const uint32_t server_test_part1_external_sids[2]; -extern const uint32_t attest_srv_external_sids[6]; +extern const uint32_t attest_srv_external_sids[7]; extern const uint32_t crypto_srv_external_sids[4]; extern const uint32_t platform_external_sids[1]; diff --git a/TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c b/TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c index e655072d7b..779753e9d0 100644 --- a/TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c +++ b/TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c @@ -33,7 +33,7 @@ #include "psa_platform_partition.h" #include "psa_its_partition.h" -extern const uint32_t attest_srv_external_sids[6]; +extern const uint32_t attest_srv_external_sids[7]; extern const uint32_t crypto_srv_external_sids[4]; extern const uint32_t platform_external_sids[1]; diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c index ec8c9e5ad8..306ed79108 100644 --- a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c +++ b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c @@ -32,7 +32,7 @@ #include "psa_platform_partition.h" #include "psa_its_partition.h" -extern const uint32_t attest_srv_external_sids[6]; +extern const uint32_t attest_srv_external_sids[7]; extern const uint32_t crypto_srv_external_sids[4]; extern const uint32_t platform_external_sids[1]; diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c index 4e4556bc9d..1d6bdf8289 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c @@ -24,13 +24,37 @@ #include "tfm_attest_hal.h" #include "psa_initial_attestation_api.h" #include "attestation.h" -#include "crypto.h" +#include "psa/crypto.h" +#include "psa/lifecycle.h" extern int32_t g_caller_id; #define ATTEST_PUB_KEY_SHA_256_SIZE (32u) #define PSA_ATTESTATION_PRIVATE_KEY_ID 17 +static enum tfm_security_lifecycle_t security_lifecycle_psa_to_tfm(void) +{ + uint32_t lc = psa_security_lifecycle_state(); + switch (lc) { + case PSA_LIFECYCLE_UNKNOWN: + return TFM_SLC_UNKNOWN; + case PSA_LIFECYCLE_ASSEMBLY_AND_TEST: + return TFM_SLC_ASSEMBLY_AND_TEST; + case PSA_LIFECYCLE_PSA_ROT_PROVISIONING: + return TFM_SLC_PSA_ROT_PROVISIONING; + case PSA_LIFECYCLE_SECURED: + return TFM_SLC_SECURED; + case PSA_LIFECYCLE_NON_PSA_ROT_DEBUG: + return TFM_SLC_NON_PSA_ROT_DEBUG; + case PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG: + return TFM_SLC_RECOVERABLE_PSA_ROT_DEBUG; + case PSA_LIFECYCLE_DECOMMISSIONED: + return TFM_SLC_DECOMMISSIONED; + default: + return TFM_SLC_UNKNOWN; + } +} + /* Hash of attestation public key */ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf) { @@ -169,7 +193,7 @@ enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size, uint8_t *buf) enum tfm_security_lifecycle_t tfm_attest_hal_get_security_lifecycle(void) { - return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE; + return security_lifecycle_psa_to_tfm(); } diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c index 27af2d44c0..476e9ddb71 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c @@ -21,7 +21,7 @@ /* Temporary Boodloader data - conatians temp mandatory claims */ __attribute__((aligned(4))) const uint8_t temp_ram_page_data[] = { - 0x16, 0x20, 0x94, 0x00, //shared_data_tlv_header + 0x16, 0x20, 0x8E, 0x00, //shared_data_tlv_header 0x83, 0x11, 0x0C, 0x00, // SW_TYPE 0x4E, 0x53, 0x50, 0x45, 0x5F, 0x53, 0x50, 0x45, 0x80, 0x11, 0x0A, 0x00, //SW_VERSION @@ -43,9 +43,7 @@ const uint8_t temp_ram_page_data[] = { 0x01, 0x10, 0x16, 0x00, //TLV_MINOR_IAS_HW_VERSION 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x31, 0x32, - 0x02, 0x10, 0x06, 0x00, //TLV_MINOR_IAS_SLC - 0x00, 0x20 + 0x31, 0x32 }; uint8_t impl_id_data[TEMP_IMPL_ID_DATA_SIZE] = {TEMP_IMPL_ID_DATA}; \ No newline at end of file diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/TARGET_MBED_SPM/psa_attest_srv_partition.c b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/TARGET_MBED_SPM/psa_attest_srv_partition.c index 1f79285c05..2648612425 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/TARGET_MBED_SPM/psa_attest_srv_partition.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/TARGET_MBED_SPM/psa_attest_srv_partition.c @@ -31,6 +31,7 @@ #include "psa_attest_srv_partition.h" #include "psa_attest_srv_ifs.h" #include "psa_crypto_srv_ifs.h" +#include "psa_platform_ifs.h" /* Threads stacks */ @@ -92,13 +93,14 @@ spm_rot_service_t attest_srv_rot_services[ATTEST_SRV_ROT_SRV_COUNT] = { }; /* External SIDs used by ATTEST_SRV */ -const uint32_t attest_srv_external_sids[6] = { +const uint32_t attest_srv_external_sids[7] = { PSA_CRYPTO_INIT_ID, PSA_HASH_ID, PSA_ASYMMETRIC_ID, PSA_KEY_MNG_ID, PSA_CRYPTO_FREE_ID, PSA_GENERATOR_ID, + PSA_PLATFORM_LC_GET, }; static osRtxMutex_t attest_srv_mutex = {0}; diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attest_srv_partition.h b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attest_srv_partition.h index e5baaf41c0..22885b1a97 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attest_srv_partition.h +++ b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attest_srv_partition.h @@ -29,7 +29,7 @@ #define ATTEST_SRV_ID 37 #define ATTEST_SRV_ROT_SRV_COUNT (3UL) -#define ATTEST_SRV_EXT_ROT_SRV_COUNT (6UL) +#define ATTEST_SRV_EXT_ROT_SRV_COUNT (7UL) /* ATTEST_SRV event flags */ #define ATTEST_SRV_RESERVED1_POS (1UL) diff --git a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json b/components/TARGET_PSA/services/attestation/attestation_partition_psa.json index b76721238c..9cc8bbaa16 100755 --- a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json +++ b/components/TARGET_PSA/services/attestation/attestation_partition_psa.json @@ -38,7 +38,8 @@ "PSA_ASYMMETRIC_ID", "PSA_KEY_MNG_ID", "PSA_CRYPTO_FREE_ID", - "PSA_GENERATOR_ID" + "PSA_GENERATOR_ID", + "PSA_PLATFORM_LC_GET" ], "source_files": [ "COMPONENT_SPE/psa_attestation_partition.c"