ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[M2351] Add consistency check for CRYPTO/CRPT's secure attribute and TRNG/Mbed TLS H/W

pull/7302/head
ccli8 2018-04-10 14:21:24 +08:00
parent 2854b57091
commit 8f1623f717
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.c
View File

@ -24,6 +24,8 @@
#include "nu_bitutil.h" #include "nu_bitutil.h"
#include "crypto-misc.h" #include "crypto-misc.h"
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
/* NOTE: There's inconsistency in cryptography related naming, Crpt or Crypto. For example, cryptography IRQ /* NOTE: There's inconsistency in cryptography related naming, Crpt or Crypto. For example, cryptography IRQ
* handler could be CRPT_IRQHandler or CRYPTO_IRQHandler. To override default cryptography IRQ handler, see * handler could be CRPT_IRQHandler or CRYPTO_IRQHandler. To override default cryptography IRQ handler, see
* device/startup_{CHIP}.c for its name or call NVIC_SetVector regardless of its name. */ * device/startup_{CHIP}.c for its name or call NVIC_SetVector regardless of its name. */
@ -327,3 +329,5 @@ void CRPT_IRQHandler()
ECC_CLR_INT_FLAG(CRYPTO_MODBASE()); ECC_CLR_INT_FLAG(CRYPTO_MODBASE());
} }
} }
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */

25
targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.h
View File

@ -20,6 +20,29 @@
#include <stdbool.h> #include <stdbool.h>
#include "partition_M2351.h" #include "partition_M2351.h"
/* Policy for configuring secure attribute of CRYPTO/CRPT module:
*
* There's only one CRYPTO/CRPT module and we have the following policy for configuring its secure attribute:
*
* 1. TRNG or mbedtls H/W support can be enabled on either secure target or non-secure target, but not both.
* 2. TRNG and mbedtls H/W supports cannot be enabled on different targets.
* 3. On secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to secure.
* 4. On non-secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to non-secure.
*/
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
#if defined(SCU_INIT_PNSSET1_VAL) && (SCU_INIT_PNSSET1_VAL & (1 << 18))
#error("CRYPTO/CRPT must configure to secure for secure target which supports TRNG or mbedtls H/W")
#endif
#else
#if (! defined(SCU_INIT_PNSSET1_VAL)) || (! (SCU_INIT_PNSSET1_VAL & (1 << 18)))
#error("CRYPTO/CRPT must configure to non-secure for non-secure target which supports TRNG or mbedtls H/W")
#endif
#endif
#endif
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -102,4 +125,6 @@ bool crypto_dma_buffs_overlap(const void *in_buff, size_t in_buff_size, const vo
} }
#endif #endif
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif #endif