Merge pull request #13594 from moshe-shahar/psa-gen-rot

PSA - Generate root of trust before accessing kvstore
2020-09-11 15:46:35 +01:00 · 2020-09-11 15:46:35 +01:00 · ad973f2f14
parent 2691b4e700 eaf9601bc9
commit ad973f2f14
3 changed files with 17 additions and 6 deletions
--- a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/its_ps/main.cpp
+++ b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/its_ps/main.cpp
@ -36,7 +36,6 @@
 #include "KVStore.h"
 #include "kv_config.h"
 #include "psa_storage_common_impl.h"
-#include "DeviceKey.h"

 using namespace utest::v1;
 using namespace mbed;
@ -219,9 +218,6 @@ utest::v1::status_t case_its_setup_handler(const Case *const source, const size_
        status = psa_ps_reset();
        TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
    }
-#if DEVICEKEY_ENABLED
-    DeviceKey::get_instance().generate_root_of_trust();
-#endif
    return greentea_case_setup_handler(source, index_of_case);
 }

--- a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp
+++ b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp
@ -23,6 +23,7 @@
 #include "pits_impl.h"
 #include "mbed_error.h"
 #include "mbed_toolchain.h"
+#include "DeviceKey.h"

 using namespace mbed;

@ -71,6 +72,10 @@ static void its_init(void)
        error("Failed getting kvstore instance\n");
    }

+#if DEVICEKEY_ENABLED
+    DeviceKey::get_instance().generate_root_of_trust();
+#endif
+
    psa_storage_handle_version(kvstore, ITS_VERSION_KEY, &version, its_version_migrate);
    initialized = true;
 }
--- a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp
+++ b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp
@ -24,6 +24,7 @@
 #include "psa_storage_common_impl.h"
 #include "mbed_error.h"
 #include "mbed_toolchain.h"
+#include "DeviceKey.h"

 using namespace mbed;

@ -69,6 +70,10 @@ static void ps_init(void)
        error("Failed getting kvstore instance\n");
    }

+#if DEVICEKEY_ENABLED
+    DeviceKey::get_instance().generate_root_of_trust();
+#endif
+
    psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate);
    initialized = true;
 }
@ -149,7 +154,7 @@ psa_status_t psa_ps_remove(psa_storage_uid_t uid)

 extern "C" psa_status_t psa_ps_reset()
 {
-    // Do not call its_init here to avoid version check before reset
+    // Do not call ps_init here to avoid version check before reset
    int ret = kv_init_storage_config();
    if (ret) {
        // Can only happen due to system misconfiguration.
@ -165,7 +170,12 @@ extern "C" psa_status_t psa_ps_reset()
        error("Failed getting kvstore instance\n");
    }

-    return psa_storage_reset_impl(kvstore);
+    psa_status_t psa_status = psa_storage_reset_impl(kvstore);
+    if (psa_status == PSA_SUCCESS) {
+        // force reinitialize to generate ROT and write version
+        initialized = false;
+    }
+    return psa_status;
 }

 #ifdef   __cplusplus