ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13594 from moshe-shahar/psa-gen-rot 

PSA - Generate root of trust before accessing kvstore
pull/13607/head
Anna Bridge 2020-09-11 15:46:35 +01:00 committed by GitHub
parent 2691b4e700 eaf9601bc9
commit ad973f2f14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/its_ps/main.cpp
View File

@ -36,7 +36,6 @@
#include "KVStore.h" #include "KVStore.h"
#include "kv_config.h" #include "kv_config.h"
#include "psa_storage_common_impl.h" #include "psa_storage_common_impl.h"
#include "DeviceKey.h"
using namespace utest::v1; using namespace utest::v1;
using namespace mbed; using namespace mbed;
@ -219,9 +218,6 @@ utest::v1::status_t case_its_setup_handler(const Case *const source, const size_
status = psa_ps_reset(); status = psa_ps_reset();
TEST_ASSERT_EQUAL(PSA_SUCCESS, status); TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
} }
#if DEVICEKEY_ENABLED
DeviceKey::get_instance().generate_root_of_trust();
#endif
return greentea_case_setup_handler(source, index_of_case); return greentea_case_setup_handler(source, index_of_case);
} }

5
platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp
View File

@ -23,6 +23,7 @@
#include "pits_impl.h" #include "pits_impl.h"
#include "mbed_error.h" #include "mbed_error.h"
#include "mbed_toolchain.h" #include "mbed_toolchain.h"
#include "DeviceKey.h"
using namespace mbed; using namespace mbed;
@ -71,6 +72,10 @@ static void its_init(void)
error("Failed getting kvstore instance\n"); error("Failed getting kvstore instance\n");
} }
#if DEVICEKEY_ENABLED
DeviceKey::get_instance().generate_root_of_trust();
#endif
psa_storage_handle_version(kvstore, ITS_VERSION_KEY, &version, its_version_migrate); psa_storage_handle_version(kvstore, ITS_VERSION_KEY, &version, its_version_migrate);
initialized = true; initialized = true;
} }

14
platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp
View File

@ -24,6 +24,7 @@
#include "psa_storage_common_impl.h" #include "psa_storage_common_impl.h"
#include "mbed_error.h" #include "mbed_error.h"
#include "mbed_toolchain.h" #include "mbed_toolchain.h"
#include "DeviceKey.h"
using namespace mbed; using namespace mbed;
@ -69,6 +70,10 @@ static void ps_init(void)
error("Failed getting kvstore instance\n"); error("Failed getting kvstore instance\n");
} }
#if DEVICEKEY_ENABLED
DeviceKey::get_instance().generate_root_of_trust();
#endif
psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate); psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate);
initialized = true; initialized = true;
} }
@ -149,7 +154,7 @@ psa_status_t psa_ps_remove(psa_storage_uid_t uid)
extern "C" psa_status_t psa_ps_reset() extern "C" psa_status_t psa_ps_reset()
{ {
// Do not call its_init here to avoid version check before reset // Do not call ps_init here to avoid version check before reset
int ret = kv_init_storage_config(); int ret = kv_init_storage_config();
if (ret) { if (ret) {
// Can only happen due to system misconfiguration. // Can only happen due to system misconfiguration.
@ -165,7 +170,12 @@ extern "C" psa_status_t psa_ps_reset()
error("Failed getting kvstore instance\n"); error("Failed getting kvstore instance\n");
} }
return psa_storage_reset_impl(kvstore); psa_status_t psa_status = psa_storage_reset_impl(kvstore);
if (psa_status == PSA_SUCCESS) {
// force reinitialize to generate ROT and write version
initialized = false;
}
return psa_status;
} }
#ifdef __cplusplus #ifdef __cplusplus