ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Align existing partitions to work with TF-M 

- ITS
- Crypto
- Platform
pull/9653/head
Michael Schwarcz 2019-01-17 12:51:18 +02:00
parent 2198d5c008
commit cf3fd858ad
18 changed files with 336 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/TARGET_PSA/inc/psa/lifecycle.h
View File

@ -62,6 +62,11 @@ uint32_t psa_security_lifecycle_state(void);
psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state);
/** \brief Resets the system
*
*/
void psa_system_reset();
#ifdef __cplusplus
}
#endif

2
components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c
View File

@ -24,9 +24,7 @@
#include <stdlib.h>
#include <string.h>
#include "psa_crypto_srv_ifs.h"
#include "psa/client.h"
#include "crypto.h"
#include "crypto_platform_spe.h"

28
components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c
View File

@ -1,10 +1,15 @@
// ---------------------------------- Includes ---------------------------------
#include "psa/service.h"
#include "psa/client.h"
#include <stdint.h>
#include <string.h>
#include "psa/client.h"
#include "psa/service.h"
#if defined(TARGET_TFM)
#define SPM_PANIC(format, ...) \
{ \
while(1){}; \
}
#endif
#define PSA_CRYPTO_SECURE 1
#include "crypto_spe.h"
#include "crypto_platform_spe.h"
@ -446,7 +451,11 @@ static void psa_hash_operation(void)
case PSA_HASH_CLONE_BEGIN: {
size_t index = 0;
#if defined(TARGET_MBED_SPM)
status = reserve_hash_clone(psa_identity(msg.handle), msg.rhandle, &index);
#else
status = reserve_hash_clone(msg.client_id, msg.rhandle, &index);
#endif
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, &index, sizeof(index));
}
@ -462,7 +471,11 @@ static void psa_hash_operation(void)
SPM_PANIC("SPM read length mismatch");
}
#if defined(TARGET_MBED_SPM)
status = get_hash_clone(index, psa_identity(msg.handle), &hash_clone);
#else
status = get_hash_clone(index, msg.client_id, &hash_clone);
#endif
if (status == PSA_SUCCESS) {
status = psa_hash_clone(hash_clone->source_operation, msg.rhandle);
release_hash_clone(hash_clone);
@ -1488,7 +1501,12 @@ void psa_crypto_generator_operations(void)
void crypto_main(void *ptr)
{
while (1) {
uint32_t signals = psa_wait_any(PSA_BLOCK);
uint32_t signals = 0;
#if defined(TARGET_MBED_SPM)
signals = psa_wait_any(PSA_BLOCK);
#else
signals = psa_wait(CRYPTO_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK);
#endif
if (signals & PSA_CRYPTO_INIT) {
psa_crypto_init_operation();
}

5
components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_EMUL/platform_emul.c
View File

@ -28,3 +28,8 @@ psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
{
return psa_platfrom_lifecycle_change_request_impl(new_state);
}
void psa_system_reset(void)
{
psa_system_reset_impl();
}

8
components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.c
View File

@ -18,6 +18,8 @@
#include "psa/lifecycle.h"
#include "psa/internal_trusted_storage.h"
#include "platform_srv_impl.h"
#include "mbed_toolchain.h"
#include "cmsis.h"
#ifndef MBED_CONF_LIFECYCLE_STATE
#define MBED_CONF_LIFECYCLE_STATE PSA_LIFECYCLE_ASSEMBLY_AND_TEST
@ -38,3 +40,9 @@ psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t state)
}
return PSA_LIFECYCLE_ERROR;
}
MBED_WEAK void psa_system_reset_impl(void)
{
/* Reset the system */
NVIC_SystemReset();
}

1
components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.h
View File

@ -22,5 +22,6 @@
psa_status_t psa_platfrom_lifecycle_get_impl(uint32_t *lc_state);
psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t lc_state);
void psa_system_reset_impl(void);
#endif // __PLATFROM_SRV_IMPL_H__

10
components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c
View File

@ -18,6 +18,7 @@
#include "psa_platform_ifs.h"
#include "psa/lifecycle.h"
#include "psa/client.h"
#include "mbed_toolchain.h"
uint32_t psa_security_lifecycle_state(void)
{
@ -56,3 +57,12 @@ psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
return status;
}
MBED_NORETURN void psa_system_reset(void)
{
psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_SET, 1);
if (conn <= PSA_NULL_HANDLE) {
return;
}
psa_call(conn, NULL, 0, NULL, 0);
}

12
components/TARGET_PSA/services/platform/COMPONENT_SPE/TARGET_MBED_SPM/psa_platform_partition.c
View File

@ -77,6 +77,18 @@ spm_rot_service_t platform_rot_services[PLATFORM_ROT_SRV_COUNT] = {
.tail = NULL
}
},
{
.sid = PSA_PLATFORM_SYSTEM_RESET,
.mask = PSA_PLATFORM_SYSTEM_RESET_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
};
/* External SIDs used by PLATFORM */

22
components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c
View File

@ -20,6 +20,13 @@
#include "psa/internal_trusted_storage.h"
#include "psa/service.h"
#if defined(TARGET_TFM)
#define SPM_PANIC(format, ...) \
{ \
while(1){}; \
}
#endif
typedef psa_status_t (*SignalHandler)(psa_msg_t *);
static psa_status_t lifecycle_get(psa_msg_t *msg)
@ -52,6 +59,12 @@ static psa_status_t lifecycle_change_request(psa_msg_t *msg)
}
static psa_status_t system_reset_request(psa_msg_t *msg)
{
(void)msg;
psa_system_reset_impl();
}
static void message_handler(psa_msg_t *msg, SignalHandler handler)
{
psa_status_t status = PSA_SUCCESS;
@ -77,7 +90,12 @@ void platform_partition_entry(void *ptr)
uint32_t signals = 0;
psa_msg_t msg = {0};
while (1) {
#if defined(TARGET_MBED_SPM)
signals = psa_wait_any(PSA_BLOCK);
#else
signals = psa_wait(PLATFORM_WAIT_ANY_SID_MSK, PSA_BLOCK);
#endif
if ((signals & PSA_PLATFORM_LC_GET_MSK) != 0) {
psa_get(PSA_PLATFORM_LC_GET_MSK, &msg);
message_handler(&msg, lifecycle_get);
@ -86,5 +104,9 @@ void platform_partition_entry(void *ptr)
psa_get(PSA_PLATFORM_LC_SET_MSK, &msg);
message_handler(&msg, lifecycle_change_request);
}
if ((signals & PSA_PLATFORM_SYSTEM_RESET_MSK) != 0) {
psa_get(PSA_PLATFORM_SYSTEM_RESET_MSK, &msg);
message_handler(&msg, system_reset_request);
}
}
}

7
components/TARGET_PSA/services/platform/COMPONENT_SPE/psa_platform_partition.h
View File

@ -28,7 +28,7 @@
#define PLATFORM_ID 8
#define PLATFORM_ROT_SRV_COUNT (2UL)
#define PLATFORM_ROT_SRV_COUNT (3UL)
#define PLATFORM_EXT_ROT_SRV_COUNT (1UL)
/* PLATFORM event flags */
@ -44,10 +44,13 @@
#define PSA_PLATFORM_LC_GET_MSK (1UL << PSA_PLATFORM_LC_GET_MSK_POS)
#define PSA_PLATFORM_LC_SET_MSK_POS (5UL)
#define PSA_PLATFORM_LC_SET_MSK (1UL << PSA_PLATFORM_LC_SET_MSK_POS)
#define PSA_PLATFORM_SYSTEM_RESET_MSK_POS (6UL)
#define PSA_PLATFORM_SYSTEM_RESET_MSK (1UL << PSA_PLATFORM_SYSTEM_RESET_MSK_POS)
#define PLATFORM_WAIT_ANY_SID_MSK (\
PSA_PLATFORM_LC_GET_MSK | \
PSA_PLATFORM_LC_SET_MSK)
PSA_PLATFORM_LC_SET_MSK | \
PSA_PLATFORM_SYSTEM_RESET_MSK)
#endif // PSA_PLATFORM_PARTITION_H

8
components/TARGET_PSA/services/platform/platform_psa.json
View File

@ -21,6 +21,14 @@
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "PSA_PLATFORM_SYSTEM_RESET",
"identifier": "0x00011002",
"signal": "PSA_PLATFORM_SYSTEM_RESET_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
}
],
"extern_sids": [

1
components/TARGET_PSA/services/platform/psa_platform_ifs.h
View File

@ -28,5 +28,6 @@
#define PSA_PLATFORM_LC_GET 0x00011000
#define PSA_PLATFORM_LC_SET 0x00011001
#define PSA_PLATFORM_SYSTEM_RESET 0x00011002
#endif // PSA_PLATFORM_PARTITION_ROT_SERVICES_H

158
components/TARGET_PSA/services/psa_prot_internal_storage/COMPONENT_PSA_SRV_IMPL/TARGET_TFM/its_tfm_impl.cpp Normal file
View File

@ -0,0 +1,158 @@
/* Copyright (c) 2018 ARM Limited
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <cstring>
#include "KVStore.h"
#include "TDBStore.h"
#include "psa/internal_trusted_storage.h"
#include "pits_impl.h"
#include "mbed_error.h"
#include "mbed_toolchain.h"
#include "FlashIAP.h"
#include "FlashIAPBlockDevice.h"
using namespace mbed;
static KVStore *internal_store = NULL;
static bool is_tfm_kv_initialized = false;
static inline uint32_t align_up(uint64_t val, uint64_t size)
{
return (((val - 1) / size) + 1) * size;
}
static inline uint32_t align_down(uint64_t val, uint64_t size)
{
return (((val) / size)) * size;
}
static BlockDevice *_get_blockdevice(bd_addr_t start_address, bd_size_t size)
{
int ret = MBED_SUCCESS;
bd_addr_t flash_end_address;
bd_addr_t flash_start_address;
bd_addr_t aligned_start_address;
bd_addr_t aligned_end_address;
bd_addr_t end_address;
FlashIAP flash;
ret = flash.init();
if (ret != 0) {
return NULL;
}
//Get flash parameters before starting
flash_start_address = flash.get_flash_start();
flash_end_address = flash_start_address + flash.get_flash_size();;
aligned_start_address = align_down(start_address, flash.get_sector_size(start_address));
if (start_address != aligned_start_address) {
flash.deinit();
return NULL;
}
end_address = start_address + size;
if (end_address > flash_end_address) {
flash.deinit();
return NULL;
}
aligned_end_address = align_up(end_address, flash.get_sector_size(end_address - 1));
if (end_address != aligned_end_address) {
flash.deinit();
return NULL;
}
static FlashIAPBlockDevice bd(start_address, size);
flash.deinit();
return &bd;
}
static int _calculate_blocksize_match_tdbstore(BlockDevice *bd)
{
bd_size_t size = bd->size();
bd_size_t erase_size = bd->get_erase_size();
bd_size_t number_of_sector = size / erase_size;
if (number_of_sector < 2) {
return -1;
}
return 0;
}
static int tfm_kv_init(void)
{
int ret = MBED_SUCCESS;
bd_size_t internal_size = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_SIZE;
bd_addr_t internal_start_address = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_BASE_ADDRESS;
//Get internal memory FLASHIAP block device.
BlockDevice *internal_bd = _get_blockdevice(internal_start_address, internal_size);
if (internal_bd == NULL) {
return -1; // TODO: Error code
}
ret = internal_bd->init();
if (ret != 0) {
return ret;
}
//Check that internal flash has 2 or more sectors
if (_calculate_blocksize_match_tdbstore(internal_bd) != 0) {
return -1; // TODO: Error code
}
//Deinitialize internal block device and TDB will reinitialize and take control on it.
ret = internal_bd->deinit();
if (ret != 0) {
return ret;
}
//Create a TDBStore in the internal FLASHIAP block device.
static TDBStore tdb_internal(internal_bd);
internal_store = &tdb_internal;
ret = internal_store->init();
return ret;
}
/*
* \brief Get default KVStore instance for internal flesh storage
*
* \return valid pointer to KVStore
*/
KVStore *get_its_kvstore_instance(void)
{
return internal_store;
}
int kv_init_storage_config()
{
int ret = MBED_SUCCESS;
if (!is_tfm_kv_initialized) {
ret = tfm_kv_init();
}
is_tfm_kv_initialized = (ret == MBED_SUCCESS) ? true : false;
return ret;
}

52
components/TARGET_PSA/services/psa_prot_internal_storage/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp
View File

@ -16,21 +16,38 @@
*/
#include <cstring>
#include "KVMap.h"
#include "KVStore.h"
#include "TDBStore.h"
#include "psa/internal_trusted_storage.h"
#include "pits_impl.h"
#include "pits_version_impl.h"
#include "mbed_error.h"
#include "mbed_assert.h"
#include "mbed_toolchain.h"
#if defined(TARGET_TFM)
using namespace mbed;
#ifdef __cplusplus
extern "C"
KVStore *get_its_kvstore_instance(void);
#else
#include "KVMap.h"
using namespace mbed;
/*
* \brief Get default KVStore instance for internal flesh storage
*
* \return valid pointer to KVStore
*/
KVStore *get_its_kvstore_instance(void)
{
#endif
KVMap &kv_map = KVMap::get_instance();
return kv_map.get_internal_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
}
#endif // defined(TARGET_TFM)
// Maximum length of filename we use for kvstore API.
// pid: 6; delimiter: 1; uid: 11; str terminator: 1
@ -50,10 +67,16 @@ const uint8_t base64_coding_table[] = {
static KVStore *kvstore = NULL;
MBED_WEAK psa_its_status_t its_version_migrate(void *storage, const its_version_t *version)
{
(void)storage;
(void)version;
return PSA_ITS_SUCCESS;
}
static void its_init(void)
{
KVMap &kv_map = KVMap::get_instance();
kvstore = kv_map.get_internal_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
kvstore = get_its_kvstore_instance();
if (!kvstore) {
// Can only happen due to system misconfiguration.
// Thus considered as unrecoverable error for runtime.
@ -105,19 +128,6 @@ static void its_init(void)
}
}
// used from test only
void its_deinit(void)
{
kvstore = NULL;
}
MBED_WEAK psa_its_status_t its_version_migrate(void *storage, const its_version_t *version)
{
(void)storage;
(void)version;
return PSA_ITS_SUCCESS;
}
/*
* \brief Convert KVStore stauts codes to PSA internal storage status codes
*
@ -316,7 +326,3 @@ psa_its_status_t psa_its_reset_impl()
int status = kvstore->reset();
return convert_status(status);
}
#ifdef __cplusplus
}
#endif

5
components/TARGET_PSA/services/psa_prot_internal_storage/COMPONENT_PSA_SRV_IMPL/pits_impl.h
View File

@ -25,6 +25,9 @@ extern "C"
{
#endif
#if defined(TARGET_TFM) && defined(COMPONENT_SPE)
extern int kv_init_storage_config();
#endif
#define PITS_DATA_PTR_AT_OFFSET(ptr, offset) ((void *)(((uintptr_t)ptr) + ((uintptr_t)offset)))
#define STR_EXPAND(tok) #tok
@ -34,6 +37,8 @@ psa_its_status_t psa_its_get_info_impl(int32_t pid, psa_its_uid_t uid, struct ps
psa_its_status_t psa_its_remove_impl(int32_t pid, psa_its_uid_t uid);
psa_its_status_t psa_its_reset_impl();
psa_its_status_t psa_its_reset_impl(void);
#ifdef __cplusplus
}
#endif

8
components/TARGET_PSA/services/psa_prot_internal_storage/COMPONENT_SPE/TARGET_MBED_SPM/psa_its_partition.c
View File

@ -33,7 +33,7 @@
/* Threads stacks */
MBED_ALIGN(8) uint8_t its_thread_stack[1024] = {0};
MBED_ALIGN(8) uint8_t its_thread_stack[2048] = {0};
/* Threads control blocks */
osRtxThread_t its_thread_cb = {0};
@ -45,7 +45,7 @@ osThreadAttr_t its_thread_attr = {
.cb_mem = &its_thread_cb,
.cb_size = sizeof(its_thread_cb),
.stack_mem = its_thread_stack,
.stack_size = 1024,
.stack_size = 2048,
.priority = osPriorityNormal,
.tz_module = 0,
.reserved = 0
@ -124,7 +124,7 @@ static const osMutexAttr_t its_mutex_attr = {
};
extern void pits_entry(void *ptr);
extern void its_entry(void *ptr);
void its_init(spm_partition_t *partition)
{
@ -142,7 +142,7 @@ void its_init(spm_partition_t *partition)
}
partition->rot_services = its_rot_services;
partition->thread_id = osThreadNew(pits_entry, NULL, &its_thread_attr);
partition->thread_id = osThreadNew(its_entry, NULL, &its_thread_attr);
if (NULL == partition->thread_id) {
SPM_PANIC("Failed to create start main thread of partition its!\n");
}

43
components/TARGET_PSA/services/psa_prot_internal_storage/COMPONENT_SPE/its_partition.c
View File

@ -21,14 +21,25 @@
#include "psa_its_partition.h"
#include "psa/internal_trusted_storage.h"
#include "pits_impl.h"
#include "kv_config.h"
#include "mbed_error.h"
#if defined(TARGET_MBED_SPM)
#include "kv_config.h"
#endif
#ifdef __cplusplus
extern "C"
{
#endif
#if defined(TARGET_TFM)
#define SPM_PANIC(format, ...) \
{ \
while(1){}; \
}
#endif
typedef psa_status_t (*SignalHandler)(psa_msg_t *);
static psa_status_t storage_set(psa_msg_t *msg)
@ -59,9 +70,11 @@ static psa_status_t storage_set(psa_msg_t *msg)
free(data);
return PSA_ITS_ERROR_STORAGE_FAILURE;
}
#if defined(TARGET_MBED_SPM)
psa_its_status_t status = psa_its_set_impl(psa_identity(msg->handle), key, alloc_size, data, flags);
#else
psa_its_status_t status = psa_its_set_impl(msg->client_id, key, alloc_size, data, flags);
#endif
memset(data, 0, alloc_size);
free(data);
return status;
@ -89,7 +102,12 @@ static psa_status_t storage_get(psa_msg_t *msg)
return PSA_ITS_ERROR_STORAGE_FAILURE;
}
#if defined(TARGET_MBED_SPM)
psa_its_status_t status = psa_its_get_impl(psa_identity(msg->handle), key, offset, msg->out_size[0], data);
#else
psa_its_status_t status = psa_its_get_impl(msg->client_id, key, offset, msg->out_size[0], data);
#endif
if (status == PSA_ITS_SUCCESS) {
psa_write(msg->handle, 0, data, msg->out_size[0]);
}
@ -112,7 +130,12 @@ static psa_status_t storage_info(psa_msg_t *msg)
return PSA_DROP_CONNECTION;
}
#if defined(TARGET_MBED_SPM)
psa_its_status_t status = psa_its_get_info_impl(psa_identity(msg->handle), key, &info);
#else
psa_its_status_t status = psa_its_get_info_impl(msg->client_id, key, &info);
#endif
if (status == PSA_ITS_SUCCESS) {
psa_write(msg->handle, 0, &info, msg->out_size[0]);
}
@ -132,15 +155,20 @@ static psa_status_t storage_remove(psa_msg_t *msg)
return PSA_DROP_CONNECTION;
}
#if defined(TARGET_MBED_SPM)
return psa_its_remove_impl(psa_identity(msg->handle), key);
#else
return psa_its_remove_impl(msg->client_id, key);
#endif
}
static psa_status_t storage_reset(psa_msg_t *msg)
{
(void)msg;
return psa_its_reset_impl();
}
static void message_handler(psa_msg_t *msg, SignalHandler handler)
{
psa_status_t status = PSA_SUCCESS;
@ -161,13 +189,17 @@ static void message_handler(psa_msg_t *msg, SignalHandler handler)
psa_reply(msg->handle, status);
}
void pits_entry(void *ptr)
void its_entry(void *ptr)
{
uint32_t signals = 0;
psa_msg_t msg = {0};
while (1) {
#if defined(TARGET_MBED_SPM)
signals = psa_wait_any(PSA_BLOCK);
#else
signals = psa_wait(ITS_WAIT_ANY_SID_MSK, PSA_BLOCK);
#endif
// KVStore initiation:
// - Must be done after the psa_wait_any() call since only now we know OS initialization is done
@ -197,6 +229,7 @@ void pits_entry(void *ptr)
psa_get(PSA_ITS_RESET_MSK, &msg);
message_handler(&msg, storage_reset);
}
}
}

4
components/TARGET_PSA/services/psa_prot_internal_storage/pits_psa.json
View File

@ -3,8 +3,8 @@
"type": "APPLICATION-ROT",
"priority": "NORMAL",
"id": "0x0000000A",
"entry_point": "pits_entry",
"stack_size": "0x400",
"entry_point": "its_entry",
"stack_size": "0x800",
"heap_size": "0x400",
"services": [{
"name": "PSA_ITS_GET",