Fixes

* Add #include <stddef.h> to psa/client.h
* Add Attestation service to TFM
* Update FUTURE_SEQUANA_PSA secure binaries
* Remove MBED_SPM from K64F
* Refactor psa_manifest/sid.h
* Increase stackl size in spm-client tests
* Add handling of errors from psa_get in partitions

TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c

@@ -16,7 +16,7 @@
  */
 
 #include "psa/client.h"
-#include "psa_test_partition_ifs.h"
+#include "psa_manifest/sid.h"
 #include "test_partition_proxy.h"
 
 #define MINOR_VER 1

TESTS/psa/crypto_access_control/COMPONENT_SPE/psa_crypto_acl_test_partition.h

@@ -23,22 +23,23 @@
  * Generated by tools/spm/generate_partition_code.py Version 1.0
  **********************************************************************************************************************/
 
-#ifndef PSA_TEST_PARTITION_PARTITION_H
+#ifndef PSA_CRYPTO_ACL_TEST_PARTITION_H
-#define PSA_TEST_PARTITION_PARTITION_H
+#define PSA_CRYPTO_ACL_TEST_PARTITION_H
 
-#define TEST_PARTITION_ID 128
+#define CRYPTO_ACL_TEST_ID 128
 
-#define TEST_PARTITION_ROT_SRV_COUNT (9UL)
+#define CRYPTO_ACL_TEST_ROT_SRV_COUNT (9UL)
-#define TEST_PARTITION_EXT_ROT_SRV_COUNT (1UL)
+#define CRYPTO_ACL_TEST_EXT_ROT_SRV_COUNT (1UL)
 
-/* TEST_PARTITION event flags */
+/* CRYPTO_ACL_TEST event flags */
-#define TEST_PARTITION_RESERVED1_POS (1UL)
+#define CRYPTO_ACL_TEST_RESERVED1_POS (1UL)
-#define TEST_PARTITION_RESERVED1_MSK (1UL << TEST_PARTITION_RESERVED1_POS)
+#define CRYPTO_ACL_TEST_RESERVED1_MSK (1UL << CRYPTO_ACL_TEST_RESERVED1_POS)
 
-#define TEST_PARTITION_RESERVED2_POS (2UL)
+#define CRYPTO_ACL_TEST_RESERVED2_POS (2UL)
-#define TEST_PARTITION_RESERVED2_MSK (1UL << TEST_PARTITION_RESERVED2_POS)
+#define CRYPTO_ACL_TEST_RESERVED2_MSK (1UL << CRYPTO_ACL_TEST_RESERVED2_POS)
 
 
+#define CRYPTO_ACL_TEST_WAIT_ANY_IRQ_MSK (0)
 
 #define CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS (4UL)
 #define CRYPTO_CREATE_PERSISTENT_KEY_MSK (1UL << CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS)
@@ -59,7 +60,7 @@
 #define CRYPTO_IMPORT_KEY_MSK_POS (12UL)
 #define CRYPTO_IMPORT_KEY_MSK (1UL << CRYPTO_IMPORT_KEY_MSK_POS)
 
-#define TEST_PARTITION_WAIT_ANY_SID_MSK (\
+#define CRYPTO_ACL_TEST_WAIT_ANY_SID_MSK (\
     CRYPTO_CREATE_PERSISTENT_KEY_MSK | \
     CRYPTO_GENERATE_KEY_MSK | \
     CRYPTO_OPEN_PERSISTENT_KEY_MSK | \
@@ -71,4 +72,4 @@
     CRYPTO_IMPORT_KEY_MSK)
 
 
-#endif // PSA_TEST_PARTITION_PARTITION_H
+#endif // PSA_CRYPTO_ACL_TEST_PARTITION_H

TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c

@@ -16,20 +16,13 @@
  */
 
 #include <stdlib.h>
-#include "psa_test_partition_partition.h"
+#include "psa_crypto_acl_test_partition.h"
-#include "psa/service.h"
 #include "psa/client.h"
+#include "psa/service.h"
 #include "psa/crypto.h"
 
 typedef psa_status_t (*SignalHandler)(psa_msg_t *);
 
-#if defined(TARGET_TFM)
-#define SPM_PANIC(format, ...) \
-{ \
-    while(1){}; \
-}
-#endif
-
 static void read_input_param_from_message(psa_msg_t *msg, uint8_t param_index, void *param_ptr)
 {
     size_t bytes_read = psa_read(msg->handle, param_index, param_ptr, msg->in_size[param_index]);
@@ -207,41 +200,59 @@ void test_partition_main(void)
     psa_signal_t signal;
     psa_msg_t msg = {0};
     while (1) {
-        signal = psa_wait_any(PSA_BLOCK);
+        signal = psa_wait(CRYPTO_ACL_TEST_WAIT_ANY_SID_MSK, PSA_BLOCK);
         if (signal & CRYPTO_CREATE_PERSISTENT_KEY_MSK) {
-            psa_get(CRYPTO_CREATE_PERSISTENT_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_CREATE_PERSISTENT_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_create_persistent_key);
         }
         if (signal & CRYPTO_GENERATE_KEY_MSK) {
-            psa_get(CRYPTO_GENERATE_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_GENERATE_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_generate_key);
         }
         if (signal & CRYPTO_OPEN_PERSISTENT_KEY_MSK) {
-            psa_get(CRYPTO_OPEN_PERSISTENT_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_OPEN_PERSISTENT_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_open_persistent_key);
         }
         if (signal & CRYPTO_CLOSE_KEY_MSK) {
-            psa_get(CRYPTO_CLOSE_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_CLOSE_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_close_key);
         }
         if (signal & CRYPTO_SET_KEY_POLICY_MSK) {
-            psa_get(CRYPTO_SET_KEY_POLICY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_SET_KEY_POLICY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_set_key_policy);
         }
         if (signal & CRYPTO_DESTROY_KEY_MSK) {
-            psa_get(CRYPTO_DESTROY_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_DESTROY_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_destroy_key);
         }
         if (signal & CRYPTO_GET_KEY_INFO_MSK) {
-            psa_get(CRYPTO_GET_KEY_INFO_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_INFO_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_get_key_info);
         }
         if (signal & CRYPTO_GET_KEY_POLICY_MSK) {
-            psa_get(CRYPTO_GET_KEY_POLICY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_POLICY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_get_key_policy);
         }
         if (signal & CRYPTO_IMPORT_KEY_MSK) {
-            psa_get(CRYPTO_IMPORT_KEY_MSK, &msg);
+            if (PSA_SUCCESS != psa_get(CRYPTO_IMPORT_KEY_MSK, &msg)) {
+                continue;
+            }
             message_handler(&msg, crypto_import_key);
         }
     }

TESTS/psa/crypto_access_control/TARGET_MBED_SPM/COMPONENT_SPE/psa_crypto_acl_test_partition.c

@@ -28,31 +28,30 @@
 #include "rtx_os.h"
 #include "spm_panic.h"
 #include "spm_internal.h"
-#include "psa_test_partition_partition.h"
+#include "psa_crypto_acl_test_partition.h"
-#include "psa_test_partition_ifs.h"
+#include "psa_manifest/sid.h"
-#include "psa_crypto_srv_ifs.h"
 
 
 /* Threads stacks */
-MBED_ALIGN(8) uint8_t test_partition_thread_stack[512] = {0};
+MBED_ALIGN(8) uint8_t crypto_acl_test_thread_stack[512] = {0};
 
 /* Threads control blocks */
-osRtxThread_t test_partition_thread_cb = {0};
+osRtxThread_t crypto_acl_test_thread_cb = {0};
 
 /* Thread attributes - for thread initialization */
-osThreadAttr_t test_partition_thread_attr = {
+osThreadAttr_t crypto_acl_test_thread_attr = {
-    .name = "test_partition",
+    .name = "crypto_acl_test",
     .attr_bits = 0,
-    .cb_mem = &test_partition_thread_cb,
+    .cb_mem = &crypto_acl_test_thread_cb,
-    .cb_size = sizeof(test_partition_thread_cb),
+    .cb_size = sizeof(crypto_acl_test_thread_cb),
-    .stack_mem = test_partition_thread_stack,
+    .stack_mem = crypto_acl_test_thread_stack,
     .stack_size = 512,
     .priority = osPriorityNormal,
     .tz_module = 0,
     .reserved = 0
 };
 
-spm_rot_service_t test_partition_rot_services[TEST_PARTITION_ROT_SRV_COUNT] = {
+spm_rot_service_t crypto_acl_test_rot_services[CRYPTO_ACL_TEST_ROT_SRV_COUNT] = {
     {
         .sid = CRYPTO_CREATE_PERSISTENT_KEY,
         .mask = CRYPTO_CREATE_PERSISTENT_KEY_MSK,
@@ -163,41 +162,41 @@ spm_rot_service_t test_partition_rot_services[TEST_PARTITION_ROT_SRV_COUNT] = {
     },
 };
 
-/* External SIDs used by TEST_PARTITION */
+/* External SIDs used by CRYPTO_ACL_TEST */
-const uint32_t test_partition_external_sids[1] = {
+const uint32_t crypto_acl_test_external_sids[1] = {
     PSA_KEY_MNG_ID,
 };
 
-static osRtxMutex_t test_partition_mutex = {0};
+static osRtxMutex_t crypto_acl_test_mutex = {0};
-static const osMutexAttr_t test_partition_mutex_attr = {
+static const osMutexAttr_t crypto_acl_test_mutex_attr = {
-    .name = "test_partition_mutex",
+    .name = "crypto_acl_test_mutex",
     .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
-    .cb_mem = &test_partition_mutex,
+    .cb_mem = &crypto_acl_test_mutex,
-    .cb_size = sizeof(test_partition_mutex),
+    .cb_size = sizeof(crypto_acl_test_mutex),
 };
 
 
 extern void test_partition_main(void *ptr);
 
-void test_partition_init(spm_partition_t *partition)
+void crypto_acl_test_init(spm_partition_t *partition)
 {
     if (NULL == partition) {
         SPM_PANIC("partition is NULL!\n");
     }
 
-    partition->mutex = osMutexNew(&test_partition_mutex_attr);
+    partition->mutex = osMutexNew(&crypto_acl_test_mutex_attr);
     if (NULL == partition->mutex) {
-        SPM_PANIC("Failed to create mutex for secure partition test_partition!\n");
+        SPM_PANIC("Failed to create mutex for secure partition crypto_acl_test!\n");
     }
 
-    for (uint32_t i = 0; i < TEST_PARTITION_ROT_SRV_COUNT; ++i) {
+    for (uint32_t i = 0; i < CRYPTO_ACL_TEST_ROT_SRV_COUNT; ++i) {
-        test_partition_rot_services[i].partition = partition;
+        crypto_acl_test_rot_services[i].partition = partition;
     }
-    partition->rot_services = test_partition_rot_services;
+    partition->rot_services = crypto_acl_test_rot_services;
 
-    partition->thread_id = osThreadNew(test_partition_main, NULL, &test_partition_thread_attr);
+    partition->thread_id = osThreadNew(test_partition_main, NULL, &crypto_acl_test_thread_attr);
     if (NULL == partition->thread_id) {
-        SPM_PANIC("Failed to create start main thread of partition test_partition!\n");
+        SPM_PANIC("Failed to create start main thread of partition crypto_acl_test!\n");
     }
 }
 

TESTS/psa/crypto_access_control/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c

@@ -27,34 +27,22 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
-#include "psa_test_partition_partition.h"
 #include "psa_attest_srv_partition.h"
 #include "psa_crypto_srv_partition.h"
 #include "psa_platform_partition.h"
 #include "psa_its_partition.h"
+#include "psa_crypto_acl_test_partition.h"
 
-extern const uint32_t test_partition_external_sids[1];
 extern const uint32_t attest_srv_external_sids[7];
 extern const uint32_t crypto_srv_external_sids[4];
 extern const uint32_t platform_external_sids[1];
+extern const uint32_t crypto_acl_test_external_sids[1];
 
 spm_partition_t g_partitions[5] = {
-    {
-        .partition_id = TEST_PARTITION_ID,
-        .thread_id = 0,
-        .flags_rot_srv = TEST_PARTITION_WAIT_ANY_SID_MSK,
-        .flags_interrupts = 0,
-        .rot_services = NULL,
-        .rot_services_count = TEST_PARTITION_ROT_SRV_COUNT,
-        .extern_sids = test_partition_external_sids,
-        .extern_sids_count = TEST_PARTITION_EXT_ROT_SRV_COUNT,
-        .irq_mapper = NULL,
-    },
     {
         .partition_id = ATTEST_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK,
+        .flags = ATTEST_SRV_WAIT_ANY_SID_MSK | ATTEST_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ATTEST_SRV_ROT_SRV_COUNT,
         .extern_sids = attest_srv_external_sids,
@@ -64,8 +52,7 @@ spm_partition_t g_partitions[5] = {
     {
         .partition_id = CRYPTO_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = CRYPTO_SRV_WAIT_ANY_SID_MSK,
+        .flags = CRYPTO_SRV_WAIT_ANY_SID_MSK | CRYPTO_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = CRYPTO_SRV_ROT_SRV_COUNT,
         .extern_sids = crypto_srv_external_sids,
@@ -75,8 +62,7 @@ spm_partition_t g_partitions[5] = {
     {
         .partition_id = PLATFORM_ID,
         .thread_id = 0,
-        .flags_rot_srv = PLATFORM_WAIT_ANY_SID_MSK,
+        .flags = PLATFORM_WAIT_ANY_SID_MSK | PLATFORM_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = PLATFORM_ROT_SRV_COUNT,
         .extern_sids = platform_external_sids,
@@ -86,14 +72,23 @@ spm_partition_t g_partitions[5] = {
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
-        .flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
+        .flags = ITS_WAIT_ANY_SID_MSK | ITS_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ITS_ROT_SRV_COUNT,
         .extern_sids = NULL,
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = CRYPTO_ACL_TEST_ID,
+        .thread_id = 0,
+        .flags = CRYPTO_ACL_TEST_WAIT_ANY_SID_MSK | CRYPTO_ACL_TEST_WAIT_ANY_IRQ_MSK,
+        .rot_services = NULL,
+        .rot_services_count = CRYPTO_ACL_TEST_ROT_SRV_COUNT,
+        .extern_sids = crypto_acl_test_external_sids,
+        .extern_sids_count = CRYPTO_ACL_TEST_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -104,11 +99,11 @@ const mem_region_t *mem_regions = NULL;
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
-void test_partition_init(spm_partition_t *partition);
 void attest_srv_init(spm_partition_t *partition);
 void crypto_srv_init(spm_partition_t *partition);
 void platform_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void crypto_acl_test_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -116,11 +111,11 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    test_partition_init(&(g_partitions[0]));
+    attest_srv_init(&(g_partitions[0]));
-    attest_srv_init(&(g_partitions[1]));
+    crypto_srv_init(&(g_partitions[1]));
-    crypto_srv_init(&(g_partitions[2]));
+    platform_init(&(g_partitions[2]));
-    platform_init(&(g_partitions[3]));
+    its_init(&(g_partitions[3]));
-    its_init(&(g_partitions[4]));
+    crypto_acl_test_init(&(g_partitions[4]));
 
     *partitions = g_partitions;
     return 5;

TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json

@@ -1,5 +1,5 @@
 {
-  "name": "TEST_PARTITION",
+  "name": "CRYPTO_ACL_TEST",
   "type": "APPLICATION-ROT",
   "priority": "NORMAL",
   "id": "0x00000080",

TESTS/psa/crypto_access_control/psa_crypto_acl_test_ifs.h

@@ -23,8 +23,8 @@
  * Generated by tools/spm/generate_partition_code.py Version 1.0
  **********************************************************************************************************************/
 
-#ifndef PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H
+#ifndef PSA_CRYPTO_ACL_TEST_PARTITION_ROT_SERVICES_H
-#define PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H
+#define PSA_CRYPTO_ACL_TEST_PARTITION_ROT_SERVICES_H
 
 #define CRYPTO_CREATE_PERSISTENT_KEY 0x00000200
 #define CRYPTO_GENERATE_KEY 0x00000201
@@ -36,4 +36,4 @@
 #define CRYPTO_GET_KEY_POLICY 0x00000207
 #define CRYPTO_IMPORT_KEY 0x00000208
 
-#endif // PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H
+#endif // PSA_CRYPTO_ACL_TEST_PARTITION_ROT_SERVICES_H

TESTS/psa/spm_client/COMPONENT_NSPE/main.cpp

@@ -314,9 +314,9 @@ static void call_diff_handle(th_struct_t *thr_attr)
 //Testing multiple parallel calls to the same SID with different handles
 void multi_thread_diff_handles()
 {
-    Thread T1(osPriorityNormal, 256);
+    Thread T1(osPriorityNormal, 512);
-    Thread T2(osPriorityNormal, 256);
+    Thread T2(osPriorityNormal, 512);
-    Thread T3(osPriorityNormal, 256);
+    Thread T3(osPriorityNormal, 512);
 
     th_struct_t thr_attr[] = {{0}, {0}, {0}};
 

TESTS/psa/spm_client/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c

@@ -27,32 +27,21 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
-#include "psa_client_tests_part1_partition.h"
 #include "psa_attest_srv_partition.h"
 #include "psa_crypto_srv_partition.h"
 #include "psa_platform_partition.h"
 #include "psa_its_partition.h"
+#include "psa_client_tests_part1_partition.h"
 
 extern const uint32_t attest_srv_external_sids[7];
 extern const uint32_t crypto_srv_external_sids[4];
 extern const uint32_t platform_external_sids[1];
 
 spm_partition_t g_partitions[5] = {
-    {
-        .partition_id = CLIENT_TESTS_PART1_ID,
-        .thread_id = 0,
-        .flags = CLIENT_TESTS_PART1_WAIT_ANY_SID_MSK | CLIENT_TESTS_PART1_WAIT_ANY_IRQ_MSK,
-        .rot_services = NULL,
-        .rot_services_count = CLIENT_TESTS_PART1_ROT_SRV_COUNT,
-        .extern_sids = NULL,
-        .extern_sids_count = CLIENT_TESTS_PART1_EXT_ROT_SRV_COUNT,
-        .irq_mapper = NULL,
-    },
     {
         .partition_id = ATTEST_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK,
+        .flags = ATTEST_SRV_WAIT_ANY_SID_MSK | ATTEST_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ATTEST_SRV_ROT_SRV_COUNT,
         .extern_sids = attest_srv_external_sids,
@@ -89,6 +78,16 @@ spm_partition_t g_partitions[5] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = CLIENT_TESTS_PART1_ID,
+        .thread_id = 0,
+        .flags = CLIENT_TESTS_PART1_WAIT_ANY_SID_MSK | CLIENT_TESTS_PART1_WAIT_ANY_IRQ_MSK,
+        .rot_services = NULL,
+        .rot_services_count = CLIENT_TESTS_PART1_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = CLIENT_TESTS_PART1_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -99,11 +98,11 @@ const mem_region_t *mem_regions = NULL;
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
-void client_tests_part1_init(spm_partition_t *partition);
 void attest_srv_init(spm_partition_t *partition);
 void crypto_srv_init(spm_partition_t *partition);
 void platform_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void client_tests_part1_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -111,11 +110,11 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    client_tests_part1_init(&(g_partitions[0]));
+    attest_srv_init(&(g_partitions[0]));
-    attest_srv_init(&(g_partitions[1]));
+    crypto_srv_init(&(g_partitions[1]));
-    crypto_srv_init(&(g_partitions[2]));
+    platform_init(&(g_partitions[2]));
-    platform_init(&(g_partitions[3]));
+    its_init(&(g_partitions[3]));
-    its_init(&(g_partitions[4]));
+    client_tests_part1_init(&(g_partitions[4]));
 
     *partitions = g_partitions;
     return 5;

TESTS/psa/spm_server/COMPONENT_SPE/server_tests_partition2.c

@@ -23,12 +23,6 @@
 
 #if defined(TARGET_MBED_SPM)
 #include "cmsis_os2.h"
-#include "spm_panic.h"
-#else
-#define SPM_PANIC(format, ...) \
-{ \
-    while(1){}; \
-}
 #endif
 
 void server_part2_main(void *ptr)

TESTS/psa/spm_server/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c

@@ -27,44 +27,23 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
-#include "psa_server_test_part1_partition.h"
-#include "psa_server_test_part2_partition.h"
 #include "psa_attest_srv_partition.h"
 #include "psa_crypto_srv_partition.h"
 #include "psa_platform_partition.h"
 #include "psa_its_partition.h"
+#include "psa_server_tests_part1_partition.h"
+#include "psa_server_tests_part2_partition.h"
 
-extern const uint32_t server_test_part1_external_sids[2];
 extern const uint32_t attest_srv_external_sids[7];
 extern const uint32_t crypto_srv_external_sids[4];
 extern const uint32_t platform_external_sids[1];
+extern const uint32_t server_tests_part1_external_sids[2];
 
 spm_partition_t g_partitions[6] = {
-    {
-        .partition_id = SERVER_TEST_PART1_ID,
-        .thread_id = 0,
-        .flags = SERVER_TEST_PART1_WAIT_ANY_SID_MSK | SERVER_TEST_PART1_WAIT_ANY_IRQ_MSK,
-        .rot_services = NULL,
-        .rot_services_count = SERVER_TEST_PART1_ROT_SRV_COUNT,
-        .extern_sids = server_test_part1_external_sids,
-        .extern_sids_count = SERVER_TEST_PART1_EXT_ROT_SRV_COUNT,
-        .irq_mapper = NULL,
-    },
-    {
-        .partition_id = SERVER_TEST_PART2_ID,
-        .thread_id = 0,
-        .flags = SERVER_TEST_PART2_WAIT_ANY_SID_MSK | SERVER_TEST_PART2_WAIT_ANY_IRQ_MSK,
-        .rot_services = NULL,
-        .rot_services_count = SERVER_TEST_PART2_ROT_SRV_COUNT,
-        .extern_sids = NULL,
-        .extern_sids_count = SERVER_TEST_PART2_EXT_ROT_SRV_COUNT,
-        .irq_mapper = NULL,
-    },
     {
         .partition_id = ATTEST_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK,
+        .flags = ATTEST_SRV_WAIT_ANY_SID_MSK | ATTEST_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ATTEST_SRV_ROT_SRV_COUNT,
         .extern_sids = attest_srv_external_sids,
@@ -101,6 +80,26 @@ spm_partition_t g_partitions[6] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = SERVER_TESTS_PART1_ID,
+        .thread_id = 0,
+        .flags = SERVER_TESTS_PART1_WAIT_ANY_SID_MSK | SERVER_TESTS_PART1_WAIT_ANY_IRQ_MSK,
+        .rot_services = NULL,
+        .rot_services_count = SERVER_TESTS_PART1_ROT_SRV_COUNT,
+        .extern_sids = server_tests_part1_external_sids,
+        .extern_sids_count = SERVER_TESTS_PART1_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+    {
+        .partition_id = SERVER_TESTS_PART2_ID,
+        .thread_id = 0,
+        .flags = SERVER_TESTS_PART2_WAIT_ANY_SID_MSK | SERVER_TESTS_PART2_WAIT_ANY_IRQ_MSK,
+        .rot_services = NULL,
+        .rot_services_count = SERVER_TESTS_PART2_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = SERVER_TESTS_PART2_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -111,12 +110,12 @@ const mem_region_t *mem_regions = NULL;
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
-void server_test_part1_init(spm_partition_t *partition);
-void server_test_part2_init(spm_partition_t *partition);
 void attest_srv_init(spm_partition_t *partition);
 void crypto_srv_init(spm_partition_t *partition);
 void platform_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void server_tests_part1_init(spm_partition_t *partition);
+void server_tests_part2_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -124,12 +123,12 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    server_test_part1_init(&(g_partitions[0]));
+    attest_srv_init(&(g_partitions[0]));
-    server_test_part2_init(&(g_partitions[1]));
+    crypto_srv_init(&(g_partitions[1]));
-    attest_srv_init(&(g_partitions[2]));
+    platform_init(&(g_partitions[2]));
-    crypto_srv_init(&(g_partitions[3]));
+    its_init(&(g_partitions[3]));
-    platform_init(&(g_partitions[4]));
+    server_tests_part1_init(&(g_partitions[4]));
-    its_init(&(g_partitions[5]));
+    server_tests_part2_init(&(g_partitions[5]));
 
     *partitions = g_partitions;
     return 6;

TESTS/psa/spm_smoke/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c

@@ -27,32 +27,21 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
-#include "psa_smoke_test_part1_partition.h"
 #include "psa_attest_srv_partition.h"
 #include "psa_crypto_srv_partition.h"
 #include "psa_platform_partition.h"
 #include "psa_its_partition.h"
+#include "psa_smoke_tests_part1_partition.h"
 
 extern const uint32_t attest_srv_external_sids[7];
 extern const uint32_t crypto_srv_external_sids[4];
 extern const uint32_t platform_external_sids[1];
 
 spm_partition_t g_partitions[5] = {
-    {
-        .partition_id = SMOKE_TEST_PART1_ID,
-        .thread_id = 0,
-        .flags = SMOKE_TEST_PART1_WAIT_ANY_SID_MSK | SMOKE_TEST_PART1_WAIT_ANY_IRQ_MSK,
-        .rot_services = NULL,
-        .rot_services_count = SMOKE_TEST_PART1_ROT_SRV_COUNT,
-        .extern_sids = NULL,
-        .extern_sids_count = SMOKE_TEST_PART1_EXT_ROT_SRV_COUNT,
-        .irq_mapper = NULL,
-    },
     {
         .partition_id = ATTEST_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK,
+        .flags = ATTEST_SRV_WAIT_ANY_SID_MSK | ATTEST_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ATTEST_SRV_ROT_SRV_COUNT,
         .extern_sids = attest_srv_external_sids,
@@ -89,6 +78,16 @@ spm_partition_t g_partitions[5] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = SMOKE_TESTS_PART1_ID,
+        .thread_id = 0,
+        .flags = SMOKE_TESTS_PART1_WAIT_ANY_SID_MSK | SMOKE_TESTS_PART1_WAIT_ANY_IRQ_MSK,
+        .rot_services = NULL,
+        .rot_services_count = SMOKE_TESTS_PART1_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = SMOKE_TESTS_PART1_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -99,11 +98,11 @@ const mem_region_t *mem_regions = NULL;
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
-void smoke_test_part1_init(spm_partition_t *partition);
 void attest_srv_init(spm_partition_t *partition);
 void crypto_srv_init(spm_partition_t *partition);
 void platform_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void smoke_tests_part1_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -111,11 +110,11 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    smoke_test_part1_init(&(g_partitions[0]));
+    attest_srv_init(&(g_partitions[0]));
-    attest_srv_init(&(g_partitions[1]));
+    crypto_srv_init(&(g_partitions[1]));
-    crypto_srv_init(&(g_partitions[2]));
+    platform_init(&(g_partitions[2]));
-    platform_init(&(g_partitions[3]));
+    its_init(&(g_partitions[3]));
-    its_init(&(g_partitions[4]));
+    smoke_tests_part1_init(&(g_partitions[4]));
 
     *partitions = g_partitions;
     return 5;

components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c

@@ -41,8 +41,7 @@ spm_partition_t g_partitions[4] = {
     {
         .partition_id = ATTEST_SRV_ID,
         .thread_id = 0,
-        .flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK,
+        .flags = ATTEST_SRV_WAIT_ANY_SID_MSK | ATTEST_SRV_WAIT_ANY_IRQ_MSK,
-        .flags_interrupts = 0,
         .rot_services = NULL,
         .rot_services_count = ATTEST_SRV_ROT_SRV_COUNT,
         .extern_sids = attest_srv_external_sids,

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_partition_defs.inc

@@ -25,33 +25,38 @@
 #define ITS_ID (TFM_SP_BASE + 0)
 #define PLATFORM_ID (TFM_SP_BASE + 1)
 #define CRYPTO_SRV_ID (TFM_SP_BASE + 2)
+#define ATTEST_SRV_ID (TFM_SP_BASE + 3)
 
 /*************************** Test Partitions *********************************/
 
 #ifdef USE_PSA_TEST_PARTITIONS
 
+#ifdef USE_CRYPTO_ACL_TEST
+#define CRYPTO_ACL_TEST_ID (TFM_SP_BASE + 4 + 0)
+#endif
+
 #ifdef USE_CLIENT_TESTS_PART1
-#define CLIENT_TESTS_PART1_ID (TFM_SP_BASE + 3 + 0)
+#define CLIENT_TESTS_PART1_ID (TFM_SP_BASE + 4 + 1)
 #endif
 
 #ifdef USE_SERVER_TESTS_PART1
-#define SERVER_TESTS_PART1_ID (TFM_SP_BASE + 3 + 1)
+#define SERVER_TESTS_PART1_ID (TFM_SP_BASE + 4 + 2)
 #endif
 
 #ifdef USE_SERVER_TESTS_PART2
-#define SERVER_TESTS_PART2_ID (TFM_SP_BASE + 3 + 2)
+#define SERVER_TESTS_PART2_ID (TFM_SP_BASE + 4 + 3)
 #endif
 
 #ifdef USE_SMOKE_TESTS_PART1
-#define SMOKE_TESTS_PART1_ID (TFM_SP_BASE + 3 + 3)
+#define SMOKE_TESTS_PART1_ID (TFM_SP_BASE + 4 + 4)
 #endif
 
 #endif // USE_PSA_TEST_PARTITIONS
 
 #ifdef USE_PSA_TEST_PARTITIONS
-#define TFM_MAX_USER_PARTITIONS (3 + 4)
+#define TFM_MAX_USER_PARTITIONS (4 + 5)
 #else
-#define TFM_MAX_USER_PARTITIONS (3)
+#define TFM_MAX_USER_PARTITIONS (4)
 #endif
 
 #endif // __TFM_PARTITION_DEFS_INC__

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_partition_list.inc

@@ -28,8 +28,22 @@ PARTITION_DECLARE(CRYPTO_SRV, 0
     , "APPLICATION-ROT", 35, NORMAL, 16384);
 PARTITION_ADD_INIT_FUNC(CRYPTO_SRV, crypto_main);
 
+/******** ATTEST_SRV ********/
+PARTITION_DECLARE(ATTEST_SRV, 0
+    | SPM_PART_FLAG_IPC
+    , "APPLICATION-ROT", 37, NORMAL, 8192);
+PARTITION_ADD_INIT_FUNC(ATTEST_SRV, attest_main);
+
 #ifdef USE_PSA_TEST_PARTITIONS
 
+#ifdef USE_CRYPTO_ACL_TEST
+/******** CRYPTO_ACL_TEST ********/
+PARTITION_DECLARE(CRYPTO_ACL_TEST, 0
+    | SPM_PART_FLAG_IPC
+    , "APPLICATION-ROT", 128, NORMAL, 512);
+PARTITION_ADD_INIT_FUNC(CRYPTO_ACL_TEST, test_partition_main);
+#endif // USE_CRYPTO_ACL_TEST
+
 #ifdef USE_CLIENT_TESTS_PART1
 /******** CLIENT_TESTS_PART1 ********/
 PARTITION_DECLARE(CLIENT_TESTS_PART1, 0

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_service_list.inc

@@ -35,8 +35,26 @@
 {"PSA_GENERATOR_ID", CRYPTO_SRV_ID, PSA_GENERATOR, 0x00000F09, true, 1, TFM_VERSION_POLICY_STRICT},
 {"PSA_ENTROPY_ID", CRYPTO_SRV_ID, PSA_ENTROPY_INJECT, 0x00000F0A, true, 1, TFM_VERSION_POLICY_STRICT},
 
+/******** ATTEST_SRV ********/
+{"PSA_ATTEST_GET_TOKEN_ID", ATTEST_SRV_ID, PSA_ATTEST_GET_TOKEN, 0x00000F10, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_ATTEST_GET_TOKEN_SIZE_ID", ATTEST_SRV_ID, PSA_ATTEST_GET_TOKEN_SIZE, 0x00000F11, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_ATTEST_INJECT_KEY_ID", ATTEST_SRV_ID, PSA_ATTEST_INJECT_KEY, 0x00000F12, true, 1, TFM_VERSION_POLICY_STRICT},
+
 #ifdef USE_PSA_TEST_PARTITIONS
 
+#ifdef USE_CRYPTO_ACL_TEST
+/******** CRYPTO_ACL_TEST ********/
+{"CRYPTO_CREATE_PERSISTENT_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_CREATE_PERSISTENT_KEY_MSK, 0x00000200, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_GENERATE_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_GENERATE_KEY_MSK, 0x00000201, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_OPEN_PERSISTENT_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_OPEN_PERSISTENT_KEY_MSK, 0x00000202, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_CLOSE_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_CLOSE_KEY_MSK, 0x00000203, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_SET_KEY_POLICY", CRYPTO_ACL_TEST_ID, CRYPTO_SET_KEY_POLICY_MSK, 0x00000204, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_DESTROY_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_DESTROY_KEY_MSK, 0x00000205, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_GET_KEY_INFO", CRYPTO_ACL_TEST_ID, CRYPTO_GET_KEY_INFO_MSK, 0x00000206, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_GET_KEY_POLICY", CRYPTO_ACL_TEST_ID, CRYPTO_GET_KEY_POLICY_MSK, 0x00000207, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"CRYPTO_IMPORT_KEY", CRYPTO_ACL_TEST_ID, CRYPTO_IMPORT_KEY_MSK, 0x00000208, true, 1, TFM_VERSION_POLICY_RELAXED},
+#endif // USE_CRYPTO_ACL_TEST
+
 #ifdef USE_CLIENT_TESTS_PART1
 /******** CLIENT_TESTS_PART1 ********/
 {"CLIENT_TESTS_PART1_ROT_SRV1", CLIENT_TESTS_PART1_ID, PART1_ROT_SRV1_MSK, 0x00001A05, true, 5, TFM_VERSION_POLICY_RELAXED},

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_spm_signal_defs.h

@@ -54,8 +54,38 @@
 #define PSA_ENTROPY_INJECT_POS (14UL)
 #define PSA_ENTROPY_INJECT (1UL << PSA_ENTROPY_INJECT_POS)
 
+/******** ATTEST_SRV ********/
+#define PSA_ATTEST_GET_TOKEN_POS (4UL)
+#define PSA_ATTEST_GET_TOKEN (1UL << PSA_ATTEST_GET_TOKEN_POS)
+#define PSA_ATTEST_GET_TOKEN_SIZE_POS (5UL)
+#define PSA_ATTEST_GET_TOKEN_SIZE (1UL << PSA_ATTEST_GET_TOKEN_SIZE_POS)
+#define PSA_ATTEST_INJECT_KEY_POS (6UL)
+#define PSA_ATTEST_INJECT_KEY (1UL << PSA_ATTEST_INJECT_KEY_POS)
+
 #ifdef USE_PSA_TEST_PARTITIONS
 
+#ifdef USE_CRYPTO_ACL_TEST
+/******** CRYPTO_ACL_TEST ********/
+#define CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS (4UL)
+#define CRYPTO_CREATE_PERSISTENT_KEY_MSK (1UL << CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS)
+#define CRYPTO_GENERATE_KEY_MSK_POS (5UL)
+#define CRYPTO_GENERATE_KEY_MSK (1UL << CRYPTO_GENERATE_KEY_MSK_POS)
+#define CRYPTO_OPEN_PERSISTENT_KEY_MSK_POS (6UL)
+#define CRYPTO_OPEN_PERSISTENT_KEY_MSK (1UL << CRYPTO_OPEN_PERSISTENT_KEY_MSK_POS)
+#define CRYPTO_CLOSE_KEY_MSK_POS (7UL)
+#define CRYPTO_CLOSE_KEY_MSK (1UL << CRYPTO_CLOSE_KEY_MSK_POS)
+#define CRYPTO_SET_KEY_POLICY_MSK_POS (8UL)
+#define CRYPTO_SET_KEY_POLICY_MSK (1UL << CRYPTO_SET_KEY_POLICY_MSK_POS)
+#define CRYPTO_DESTROY_KEY_MSK_POS (9UL)
+#define CRYPTO_DESTROY_KEY_MSK (1UL << CRYPTO_DESTROY_KEY_MSK_POS)
+#define CRYPTO_GET_KEY_INFO_MSK_POS (10UL)
+#define CRYPTO_GET_KEY_INFO_MSK (1UL << CRYPTO_GET_KEY_INFO_MSK_POS)
+#define CRYPTO_GET_KEY_POLICY_MSK_POS (11UL)
+#define CRYPTO_GET_KEY_POLICY_MSK (1UL << CRYPTO_GET_KEY_POLICY_MSK_POS)
+#define CRYPTO_IMPORT_KEY_MSK_POS (12UL)
+#define CRYPTO_IMPORT_KEY_MSK (1UL << CRYPTO_IMPORT_KEY_MSK_POS)
+#endif // USE_CRYPTO_ACL_TEST
+
 #ifdef USE_CLIENT_TESTS_PART1
 /******** CLIENT_TESTS_PART1 ********/
 #define PART1_ROT_SRV1_MSK_POS (4UL)

components/TARGET_PSA/inc/psa/client.h

@@ -25,6 +25,8 @@
 #ifndef __MBED_OS_DEFAULT_PSA_CLIENT_API_H__
 #define __MBED_OS_DEFAULT_PSA_CLIENT_API_H__
 
+#include <stddef.h>
+
 #if !defined(UINT32_MAX)
 #define UINT32_MAX ((uint32_t)-1)
 #endif

components/TARGET_PSA/inc/psa_manifest/sid.h

@@ -17,19 +17,19 @@
 
 /*********** WARNING: This is an auto-generated file. Do not edit! ***********/
 
-#ifndef SID_H
+/******** ITS ********/
-#define SID_H
-
-/*************************** Service Partitions ******************************/
-
 #define PSA_ITS_GET 0x00011A00
 #define PSA_ITS_SET 0x00011A01
 #define PSA_ITS_INFO 0x00011A02
 #define PSA_ITS_REMOVE 0x00011A03
 #define PSA_ITS_RESET 0x00011A04
+
+/******** PLATFORM ********/
 #define PSA_PLATFORM_LC_GET 0x00011000
 #define PSA_PLATFORM_LC_SET 0x00011001
 #define PSA_PLATFORM_SYSTEM_RESET 0x00011002
+
+/******** CRYPTO_SRV ********/
 #define PSA_CRYPTO_INIT_ID 0x00000F00
 #define PSA_MAC_ID 0x00000F01
 #define PSA_HASH_ID 0x00000F02
@@ -42,22 +42,41 @@
 #define PSA_GENERATOR_ID 0x00000F09
 #define PSA_ENTROPY_ID 0x00000F0A
 
-/*************************** Test Partitions *********************************/
+/******** ATTEST_SRV ********/
+#define PSA_ATTEST_GET_TOKEN_ID 0x00000F10
+#define PSA_ATTEST_GET_TOKEN_SIZE_ID 0x00000F11
+#define PSA_ATTEST_INJECT_KEY_ID 0x00000F12
 
-// CLIENT_TESTS_PART1
+
+
+/******** CRYPTO_ACL_TEST ********/
+#define CRYPTO_CREATE_PERSISTENT_KEY 0x00000200
+#define CRYPTO_GENERATE_KEY 0x00000201
+#define CRYPTO_OPEN_PERSISTENT_KEY 0x00000202
+#define CRYPTO_CLOSE_KEY 0x00000203
+#define CRYPTO_SET_KEY_POLICY 0x00000204
+#define CRYPTO_DESTROY_KEY 0x00000205
+#define CRYPTO_GET_KEY_INFO 0x00000206
+#define CRYPTO_GET_KEY_POLICY 0x00000207
+#define CRYPTO_IMPORT_KEY 0x00000208
+
+
+/******** CLIENT_TESTS_PART1 ********/
 #define CLIENT_TESTS_PART1_ROT_SRV1 0x00001A05
 #define CLIENT_TESTS_PART1_DROP_CONN 0x00001A06
 #define CLIENT_TESTS_PART1_SECURE_CLIENTS_ONLY 0x00001A07
 
-// SERVER_TESTS_PART1
+
+/******** SERVER_TESTS_PART1 ********/
 #define SERVER_TESTS_PART1_CONTROL 0x00001A01
 #define SERVER_TESTS_PART1_TEST 0x00001A02
 
-// SERVER_TESTS_PART2
+
+/******** SERVER_TESTS_PART2 ********/
 #define SERVER_TESTS_PART2_ROT_SRV_REVERSE 0x00001A03
 #define SERVER_TESTS_PART2_ROT_SRV_DB_TST 0x00001A04
 
-// SMOKE_TESTS_PART1
+
+/******** SMOKE_TESTS_PART1 ********/
 #define SMOKE_TESTS_PART1_ROT_SRV1 0x00001A00
 
-#endif // SID_H

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c

@@ -20,7 +20,7 @@
 #include <string.h>
 #include "attestation.h"
 #include "attestation_bootloader_data.h"
-#include "tfm_boot_status.h"
+#include "tfm_impl/tfm_boot_status.h"
 
 /*!
  * \def SHARED_DATA_INITIALZED and SHARED_DATA_UNNITIALZED

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c

@@ -10,7 +10,7 @@
 #include <stddef.h>
 #include "tfm_client.h"
 #include "attestation.h"
-#include "tfm_boot_status.h"
+#include "tfm_impl/tfm_boot_status.h"
 #include "tfm_plat_defs.h"
 #include "tfm_plat_device_id.h"
 #include "tfm_plat_boot_seed.h"

components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attest_srv_partition.h

@@ -39,6 +39,7 @@
 #define ATTEST_SRV_RESERVED2_MSK (1UL << ATTEST_SRV_RESERVED2_POS)
 
 
+#define ATTEST_SRV_WAIT_ANY_IRQ_MSK (0)
 
 #define PSA_ATTEST_GET_TOKEN_POS (4UL)
 #define PSA_ATTEST_GET_TOKEN (1UL << PSA_ATTEST_GET_TOKEN_POS)

components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c

@@ -17,8 +17,8 @@
 */
 
 // ---------------------------------- Includes ---------------------------------
-#include "psa/service.h"
 #include "psa/client.h"
+#include "psa/service.h"
 
 #include "psa_attest_srv_partition.h"
 #include "psa_initial_attestation_api.h"
@@ -32,7 +32,7 @@ int32_t g_caller_id = 0;
 
 static void set_caller_id(psa_msg_t *msg)
 {
-    g_caller_id = psa_identity(msg->handle);
+    g_caller_id = msg->client_id;
 }
 
 // ------------------------- Partition's Main Thread ---------------------------
@@ -42,7 +42,9 @@ static void psa_attest_get_token(void)
     psa_msg_t msg = { 0 };
     enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
 
-    psa_get(PSA_ATTEST_GET_TOKEN, &msg);
+    if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN, &msg)) {
+        return;
+    }
     switch (msg.type) {
         case PSA_IPC_CONNECT:
         case PSA_IPC_DISCONNECT: {
@@ -107,7 +109,9 @@ static void psa_attest_get_token_size(void)
     psa_msg_t msg = { 0 };
     enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
 
-    psa_get(PSA_ATTEST_GET_TOKEN_SIZE, &msg);
+    if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN_SIZE, &msg)) {
+        return;
+    }
     switch (msg.type) {
         case PSA_IPC_CONNECT:
         case PSA_IPC_DISCONNECT: {
@@ -155,7 +159,9 @@ static void psa_attest_inject_key(void)
     psa_msg_t msg = { 0 };
     psa_status_t status = PSA_SUCCESS;
 
-    psa_get(PSA_ATTEST_INJECT_KEY, &msg);
+    if (PSA_SUCCESS != psa_get(PSA_ATTEST_INJECT_KEY, &msg)) {
+        return;
+    }
     switch (msg.type) {
         case PSA_IPC_CONNECT:
         case PSA_IPC_DISCONNECT: {
@@ -232,7 +238,7 @@ static void psa_attest_inject_key(void)
 void attest_main(void *ptr)
 {
     while (1) {
-        uint32_t signals = psa_wait_any(PSA_BLOCK);
+        uint32_t signals = psa_wait(ATTEST_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK);
         if (signals & PSA_ATTEST_GET_TOKEN) {
             psa_attest_get_token();
         }

components/TARGET_PSA/services/attestation/TARGET_MBED_SPM/COMPONENT_SPE/psa_attest_srv_partition.c

@@ -29,9 +29,7 @@
 #include "spm_panic.h"
 #include "spm_internal.h"
 #include "psa_attest_srv_partition.h"
-#include "psa_attest_srv_ifs.h"
+#include "psa_manifest/sid.h"
-#include "psa_platform_ifs.h"
-#include "psa_crypto_srv_ifs.h"
 
 
 /* Threads stacks */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.c

@@ -17,19 +17,12 @@
 
 #include <string.h>
 
+#include "psa/client.h"
+#include "psa/service.h"
 #include "psa_crypto_access_control.h"
 #include "psa_crypto_core.h"
 #include "psa_crypto_slot_management.h"
 
-#if defined(TARGET_TFM)
-#define SPM_PANIC(format, ...) \
-{ \
-    while(1){}; \
-}
-#else
-#include "spm_panic.h"
-#endif
-
 typedef struct psa_crypto_access_control_s {
     psa_key_handle_t key_handle;
     int32_t partition_id;

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

@@ -228,7 +228,7 @@ static void psa_mac_operation(void)
             switch (psa_crypto.func) {
                 case PSA_MAC_SIGN_SETUP: {
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -241,7 +241,7 @@ static void psa_mac_operation(void)
 
                 case PSA_MAC_VERIFY_SETUP: {
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -597,7 +597,7 @@ static void psa_asymmetric_operation(void)
             }
 
             if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
-                                                               psa_identity(msg.handle))) {
+                                                               msg.client_id)) {
                 status = PSA_ERROR_INVALID_HANDLE;
                 break;
             }
@@ -791,7 +791,7 @@ static void psa_aead_operation()
             }
 
             if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle,
-                                                               psa_identity(msg.handle))) {
+                                                               msg.client_id)) {
                 status = PSA_ERROR_INVALID_HANDLE;
                 break;
             }
@@ -918,7 +918,7 @@ static void psa_symmetric_operation(void)
             switch (psa_crypto_ipc.func) {
                 case PSA_CIPHER_ENCRYPT_SETUP: {
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -931,7 +931,7 @@ static void psa_symmetric_operation(void)
 
                 case PSA_CIPHER_DECRYPT_SETUP: {
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -1095,7 +1095,7 @@ static void psa_key_management_operation(void)
                 SPM_PANIC("SPM read length mismatch");
             }
 
-            partition_id = psa_identity(msg.handle);
+            partition_id = msg.client_id;
 
             switch (psa_key_mng.func) {
                 case PSA_GET_KEY_LIFETIME: {
@@ -1569,7 +1569,7 @@ void psa_crypto_generator_operations(void)
                     size_t bits;
 
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -1600,7 +1600,7 @@ void psa_crypto_generator_operations(void)
                     uint8_t *salt = NULL;
 
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }
@@ -1645,7 +1645,7 @@ void psa_crypto_generator_operations(void)
                     uint8_t *private_key = NULL;
 
                     if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle,
-                                                                       psa_identity(msg.handle))) {
+                                                                       msg.client_id)) {
                         status = PSA_ERROR_INVALID_HANDLE;
                         break;
                     }

targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/TARGET_FUTURE_SEQUANA_PSA/prebuilt/README.md

@@ -7,7 +7,7 @@ These images were compiled by the following command:
 
 ```
 mbed compile -m FUTURE_SEQUANA_M0_PSA -t GCC_ARM --profile release -N psa_release_1.0
-mbed test --compile -m FUTURE_SEQUANA_M0_PSA -t GCC_ARM --profile debug -n *psa-spm*
+mbed test --compile -m FUTURE_SEQUANA_M0_PSA -t GCC_ARM --profile debug -n *psa-spm*,*psa-crypto_access_control
 ```
 
 To update the prebuilt binaries run the previous commands.

targets/targets.json

@@ -1465,8 +1465,7 @@
             "KPSDK_CODE",
             "MCU_K64F",
             "Freescale_EMAC",
-            "PSA",
+            "PSA"
-            "MBED_SPM"
         ],
         "is_disk_virtual": true,
         "macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED", "MBEDTLS_PSA_CRYPTO_C"],
@@ -4019,7 +4018,7 @@
         "release_versions": ["2", "5"],
         "device_name": "STM32L476VG",
         "bootloader_supported": true
-    },	
+    },
     "MTS_MDOT_F405RG": {
         "inherits": ["FAMILY_STM32"],
         "core": "Cortex-M4F",

tools/psa/generate_tfm_partition_code.py

@@ -35,7 +35,8 @@ TEMPLATES_LIST_FILE = path_join(SCRIPT_DIR, 'tfm', 'tfm_generated_file_list.json
 SERVICES_MANIFESTS = [
     path_join(SERVICES_DIR, 'storage', 'its', 'pits_psa.json'),
     path_join(SERVICES_DIR, 'platform', 'platform_psa.json'),
-    path_join(SERVICES_DIR, 'crypto', 'crypto_partition_psa.json')
+    path_join(SERVICES_DIR, 'crypto', 'crypto_partition_psa.json'),
+    path_join(SERVICES_DIR, 'attestation', 'attestation_partition_psa.json')
 ]
 
 

tools/psa/tfm/templates/sid.h.tpl

@@ -17,25 +17,19 @@
 
 /*********** WARNING: This is an auto-generated file. Do not edit! ***********/
 
-#ifndef SID_H
-#define SID_H
-
-/*************************** Service Partitions ******************************/
-
 {% for partition in service_partitions %}
+/******** {{partition.name|upper}} ********/
 {% for rot_srv in partition.rot_services %}
 #define {{rot_srv.name|upper}} {{rot_srv.id}}
 {% endfor %}
-{% endfor %}
 
-/*************************** Test Partitions *********************************/
+{% endfor %}
 
 {% for partition in test_partitions %}
-// {{partition.name|upper}}
+
+/******** {{partition.name|upper}} ********/
 {% for rot_srv in partition.rot_services %}
 #define {{rot_srv.name|upper}} {{rot_srv.id}}
 {% endfor %}
 
 {% endfor %}
-#endif // SID_H
-{# End of file #}