Merge pull request #8804 from mohammad1603/inject_entropy_spm

PSA Crypto SPM

TESTS/psa/crypto_init/main.cpp

@@ -0,0 +1,106 @@
+/*
+* Copyright (c) 2018 ARM Limited. All rights reserved.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+* Licensed under the Apache License, Version 2.0 (the License); you may
+* not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an AS IS BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C)) || (!defined(MBEDTLS_PSA_CRYPTO_SPM )))
+#error [NOT_SUPPORTED] Mbed SPM Crypto is OFF - skipping.
+#endif // TARGET_PSA
+
+#include "greentea-client/test_env.h"
+#include "unity/unity.h"
+#include "utest/utest.h"
+#include "crypto.h"
+#include "entropy.h"
+#include "entropy_poll.h"
+
+#define TEST_RANDOM_SIZE 64
+
+#if !defined(MAX)
+#define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* Calculating the minimum allowed entropy size in bytes */
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
+            MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+using namespace utest::v1;
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
+{
+#ifndef NO_GREENTEA
+    GREENTEA_SETUP(60, "default_auto");
+#endif
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+static void check_multi_crypto_init_deinit()
+{
+    uint8_t output[TEST_RANDOM_SIZE] = {0};
+    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0};
+    /* inject some a seed for test*/
+    for (int i; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
+        seed[i] = i;
+    }
+    /* don't really care if this succeed this is just to make crypto init pass*/
+    mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    psa_status_t status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+}
+
+static void check_crypto_init_deinit()
+{
+    psa_status_t status;
+    uint8_t output[TEST_RANDOM_SIZE] = {0};
+    uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0};
+    /* inject some a seed for test*/
+    for (int i; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
+        seed[i] = i;
+    }
+    /* don't really care if this succeed this is just to make crypto init pass*/
+    mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    status = psa_crypto_init();
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_NOT_EQUAL(PSA_ERROR_BAD_STATE, status);
+    mbedtls_psa_crypto_free();
+    status = psa_generate_random(output, sizeof(output));
+    TEST_ASSERT_EQUAL(PSA_ERROR_BAD_STATE, status);
+}
+
+Case cases[] = {
+    Case("PSA crypto-init De-init", check_crypto_init_deinit),
+    Case("PSA crypto- multiple init De-init", check_multi_crypto_init_deinit),
+};
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main()
+{
+    return !Harness::run(specification);
+}

TESTS/psa/entropy_inject/COMPONENT_SPE/psa_setup.c

@@ -0,0 +1,95 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "handles_manager.h"
+#include "cmsis.h"
+#include "psa_test_its_reset_partition.h"
+#include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
+
+extern const uint32_t psa_f_external_sids[4];
+
+spm_partition_t g_partitions[3] = {
+    {
+        .partition_id = TEST_ITS_RESET_ID,
+        .thread_id = 0,
+        .flags_rot_srv = TEST_ITS_RESET_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = TEST_ITS_RESET_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = TEST_ITS_RESET_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+    {
+        .partition_id = ITS_ID,
+        .thread_id = 0,
+        .flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = ITS_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+};
+
+/* Check all the defined memory regions for overlapping. */
+
+/* A list of all the memory regions. */
+const mem_region_t *mem_regions = NULL;
+
+const uint32_t mem_region_count = 0;
+
+// forward declaration of partition initializers
+void test_its_reset_init(spm_partition_t *partition);
+void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
+
+uint32_t init_partitions(spm_partition_t **partitions)
+{
+    if (NULL == partitions) {
+        SPM_PANIC("partitions is NULL!\n");
+    }
+
+    test_its_reset_init(&(g_partitions[0]));
+    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[2]));
+
+    *partitions = g_partitions;
+    return 3;
+}
+

TESTS/psa/entropy_inject/its_reset/COMPONENT_PSA_SRV_EMUL/test_pits.c

@@ -0,0 +1,28 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TARGET_PSA
+#error [NOT_SUPPORTED] ITS tests can run only on PSA-enabled targets.
+#endif // TARGET_PSA
+
+#include "test_pits.h"
+#include "test_pits_impl.h"
+
+psa_its_status_t test_psa_its_reset(void)
+{
+    return test_psa_its_reset_impl();
+}

TESTS/psa/entropy_inject/its_reset/COMPONENT_PSA_SRV_IMPL/test_pits_impl.cpp

@@ -0,0 +1,59 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string.h>
+#include <stdlib.h>
+#include "psa_prot_internal_storage.h"
+#include "test_pits_impl.h"
+#include "kv_config.h"
+#include "KVMap.h"
+#include "KVStore.h"
+#include "mbed_error.h"
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+using namespace mbed;
+
+#define STR_EXPAND(tok)     #tok
+
+psa_its_status_t test_psa_its_reset_impl(void)
+{
+    psa_its_status_t status = PSA_ITS_SUCCESS;
+
+    int kv_status = kv_init_storage_config();
+    if (kv_status != MBED_SUCCESS) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    KVMap &kv_map = KVMap::get_instance();
+    KVStore *kvstore = kv_map.get_main_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
+    if (!kvstore) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    if (kvstore->reset() != MBED_SUCCESS) {
+        status = PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    return status;
+}
+
+#ifdef   __cplusplus
+}
+#endif

TESTS/psa/entropy_inject/its_reset/COMPONENT_PSA_SRV_IMPL/test_pits_impl.h

@@ -0,0 +1,34 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PITS_IMPL_H__
+#define __PITS_IMPL_H__
+
+#include "psa_prot_internal_storage.h"
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+psa_its_status_t test_psa_its_reset_impl(void);
+
+#ifdef   __cplusplus
+}
+#endif
+
+#endif // __PITS_IMPL_H__

TESTS/psa/entropy_inject/its_reset/COMPONENT_PSA_SRV_IPC/test_pits.c

@@ -0,0 +1,37 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "spm_client.h"
+#include "psa_prot_internal_storage.h"
+#include "test_pits.h"
+#include "psa_test_its_reset_ifs.h"
+
+psa_its_status_t test_psa_its_reset(void)
+{
+    psa_handle_t conn = psa_connect(TEST_PSA_ITS_RESET, 1);
+    if (conn <= PSA_NULL_HANDLE) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    psa_error_t status = psa_call(conn, NULL, 0, NULL, 0);
+    if (status == PSA_DROP_CONNECTION) {
+        status = PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    psa_close(conn);
+    return status;
+}

TESTS/psa/entropy_inject/its_reset/COMPONENT_SPE/psa_test_its_reset_partition.c

@@ -0,0 +1,99 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "cmsis.h"
+#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
+#include "rtx_os.h"
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "psa_test_its_reset_partition.h"
+#include "psa_test_its_reset_ifs.h"
+
+
+/* Threads stacks */
+MBED_ALIGN(8) uint8_t test_its_reset_thread_stack[1024] = {0};
+
+/* Threads control blocks */
+osRtxThread_t test_its_reset_thread_cb = {0};
+
+/* Thread attributes - for thread initialization */
+osThreadAttr_t test_its_reset_thread_attr = {
+    .name = "test_its_reset",
+    .attr_bits = 0,
+    .cb_mem = &test_its_reset_thread_cb,
+    .cb_size = sizeof(test_its_reset_thread_cb),
+    .stack_mem = test_its_reset_thread_stack,
+    .stack_size = 1024,
+    .priority = osPriorityNormal,
+    .tz_module = 0,
+    .reserved = 0
+};
+
+spm_rot_service_t test_its_reset_rot_services[TEST_ITS_RESET_ROT_SRV_COUNT] = {
+    {
+        .sid = TEST_PSA_ITS_RESET,
+        .mask = TEST_PSA_ITS_RESET_MSK,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+};
+
+
+static osRtxMutex_t test_its_reset_mutex = {0};
+static const osMutexAttr_t test_its_reset_mutex_attr = {
+    .name = "test_its_reset_mutex",
+    .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
+    .cb_mem = &test_its_reset_mutex,
+    .cb_size = sizeof(test_its_reset_mutex),
+};
+
+
+extern void test_pits_entry(void *ptr);
+
+void test_its_reset_init(spm_partition_t *partition)
+{
+    if (NULL == partition) {
+        SPM_PANIC("partition is NULL!\n");
+    }
+
+    partition->mutex = osMutexNew(&test_its_reset_mutex_attr);
+    if (NULL == partition->mutex) {
+        SPM_PANIC("Failed to create mutex for secure partition test_its_reset!\n");
+    }
+
+    for (uint32_t i = 0; i < TEST_ITS_RESET_ROT_SRV_COUNT; ++i) {
+        test_its_reset_rot_services[i].partition = partition;
+    }
+    partition->rot_services = test_its_reset_rot_services;
+
+    partition->thread_id = osThreadNew(test_pits_entry, NULL, &test_its_reset_thread_attr);
+    if (NULL == partition->thread_id) {
+        SPM_PANIC("Failed to create start main thread of partition test_its_reset!\n");
+    }
+}

TESTS/psa/entropy_inject/its_reset/COMPONENT_SPE/psa_test_its_reset_partition.h

@@ -0,0 +1,54 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_TEST_ITS_RESET_PARTITION_H
+#define PSA_TEST_ITS_RESET_PARTITION_H
+
+#define TEST_ITS_RESET_ID 11
+
+#define TEST_ITS_RESET_ROT_SRV_COUNT (1UL)
+#define TEST_ITS_RESET_EXT_ROT_SRV_COUNT (0UL)
+
+/* TEST_ITS_RESET event flags */
+#define TEST_ITS_RESET_RESERVED1_POS (1UL)
+#define TEST_ITS_RESET_RESERVED1_MSK (1UL << TEST_ITS_RESET_RESERVED1_POS)
+
+#define TEST_ITS_RESET_RESERVED2_POS (2UL)
+#define TEST_ITS_RESET_RESERVED2_MSK (1UL << TEST_ITS_RESET_RESERVED2_POS)
+
+
+
+#define TEST_PSA_ITS_RESET_MSK_POS (4UL)
+#define TEST_PSA_ITS_RESET_MSK (1UL << TEST_PSA_ITS_RESET_MSK_POS)
+
+#define TEST_ITS_RESET_WAIT_ANY_SID_MSK (\
+    TEST_PSA_ITS_RESET_MSK)
+
+/*
+#define TEST_ITS_RESET_WAIT_ANY_MSK (\
+    TEST_ITS_RESET_WAIT_ANY_SID_MSK) | \
+    PSA_DOORBELL)
+*/
+
+
+#endif // PSA_TEST_ITS_RESET_PARTITION_H

TESTS/psa/entropy_inject/its_reset/COMPONENT_SPE/test_pits_impl.cpp

@@ -0,0 +1,59 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string.h>
+#include <stdlib.h>
+#include "psa_prot_internal_storage.h"
+#include "test_pits_impl.h"
+#include "kv_config.h"
+#include "KVMap.h"
+#include "KVStore.h"
+#include "mbed_error.h"
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+using namespace mbed;
+
+#define STR_EXPAND(tok)     #tok
+
+psa_its_status_t test_psa_its_reset_impl(void)
+{
+    psa_its_status_t status = PSA_ITS_SUCCESS;
+
+    int kv_status = kv_init_storage_config();
+    if (kv_status != MBED_SUCCESS) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    KVMap &kv_map = KVMap::get_instance();
+    KVStore *kvstore = kv_map.get_main_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
+    if (!kvstore) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    if (kvstore->reset() != MBED_SUCCESS) {
+        status = PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    return status;
+}
+
+#ifdef   __cplusplus
+}
+#endif

TESTS/psa/entropy_inject/its_reset/COMPONENT_SPE/test_pits_reset_partition.c

@@ -0,0 +1,65 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// -------------------------------------- Includes -----------------------------------
+
+#include <string.h>
+#include "cmsis_os2.h"
+#include "spm_server.h"
+#include "spm_panic.h"
+#include "psa_test_its_reset_partition.h"
+#include "psa_prot_internal_storage.h"
+#include "test_pits_impl.h"
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+void test_pits_entry(void *ptr)
+{
+    uint32_t signals = 0;
+    psa_msg_t msg = {0};
+    psa_error_t status = PSA_SUCCESS;
+
+    while (1) {
+        signals = psa_wait_any(PSA_BLOCK);
+        if ((signals & TEST_PSA_ITS_RESET_MSK) != 0) {
+            psa_get(TEST_PSA_ITS_RESET_MSK, &msg);
+            switch (msg.type) {
+                case PSA_IPC_CONNECT: //fallthrough
+                case PSA_IPC_DISCONNECT: {
+                    break;
+                }
+                case PSA_IPC_CALL: {
+                    status = test_psa_its_reset_impl();
+                    break;
+                }
+                default: {
+                    SPM_PANIC("Unexpected message type %d!", (int)(msg.type));
+                    break;
+                }
+            }
+
+            psa_reply(msg.handle, status);
+        }
+    }
+}
+
+#ifdef   __cplusplus
+}
+#endif

TESTS/psa/entropy_inject/its_reset/psa_test_its_reset_ifs.h

@@ -0,0 +1,29 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_TEST_ITS_RESET_PARTITION_ROT_SERVICES_H
+#define PSA_TEST_ITS_RESET_PARTITION_ROT_SERVICES_H
+
+#define TEST_PSA_ITS_RESET 0x00011A04
+
+#endif // PSA_TEST_ITS_RESET_PARTITION_ROT_SERVICES_H

TESTS/psa/entropy_inject/its_reset/test_pits.h

@@ -0,0 +1,50 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __TEST_INTERNAL_TRUSTED_STORAGE_H__
+#define __TEST_INTERNAL_TRUSTED_STORAGE_H__
+
+/** @file
+@brief This file describes the PSA Internal Trusted Storage API
+*/
+
+#include <stddef.h>
+#include <stdint.h>
+#include "psa_prot_internal_storage.h"
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+/**
+ * \brief Remove the provided key and its associated data from the storage
+ *
+ * \param[in] uid   The uid value
+ *
+ * \return  A status indicating the success/failure of the operation
+ *
+ * \retval      PSA_ITS_SUCCESS                  The operation completed successfully
+ * \retval      PSA_ITS_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
+ */
+psa_its_status_t test_psa_its_reset(void);
+
+#ifdef   __cplusplus
+}
+#endif
+
+#endif // __TEST_INTERNAL_TRUSTED_STORAGE_H__

TESTS/psa/entropy_inject/its_reset/test_pits_psa.json

@@ -0,0 +1,21 @@
+{
+    "name": "TEST_ITS_RESET",
+    "type": "APPLICATION-ROT",
+    "priority": "NORMAL",
+    "id": "0x0000000B",
+    "entry_point": "test_pits_entry",
+    "stack_size": "0x400",
+    "heap_size": "0x400",
+    "services": [{
+        "name": "TEST_PSA_ITS_RESET",
+        "identifier": "0x00011A04",
+        "signal": "TEST_PSA_ITS_RESET_MSK",
+        "non_secure_clients": true,
+        "minor_version": 1,
+        "minor_policy": "RELAXED"
+      }
+    ],
+    "source_files": [
+      "COMPONENT_SPE/test_pits_reset_partition.c"
+    ]
+  }

TESTS/psa/entropy_inject/main.cpp

@@ -0,0 +1,152 @@
+/*
+* Copyright (c) 2018 ARM Limited. All rights reserved.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+* Licensed under the Apache License, Version 2.0 (the License); you may
+* not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an AS IS BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#if ((!defined(TARGET_PSA) || (!defined(COMPONENT_PSA_SRV_IPC)) && !defined(MBEDTLS_ENTROPY_NV_SEED)))
+#error [NOT_SUPPORTED] PSA entropy injection tests can run only on PSA-enabled targets.
+#endif // TARGET_PSA
+
+#include "greentea-client/test_env.h"
+#include "unity/unity.h"
+#include "utest/utest.h"
+#include "psa_prot_internal_storage.h"
+#include "test_pits.h"
+#include "entropy.h"
+#include "entropy_poll.h"
+#include "crypto.h"
+
+/* MAX value support macro */
+#if !defined(MAX)
+#define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* Calculating the minimum allowed entropy size in bytes */
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
+            MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+using namespace utest::v1;
+
+uint8_t seed[MBEDTLS_ENTROPY_MAX_SEED_SIZE + 2] = {0};
+
+void validate_entropy_seed_injection(int seed_length_a,
+                                     int expected_status_a,
+                                     int seed_length_b,
+                                     int expected_status_b)
+{
+    psa_status_t status;
+    uint8_t output[32] = { 0 };
+    uint8_t zeros[32] = { 0 };
+    status = mbedtls_psa_inject_entropy(seed, seed_length_a);
+    TEST_ASSERT(status == expected_status_a);
+    status = mbedtls_psa_inject_entropy(seed, seed_length_b);
+    TEST_ASSERT(status == expected_status_b);
+    TEST_ASSERT(psa_crypto_init() == PSA_SUCCESS);
+    TEST_ASSERT(psa_generate_random(output, sizeof(output)) == PSA_SUCCESS);
+    TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
+}
+
+void run_entropy_inject_with_crypto_init()
+{
+    psa_its_status_t its_status;
+    psa_status_t status;
+    status = psa_crypto_init();
+    TEST_ASSERT(status == PSA_ERROR_INSUFFICIENT_ENTROPY);
+    status = mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    TEST_ASSERT(status == PSA_SUCCESS);
+    status = psa_crypto_init();
+    TEST_ASSERT(status == PSA_SUCCESS);
+    status = mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    TEST_ASSERT(status == PSA_ERROR_NOT_PERMITTED);
+    mbedtls_psa_crypto_free();
+    /* The seed is written by nv_seed callback functions therefore the injection will fail */
+    status = mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+    TEST_ASSERT(status == PSA_ERROR_NOT_PERMITTED);
+}
+
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
+{
+#ifndef NO_GREENTEA
+    GREENTEA_SETUP(60, "default_auto");
+#endif
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+static void injection_small_good()
+{
+    validate_entropy_seed_injection(MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE, PSA_SUCCESS, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE, PSA_ERROR_NOT_PERMITTED);
+}
+
+static void injection_big_good()
+{
+    validate_entropy_seed_injection(MBEDTLS_ENTROPY_MAX_SEED_SIZE, PSA_SUCCESS, MBEDTLS_ENTROPY_MAX_SEED_SIZE, PSA_ERROR_NOT_PERMITTED);
+}
+
+static void injection_too_small()
+{
+    validate_entropy_seed_injection((MBEDTLS_ENTROPY_MIN_PLATFORM - 1), PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE, PSA_SUCCESS);
+}
+
+static void injection_too_big()
+{
+    validate_entropy_seed_injection((MBEDTLS_ENTROPY_MAX_SEED_SIZE + 1), PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ENTROPY_MAX_SEED_SIZE, PSA_SUCCESS);
+}
+
+static void injection_and_init_deinit()
+{
+    run_entropy_inject_with_crypto_init();
+}
+
+
+
+/***************************************************************************************/
+
+utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
+{
+    psa_status_t status;
+    status = test_psa_its_reset();
+    TEST_ASSERT_EQUAL(PSA_ITS_SUCCESS, status);
+    mbedtls_psa_crypto_free();
+    return greentea_case_teardown_handler(source, passed, failed, reason);
+}
+
+utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case)
+{
+    psa_status_t status;
+    status = test_psa_its_reset();
+    TEST_ASSERT_EQUAL(PSA_ITS_SUCCESS, status);
+    /* fill seed in some data */
+    for (size_t i = 0; i < MBEDTLS_ENTROPY_MAX_SEED_SIZE + 2; ++i) {
+        seed[i] = i;
+    }
+    return greentea_case_setup_handler(source, index_of_case);
+}
+
+Case cases[] = {
+    Case("PSA entropy injection small good", case_setup_handler, injection_small_good, case_teardown_handler),
+    Case("PSA entropy injection big good",   case_setup_handler, injection_big_good,   case_teardown_handler),
+    Case("PSA entropy injection too big",    case_setup_handler, injection_too_big,    case_teardown_handler),
+    Case("PSA entropy injection too small",  case_setup_handler, injection_too_small,  case_teardown_handler),
+    Case("PSA entropy injection before and after init", case_setup_handler, injection_and_init_deinit, case_teardown_handler),
+};
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main()
+{
+    return !Harness::run(specification);
+}

TESTS/psa/prot_internal_storage/COMPONENT_SPE/psa_setup.c

@@ -29,9 +29,11 @@
 #include "cmsis.h"
 #include "psa_test_its_reset_partition.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
+extern const uint32_t psa_f_external_sids[4];
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = TEST_ITS_RESET_ID,
         .thread_id = 0,
@@ -54,6 +56,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -66,6 +79,7 @@ const uint32_t mem_region_count = 0;
 // forward declaration of partition initializers
 void test_its_reset_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -75,8 +89,9 @@ uint32_t init_partitions(spm_partition_t **partitions)
 
     test_its_reset_init(&(g_partitions[0]));
     its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c

@@ -29,9 +29,11 @@
 #include "cmsis.h"
 #include "psa_client_tests_part1_partition.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
+extern const uint32_t psa_f_external_sids[4];
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = CLIENT_TESTS_PART1_ID,
         .thread_id = 0,
@@ -54,6 +56,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -66,6 +79,7 @@ const uint32_t mem_region_count = 0;
 // forward declaration of partition initializers
 void client_tests_part1_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -75,8 +89,9 @@ uint32_t init_partitions(spm_partition_t **partitions)
 
     client_tests_part1_init(&(g_partitions[0]));
     its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c

@@ -30,10 +30,12 @@
 #include "psa_server_test_part1_partition.h"
 #include "psa_server_test_part2_partition.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
 extern const uint32_t server_test_part1_external_sids[2];
+extern const uint32_t psa_f_external_sids[4];
 
-spm_partition_t g_partitions[3] = {
+spm_partition_t g_partitions[4] = {
     {
         .partition_id = SERVER_TEST_PART1_ID,
         .thread_id = 0,
@@ -67,6 +69,17 @@ spm_partition_t g_partitions[3] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -80,6 +93,7 @@ const uint32_t mem_region_count = 0;
 void server_test_part1_init(spm_partition_t *partition);
 void server_test_part2_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -90,8 +104,9 @@ uint32_t init_partitions(spm_partition_t **partitions)
     server_test_part1_init(&(g_partitions[0]));
     server_test_part2_init(&(g_partitions[1]));
     its_init(&(g_partitions[2]));
+    psa_f_init(&(g_partitions[3]));
 
     *partitions = g_partitions;
-    return 3;
+    return 4;
 }
 

TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c

@@ -29,9 +29,11 @@
 #include "cmsis.h"
 #include "psa_smoke_test_part1_partition.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
+extern const uint32_t psa_f_external_sids[4];
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = SMOKE_TEST_PART1_ID,
         .thread_id = 0,
@@ -54,6 +56,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -66,6 +79,7 @@ const uint32_t mem_region_count = 0;
 // forward declaration of partition initializers
 void smoke_test_part1_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
 {
@@ -75,8 +89,9 @@ uint32_t init_partitions(spm_partition_t **partitions)
 
     smoke_test_part1_init(&(g_partitions[0]));
     its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -0,0 +1,167 @@
+/**
+ * \file psa/crypto_platform_spe.h
+ *
+ * \brief PSA cryptography module: Mbed TLS platfom definitions
+ */
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SPE_PLATFORM_H
+#define PSA_CRYPTO_SPE_PLATFORM_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/** \defgroup PSA Crypto APIs
+* @{
+*/
+
+/** \brief psa_s_function_t enum defines for all the available functions in PSA Crypto. */
+typedef enum psa_sec_function_s {
+    PSA_CRYPTO_INVALID,
+    PSA_CRYPTO_INIT,
+    PSA_IMPORT_KEY,
+    PSA_DESTROY_KEY,
+    PSA_GET_KEY_INFORMATION,
+    PSA_EXPORT_KEY,
+    PSA_EXPORT_PUBLIC_KEY,
+    PSA_KEY_POLICY_INIT,
+    PSA_KEY_POLICY_SET_USAGE,
+    PSA_KEY_POLICY_GET_USAGE,
+    PSA_KEY_POLICY_GET_ALGORITHM,
+    PSA_SET_KEY_POLICY,
+    PSA_GET_KEY_POLICY,
+    PSA_SET_KEY_LIFETIME,
+    PSA_GET_KEY_LIFETIME,
+    PSA_HASH_SETUP,
+    PSA_HASH_UPDATE,
+    PSA_HASH_FINISH,
+    PSA_HASH_VERIFY,
+    PSA_HASH_ABORT,
+    PSA_MAC_SIGN_SETUP,
+    PSA_MAC_VERIFY_SETUP,
+    PSA_MAC_UPDATE,
+    PSA_MAC_SIGN_FINISH,
+    PSA_MAC_VERIFY_FINISH,
+    PSA_MAC_ABORT,
+    PSA_CIPHER_ENCRYPT_SETUP,
+    PSA_CIPHER_DECRYPT_SETUP,
+    PSA_CIPHER_GENERATE_IV,
+    PSA_CIPHER_SET_IV,
+    PSA_CIPHER_UPDATE,
+    PSA_CIPHER_FINISH,
+    PSA_CIPHER_ABORT,
+    PSA_AEAD_ENCRYPT,
+    PSA_AEAD_DECRYPT,
+    PSA_ASYMMETRIC_SIGN,
+    PSA_ASYMMETRIC_VERIFY,
+    PSA_ASYMMETRIC_ENCRYPT,
+    PSA_ASYMMETRIC_DECRYPT,
+    PSA_GENERATE_RANDOM,
+    PSA_GENERATE_KEY,
+    PSA_GET_GENERATOR_CAPACITY,
+    PSA_GENERATOR_READ,
+    PSA_GENERATOR_IMPORT_KEY,
+    PSA_GENERATOR_ABORT,
+    PSA_KEY_DERIVATION,
+    PSA_KEY_AGREEMENT
+} psa_sec_function_t;
+
+/**@}*/
+
+/** \defgroup PSA Crypto structures for IPC
+* @{
+*/
+
+/** psa_crypto_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_crypto_ipc_s {
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+} psa_crypto_ipc_t;
+
+/** psa_crypto_derivation_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+typedef struct psa_crypto_derivation_ipc_s {
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t capacity;
+} psa_crypto_derivation_ipc_t;
+
+/** psa_key_mng_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_key_mng_ipc_s {
+    psa_key_slot_t key;
+    psa_key_type_t type;
+    psa_sec_function_t func;
+} psa_key_mng_ipc_t;
+
+/** psa_crypto_ipc_aead_s struct used for AEAD integrated
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t  and extra arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+// Max length supported for nonce is 16 bytes.
+#define PSA_AEAD_MAX_NONCE_SIZE 16
+typedef struct psa_crypto_ipc_aead_s {
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    uint16_t nonce_size;
+    size_t additional_data_length;
+    size_t input_length;
+    uint8_t nonce[PSA_AEAD_MAX_NONCE_SIZE];
+} psa_crypto_ipc_aead_t;
+
+/** psa_crypto_ipc_asymmetric_s struct used for asymmetric
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+typedef struct psa_crypto_ipc_asymmetric_s {
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t input_length;
+    size_t salt_length;
+} psa_crypto_ipc_asymmetric_t;
+
+
+/**@}*/
+
+#endif /* PSA_CRYPTO_SPE_PLATFORM_H */

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h

@@ -0,0 +1,6 @@
+#ifdef PSA_CRYPTO_SECURE
+#include "crypto_struct_spe.h"
+#else
+#include "crypto_struct_ipc.h"
+#endif
+

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h

@@ -0,0 +1,63 @@
+#include "spm/psa_defs.h"
+
+/**
+ * \file psa/crypto_struct.h
+ *
+ * \brief PSA cryptography module: Mbed TLS structured type implementations
+ */
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_STRUCT_H
+#define PSA_CRYPTO_STRUCT_H
+
+struct psa_hash_operation_s {
+    psa_handle_t handle;
+};
+
+struct psa_mac_operation_s {
+    psa_handle_t handle;
+};
+
+struct psa_cipher_operation_s {
+    psa_handle_t handle;
+};
+
+struct psa_aead_operation_s {
+    psa_handle_t handle;
+};
+
+struct psa_crypto_generator_s {
+    psa_handle_t handle;
+};
+
+#define PSA_CRYPTO_GENERATOR_INIT { PSA_NULL_HANDLE }
+static inline struct psa_crypto_generator_s psa_crypto_generator_init(void)
+{
+    const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT;
+    return (v);
+}
+
+struct psa_key_policy_s {
+    psa_key_usage_t usage;
+    psa_algorithm_t alg;
+};
+
+
+#endif /* PSA_CRYPTO_STRUCT_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -0,0 +1,74 @@
+/**
+ * \file psa/crypto_spe.h
+ * \brief Platform Security Architecture cryptography module
+ */
+
+#ifndef PSA_CRYPTO_SPE_H
+#define PSA_CRYPTO_SPE_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define psa_crypto_init  psa_sec_crypto_init
+#define psa_import_key  psa_sec_import_key
+#define psa_destroy_key  psa_sec_destroy_key
+#define psa_get_key_information  psa_sec_get_key_information
+#define psa_export_key  psa_sec_export_key
+#define psa_export_public_key  psa_sec_export_public_key
+#define psa_key_policy_init  psa_key_policy_init
+#define psa_key_policy_get_usage  psa_key_policy_get_usage
+#define psa_key_policy_get_algorithm  psa_key_policy_get_algorithm
+#define psa_key_policy_set_usage  psa_key_policy_set_usage
+#define psa_set_key_policy  psa_sec_set_key_policy
+#define psa_get_key_policy  psa_sec_get_key_policy
+#define psa_get_key_lifetime  psa_sec_get_key_lifetime
+#define psa_set_key_lifetime  psa_sec_set_key_lifetime
+#define psa_hash_setup  psa_sec_hash_setup
+#define psa_hash_update  psa_sec_hash_update
+#define psa_hash_finish  psa_sec_hash_finish
+#define psa_hash_verify  psa_sec_hash_verify
+#define psa_hash_abort  psa_sec_hash_abort
+#define psa_mac_sign_setup  psa_sec_mac_sign_setup
+#define psa_mac_verify_setup  psa_sec_mac_verify_setup
+#define psa_mac_update  psa_sec_mac_update
+#define psa_mac_sign_finish  psa_sec_mac_sign_finish
+#define psa_mac_verify_finish  psa_sec_mac_verify_finish
+#define psa_mac_abort  psa_sec_mac_abort
+#define psa_cipher_encrypt_setup  psa_sec_cipher_encrypt_setup
+#define psa_cipher_decrypt_setup  psa_sec_cipher_decrypt_setup
+#define psa_cipher_generate_iv  psa_sec_cipher_generate_iv
+#define psa_cipher_set_iv  psa_sec_cipher_set_iv
+#define psa_cipher_update  psa_sec_cipher_update
+#define psa_cipher_finish  psa_sec_cipher_finish
+#define psa_cipher_abort  psa_sec_cipher_abort
+#define psa_aead_encrypt  psa_sec_aead_encrypt
+#define psa_aead_decrypt  psa_sec_aead_decrypt
+#define psa_asymmetric_sign  psa_sec_asymmetric_sign
+#define psa_asymmetric_verify  psa_sec_asymmetric_verify
+#define psa_asymmetric_encrypt  psa_sec_asymmetric_encrypt
+#define psa_asymmetric_decrypt  psa_sec_asymmetric_decrypt
+#define psa_generate_random  psa_sec_generate_random
+#define psa_generate_key  psa_sec_generate_key
+#define psa_get_generator_capacity  psa_sec_get_generator_capacity
+#define psa_generator_read  psa_sec_generator_read
+#define psa_generator_import_key  psa_sec_generator_import_key
+#define mbedtls_psa_crypto_free  mbedtls_psa_sec_crypto_free
+#define psa_key_derivation  psa_sec_key_derivation
+#define psa_key_agreement  psa_sec_key_agreement
+#define psa_generator_abort  psa_sec_generator_abort
+#define mbedtls_psa_inject_entropy  mbedtls_psa_sec_inject_entropy
+
+#include "crypto.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+/* The file "crypto_extra.h" contains vendor-specific definitions. This
+ * can include vendor-defined algorithms, extra functions, etc. */
+#include "crypto_extra.h"
+
+#endif /* PSA_CRYPTO_SPE_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.c

@@ -0,0 +1,227 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "cmsis.h"
+#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
+#include "rtx_os.h"
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "psa_psa_f_partition.h"
+#include "psa_psa_f_ifs.h"
+#include "psa_its_ifs.h"
+
+
+/* Threads stacks */
+MBED_ALIGN(8) uint8_t psa_f_thread_stack[16384] = {0};
+
+/* Threads control blocks */
+osRtxThread_t psa_f_thread_cb = {0};
+
+/* Thread attributes - for thread initialization */
+osThreadAttr_t psa_f_thread_attr = {
+    .name = "psa_f",
+    .attr_bits = 0,
+    .cb_mem = &psa_f_thread_cb,
+    .cb_size = sizeof(psa_f_thread_cb),
+    .stack_mem = psa_f_thread_stack,
+    .stack_size = 16384,
+    .priority = osPriorityNormal,
+    .tz_module = 0,
+    .reserved = 0
+};
+
+spm_rot_service_t psa_f_rot_services[PSA_F_ROT_SRV_COUNT] = {
+    {
+        .sid = PSA_CRYPTO_INIT_ID,
+        .mask = PSA_CRYPTO_INIT,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_MAC_ID,
+        .mask = PSA_MAC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_HASH_ID,
+        .mask = PSA_HASH,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_ASYMMETRIC_ID,
+        .mask = PSA_ASYMMETRIC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_SYMMETRIC_ID,
+        .mask = PSA_SYMMETRIC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_AEAD_ID,
+        .mask = PSA_AEAD,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_KEY_MNG_ID,
+        .mask = PSA_KEY_MNG,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_RNG_ID,
+        .mask = PSA_RNG,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_CRYPTO_FREE_ID,
+        .mask = PSA_CRYPTO_FREE,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_GENERATOR_ID,
+        .mask = PSA_GENERATOR,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_ENTROPY_ID,
+        .mask = PSA_ENTROPY_INJECT,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+};
+
+/* External SIDs used by PSA_F */
+const uint32_t psa_f_external_sids[4] = {
+    PSA_ITS_GET,
+    PSA_ITS_SET,
+    PSA_ITS_INFO,
+    PSA_ITS_REMOVE,
+};
+
+static osRtxMutex_t psa_f_mutex = {0};
+static const osMutexAttr_t psa_f_mutex_attr = {
+    .name = "psa_f_mutex",
+    .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
+    .cb_mem = &psa_f_mutex,
+    .cb_size = sizeof(psa_f_mutex),
+};
+
+
+extern void part_main(void *ptr);
+
+void psa_f_init(spm_partition_t *partition)
+{
+    if (NULL == partition) {
+        SPM_PANIC("partition is NULL!\n");
+    }
+
+    partition->mutex = osMutexNew(&psa_f_mutex_attr);
+    if (NULL == partition->mutex) {
+        SPM_PANIC("Failed to create mutex for secure partition psa_f!\n");
+    }
+
+    for (uint32_t i = 0; i < PSA_F_ROT_SRV_COUNT; ++i) {
+        psa_f_rot_services[i].partition = partition;
+    }
+    partition->rot_services = psa_f_rot_services;
+
+    partition->thread_id = osThreadNew(part_main, NULL, &psa_f_thread_attr);
+    if (NULL == partition->thread_id) {
+        SPM_PANIC("Failed to create start main thread of partition psa_f!\n");
+    }
+}

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.h

@@ -0,0 +1,84 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_PSA_F_PARTITION_H
+#define PSA_PSA_F_PARTITION_H
+
+#define PSA_F_ID 35
+
+#define PSA_F_ROT_SRV_COUNT (11UL)
+#define PSA_F_EXT_ROT_SRV_COUNT (4UL)
+
+/* PSA_F event flags */
+#define PSA_F_RESERVED1_POS (1UL)
+#define PSA_F_RESERVED1_MSK (1UL << PSA_F_RESERVED1_POS)
+
+#define PSA_F_RESERVED2_POS (2UL)
+#define PSA_F_RESERVED2_MSK (1UL << PSA_F_RESERVED2_POS)
+
+
+
+#define PSA_CRYPTO_INIT_POS (4UL)
+#define PSA_CRYPTO_INIT (1UL << PSA_CRYPTO_INIT_POS)
+#define PSA_MAC_POS (5UL)
+#define PSA_MAC (1UL << PSA_MAC_POS)
+#define PSA_HASH_POS (6UL)
+#define PSA_HASH (1UL << PSA_HASH_POS)
+#define PSA_ASYMMETRIC_POS (7UL)
+#define PSA_ASYMMETRIC (1UL << PSA_ASYMMETRIC_POS)
+#define PSA_SYMMETRIC_POS (8UL)
+#define PSA_SYMMETRIC (1UL << PSA_SYMMETRIC_POS)
+#define PSA_AEAD_POS (9UL)
+#define PSA_AEAD (1UL << PSA_AEAD_POS)
+#define PSA_KEY_MNG_POS (10UL)
+#define PSA_KEY_MNG (1UL << PSA_KEY_MNG_POS)
+#define PSA_RNG_POS (11UL)
+#define PSA_RNG (1UL << PSA_RNG_POS)
+#define PSA_CRYPTO_FREE_POS (12UL)
+#define PSA_CRYPTO_FREE (1UL << PSA_CRYPTO_FREE_POS)
+#define PSA_GENERATOR_POS (13UL)
+#define PSA_GENERATOR (1UL << PSA_GENERATOR_POS)
+#define PSA_ENTROPY_INJECT_POS (14UL)
+#define PSA_ENTROPY_INJECT (1UL << PSA_ENTROPY_INJECT_POS)
+
+#define PSA_F_WAIT_ANY_SID_MSK (\
+    PSA_CRYPTO_INIT | \
+    PSA_MAC | \
+    PSA_HASH | \
+    PSA_ASYMMETRIC | \
+    PSA_SYMMETRIC | \
+    PSA_AEAD | \
+    PSA_KEY_MNG | \
+    PSA_RNG | \
+    PSA_CRYPTO_FREE | \
+    PSA_GENERATOR | \
+    PSA_ENTROPY_INJECT)
+
+/*
+#define PSA_F_WAIT_ANY_MSK (\
+    PSA_F_WAIT_ANY_SID_MSK) | \
+    PSA_DOORBELL)
+*/
+
+
+#endif // PSA_PSA_F_PARTITION_H

components/TARGET_PSA/services/crypto/crypto_partition_psa.json

@@ -0,0 +1,108 @@
+{
+  "name": "PSA_F",
+  "type": "APPLICATION-ROT",
+  "priority": "NORMAL",
+  "id": "0x00000023",
+  "entry_point": "part_main",
+  "stack_size": "0x4000",
+  "heap_size": "0x400",
+  "services": [
+    {
+      "name": "PSA_CRYPTO_INIT_ID",
+      "identifier": "0x00000F00",
+      "signal": "PSA_CRYPTO_INIT",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_MAC_ID",
+      "identifier": "0x00000F01",
+      "signal": "PSA_MAC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_HASH_ID",
+      "identifier": "0x00000F02",
+      "signal": "PSA_HASH",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_ASYMMETRIC_ID",
+      "identifier": "0x00000F03",
+      "signal": "PSA_ASYMMETRIC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_SYMMETRIC_ID",
+      "identifier": "0x00000F04",
+      "signal": "PSA_SYMMETRIC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_AEAD_ID",
+      "identifier": "0x00000F05",
+      "signal": "PSA_AEAD",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_KEY_MNG_ID",
+      "identifier": "0x00000F06",
+      "signal": "PSA_KEY_MNG",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_RNG_ID",
+      "identifier": "0x00000F07",
+      "signal": "PSA_RNG",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_CRYPTO_FREE_ID",
+      "identifier": "0x00000F08",
+      "signal": "PSA_CRYPTO_FREE",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_GENERATOR_ID",
+      "identifier": "0x00000F09",
+      "signal": "PSA_GENERATOR",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_ENTROPY_ID",
+      "identifier": "0x00000F0A",
+      "signal": "PSA_ENTROPY_INJECT",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    }
+  ],
+  "extern_sids": [
+    "PSA_ITS_GET",
+    "PSA_ITS_SET",
+    "PSA_ITS_INFO",
+    "PSA_ITS_REMOVE"
+  ],
+  "source_files": [
+    "COMPONENT_SPE/psa_crypto_partition.c"
+  ]
+}

components/TARGET_PSA/services/crypto/psa_psa_f_ifs.h

@@ -0,0 +1,39 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_PSA_F_PARTITION_ROT_SERVICES_H
+#define PSA_PSA_F_PARTITION_ROT_SERVICES_H
+
+#define PSA_CRYPTO_INIT_ID 0x00000F00
+#define PSA_MAC_ID 0x00000F01
+#define PSA_HASH_ID 0x00000F02
+#define PSA_ASYMMETRIC_ID 0x00000F03
+#define PSA_SYMMETRIC_ID 0x00000F04
+#define PSA_AEAD_ID 0x00000F05
+#define PSA_KEY_MNG_ID 0x00000F06
+#define PSA_RNG_ID 0x00000F07
+#define PSA_CRYPTO_FREE_ID 0x00000F08
+#define PSA_GENERATOR_ID 0x00000F09
+#define PSA_ENTROPY_ID 0x00000F0A
+
+#endif // PSA_PSA_F_PARTITION_ROT_SERVICES_H

components/TARGET_PSA/spm/COMPONENT_SPE/psa_setup.c

@@ -28,10 +28,12 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
+extern const uint32_t psa_f_external_sids[4];
 
 __attribute__((weak))
-spm_partition_t g_partitions[1] = {
+spm_partition_t g_partitions[2] = {
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -43,6 +45,17 @@ spm_partition_t g_partitions[1] = {
         .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
 };
 
 /* Check all the defined memory regions for overlapping. */
@@ -56,6 +69,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 __attribute__((weak))
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -65,8 +79,9 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     its_init(&(g_partitions[0]));
+    psa_f_init(&(g_partitions[1]));
 
     *partitions = g_partitions;
-    return 1;
+    return 2;
 }
 

features/mbedtls/platform/TARGET_PSA/COMPONENT_NSPE/src/psa_hrng.c

@@ -0,0 +1,58 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "trng_api.h"
+#include "crypto.h"
+#include "mbed_toolchain.h"
+
+#if (defined(DEVICE_TRNG) && defined(MBEDTLS_PSA_CRYPTO_C))
+
+MBED_WEAK void trng_init(trng_t *obj)
+{
+    (void)(obj);
+}
+
+
+MBED_WEAK void trng_free(trng_t *obj)
+{
+    (void)(obj);
+}
+
+MBED_WEAK int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
+{
+   ((void)(obj));
+    if (output == NULL || output_length == NULL){
+        return -1;
+    }
+
+    psa_status_t status = psa_crypto_init();
+    if(status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    status = psa_generate_random(output, length);
+    mbedtls_psa_crypto_free();
+    if (status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    *output_length = length;
+
+    return 0;
+}
+
+#endif  // (defined(DEVICE_TRNG) && defiend(MBEDTLS_PSA_CRYPTO_C))

features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/inc/default_random_seed.h

@@ -0,0 +1,42 @@
+
+
+#ifndef DEFAULT_RANDOM_SEED_H
+#define DEFAULT_RANDOM_SEED_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+/** Read seed from the secure storage.
+ *
+ *  This function will be the default function for reading the Random seed.
+ *
+ *   @param buf[out] buffer to hold the seed value from the secure storage
+ *   @param buf_len[in] input buffer length
+ *
+ * @returns
+ * secure storage API return value.
+ *
+ */
+int mbed_default_seed_read(unsigned char *buf, size_t buf_len);
+
+/** Writes seed to the secure storage.
+ *
+ *  This function will be the default function for writing the Random seed.
+ *
+ *   @param buf[in] buffer to the seed value
+ *   @param buf_len[in] input buffer length
+ *
+ * @returns
+ * secure storage API return value.
+ */
+int mbed_default_seed_write(unsigned char *buf, size_t buf_len);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* DEFAULT_RANDOM_SEED_H */

features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/src/default_random_seed.cpp

@@ -0,0 +1,25 @@
+#include "mbed.h"
+#include "crypto.h"
+#include "default_random_seed.h"
+#include "psa_prot_internal_storage.h"
+
+int mbed_default_seed_read(unsigned char *buf, size_t buf_len)
+{
+    /* Make sure that in case of an error the value will be negative
+     * return (-1 * rc);
+     * Mbed TLS errors are negative values
+     */
+    psa_its_status_t rc = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID, 0, buf_len, buf);
+    return ( -1 * rc );
+}
+
+int mbed_default_seed_write(unsigned char *buf, size_t buf_len)
+{
+    psa_its_status_t rc = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, buf_len, buf, 0);
+    /* Make sure that in case of an error the value will be negative
+     * return (-1 * rc);
+     * Mbed TLS errors are negative values
+     */
+    return ( -1 * rc );
+}
+

targets/targets.json

@@ -98,6 +98,7 @@
     "NSPE_Target": {
         "inherits": ["PSA_Target"],
         "components": ["PSA_SRV_IPC", "NSPE"],
+        "device_has_add": ["TRNG"],
         "public": false
     },
     "SPE_Target": {
@@ -1438,7 +1439,7 @@
             "PSA"
         ],
         "is_disk_virtual": true,
-        "macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED"],
+        "macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED", "MBEDTLS_PSA_CRYPTO_C"],
         "inherits": ["Target"],
         "detect_code": ["0240"],
         "device_has": [