Create a new partition for the crypto service

The following files initially were taken
from https://github.com/ARMmbed/psa-crypto-spm/releases/tag/spm-crypto-5.11
* crypto_platform_spe.h
* crypto_struct.h
* crypto_struct_ipc.h
* psa_crypto_spm.c
* crypto_spe.h
* crypto_partition_psa.json

The rest of the files were autimatically generated
by tools/spm/generate_psa_partition.py

TESTS/psa/prot_internal_storage/COMPONENT_SPE/psa_setup.c

@@ -28,10 +28,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_test_its_reset_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = TEST_ITS_RESET_ID,
         .thread_id = 0,
@@ -43,6 +44,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = TEST_ITS_RESET_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -65,6 +77,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void test_its_reset_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -74,9 +87,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     test_its_reset_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c

@@ -28,10 +28,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_client_tests_part1_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = CLIENT_TESTS_PART1_ID,
         .thread_id = 0,
@@ -43,6 +44,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = CLIENT_TESTS_PART1_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -65,6 +77,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void client_tests_part1_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -74,9 +87,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     client_tests_part1_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c

@@ -29,11 +29,12 @@
 #include "cmsis.h"
 #include "psa_server_test_part1_partition.h"
 #include "psa_server_test_part2_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 extern const uint32_t server_test_part1_external_sids[2];
 
-spm_partition_t g_partitions[3] = {
+spm_partition_t g_partitions[4] = {
     {
         .partition_id = SERVER_TEST_PART1_ID,
         .thread_id = 0,
@@ -56,6 +57,17 @@ spm_partition_t g_partitions[3] = {
         .extern_sids_count = SERVER_TEST_PART2_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -79,6 +91,7 @@ const uint32_t mem_region_count = 0;
 // forward declaration of partition initializers
 void server_test_part1_init(spm_partition_t *partition);
 void server_test_part2_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -89,9 +102,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
 
     server_test_part1_init(&(g_partitions[0]));
     server_test_part2_init(&(g_partitions[1]));
-    its_init(&(g_partitions[2]));
+    psa_f_init(&(g_partitions[2]));
+    its_init(&(g_partitions[3]));
 
     *partitions = g_partitions;
-    return 3;
+    return 4;
 }
 

TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c

@@ -28,10 +28,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_smoke_test_part1_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = SMOKE_TEST_PART1_ID,
         .thread_id = 0,
@@ -43,6 +44,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = SMOKE_TEST_PART1_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -65,6 +77,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void smoke_test_part1_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -74,9 +87,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     smoke_test_part1_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -0,0 +1,174 @@
+/**
+ * \file psa/crypto_platform_spe.h
+ *
+ * \brief PSA cryptography module: Mbed TLS platfom definitions
+ */
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SPE_PLATFORM_H
+#define PSA_CRYPTO_SPE_PLATFORM_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/** \defgroup PSA Crypto APIs
+* @{
+*/
+
+/** \brief psa_s_function_t enum defines for all the available functions in PSA Crypto. */
+typedef enum psa_sec_function_s
+{
+    PSA_CRYPTO_INVALID,
+    PSA_CRYPTO_INIT,
+    PSA_IMPORT_KEY,
+    PSA_DESTROY_KEY,
+    PSA_GET_KEY_INFORMATION,
+    PSA_EXPORT_KEY,
+    PSA_EXPORT_PUBLIC_KEY,
+    PSA_KEY_POLICY_INIT,
+    PSA_KEY_POLICY_SET_USAGE,
+    PSA_KEY_POLICY_GET_USAGE,
+    PSA_KEY_POLICY_GET_ALGORITHM,
+    PSA_SET_KEY_POLICY,
+    PSA_GET_KEY_POLICY,
+    PSA_SET_KEY_LIFETIME,
+    PSA_GET_KEY_LIFETIME,
+    PSA_HASH_SETUP,
+    PSA_HASH_UPDATE,
+    PSA_HASH_FINISH,
+    PSA_HASH_VERIFY,
+    PSA_HASH_ABORT,
+    PSA_MAC_SIGN_SETUP,
+    PSA_MAC_VERIFY_SETUP,
+    PSA_MAC_UPDATE,
+    PSA_MAC_SIGN_FINISH,
+    PSA_MAC_VERIFY_FINISH,
+    PSA_MAC_ABORT,
+    PSA_CIPHER_ENCRYPT_SETUP,
+    PSA_CIPHER_DECRYPT_SETUP,
+    PSA_CIPHER_GENERATE_IV,
+    PSA_CIPHER_SET_IV,
+    PSA_CIPHER_UPDATE,
+    PSA_CIPHER_FINISH,
+    PSA_CIPHER_ABORT,
+    PSA_AEAD_ENCRYPT,
+    PSA_AEAD_DECRYPT,
+    PSA_ASYMMETRIC_SIGN,
+    PSA_ASYMMETRIC_VERIFY,
+    PSA_ASYMMETRIC_ENCRYPT,
+    PSA_ASYMMETRIC_DECRYPT,
+    PSA_GENERATE_RANDOM,
+    PSA_GENERATE_KEY,
+    PSA_GET_GENERATOR_CAPACITY,
+    PSA_GENERATOR_READ,
+    PSA_GENERATOR_IMPORT_KEY,
+    PSA_GENERATOR_ABORT,
+    PSA_KEY_DERIVATION
+}psa_sec_function_t;
+
+/**@}*/
+
+/** \defgroup PSA Crypto structures for IPC
+* @{
+*/
+
+/** psa_crypto_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_crypto_ipc_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+} psa_crypto_ipc_t;
+
+/** psa_crypto_derivation_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+typedef struct psa_crypto_derivation_ipc_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t capacity;
+} psa_crypto_derivation_ipc_t;
+
+/** psa_key_mng_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_key_mng_ipc_s
+{
+    psa_key_slot_t key;
+    psa_key_type_t type;
+    psa_sec_function_t func;
+} psa_key_mng_ipc_t;
+
+/** psa_crypto_ipc_aead_s struct used for AEAD integrated
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t  and extra arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+// Max length supported for nonce is 16 bytes.
+#define PSA_MAX_NONCE_SIZE 16
+typedef struct psa_crypto_ipc_aead_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    uint16_t nonce_size;
+    size_t additional_data_length;
+    size_t input_length;
+    uint8_t nonce[PSA_MAX_NONCE_SIZE];
+} psa_crypto_ipc_aead_t;
+
+/** psa_crypto_ipc_asymmetric_s struct used for asymmetric
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+// Max supported HASH size is 64 bytes - for SHA-512.
+#define PSA_HASH_MAX_SIZE 64
+typedef struct psa_crypto_ipc_asymmetric_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t input_length;
+    size_t salt_length;
+} psa_crypto_ipc_asymmetric_t;
+
+
+/**@}*/
+
+#endif /* PSA_CRYPTO_SPE_PLATFORM_H */

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h

@@ -0,0 +1,6 @@
+#ifdef PSA_CRYPTO_SECURE
+#include "crypto_struct_spe.h"
+#else
+#include "crypto_struct_ipc.h"
+#endif
+

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h

@@ -0,0 +1,69 @@
+#include "spm/psa_defs.h"
+
+/**
+ * \file psa/crypto_struct.h
+ *
+ * \brief PSA cryptography module: Mbed TLS structured type implementations
+ */
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_STRUCT_H
+#define PSA_CRYPTO_STRUCT_H
+
+struct psa_hash_operation_s
+{
+    psa_handle_t handle;
+};
+
+struct psa_mac_operation_s
+{
+    psa_handle_t handle;
+};
+
+struct psa_cipher_operation_s
+{
+    psa_handle_t handle;
+};
+
+struct psa_aead_operation_s
+{
+    psa_handle_t handle;
+};
+
+struct psa_crypto_generator_s
+{
+    psa_handle_t handle;
+};
+
+static inline struct psa_crypto_generator_s psa_crypto_generator_init( void )
+{
+    const struct psa_crypto_generator_s v = { 0 };
+    return( v );
+}
+
+struct psa_key_policy_s
+{
+    psa_key_usage_t usage;
+    psa_algorithm_t alg;
+};
+
+#define PSA_CRYPTO_GENERATOR_INIT { PSA_NULL_HANDLE }
+
+#endif /* PSA_CRYPTO_STRUCT_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -0,0 +1,72 @@
+/**
+ * \file psa/crypto_spe.h
+ * \brief Platform Security Architecture cryptography module
+ */
+
+#ifndef PSA_CRYPTO_SPE_H
+#define PSA_CRYPTO_SPE_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define psa_crypto_init  psa_sec_crypto_init
+#define psa_import_key  psa_sec_import_key
+#define psa_destroy_key  psa_sec_destroy_key
+#define psa_get_key_information  psa_sec_get_key_information
+#define psa_export_key  psa_sec_export_key
+#define psa_export_public_key  psa_sec_export_public_key
+#define psa_key_policy_init  psa_key_policy_init
+#define psa_key_policy_get_usage  psa_key_policy_get_usage
+#define psa_key_policy_get_algorithm  psa_key_policy_get_algorithm
+#define psa_key_policy_set_usage  psa_key_policy_set_usage
+#define psa_set_key_policy  psa_sec_set_key_policy
+#define psa_get_key_policy  psa_sec_get_key_policy
+#define psa_get_key_lifetime  psa_sec_get_key_lifetime
+#define psa_set_key_lifetime  psa_sec_set_key_lifetime
+#define psa_hash_setup  psa_sec_hash_setup
+#define psa_hash_update  psa_sec_hash_update
+#define psa_hash_finish  psa_sec_hash_finish
+#define psa_hash_verify  psa_sec_hash_verify
+#define psa_hash_abort  psa_sec_hash_abort
+#define psa_mac_sign_setup  psa_sec_mac_sign_setup
+#define psa_mac_verify_setup  psa_sec_mac_verify_setup
+#define psa_mac_update  psa_sec_mac_update
+#define psa_mac_sign_finish  psa_sec_mac_sign_finish
+#define psa_mac_verify_finish  psa_sec_mac_verify_finish
+#define psa_mac_abort  psa_sec_mac_abort
+#define psa_cipher_encrypt_setup  psa_sec_cipher_encrypt_setup
+#define psa_cipher_decrypt_setup  psa_sec_cipher_decrypt_setup
+#define psa_cipher_generate_iv  psa_sec_cipher_generate_iv
+#define psa_cipher_set_iv  psa_sec_cipher_set_iv
+#define psa_cipher_update  psa_sec_cipher_update
+#define psa_cipher_finish  psa_sec_cipher_finish
+#define psa_cipher_abort  psa_sec_cipher_abort
+#define psa_aead_encrypt  psa_sec_aead_encrypt
+#define psa_aead_decrypt  psa_sec_aead_decrypt
+#define psa_asymmetric_sign  psa_sec_asymmetric_sign
+#define psa_asymmetric_verify  psa_sec_asymmetric_verify
+#define psa_asymmetric_encrypt  psa_sec_asymmetric_encrypt
+#define psa_asymmetric_decrypt  psa_sec_asymmetric_decrypt
+#define psa_generate_random  psa_sec_generate_random
+#define psa_generate_key  psa_sec_generate_key
+#define psa_get_generator_capacity  psa_sec_get_generator_capacity
+#define psa_generator_read  psa_sec_generator_read
+#define psa_generator_import_key  psa_sec_generator_import_key
+#define mbedtls_psa_crypto_free  mbedtls_psa_sec_crypto_free
+#define psa_key_derivation  psa_sec_key_derivation
+#define psa_generator_abort  psa_sec_generator_abort
+
+#include "crypto.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+/* The file "crypto_extra.h" contains vendor-specific definitions. This
+ * can include vendor-defined algorithms, extra functions, etc. */
+#include "crypto_extra.h"
+
+#endif /* PSA_CRYPTO_SPE_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.c

@@ -0,0 +1,205 @@
+/* Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "cmsis.h"
+#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
+#include "rtx_os.h"
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "psa_psa_f_partition.h"
+#include "psa_psa_f_ifs.h"
+
+
+/* Threads stacks */
+MBED_ALIGN(8) uint8_t psa_f_thread_stack[16384] = {0};
+
+/* Threads control blocks */
+osRtxThread_t psa_f_thread_cb = {0};
+
+/* Thread attributes - for thread initialization */
+osThreadAttr_t psa_f_thread_attr = {
+    .name = "psa_f",
+    .attr_bits = 0,
+    .cb_mem = &psa_f_thread_cb,
+    .cb_size = sizeof(psa_f_thread_cb),
+    .stack_mem = psa_f_thread_stack,
+    .stack_size = 16384,
+    .priority = osPriorityNormal,
+    .tz_module = 0,
+    .reserved = 0
+};
+
+spm_rot_service_t psa_f_rot_services[PSA_F_ROT_SRV_COUNT] = {
+    {
+        .sid = PSA_CRYPTO_INIT_ID,
+        .mask = PSA_CRYPTO_INIT,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_MAC_ID,
+        .mask = PSA_MAC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_HASH_ID,
+        .mask = PSA_HASH,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_ASYMMETRIC_ID,
+        .mask = PSA_ASYMMETRIC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_SYMMETRIC_ID,
+        .mask = PSA_SYMMETRIC,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_AEAD_ID,
+        .mask = PSA_AEAD,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_KEY_MNG_ID,
+        .mask = PSA_KEY_MNG,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_RNG_ID,
+        .mask = PSA_RNG,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_CRYPTO_FREE_ID,
+        .mask = PSA_CRYPTO_FREE,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_GENERATOR_ID,
+        .mask = PSA_GENERATOR,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+};
+
+
+static osRtxMutex_t psa_f_mutex = {0};
+static const osMutexAttr_t psa_f_mutex_attr = {
+    .name = "psa_f_mutex",
+    .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
+    .cb_mem = &psa_f_mutex,
+    .cb_size = sizeof(psa_f_mutex),
+};
+
+
+extern void part_main(void *ptr);
+
+void psa_f_init(spm_partition_t *partition)
+{
+    if (NULL == partition) {
+        SPM_PANIC("partition is NULL!\n");
+    }
+
+    partition->mutex = osMutexNew(&psa_f_mutex_attr);
+    if (NULL == partition->mutex) {
+        SPM_PANIC("Failed to create mutex for secure partition psa_f!\n");
+    }
+
+    for (uint32_t i = 0; i < PSA_F_ROT_SRV_COUNT; ++i) {
+        psa_f_rot_services[i].partition = partition;
+    }
+    partition->rot_services = psa_f_rot_services;
+
+    partition->thread_id = osThreadNew(part_main, NULL, &psa_f_thread_attr);
+    if (NULL == partition->thread_id) {
+        SPM_PANIC("Failed to create start main thread of partition psa_f!\n");
+    }
+}

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.h

@@ -0,0 +1,79 @@
+/* Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_PSA_F_PARTITION_H
+#define PSA_PSA_F_PARTITION_H
+
+#define PSA_F_ID 35
+
+#define PSA_F_ROT_SRV_COUNT (10UL)
+#define PSA_F_EXT_ROT_SRV_COUNT (0UL)
+
+/* PSA_F event flags */
+#define PSA_F_RESERVED1_POS (1UL)
+#define PSA_F_RESERVED1_MSK (1UL << PSA_F_RESERVED1_POS)
+
+#define PSA_F_RESERVED2_POS (2UL)
+#define PSA_F_RESERVED2_MSK (1UL << PSA_F_RESERVED2_POS)
+
+
+
+#define PSA_CRYPTO_INIT_POS (4UL)
+#define PSA_CRYPTO_INIT (1UL << PSA_CRYPTO_INIT_POS)
+#define PSA_MAC_POS (5UL)
+#define PSA_MAC (1UL << PSA_MAC_POS)
+#define PSA_HASH_POS (6UL)
+#define PSA_HASH (1UL << PSA_HASH_POS)
+#define PSA_ASYMMETRIC_POS (7UL)
+#define PSA_ASYMMETRIC (1UL << PSA_ASYMMETRIC_POS)
+#define PSA_SYMMETRIC_POS (8UL)
+#define PSA_SYMMETRIC (1UL << PSA_SYMMETRIC_POS)
+#define PSA_AEAD_POS (9UL)
+#define PSA_AEAD (1UL << PSA_AEAD_POS)
+#define PSA_KEY_MNG_POS (10UL)
+#define PSA_KEY_MNG (1UL << PSA_KEY_MNG_POS)
+#define PSA_RNG_POS (11UL)
+#define PSA_RNG (1UL << PSA_RNG_POS)
+#define PSA_CRYPTO_FREE_POS (12UL)
+#define PSA_CRYPTO_FREE (1UL << PSA_CRYPTO_FREE_POS)
+#define PSA_GENERATOR_POS (13UL)
+#define PSA_GENERATOR (1UL << PSA_GENERATOR_POS)
+
+#define PSA_F_WAIT_ANY_SID_MSK (\
+    PSA_CRYPTO_INIT | \
+    PSA_MAC | \
+    PSA_HASH | \
+    PSA_ASYMMETRIC | \
+    PSA_SYMMETRIC | \
+    PSA_AEAD | \
+    PSA_KEY_MNG | \
+    PSA_RNG | \
+    PSA_CRYPTO_FREE | \
+    PSA_GENERATOR)
+
+/*
+#define PSA_F_WAIT_ANY_MSK (\
+    PSA_F_WAIT_ANY_SID_MSK) | \
+    PSA_DOORBELL)
+*/
+
+
+#endif // PSA_PSA_F_PARTITION_H

components/TARGET_PSA/services/crypto/crypto_partition_psa.json

@@ -0,0 +1,94 @@
+{
+  "name": "PSA_F",
+  "type": "APPLICATION-ROT",
+  "priority": "NORMAL",
+  "id": "0x00000023",
+  "entry_point": "part_main",
+  "stack_size": "0x4000",
+  "heap_size": "0x400",
+  "services": [
+    {
+      "name": "PSA_CRYPTO_INIT_ID",
+      "identifier": "0x00000F00",
+      "signal": "PSA_CRYPTO_INIT",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_MAC_ID",
+      "identifier": "0x00000F01",
+      "signal": "PSA_MAC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_HASH_ID",
+      "identifier": "0x00000F02",
+      "signal": "PSA_HASH",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_ASYMMETRIC_ID",
+      "identifier": "0x00000F03",
+      "signal": "PSA_ASYMMETRIC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_SYMMETRIC_ID",
+      "identifier": "0x00000F04",
+      "signal": "PSA_SYMMETRIC",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_AEAD_ID",
+      "identifier": "0x00000F05",
+      "signal": "PSA_AEAD",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_KEY_MNG_ID",
+      "identifier": "0x00000F06",
+      "signal": "PSA_KEY_MNG",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_RNG_ID",
+      "identifier": "0x00000F07",
+      "signal": "PSA_RNG",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_CRYPTO_FREE_ID",
+      "identifier": "0x00000F08",
+      "signal": "PSA_CRYPTO_FREE",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_GENERATOR_ID",
+      "identifier": "0x00000F09",
+      "signal": "PSA_GENERATOR",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
+    }
+  ],
+  "source_files": [
+    "COMPONENT_SPE/psa_crypto_partition.c"
+  ]
+}

components/TARGET_PSA/services/crypto/psa_psa_f_ifs.h

@@ -0,0 +1,36 @@
+/* Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#ifndef PSA_PSA_F_PARTITION_ROT_SERVICES_H
+#define PSA_PSA_F_PARTITION_ROT_SERVICES_H
+
+#define PSA_CRYPTO_INIT_ID 0x00000F00
+#define PSA_MAC_ID 0x00000F01
+#define PSA_HASH_ID 0x00000F02
+#define PSA_ASYMMETRIC_ID 0x00000F03
+#define PSA_SYMMETRIC_ID 0x00000F04
+#define PSA_AEAD_ID 0x00000F05
+#define PSA_KEY_MNG_ID 0x00000F06
+#define PSA_RNG_ID 0x00000F07
+#define PSA_CRYPTO_FREE_ID 0x00000F08
+#define PSA_GENERATOR_ID 0x00000F09
+
+#endif // PSA_PSA_F_PARTITION_ROT_SERVICES_H

components/TARGET_PSA/spm/COMPONENT_SPE/psa_setup.c

@@ -27,11 +27,23 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
 __attribute__((weak))
-spm_partition_t g_partitions[1] = {
+spm_partition_t g_partitions[2] = {
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -55,6 +67,7 @@ __attribute__((weak))
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 __attribute__((weak))
@@ -64,9 +77,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    its_init(&(g_partitions[0]));
+    psa_f_init(&(g_partitions[0]));
+    its_init(&(g_partitions[1]));
 
     *partitions = g_partitions;
-    return 1;
+    return 2;
 }