This commit adds post binary hook support for TF-M targets.
To apply this hook to a TF-M target, do the following in the target's
`CMakeLists.txt`:
* include `mbed_set_post_build_tfm.cmake`
* call `mbed_post_build_tfm_sign_image()`, passing
- Mbed OS target name
- TF-M target name
- path containing the target's bootloader, layout files and signing
keys
- path to the secure binary
- path to the non-secure binary (i.e. the "raw" Mbed application)
Mbed TLS 2.24.0 requires a few new macros and an inline function in
the PSA Crypto header. This PR adds them to make sure the TF-M v1.0
target (specifically CYTFM_064B0S2_4343W) continues to compile with
the new Mbed TLS.
Note: Support for older versions of TF-M than v1.2 will be dropped,
so existing TF-M targets should migrate to TF-M v1.2 as soon as
possible.
Setting/getting key enrollment algorithm is not recommended and not
part of the vanilla PSA or TF-M. For now keep the API just for
backward compatibility with existing projects, and this commit
adds deprecation warnings.
Add `psa_set_key_enrollment_algorithm()` and
`psa_get_key_enrollment_algorithm()` for TF-M targets.
Note: This is deprecated and for backward compatibility only.
Setting an enrollment algorithm is not recommended, because
using the same key with different algorithms can allow some
attacks based on arithmetic relations between different
computations made with the same key, or can escalate harmless
side channels into exploitable ones. Use this function only
if it is necessary to support a protocol for which it has been
verified that the usage of the key with multiple algorithms
is safe.
The PSA headers imported from TF-M does not contain a declaration of
mbedtls_ecc_group_to_psa(), which is expected by pk.c from Mbed TLS.
This leads to an "undefined symbol" error when using the ARM toolchain
to compile an application for a TF-M target.
These files have been imported/copied from:
* ARMmbed/trusted-firmware-m
* ARMmbed/tf-m-tests
These are generic files, which are required for TF-M v1.2 integration
with Mbed OS for PSA_V8M and PSA_DUAL_CORE targets.
Rather than maintaining a specific `TARGET_TFM_V1_x`, its better to use
more generic name `TARGET_TFM_LATEST` to avoid confusion on the latest
TFM version supported by Mbed OS
* Rename the folder from `TARGET_TFM_V1_1` to `TARGET_TFM_LATEST`
* Update the CmakeLists.txt
* Change the name of the MUSCA targets to maintain uniformity
with TF-M v1.2
* Update target.json for PSA_V8_M to use `TFM_LATEST`
Files have been automatically imported by setting MBED_TLS_RELEASE to
mbedtls-2.24.0 in connectivity/mbedtls/tools/importer/Makefile and
running `make` in that directory.
Aside from the core mbed-os CMake target, a number of targets have been created so they can optionally be included by application executables that require them using `target_link_libraries()`.
Co-authored-by: Martin Kojtal <martin.kojtal@arm.com>
Co-authored-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@arm.com>
Lingkai Dong
Vikas Katariya
Hugues Kamba
Hugues Kamba
Moshe Shahar
Rajkumar Kanagaraj