Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
TF-M provides its own PSA headers for TF-M targets. Single v7-M targets
need to get PSA crypto from Mbed Crypto.
Note that we don't yet move crypto_struct.h to its new location. This is
to avoid breaking v8-M targets for the time being. When TF-M provides
the PSA implementation on v8-M, we will add crypto_struct.h to the
correct place.
Likewise, none of the PSA-implementing source is moved out of
COMPONENT_PSA_SRV_IMPL yet, as still must not be built for PSA NS
targets. When PSA NS targets switch to using TF-M provided
implementations rather than MBED_PSA_SRV, we can take the source out of
COMPONENT_PSA_SRV_IMPL.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Mbed Crypto has been remerged back into Mbed TLS. Update the
Mbed TLS importer script with the relevant parts of the
Mbed Crypto importer.
Signed-off-by: Darryl Green <darryl.green@arm.com>
Both Mbed TLS and Mbed Crypto libraries doesn't contain
`apache-2.0.txt` anymore. Do not access those files in the importer
script.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
In Mbed OS, there are configuration options with Mbed TLS that we
are more comfortable allowing than we do with Mbed TLS on its own.
Add a check-config adjusting script to enable removing or changing
options in check_config.h
When importing development releases of Mbed TLS into Mbed OS, it is
useful to be able to know a the particular git commit hash that was
imported. This change avoids ever creating a VERSION.txt for Mbed TLS
containing only "development", which is fairly useless since one doesn't
know where the development branch was at the time of import.
Before moving to the new release of Mbed TLS, this moves the default imported
version of Mbed TLS to the development branch, and will import the HEAD of the
branch, not just a specific release.
This commit makes the repo used to import new Mbed TLS versions into Mbed OS
a parameter, to allow CI scripts (and any other script or users) to specify
specific repos to use for testing.
The crypto hardware acceleration might require defining a lot of mbed
TLS specific macros. Enumerating all of them in `targets.json` creates
too much noise, therefore we move it into a target specific mbed TLS
header.
The target with crypto hardware acceleration has to
- indicate its capability in `targets.json` by adding "CRYPTO"
to the "device_has" section
- has to define his crypto hardware acceleration related macros
in an `mbedtls_device.h` header
- place the `mbedtls_device.h` file in the
`features/mbedtls/targets/TARGET_XXXX`
directory specific to the target
Update the current version of mbed TLS with the development HEAD of the
mbed TLS project repository. This mostly includes the latest CMAC
feature. Also, update the version in the importer Makefile and
VERSION.txt with the hash of the mbed TLS commit that was sync'ed.
Devaraj Ranganna
Darryl Green
Jaeden Amero
k-stachowiak
Simon Butcher
Jaeden Amero
Mohammad AboMokh
Krzysztof Stachowiak
Martin Kojtal
Andres Amaya Garcia
Azim Khan
Hanno Becker
Janos Follath
Sam Grove