Mbed TLS 2.24.0 requires a few new macros and an inline function in
the PSA Crypto header. This PR adds them to make sure the TF-M v1.0
target (specifically CYTFM_064B0S2_4343W) continues to compile with
the new Mbed TLS.
Note: Support for older versions of TF-M than v1.2 will be dropped,
so existing TF-M targets should migrate to TF-M v1.2 as soon as
possible.
Mbed TLS 2.24.0 has added a new function mbedtls_ecp_write_key()
which is the reverse of the existing mbedtls_ecp_read_key(). This
function should be platform agnostic, but needs to be copied into
Cypress's hardware-accelerated ECP driver as part of the updated
API.
The Mbed TLS importer accidentally imports Makefile and .gitignore
from Mbed TLS's `library/` directory. This commit restricts the
pattern to .h and .c files only, and removes the unnecessary files.
In targets.json, ARM_MUSCA_B1 and ARM_MUSCA_S1 have alias target
names suffixed with `_NS`. They are identical to targets without
`_NS` and exist purely for compatibility with the old naming
convention we had. The CI builds them as separate targets and uses
extra resources.
As we are upgrading Musca targets to TF-M v1.2, it's time to clean
up the aliases.
Setting/getting key enrollment algorithm is not recommended and not
part of the vanilla PSA or TF-M. For now keep the API just for
backward compatibility with existing projects, and this commit
adds deprecation warnings.
Add `psa_set_key_enrollment_algorithm()` and
`psa_get_key_enrollment_algorithm()` for TF-M targets.
Note: This is deprecated and for backward compatibility only.
Setting an enrollment algorithm is not recommended, because
using the same key with different algorithms can allow some
attacks based on arithmetic relations between different
computations made with the same key, or can escalate harmless
side channels into exploitable ones. Use this function only
if it is necessary to support a protocol for which it has been
verified that the usage of the key with multiple algorithms
is safe.
The vector table needs to be copied from ROM to RAM, in order for us
to set IRQ handlers at run time. The address in RAM is defined by
`NVIC_RAM_VECTOR_ADDRESS` in `cmsis_nvic.h`, but its inclusion
was missing from Musca S1's `cmsis.h` and consequently the vector
table was not copied.
On most targets this results in a memory access error when we set
vectors. But Musca S1's ROM is in its MRAM (which can be accessed
like any RAMs), and this causes the ROM image to be modified
with no error/warning. On the next boot, MCUboot fails the image
integrity check.
This commit adds the missing include, in the same spirit as
01dd997d55.
The script changes are required with respect to TF-M v1.2
integration for this target. The imgtool.py is been replaced with
`wrapper.py` which uses click command to run the signing algorithm.
The version `-v` and dependencies `-d` have been updated to resolve
upgrade issues from TF-M v1.1 --> v1.2
Martin Kojtal
Harrison Mutai
Arto Kinnunen
Ladislas de Toldi
Lingkai Dong
George Beckstein
Vikas Katariya