Configure Mbed TLS to automatically enable PSA as needed. When Mbed OS
is configured to use PSA, configure Mbed TLS to use PSA. This prevents
leaking of the "how to make Mbed TLS use PSA" knowledge up into
targets.json, and thus makes porting simpler. There is now one place
where "how to make TLS use PSA" exists rather than repeated throughout
targets.json for each target that can't inherit from PSA_Target.
Add a script to parse `targets.json` to identify PSA targets and ensure
mandatory parameters are configured correctly for all PSA targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
The API is_PSA_non_secure_target() uses obsolete labels to detect if a
target is PSA non-secure target and is not needed anymore.
Mbed OS depends on TF-M for PSA SPM and services. TF-M is built using
it's own build system. Therefore, we don't need to differentiate secure
and non-secure targets anymore in Mbed OS as all PSA targets in Mbed OS
are non-secure targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Current logic `is_TFM_target` relies on the availability of attribute
`tfm_target_name` to identify PSA targets. The API `is_TFM_target` is
used in pytest to validate PSA target configuration which again checks
the availability of `tfm_target_name`. If a target doesn't contain the
attribute `tfm_target_name` then this check will fail instead of
catching it. Therefore, we now check for `TFM` config option in `labels`
attribute.
The API `is_TFM_target()` returns true for Mbed OS PSA targets which are
supported by TF-M also.
Add a new API `is_PSA_target()` which returns true for all Mbed OS PSA
targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Mbed Crypto 3.0.1 ships with TF-M. To make Mbed TLS 2.22.0 compatible
with Mbed Crypto 3.0.1, changes are needed in psa_util.h (which
abstracts some portions of the PSA Crypto API for use with TLS) to deal
with new ECC curve define changes.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The header `cmsis_nvic.h` defines vector start address in RAM
`NVIC_RAM_VECTOR_ADDRESS` which is used in
`mbed_boot.c:mbed_cpy_nvic()`. But `mbed_boot.c` only includes
`cmsis.h`. Due to this `mbed_cpy_nvic` becomes an empty function and the
vectors don't get relocated to RAM. This causes BusFault error when Mbed
OS tries to update any of the IRQ handlers.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
BL2 macro is used in `region_defs.h` to define the `BL2_HEADER_SIZE`.
Without BL2 macro, `BL2_HEADER_SIZE` is set to 0. This leads to
incorrect start address (Reset_Handler of Mbed OS) derived by TF-M based
on `region_defs.h` and BL2 macro.
BL2 macro is set for MUSCA B in TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Currently, the final binary (TF-M + Mbed OS) is signed after
concatenating TF-M and Mbed OS binaries. But TF-M signs the images
separately and then concatenates them. Update the Musca B1 signing
strategy to match TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Use instead the general TF-M v8-M virtual NVIC which will be added in
the commit that replaces Mbed PSA with TF-M PSA:
features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
When python3 is enforced to build the ARM_MUSCA_A1 or ARM_MUSCA_B1
targets, it is unable to find binary utility tool scripts which are
imported from TF-M.
The reason to use the python3 environment is as follows: Mbed OS + TFM
contained a faulty boot record TLV, which failed the attestation test
(TF-M regression). The data in the boot record TLV will be included in
the generated attestation token as 1 item in the SW_COMPONENTS claim.
This data (in the boot record TLV) is pre-encoded in CBOR format at
build time and appended to the image during the image signing process
(done by the imgtool Python3 script).
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>