All MBED_SPM targets have been removed previously, via commits
5cc66282dd ("PSOC6: remove PSA targets") and 115b09aba43b ("psoc6:
Remove FUTURE_SEQUANA and FUTURE_SEQUANA_M0"). Remove all the dead
MBED_SPM code, as no targets use it.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
At these locations, psa_key_attribute variables are used without
initialisation. The function getting it (psa_get_key_attributes),
is freeing attributes->domain_parameters, which can contain random
address from the stack.
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
Add a "used" attribute to SVCHandler_main/tfm_pendsv_do_schedule to fix ARMC6 build with
the "-flto" flag.
This attribute, attached to a function/variable, means that code must be emitted
for the function even if it appears that the function is not referenced.
Default NS lock functions use mutex to guarantee serialization into secure world.
But this mechanism doesn't support pre-rtos and interrupt-disabled.
This commit changes these functions to weak so that platform can override them to provide another mechanism.
This approach is just what TF-M repository is adopting.
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1460
The size stated in the struct header was 0xB0, however
the actual size(including the header) is 0xAC. Changed the
len value in the header, to avoid memory corruption.
Raised in #12171
Update Mbed OS's PSA Crypto service to work with Mbed Crypto 3.x.
- psa_asymmetric_verify() is now called psa_verify_hash().
- psa_asymmetric_sign() is now called psa_sign_hash().
Compatibilty wrappers are provided via crypto_compat.h for source-level
backwards compatibility.
As the `psa` library is not included in the baremetal profile, perform
a TFM system reset only if the `psa` library is included in
the build otherwise perform a normal CMSIS system reset.
To support online compiler build for PSA targets, some files are
auto-generated (LPC55S69_NS and ARM_MUSCA_A1_NS) by the script
from offline build system. Since these files are identical for these
V8-M targets it would be good to check them in to support online
compiler as they are COMPONENT_SPE and services related.
In folder: components/TARGET_PSA/
--TARGET_MBED_SPM
--COMPONENT_SPE
psa_setup.c
--TARGET_TFM
--COMPONENT_SPE
--inc
tfm_partition_defs.inc
tfm_partition_list.inc
tfm_service_list.inc
tfm_spm_signal_defs.h
--services
--inc
autogen_sid.h
mbed_spm_partitions.h
Signed-off-by: Vikas Katariya <Vikas.Katariya@arm.com>
This is related to https://github.com/ARMmbed/mbed-os/issues/11256
When TARGET_PSA is enabled on Cortex-A boards, the SECURE
is redeclared. So to minimize the impact we can redeclare this in
val.h which is used only by Mbed. And `security_t` itself is used in
mbed-os\components\TARGET_PSA\TESTS, but the SECURE string is not used.
Renamed to `caller_security_t` which aligns with
https://github.com/ARM-software/psa-arch-tests
If psa_attestation_inject_key() is called twice, exit with a non-fatal
error status without attempting to create another attestation key. The
key already exists and doesn't need to be added again.
Make the service implementation use the same names as the API as
declared in the crypto.h header. This improves readability and
maintainability of the service.
PSA_CRYPTO_INIT is defined as a service identifier. We don't need to
redefine it as a secure function. There is only one function under this
service identifier, so no secure function definitions are necessary to
differentiate between.
Make crypto_struct_ipc.h (for use with PSA Crypto clients) match style
with the file it is based on, crypto_struct.h (from Mbed Crypto). This
helps to keep the file diff minimal so it's easy to see the meaningful
(non-style) changes.
We'll use the new ARM-software/psa-arch-tests directly instead for PSA
Crypto API 1.0b3. This commit removes the crypto compliance tests only
for now, leaving attestation and storage tests.
- Add the no confidentiality & no replay protection flags
- Add actual size parameter in PS/ITS get APIs
- Change a few size parameters from uint32_t to size_t
Static keyword causes problems when trying to use force-inlined
functions from normal inlined functions. This is not legal:
static inline void forced() { }
inline void normal() { forced(); }
You cannot reference internal-linkage things from external-linkage
inline functions.
Removal of the static implies that in C there would need to be a
non-inline definition in case anyone calls it non-inlined, but if the
force attribute is doing its job, that should not happen.
Only significant in-tree user of the MBED_FORCEINLINE macro is
the atomic operations - making this change permits atomic operations
from non-static inline functions.
- Link to bug tracking: https://developer.trustedfirmware.org/T240
The issue is fixed by TF-M team. However they autogenerate region details
(code, ro, rw, zi and stack ) using linker scripts and in mbed-os we
also autogenerate region details but using mix of service definition in
json file and other template files.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
compiler errors as mbed-cli only generates "-D" macros only for
"macros" defined in targets.json
TF-M task link: https://developer.trustedfirmware.org/T396
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
- Remove un-needed files
- Disable printf and uart
- Modify include paths
- Guard macros from mbed_lib with ifndef
(cherry picked from commit 1f30b52488)
(cherry picked from commit 71cd34df32)
(cherry picked from commit 185d2865da)
(cherry picked from commit fb068d2cb4)
Jaeden Amero
Hugues Kamba
Martin Kojtal
Gabor Abonyi
Maciej Bocianski
Chun-Chieh Li
Ron Eldor
Veijo Pesonen
RAJKUMAR KANAGARAJ
Vikas Katariya
David Saada
Kevin Bracey
Devaraj Ranganna
Michael Schwarcz
Anna Bridge