diff options
author | Summer Qin <summer.qin@arm.com> | 2020-12-07 14:03:37 +0800 |
---|---|---|
committer | Summer Qin <summer.qin@arm.com> | 2021-05-08 10:31:08 +0800 |
commit | a5448d601df8de06837ecfe8010c22253e3fb4be (patch) | |
tree | efa1dedd515823ba330ecd6b8e5f07d37ffbb5ff /platform/ext/common | |
parent | d36e51fda4395aabb7a735262f9a5b836963b78d (diff) | |
download | trusted-firmware-m-a5448d601df8de06837ecfe8010c22253e3fb4be.tar.gz |
Crypto: Add support for NV seed entropy
Add support for NV seed entropy based on MbedTLS in Crypto service.
Seed read and write operations use ITS services. Currently, only
support in IPC model since library model doesn't allow one partition
call another one during partition init process.
Port a reference implementation on AN521.
Change-Id: I4b5dd5ed667509a94a03efd97b80dd7420d9621e
Signed-off-by: Summer Qin <summer.qin@arm.com>
Diffstat (limited to 'platform/ext/common')
-rw-r--r-- | platform/ext/common/template/crypto_dummy_nv_seed.c | 29 | ||||
-rw-r--r-- | platform/ext/common/template/crypto_nv_seed.c | 39 |
2 files changed, 68 insertions, 0 deletions
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c new file mode 100644 index 0000000000..cb21fc79bb --- /dev/null +++ b/platform/ext/common/template/crypto_dummy_nv_seed.c @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include "mbedtls/entropy.h" +#include "tfm_plat_crypto_dummy_nv_seed.h" + +/* NOTE: The seed value here is only an example, please do not use it in + * production. Platform vendor should implement their own seed value. + */ +const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = { + 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78, + 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca, + 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79, + 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85, + 0xde, 0xc4, 0x5f, 0x66, 0x21, 0x52, 0xf9, 0x39, + 0xd9, 0x77, 0x93, 0x28, 0xb0, 0x5e, 0x02, 0xfa, + 0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb, + 0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66, +}; + +int tfm_plat_crypto_create_entropy_seed(void) +{ + return tfm_plat_crypto_nv_seed_write(seed_value, + MBEDTLS_ENTROPY_BLOCK_SIZE); +} diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c new file mode 100644 index 0000000000..97535da064 --- /dev/null +++ b/platform/ext/common/template/crypto_nv_seed.c @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <stddef.h> +#include "tfm_plat_crypto_nv_seed.h" +#include "psa/internal_trusted_storage.h" + +int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len) +{ + psa_storage_uid_t uid = NV_SEED_FILE_ID; + psa_status_t status; + size_t data_length = 0; + + status = psa_its_get(uid, 0, buf_len, buf, &data_length); + + if (status == PSA_SUCCESS && data_length == buf_len) { + return TFM_CRYPTO_NV_SEED_SUCCESS; + } else { + return TFM_CRYPTO_NV_SEED_FAILED; + } +} + +int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len) +{ + psa_storage_uid_t uid = NV_SEED_FILE_ID; + psa_status_t status; + + status = psa_its_set(uid, buf_len, buf, 0); + + if (status == PSA_SUCCESS) { + return TFM_CRYPTO_NV_SEED_SUCCESS; + } else { + return TFM_CRYPTO_NV_SEED_FAILED; + } +} |