aboutsummaryrefslogtreecommitdiff
path: root/platform/ext/common
diff options
context:
space:
mode:
authorSummer Qin <summer.qin@arm.com>2020-12-07 14:03:37 +0800
committerSummer Qin <summer.qin@arm.com>2021-05-08 10:31:08 +0800
commita5448d601df8de06837ecfe8010c22253e3fb4be (patch)
treeefa1dedd515823ba330ecd6b8e5f07d37ffbb5ff /platform/ext/common
parentd36e51fda4395aabb7a735262f9a5b836963b78d (diff)
downloadtrusted-firmware-m-a5448d601df8de06837ecfe8010c22253e3fb4be.tar.gz
Crypto: Add support for NV seed entropy
Add support for NV seed entropy based on MbedTLS in Crypto service. Seed read and write operations use ITS services. Currently, only support in IPC model since library model doesn't allow one partition call another one during partition init process. Port a reference implementation on AN521. Change-Id: I4b5dd5ed667509a94a03efd97b80dd7420d9621e Signed-off-by: Summer Qin <summer.qin@arm.com>
Diffstat (limited to 'platform/ext/common')
-rw-r--r--platform/ext/common/template/crypto_dummy_nv_seed.c29
-rw-r--r--platform/ext/common/template/crypto_nv_seed.c39
2 files changed, 68 insertions, 0 deletions
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c
new file mode 100644
index 0000000000..cb21fc79bb
--- /dev/null
+++ b/platform/ext/common/template/crypto_dummy_nv_seed.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "mbedtls/entropy.h"
+#include "tfm_plat_crypto_dummy_nv_seed.h"
+
+/* NOTE: The seed value here is only an example, please do not use it in
+ * production. Platform vendor should implement their own seed value.
+ */
+const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = {
+ 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78,
+ 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca,
+ 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79,
+ 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85,
+ 0xde, 0xc4, 0x5f, 0x66, 0x21, 0x52, 0xf9, 0x39,
+ 0xd9, 0x77, 0x93, 0x28, 0xb0, 0x5e, 0x02, 0xfa,
+ 0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb,
+ 0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66,
+};
+
+int tfm_plat_crypto_create_entropy_seed(void)
+{
+ return tfm_plat_crypto_nv_seed_write(seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+}
diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c
new file mode 100644
index 0000000000..97535da064
--- /dev/null
+++ b/platform/ext/common/template/crypto_nv_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stddef.h>
+#include "tfm_plat_crypto_nv_seed.h"
+#include "psa/internal_trusted_storage.h"
+
+int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+ size_t data_length = 0;
+
+ status = psa_its_get(uid, 0, buf_len, buf, &data_length);
+
+ if (status == PSA_SUCCESS && data_length == buf_len) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}
+
+int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+
+ status = psa_its_set(uid, buf_len, buf, 0);
+
+ if (status == PSA_SUCCESS) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}