aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bl2/CMakeLists.txt2
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt4
-rw-r--r--bl2/ext/mcuboot/scripts/macro_parser.py5
-rwxr-xr-xbl2/ext/mcuboot/scripts/wrapper/wrapper.py8
-rw-r--r--bl2/ext/mcuboot/signing_layout.c.in7
-rw-r--r--bl2/src/shared_data.c3
-rw-r--r--cmake/install.cmake5
-rw-r--r--config/check_config.cmake5
-rw-r--r--config/config_default.cmake21
-rw-r--r--config/profile/profile_medium.cmake4
-rw-r--r--config/profile/profile_small.cmake9
-rw-r--r--docs/_static/images/tfm-contribution.pngbin0 -> 20538 bytes
-rw-r--r--docs/_static/images/tfm-documentation.pngbin0 -> 16947 bytes
-rw-r--r--docs/_static/images/tfm-integration.pngbin0 -> 22680 bytes
-rw-r--r--docs/_static/images/tfm-introduction.pngbin0 -> 20414 bytes
-rw-r--r--docs/_static/images/tfm-platform.pngbin0 -> 21364 bytes
-rw-r--r--docs/_static/images/tfm-reference.pngbin0 -> 20717 bytes
-rw-r--r--docs/_static/images/tfm-release.pngbin0 -> 26566 bytes
-rw-r--r--docs/_static/images/tfm.pngbin4020 -> 17633 bytes
-rw-r--r--docs/getting_started/index.rst1
-rw-r--r--docs/getting_started/tfm_build_instruction.rst26
-rw-r--r--docs/getting_started/tfm_build_instruction_iar.rst8
-rw-r--r--docs/getting_started/tfm_user_guide.rst4
-rw-r--r--docs/index.rst22
-rw-r--r--docs/integration_guide/SQUAD_Dashboard.rst113
-rw-r--r--docs/integration_guide/services/tfm_attestation_integration_guide.rst37
-rw-r--r--docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst2
-rw-r--r--docs/integration_guide/services/tfm_secure_partition_addition.rst19
-rw-r--r--docs/releases/1.3.0.rst2
-rw-r--r--docs/releases/index.rst17
-rw-r--r--docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst209
-rw-r--r--docs/security/security_advisories/index.rst4
-rw-r--r--docs/security/threat_models/generic_threat_model.rst10
-rw-r--r--docs/technical_references/code_sharing.rst1
-rw-r--r--docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst69
-rw-r--r--docs/technical_references/index.rst3
-rw-r--r--docs/technical_references/profiles/tfm_profile_large.rst4
-rw-r--r--docs/technical_references/profiles/tfm_profile_medium.rst64
-rw-r--r--docs/technical_references/profiles/tfm_profile_small.rst8
-rw-r--r--docs/technical_references/secure_enclave_solution.rst1
-rw-r--r--docs/technical_references/tfm_code_generation_with_jinja2.rst4
-rw-r--r--docs/technical_references/tfm_fwu_service.rst94
-rw-r--r--docs/technical_references/tfm_its_512_flash.rst2
-rw-r--r--docs/technical_references/tfm_non_secure_client_management.rst76
-rw-r--r--docs/technical_references/tfm_partition_and_service_design_document.rst2
-rw-r--r--docs/technical_references/tfm_physical_attack_mitigation.rst7
-rw-r--r--docs/technical_references/tfm_secure_boot.rst11
-rw-r--r--docs/technical_references/tfm_secure_irq_handling.rst9
-rw-r--r--docs/technical_references/tfm_secure_partition_interrupt_handling.rst39
-rw-r--r--interface/include/psa/client.h8
-rw-r--r--interface/include/psa/crypto.h40
-rw-r--r--interface/include/psa/crypto_compat.h24
-rw-r--r--interface/include/psa/crypto_sizes.h574
-rw-r--r--interface/include/psa/crypto_types.h79
-rw-r--r--interface/include/psa/crypto_values.h177
-rw-r--r--interface/include/psa/initial_attestation.h22
-rw-r--r--interface/include/psa/update.h4
-rw-r--r--interface/include/tfm_api.h1
-rw-r--r--interface/src/psa/psa_client.c10
-rw-r--r--interface/src/psa/psa_lifecycle.c5
-rw-r--r--interface/src/psa/psa_service.c3
-rw-r--r--interface/src/tfm_crypto_func_api.c25
-rw-r--r--interface/src/tfm_crypto_ipc_api.c239
-rw-r--r--interface/src/tfm_firmware_update_func_api.c7
-rw-r--r--interface/src/tfm_firmware_update_ipc_api.c7
-rw-r--r--interface/src/tfm_initial_attestation_func_api.c22
-rw-r--r--interface/src/tfm_initial_attestation_ipc_api.c29
-rw-r--r--interface/src/tfm_psa_ns_api.c7
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/secure_enclave/dx_reg_base_host.h (renamed from lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/secure_enclave/dx_reg_base_host.h)0
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/sse_200/dx_reg_base_host.h (renamed from lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/sse_200/dx_reg_base_host.h)0
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_s1/dx_reg_base_host.h (renamed from lib/ext/cryptocell-312-runtime/shared/hw/include/musca_s1/dx_reg_base_host.h)0
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/mps2.cm33/dx_reg_base_host.h26
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/mps2/dx_reg_base_host.h25
-rw-r--r--lib/ext/cryptocell-312-runtime/shared/hw/include/zynq/dx_reg_base_host.h24
-rw-r--r--lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch64
-rw-r--r--lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch86
-rw-r--r--lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch78
-rwxr-xr-xplatform/CMakeLists.txt4
-rw-r--r--platform/ext/common/armclang/tfm_common_s.sct5
-rw-r--r--platform/ext/common/armclang/tfm_isolation_l3.sct.template5
-rw-r--r--platform/ext/common/gcc/tfm_common_s.ld9
-rw-r--r--platform/ext/common/gcc/tfm_isolation_l3.ld.template9
-rw-r--r--platform/ext/common/iar/tfm_common_s.icf22
-rw-r--r--platform/ext/common/template/crypto_dummy_nv_seed.c29
-rw-r--r--platform/ext/common/template/crypto_nv_seed.c39
-rw-r--r--platform/ext/common/template/tfm_initial_attest_pub_key.c55
-rw-r--r--platform/ext/common/tfm_hal_sp_logdev_periph.c9
-rw-r--r--platform/ext/index.rst3
-rw-r--r--platform/ext/platform_introduction.rst2
-rw-r--r--platform/ext/target/arm/mps2/an519/CMakeLists.txt (renamed from platform/ext/target/mps2/an519/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/mps2/an519/RTE_Device.h (renamed from platform/ext/target/mps2/an519/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/armclang/mps2_an519_bl2.sct (renamed from platform/ext/target/mps2/an519/armclang/mps2_an519_bl2.sct)0
-rw-r--r--platform/ext/target/arm/mps2/an519/armclang/mps2_an519_ns.sct (renamed from platform/ext/target/mps2/an519/armclang/mps2_an519_ns.sct)0
-rw-r--r--platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s (renamed from platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s (renamed from platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s (renamed from platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/boot_hal.c (renamed from platform/ext/target/mps2/an519/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/cmsis.h (renamed from platform/ext/target/mps2/an519/cmsis_core/cmsis.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/cmsis_cpu.h (renamed from platform/ext/target/mps2/an519/cmsis_core/cmsis_cpu.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/mps2_an519.h (renamed from platform/ext/target/mps2/an519/cmsis_core/mps2_an519.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/platform_irq.h (renamed from platform/ext/target/mps2/an519/cmsis_core/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/platform_regs.h (renamed from platform/ext/target/mps2/an519/cmsis_core/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c (renamed from platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h (renamed from platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_driver_config.h (renamed from platform/ext/target/mps2/an519/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_Flash.c (renamed from platform/ext/target/mps2/an519/cmsis_drivers/Driver_Flash.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_MPC.c (renamed from platform/ext/target/mps2/an519/cmsis_drivers/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_PPC.c (renamed from platform/ext/target/mps2/an519/cmsis_drivers/Driver_PPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_USART.c (renamed from platform/ext/target/mps2/an519/cmsis_drivers/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/config.cmake (renamed from platform/ext/target/mps2/an519/config.cmake)0
-rw-r--r--platform/ext/target/arm/mps2/an519/device_cfg.h (renamed from platform/ext/target/mps2/an519/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/gcc/mps2_an519_bl2.ld (renamed from platform/ext/target/mps2/an519/gcc/mps2_an519_bl2.ld)0
-rw-r--r--platform/ext/target/arm/mps2/an519/gcc/mps2_an519_ns.ld (renamed from platform/ext/target/mps2/an519/gcc/mps2_an519_ns.ld)0
-rw-r--r--platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S (renamed from platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S)0
-rw-r--r--platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S (renamed from platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S)0
-rw-r--r--platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S (renamed from platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S)0
-rw-r--r--platform/ext/target/arm/mps2/an519/iar/mps2_an519_bl2.icf (renamed from platform/ext/target/mps2/an519/iar/mps2_an519_bl2.icf)0
-rw-r--r--platform/ext/target/arm/mps2/an519/iar/mps2_an519_ns.icf (renamed from platform/ext/target/mps2/an519/iar/mps2_an519_ns.icf)0
-rw-r--r--platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s (renamed from platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s (renamed from platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s (renamed from platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.c (renamed from platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.h (renamed from platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.c (renamed from platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.h (renamed from platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.c (renamed from platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.h (renamed from platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.c (renamed from platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.h (renamed from platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c (renamed from platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h (renamed from platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/partition/flash_layout.h (renamed from platform/ext/target/mps2/an519/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/partition/region_defs.h (renamed from platform/ext/target/mps2/an519/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/plat_test.c (renamed from platform/ext/target/mps2/an519/plat_test.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/preload.cmake (renamed from platform/ext/target/mps2/an519/preload.cmake)0
-rw-r--r--platform/ext/target/arm/mps2/an519/retarget/platform_retarget.h (renamed from platform/ext/target/mps2/an519/retarget/platform_retarget.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c (renamed from platform/ext/target/mps2/an519/retarget/platform_retarget_dev.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.h (renamed from platform/ext/target/mps2/an519/retarget/platform_retarget_dev.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/retarget/platform_retarget_pins.h (renamed from platform/ext/target/mps2/an519/retarget/platform_retarget_pins.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/services/src/tfm_platform_system.c (renamed from platform/ext/target/mps2/an519/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/spm_hal.c (renamed from platform/ext/target/mps2/an519/spm_hal.c)6
-rw-r--r--platform/ext/target/arm/mps2/an519/target_cfg.c (renamed from platform/ext/target/mps2/an519/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/target_cfg.h (renamed from platform/ext/target/mps2/an519/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/an519/tfm_hal_isolation.c (renamed from platform/ext/target/mps2/an519/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/mps2/an519/tfm_peripherals_def.h (renamed from platform/ext/target/mps2/an519/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/CMakeLists.txt (renamed from platform/ext/target/mps2/an521/CMakeLists.txt)18
-rw-r--r--platform/ext/target/arm/mps2/an521/RTE_Device.h (renamed from platform/ext/target/mps2/an521/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/armclang/mps2_an521_bl2.sct (renamed from platform/ext/target/mps2/an521/armclang/mps2_an521_bl2.sct)0
-rw-r--r--platform/ext/target/arm/mps2/an521/armclang/mps2_an521_ns.sct (renamed from platform/ext/target/mps2/an521/armclang/mps2_an521_ns.sct)0
-rw-r--r--platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s (renamed from platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s (renamed from platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s (renamed from platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/boot_hal.c (renamed from platform/ext/target/mps2/an521/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/cmsis.h (renamed from platform/ext/target/mps2/an521/cmsis_core/cmsis.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/cmsis_cpu.h (renamed from platform/ext/target/mps2/an521/cmsis_core/cmsis_cpu.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/mps2_an521.h (renamed from platform/ext/target/mps2/an521/cmsis_core/mps2_an521.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/platform_irq.h (renamed from platform/ext/target/mps2/an521/cmsis_core/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/platform_regs.h (renamed from platform/ext/target/mps2/an521/cmsis_core/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c (renamed from platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h (renamed from platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_driver_config.h (renamed from platform/ext/target/mps2/an521/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_Flash.c (renamed from platform/ext/target/mps2/an521/cmsis_drivers/Driver_Flash.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_MPC.c (renamed from platform/ext/target/mps2/an521/cmsis_drivers/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_PPC.c (renamed from platform/ext/target/mps2/an521/cmsis_drivers/Driver_PPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_USART.c (renamed from platform/ext/target/mps2/an521/cmsis_drivers/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/config.cmake13
-rw-r--r--platform/ext/target/arm/mps2/an521/device_cfg.h (renamed from platform/ext/target/mps2/an521/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/gcc/mps2_an521_bl2.ld (renamed from platform/ext/target/mps2/an521/gcc/mps2_an521_bl2.ld)0
-rw-r--r--platform/ext/target/arm/mps2/an521/gcc/mps2_an521_ns.ld (renamed from platform/ext/target/mps2/an521/gcc/mps2_an521_ns.ld)0
-rw-r--r--platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S (renamed from platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S)0
-rw-r--r--platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S (renamed from platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S)0
-rw-r--r--platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S (renamed from platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S)0
-rw-r--r--platform/ext/target/arm/mps2/an521/generated_file_list.yaml (renamed from platform/ext/target/mps2/an521/generated_file_list.yaml)0
-rw-r--r--platform/ext/target/arm/mps2/an521/iar/mps2_an521_bl2.icf (renamed from platform/ext/target/mps2/an521/iar/mps2_an521_bl2.icf)0
-rw-r--r--platform/ext/target/arm/mps2/an521/iar/mps2_an521_ns.icf (renamed from platform/ext/target/mps2/an521/iar/mps2_an521_ns.icf)0
-rw-r--r--platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s (renamed from platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s (renamed from platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s (renamed from platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s)0
-rw-r--r--platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h32
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.c (renamed from platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.h (renamed from platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.c (renamed from platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.h (renamed from platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.c (renamed from platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.h (renamed from platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.c (renamed from platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.h (renamed from platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c (renamed from platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h (renamed from platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/partition/flash_layout.h (renamed from platform/ext/target/mps2/an521/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/partition/region_defs.h (renamed from platform/ext/target/mps2/an521/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/plat_test.c (renamed from platform/ext/target/mps2/an521/plat_test.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/preload.cmake (renamed from platform/ext/target/mps2/an521/preload.cmake)0
-rw-r--r--platform/ext/target/arm/mps2/an521/retarget/platform_retarget.h (renamed from platform/ext/target/mps2/an521/retarget/platform_retarget.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c (renamed from platform/ext/target/mps2/an521/retarget/platform_retarget_dev.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h (renamed from platform/ext/target/mps2/an521/retarget/platform_retarget_dev.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/retarget/platform_retarget_pins.h (renamed from platform/ext/target/mps2/an521/retarget/platform_retarget_pins.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/services/src/tfm_platform_system.c (renamed from platform/ext/target/mps2/an521/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/spm_hal.c (renamed from platform/ext/target/mps2/an521/spm_hal.c)7
-rw-r--r--platform/ext/target/arm/mps2/an521/target_cfg.c (renamed from platform/ext/target/mps2/an521/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/target_cfg.h (renamed from platform/ext/target/mps2/an521/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c (renamed from platform/ext/target/mps2/an521/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/mps2/an521/tfm_peripherals_def.h (renamed from platform/ext/target/mps2/an521/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/mps2/common/smm_mps2.h (renamed from platform/ext/target/mps2/common/smm_mps2.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/CMakeLists.txt (renamed from platform/ext/target/mps2/fvp_sse300/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/boot_hal.c (renamed from platform/ext/target/mps2/fvp_sse300/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h (renamed from platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/config.cmake (renamed from platform/ext/target/mps2/fvp_sse300/config.cmake)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/config/device_cfg.h (renamed from platform/ext/target/mps2/fvp_sse300/device/config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/cmsis.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/device_definition.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_description.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_irq.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_regs.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/include/system_core_init.h (renamed from platform/ext/target/mps2/fvp_sse300/device/include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct (renamed from platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct (renamed from platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/device_definition.c (renamed from platform/ext/target/mps2/fvp_sse300/device/source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf (renamed from platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf (renamed from platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c (renamed from platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c (renamed from platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c (renamed from platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/device/source/system_core_init.c (renamed from platform/ext/target/mps2/fvp_sse300/device/source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h (renamed from platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/partition/flash_layout.h (renamed from platform/ext/target/mps2/fvp_sse300/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/partition/platform_base_address.h (renamed from platform/ext/target/mps2/fvp_sse300/partition/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/partition/region_defs.h (renamed from platform/ext/target/mps2/fvp_sse300/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/plat_test.c (renamed from platform/ext/target/mps2/fvp_sse300/plat_test.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/preload.cmake (renamed from platform/ext/target/mps2/fvp_sse300/preload.cmake)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/services/src/tfm_platform_system.c (renamed from platform/ext/target/mps2/fvp_sse300/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c (renamed from platform/ext/target/mps2/fvp_sse300/spm_hal.c)5
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/target_cfg.c (renamed from platform/ext/target/mps2/fvp_sse300/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/target_cfg.h (renamed from platform/ext/target/mps2/fvp_sse300/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/tfm_hal_isolation.c (renamed from platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/mps2/fvp_sse300/tfm_peripherals_def.h (renamed from platform/ext/target/mps2/fvp_sse300/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/CMakeLists.txt (renamed from platform/ext/target/mps3/an524/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/mps3/an524/boot_hal.c (renamed from platform/ext/target/mps3/an524/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_Flash.c (renamed from platform/ext/target/mps3/an524/cmsis_drivers/Driver_Flash.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_MPC.c (renamed from platform/ext/target/mps3/an524/cmsis_drivers/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_PPC.c (renamed from platform/ext/target/mps3/an524/cmsis_drivers/Driver_PPC.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_USART.c (renamed from platform/ext/target/mps3/an524/cmsis_drivers/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/config/RTE_Device.h (renamed from platform/ext/target/mps3/an524/cmsis_drivers/config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h (renamed from platform/ext/target/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/config.cmake (renamed from platform/ext/target/mps3/an524/config.cmake)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/config/device_cfg.h (renamed from platform/ext/target/mps3/an524/device/config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/cmsis.h (renamed from platform/ext/target/mps3/an524/device/include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/device_definition.h (renamed from platform/ext/target/mps3/an524/device/include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/platform_base_address.h (renamed from platform/ext/target/mps3/an524/device/include/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/platform_description.h (renamed from platform/ext/target/mps3/an524/device/include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/platform_irq.h (renamed from platform/ext/target/mps3/an524/device/include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/platform_pins.h (renamed from platform/ext/target/mps3/an524/device/include/platform_pins.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/platform_regs.h (renamed from platform/ext/target/mps3/an524/device/include/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/include/system_core_init.h (renamed from platform/ext/target/mps3/an524/device/include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_bl2.sct (renamed from platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_bl2.sct)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_ns.sct (renamed from platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_ns.sct)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s (renamed from platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s (renamed from platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s (renamed from platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/device_definition.c (renamed from platform/ext/target/mps3/an524/device/source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_bl2.ld (renamed from platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_bl2.ld)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_ns.ld (renamed from platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_ns.ld)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S (renamed from platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S (renamed from platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S (renamed from platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_bl2.icf (renamed from platform/ext/target/mps3/an524/device/source/iar/mps3_an524_bl2.icf)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_ns.icf (renamed from platform/ext/target/mps3/an524/device/source/iar/mps3_an524_ns.icf)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s (renamed from platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s (renamed from platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s (renamed from platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s)0
-rw-r--r--platform/ext/target/arm/mps3/an524/device/source/system_core_init.c (renamed from platform/ext/target/mps3/an524/device/source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.c (renamed from platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.h (renamed from platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.c (renamed from platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.h (renamed from platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.c (renamed from platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.h (renamed from platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.c (renamed from platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.h (renamed from platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.c (renamed from platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.h (renamed from platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/partition/flash_layout.h (renamed from platform/ext/target/mps3/an524/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/partition/region_defs.h (renamed from platform/ext/target/mps3/an524/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/plat_test.c (renamed from platform/ext/target/mps3/an524/plat_test.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/preload.cmake (renamed from platform/ext/target/mps3/an524/preload.cmake)0
-rw-r--r--platform/ext/target/arm/mps3/an524/services/src/tfm_platform_system.c (renamed from platform/ext/target/mps3/an524/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/spm_hal.c (renamed from platform/ext/target/mps3/an524/spm_hal.c)6
-rw-r--r--platform/ext/target/arm/mps3/an524/target_cfg.c (renamed from platform/ext/target/mps3/an524/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/target_cfg.h (renamed from platform/ext/target/mps3/an524/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps3/an524/tfm_hal_isolation.c (renamed from platform/ext/target/mps3/an524/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/mps3/an524/tfm_peripherals_def.h (renamed from platform/ext/target/mps3/an524/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/CMakeLists.txt (renamed from platform/ext/target/mps3/an547/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/mps3/an547/README.rst (renamed from platform/ext/target/mps3/an547/README.rst)17
-rw-r--r--platform/ext/target/arm/mps3/an547/boot_hal.c (renamed from platform/ext/target/mps3/an547/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c (renamed from platform/ext/target/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_Flash.c (renamed from platform/ext/target/mps3/an547/cmsis_drivers/Driver_Flash.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c (renamed from platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h (renamed from platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_USART.c (renamed from platform/ext/target/mps3/an547/cmsis_drivers/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/config/RTE_Device.h (renamed from platform/ext/target/mps3/an547/cmsis_drivers/config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h (renamed from platform/ext/target/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/config.cmake (renamed from platform/ext/target/mps3/an547/config.cmake)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/config/device_cfg.h (renamed from platform/ext/target/mps3/an547/device/config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/cmsis.h (renamed from platform/ext/target/mps3/an547/device/include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/device_definition.h (renamed from platform/ext/target/mps3/an547/device/include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/platform_description.h (renamed from platform/ext/target/mps3/an547/device/include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/platform_irq.h (renamed from platform/ext/target/mps3/an547/device/include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/platform_pins.h (renamed from platform/ext/target/mps3/an547/device/include/platform_pins.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/platform_regs.h (renamed from platform/ext/target/mps3/an547/device/include/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/include/system_core_init.h (renamed from platform/ext/target/mps3/an547/device/include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/armclang/an547_bl2.sct (renamed from platform/ext/target/mps3/an547/device/source/armclang/an547_bl2.sct)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/armclang/an547_ns.sct (renamed from platform/ext/target/mps3/an547/device/source/armclang/an547_ns.sct)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/device_definition.c (renamed from platform/ext/target/mps3/an547/device/source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/startup_an547_bl2.c (renamed from platform/ext/target/mps3/an547/device/source/startup_an547_bl2.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/startup_an547_ns.c (renamed from platform/ext/target/mps3/an547/device/source/startup_an547_ns.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c (renamed from platform/ext/target/mps3/an547/device/source/startup_an547_s.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/device/source/system_core_init.c (renamed from platform/ext/target/mps3/an547/device/source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.c (renamed from platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.h (renamed from platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/partition/flash_layout.h (renamed from platform/ext/target/mps3/an547/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/partition/platform_base_address.h (renamed from platform/ext/target/mps3/an547/partition/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/partition/region_defs.h (renamed from platform/ext/target/mps3/an547/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/plat_test.c (renamed from platform/ext/target/mps3/an547/plat_test.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/preload.cmake (renamed from platform/ext/target/mps3/an547/preload.cmake)0
-rw-r--r--platform/ext/target/arm/mps3/an547/services/src/tfm_platform_system.c (renamed from platform/ext/target/mps3/an547/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/spm_hal.c (renamed from platform/ext/target/mps3/an547/spm_hal.c)5
-rw-r--r--platform/ext/target/arm/mps3/an547/target_cfg.c (renamed from platform/ext/target/mps3/an547/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/target_cfg.h (renamed from platform/ext/target/mps3/an547/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/mps3/an547/tfm_hal_isolation.c (renamed from platform/ext/target/mps3/an547/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/mps3/an547/tfm_peripherals_def.h (renamed from platform/ext/target/mps3/an547/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c (renamed from platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c (renamed from platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.c (renamed from platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.h (renamed from platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.c (renamed from platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.h (renamed from platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_process_spec_api.h (renamed from platform/ext/target/musca_b1/common/Native_Driver/gfc100_process_spec_api.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.c (renamed from platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.h (renamed from platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c (renamed from platform/ext/target/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c (renamed from platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h (renamed from platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/generated_file_list.yaml (renamed from platform/ext/target/musca_b1/generated_file_list.yaml)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h (renamed from platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h (renamed from platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/CMakeLists.txt (renamed from platform/ext/target/musca_b1/secure_enclave/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Config/device_cfg.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/cmsis.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/device_definition.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_base_address.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_description.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_irq.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/system_core_init.h (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/armclang/musca_b1_secure_enclave_bl2.sct (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/armclang/musca_b1_secure_enclave_bl2.sct)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/armclang/startup_musca_b1_secure_enclave_bl2.s (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/armclang/startup_musca_b1_secure_enclave_bl2.s)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/armclang/startup_musca_b1_secure_enclave_s.s (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/armclang/startup_musca_b1_secure_enclave_s.s)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/device_definition.c (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/gcc/musca_b1_secure_enclave_bl2.ld (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/gcc/musca_b1_secure_enclave_bl2.ld)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/gcc/startup_musca_b1_secure_enclave_bl2.S (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/gcc/startup_musca_b1_secure_enclave_bl2.S)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/gcc/startup_musca_b1_secure_enclave_s.S (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/gcc/startup_musca_b1_secure_enclave_s.S)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/Device/Source/system_core_init.c (renamed from platform/ext/target/musca_b1/secure_enclave/Device/Source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/boot_hal.c (renamed from platform/ext/target/musca_b1/secure_enclave/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/config.cmake (renamed from platform/ext/target/musca_b1/secure_enclave/config.cmake)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/mailbox/mailbox_ipc_intr.c (renamed from platform/ext/target/musca_b1/secure_enclave/mailbox/mailbox_ipc_intr.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/mailbox/platform_multicore.c (renamed from platform/ext/target/musca_b1/secure_enclave/mailbox/platform_multicore.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/mailbox/platform_multicore.h (renamed from platform/ext/target/musca_b1/secure_enclave/mailbox/platform_multicore.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/mailbox/platform_spe_mailbox.c (renamed from platform/ext/target/musca_b1/secure_enclave/mailbox/platform_spe_mailbox.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/partition/flash_layout.h (renamed from platform/ext/target/musca_b1/secure_enclave/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/partition/region_defs.h (renamed from platform/ext/target/musca_b1/secure_enclave/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/preload.cmake (renamed from platform/ext/target/musca_b1/secure_enclave/preload.cmake)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/preload_ns.cmake (renamed from platform/ext/target/musca_b1/secure_enclave/preload_ns.cmake)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/readme.rst (renamed from platform/ext/target/musca_b1/secure_enclave/readme.rst)5
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/services/src/tfm_platform_system.c (renamed from platform/ext/target/musca_b1/secure_enclave/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/spm_hal.c (renamed from platform/ext/target/musca_b1/secure_enclave/spm_hal.c)6
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/target_cfg.c (renamed from platform/ext/target/musca_b1/secure_enclave/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/target_cfg.h (renamed from platform/ext/target/musca_b1/secure_enclave/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/tfm_hal_isolation.c (renamed from platform/ext/target/musca_b1/secure_enclave/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/tfm_peripherals_def.h (renamed from platform/ext/target/musca_b1/secure_enclave/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/uart_stdout.c (renamed from platform/ext/target/musca_b1/secure_enclave/uart_stdout.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMSIS_Driver/Config/RTE_Device.h (renamed from platform/ext/target/musca_b1/sse_200/CMSIS_Driver/Config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMSIS_Driver/Config/cmsis_driver_config.h (renamed from platform/ext/target/musca_b1/sse_200/CMSIS_Driver/Config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMSIS_Driver/Driver_MPC.c (renamed from platform/ext/target/musca_b1/sse_200/CMSIS_Driver/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMSIS_Driver/Driver_PPC.c (renamed from platform/ext/target/musca_b1/sse_200/CMSIS_Driver/Driver_PPC.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMSIS_Driver/Driver_USART.c (renamed from platform/ext/target/musca_b1/sse_200/CMSIS_Driver/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/CMakeLists.txt (renamed from platform/ext/target/musca_b1/sse_200/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Config/device_cfg.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/cmsis.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/device_definition.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/platform_base_address.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/platform_description.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/platform_irq.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/platform_pins.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/platform_pins.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/platform_regs.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Include/system_core_init.h (renamed from platform/ext/target/musca_b1/sse_200/Device/Include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/musca_bl0.sct (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/musca_bl0.sct)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/musca_bl2.sct (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/musca_bl2.sct)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/musca_ns.sct (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/musca_ns.sct)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_bl2.s (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_bl2.s)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_ns.s (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_ns.s)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_s.s (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/armclang/startup_cmsdk_musca_s.s)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/device_definition.c (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/musca_bl0.ld (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/musca_bl0.ld)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/musca_bl2.ld (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/musca_bl2.ld)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/musca_ns.ld (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/musca_ns.ld)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_bl2.S (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_bl2.S)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_ns.S (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_ns.S)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_s.S (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/gcc/startup_cmsdk_musca_s.S)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Device/Source/system_core_init.c (renamed from platform/ext/target/musca_b1/sse_200/Device/Source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/gpio_cmsdk_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/gpio_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/gpio_cmsdk_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/gpio_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/mpc_sie200_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/mpc_sie200_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/mpc_sie200_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/mpc_sie200_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/mpu_armv8m_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/mpu_armv8m_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/musca_b1_scc_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/musca_b1_scc_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/musca_b1_scc_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/musca_b1_scc_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/ppc_sse200_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/ppc_sse200_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/ppc_sse200_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/ppc_sse200_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/timer_cmsdk_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/timer_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/timer_cmsdk_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/timer_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/uart_pl011_drv.c (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/uart_pl011_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/Native_Driver/uart_pl011_drv.h (renamed from platform/ext/target/musca_b1/sse_200/Native_Driver/uart_pl011_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/attest_hal.c (renamed from platform/ext/target/musca_b1/sse_200/attest_hal.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/bl0/CMakeLists.txt (renamed from platform/ext/target/musca_b1/sse_200/bl0/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/bl0/bl0_main.c (renamed from platform/ext/target/musca_b1/sse_200/bl0/bl0_main.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/bl0/device_cfg.h (renamed from platform/ext/target/musca_b1/sse_200/bl0/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/boot_hal.c (renamed from platform/ext/target/musca_b1/sse_200/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/config.cmake (renamed from platform/ext/target/musca_b1/sse_200/config.cmake)7
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/crypto_keys.c (renamed from platform/ext/target/musca_b1/sse_200/crypto_keys.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/mailbox/platform_multicore.c (renamed from platform/ext/target/musca_b1/sse_200/mailbox/platform_multicore.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/mailbox/platform_multicore.h (renamed from platform/ext/target/musca_b1/sse_200/mailbox/platform_multicore.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/mailbox/platform_ns_mailbox.c (renamed from platform/ext/target/musca_b1/sse_200/mailbox/platform_ns_mailbox.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/partition/flash_layout.h (renamed from platform/ext/target/musca_b1/sse_200/partition/flash_layout.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/partition/region_defs.h (renamed from platform/ext/target/musca_b1/sse_200/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/partition/region_defs_bl0.h (renamed from platform/ext/target/musca_b1/sse_200/partition/region_defs_bl0.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/plat_test.c (renamed from platform/ext/target/musca_b1/sse_200/plat_test.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/preload.cmake (renamed from platform/ext/target/musca_b1/sse_200/preload.cmake)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/readme.rst (renamed from platform/ext/target/musca_b1/sse_200/readme.rst)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/services/include/tfm_ioctl_api.h (renamed from platform/ext/target/musca_b1/sse_200/services/include/tfm_ioctl_api.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/services/src/tfm_ioctl_ns_api.c (renamed from platform/ext/target/musca_b1/sse_200/services/src/tfm_ioctl_ns_api.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/services/src/tfm_ioctl_s_api.c (renamed from platform/ext/target/musca_b1/sse_200/services/src/tfm_ioctl_s_api.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/services/src/tfm_platform_system.c (renamed from platform/ext/target/musca_b1/sse_200/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/spm_hal.c (renamed from platform/ext/target/musca_b1/sse_200/spm_hal.c)5
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/target_cfg.c (renamed from platform/ext/target/musca_b1/sse_200/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/target_cfg.h (renamed from platform/ext/target/musca_b1/sse_200/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/tfm_hal_isolation.c (renamed from platform/ext/target/musca_b1/sse_200/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/tfm_peripherals_def.h (renamed from platform/ext/target/musca_b1/sse_200/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Config/RTE_Device.h (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Config/RTE_Device.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Config/cmsis_driver_config.h (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Config/cmsis_driver_config.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Driver_Flash_MRAM.c (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Driver_Flash_MRAM.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Driver_MPC.c (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Driver_MPC.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Driver_PPC.c (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Driver_PPC.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Driver_QSPI_Flash.c (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Driver_QSPI_Flash.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMSIS_Driver/Driver_USART.c (renamed from platform/ext/target/musca_s1/CMSIS_Driver/Driver_USART.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/CMakeLists.txt (renamed from platform/ext/target/musca_s1/CMakeLists.txt)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Config/device_cfg.h (renamed from platform/ext/target/musca_s1/Device/Config/device_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/cmsis.h (renamed from platform/ext/target/musca_s1/Device/Include/cmsis.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/device_definition.h (renamed from platform/ext/target/musca_s1/Device/Include/device_definition.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/platform_base_address.h (renamed from platform/ext/target/musca_s1/Device/Include/platform_base_address.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/platform_description.h (renamed from platform/ext/target/musca_s1/Device/Include/platform_description.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/platform_irq.h (renamed from platform/ext/target/musca_s1/Device/Include/platform_irq.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/platform_pins.h (renamed from platform/ext/target/musca_s1/Device/Include/platform_pins.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/platform_regs.h (renamed from platform/ext/target/musca_s1/Device/Include/platform_regs.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Include/system_core_init.h (renamed from platform/ext/target/musca_s1/Device/Include/system_core_init.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/armclang/musca_bl2.sct (renamed from platform/ext/target/musca_s1/Device/Source/armclang/musca_bl2.sct)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/armclang/musca_ns.sct (renamed from platform/ext/target/musca_s1/Device/Source/armclang/musca_ns.sct)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/armclang/startup_cmsdk_musca_bl2.s (renamed from platform/ext/target/musca_s1/Device/Source/armclang/startup_cmsdk_musca_bl2.s)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/armclang/startup_cmsdk_musca_ns.s (renamed from platform/ext/target/musca_s1/Device/Source/armclang/startup_cmsdk_musca_ns.s)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/armclang/startup_cmsdk_musca_s.s (renamed from platform/ext/target/musca_s1/Device/Source/armclang/startup_cmsdk_musca_s.s)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/device_definition.c (renamed from platform/ext/target/musca_s1/Device/Source/device_definition.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/gcc/musca_bl2.ld (renamed from platform/ext/target/musca_s1/Device/Source/gcc/musca_bl2.ld)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/gcc/musca_ns.ld (renamed from platform/ext/target/musca_s1/Device/Source/gcc/musca_ns.ld)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/gcc/startup_cmsdk_musca_bl2.S (renamed from platform/ext/target/musca_s1/Device/Source/gcc/startup_cmsdk_musca_bl2.S)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/gcc/startup_cmsdk_musca_ns.S (renamed from platform/ext/target/musca_s1/Device/Source/gcc/startup_cmsdk_musca_ns.S)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/gcc/startup_cmsdk_musca_s.S (renamed from platform/ext/target/musca_s1/Device/Source/gcc/startup_cmsdk_musca_s.S)0
-rw-r--r--platform/ext/target/arm/musca_s1/Device/Source/system_core_init.c (renamed from platform/ext/target/musca_s1/Device/Source/system_core_init.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Libraries/mt25ql_flash_lib.c (renamed from platform/ext/target/musca_s1/Libraries/mt25ql_flash_lib.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Libraries/mt25ql_flash_lib.h (renamed from platform/ext/target/musca_s1/Libraries/mt25ql_flash_lib.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/cache_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/cache_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/cache_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/cache_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/gpio_cmsdk_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/gpio_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/gpio_cmsdk_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/gpio_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/mpc_sie200_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/mpc_sie200_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/mpc_sie200_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/mpc_sie200_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/mpu_armv8m_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/mpu_armv8m_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/mpu_armv8m_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/mpu_armv8m_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/musca_s1_scc_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/musca_s1_scc_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/musca_s1_scc_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/musca_s1_scc_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/ppc_sse200_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/ppc_sse200_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/ppc_sse200_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/ppc_sse200_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/qspi_ip6514e_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/qspi_ip6514e_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/qspi_ip6514e_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/qspi_ip6514e_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/timer_cmsdk_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/timer_cmsdk_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/timer_cmsdk_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/timer_cmsdk_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/uart_pl011_drv.c (renamed from platform/ext/target/musca_s1/Native_Driver/uart_pl011_drv.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/Native_Driver/uart_pl011_drv.h (renamed from platform/ext/target/musca_s1/Native_Driver/uart_pl011_drv.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/boot_hal.c (renamed from platform/ext/target/musca_s1/boot_hal.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/config.cmake (renamed from platform/ext/target/musca_s1/config.cmake)7
-rw-r--r--platform/ext/target/arm/musca_s1/crypto_keys.c (renamed from platform/ext/target/musca_s1/crypto_keys.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/partition/flash_layout.h (renamed from platform/ext/target/musca_s1/partition/flash_layout.h)4
-rw-r--r--platform/ext/target/arm/musca_s1/partition/region_defs.h (renamed from platform/ext/target/musca_s1/partition/region_defs.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/plat_test.c (renamed from platform/ext/target/musca_s1/plat_test.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/preload.cmake (renamed from platform/ext/target/musca_s1/preload.cmake)0
-rw-r--r--platform/ext/target/arm/musca_s1/services/include/tfm_ioctl_api.h (renamed from platform/ext/target/musca_s1/services/include/tfm_ioctl_api.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/services/src/tfm_ioctl_ns_api.c (renamed from platform/ext/target/musca_s1/services/src/tfm_ioctl_ns_api.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/services/src/tfm_ioctl_s_api.c (renamed from platform/ext/target/musca_s1/services/src/tfm_ioctl_s_api.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/services/src/tfm_platform_system.c (renamed from platform/ext/target/musca_s1/services/src/tfm_platform_system.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/spm_hal.c (renamed from platform/ext/target/musca_s1/spm_hal.c)6
-rw-r--r--platform/ext/target/arm/musca_s1/target_cfg.c (renamed from platform/ext/target/musca_s1/target_cfg.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/target_cfg.h (renamed from platform/ext/target/musca_s1/target_cfg.h)0
-rw-r--r--platform/ext/target/arm/musca_s1/tfm_hal_isolation.c (renamed from platform/ext/target/musca_s1/tfm_hal_isolation.c)0
-rw-r--r--platform/ext/target/arm/musca_s1/tfm_peripherals_def.h (renamed from platform/ext/target/musca_s1/tfm_peripherals_def.h)0
-rw-r--r--platform/ext/target/cypress/psoc64/spm_hal.c6
-rw-r--r--platform/ext/target/lairdconnectivity/common/bl5340/target_cfg.c5
-rw-r--r--platform/ext/target/lairdconnectivity/common/core/plat_test.c22
-rw-r--r--platform/ext/target/mps2/an521/config.cmake8
-rw-r--r--platform/ext/target/nordic_nrf/common/core/gcc/nordic_nrf_s.ld43
-rw-r--r--platform/ext/target/nordic_nrf/common/core/plat_test.c22
-rw-r--r--platform/ext/target/nordic_nrf/common/core/spm_hal.c6
-rw-r--r--platform/ext/target/nordic_nrf/common/nrf5340/target_cfg.c5
-rw-r--r--platform/ext/target/nordic_nrf/common/nrf9160/target_cfg.c6
-rw-r--r--platform/ext/target/nuvoton/common/spm_hal.c6
-rwxr-xr-xplatform/ext/target/nxp/common/CMSIS_Driver/Driver_USART.c65
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/lists/generic_list.c423
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/lists/generic_list.h191
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/serial_manager/serial_manager.c1393
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/serial_manager/serial_manager.h648
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/serial_manager/serial_port_internal.h99
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/serial_manager/serial_port_uart.c403
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/serial_manager/serial_port_uart.h57
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/uart/uart.h532
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/components/uart/usart_adapter.c643
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_casper.c2668
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_casper.h312
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_clock.c2031
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_clock.h1240
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_common.c212
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_common.h630
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_ctimer.c544
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_ctimer.h488
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_flexcomm.c404
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_flexcomm.h64
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_gpio.c302
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_gpio.h364
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_hashcrypt.c1316
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_hashcrypt.h438
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_iap.c285
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_iap.h498
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_iap_ffr.h274
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_iocon.h288
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_power.c19
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_power.h544
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_reset.c99
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_reset.h281
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_rng.c92
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_rng.h95
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_usart.c957
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/drivers/fsl_usart.h718
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/debug_console/fsl_debug_console.c1178
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/debug_console/fsl_debug_console.h231
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/debug_console/fsl_debug_console_conf.h158
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_assert.c33
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_notifier.c209
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_notifier.h237
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_sbrk.c44
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_shell.c970
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/fsl_shell.h230
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/str/fsl_str.c1324
-rwxr-xr-xplatform/ext/target/nxp/common/Native_Driver/utilities/str/fsl_str.h66
-rw-r--r--platform/ext/target/nxp/common/plat_attest_hal.c139
-rw-r--r--platform/ext/target/nxp/common/plat_attestation_key.c110
-rw-r--r--platform/ext/target/nxp/common/plat_huk_key.c160
-rw-r--r--[-rwxr-xr-x]platform/ext/target/nxp/common/plat_test.c (renamed from platform/ext/target/nxp/lpcxpresso55s69/plat_test.c)3
-rw-r--r--[-rwxr-xr-x]platform/ext/target/nxp/common/services/src/tfm_platform_system.c (renamed from platform/ext/target/nxp/lpcxpresso55s69/services/src/tfm_platform_system.c)0
-rw-r--r--[-rwxr-xr-x]platform/ext/target/nxp/common/spm_hal.c (renamed from platform/ext/target/nxp/lpcxpresso55s69/spm_hal.c)18
-rw-r--r--platform/ext/target/nxp/common/tfm_hal_isolation.c (renamed from platform/ext/target/nxp/lpcxpresso55s69/tfm_hal_isolation.c)149
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt59
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_ns.S266
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_s.S265
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/LPC55S69_cm33_core0.h27477
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/LPC55S69_cm33_core0_features.h387
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/LPC55S69_cm33_core1.h27477
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/LPC55S69_cm33_core1_features.h387
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/fsl_device_registers.h46
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/system_LPC55S69_cm33_core0.c374
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/Native_Driver/system_LPC55S69_cm33_core0.h112
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/config.cmake2
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/partition/flash_layout.h69
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/partition/region_defs.h12
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/pull_drivers.cmake97
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/target_cfg.c126
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/target_cfg.h13
-rwxr-xr-xplatform/ext/target/nxp/lpcxpresso55s69/tfm_peripherals_def.h1
-rw-r--r--platform/ext/target/stm/common/stm32l5xx/boards/scripts/armclang/preprocess.sh9
-rw-r--r--platform/ext/target/stm/common/stm32l5xx/boards/scripts/gcc/preprocess.sh10
-rw-r--r--platform/ext/target/stm/common/stm32l5xx/boards/scripts/iar/preprocess.sh8
-rw-r--r--platform/ext/target/stm/common/stm32l5xx/boards/scripts/postbuild.sh12
-rw-r--r--platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c4
-rw-r--r--platform/ext/target/stm/stm32l562e_dk/include/flash_layout.h27
-rw-r--r--platform/include/region.h7
-rw-r--r--platform/include/tfm_plat_crypto_dummy_nv_seed.h21
-rw-r--r--platform/include/tfm_plat_crypto_nv_seed.h41
-rw-r--r--platform/include/tfm_spm_hal.h14
-rw-r--r--secure_fw/CMakeLists.txt1
-rw-r--r--secure_fw/include/compile_check_defs.h22
-rw-r--r--secure_fw/include/tfm/tfm_core_svc.h60
-rw-r--r--secure_fw/partitions/crypto/CMakeLists.txt19
-rw-r--r--secure_fw/partitions/crypto/crypto_asymmetric.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_cipher.c60
-rw-r--r--secure_fw/partitions/crypto/crypto_hash.c35
-rw-r--r--secure_fw/partitions/crypto/crypto_init.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_mac.c49
-rw-r--r--secure_fw/partitions/crypto/crypto_spe.h4
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto.yaml5
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_secure_api.c480
-rw-r--r--secure_fw/partitions/firmware_update/CMakeLists.txt18
-rw-r--r--secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt (renamed from secure_fw/partitions/firmware_update/bootloader/mcuboot/mcuboot_utilities.cmake)10
-rw-r--r--secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c373
-rw-r--r--secure_fw/partitions/firmware_update/bootloader/tfm_bootloader_fwu_abstraction.h3
-rw-r--r--secure_fw/partitions/firmware_update/tfm_fwu.c14
-rw-r--r--secure_fw/partitions/firmware_update/tfm_fwu.h2
-rw-r--r--secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c33
-rw-r--r--secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c9
-rw-r--r--secure_fw/partitions/initial_attestation/CMakeLists.txt10
-rw-r--r--secure_fw/partitions/initial_attestation/attest.h18
-rw-r--r--secure_fw/partitions/initial_attestation/attest_asymmetric_key.c32
-rw-r--r--secure_fw/partitions/initial_attestation/attest_core.c64
-rw-r--r--secure_fw/partitions/initial_attestation/attest_key.h19
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c40
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c35
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml17
-rw-r--r--secure_fw/partitions/internal_trusted_storage/CMakeLists.txt9
-rw-r--r--secure_fw/partitions/lib/sprt/service_api.c8
-rw-r--r--secure_fw/partitions/manifestfilename.template23
-rw-r--r--secure_fw/partitions/ns_proxy_partition/CMakeLists.txt14
-rw-r--r--secure_fw/partitions/ns_proxy_partition/load_info_ns_proxy.c76
-rw-r--r--secure_fw/partitions/partition_load_info.template217
-rw-r--r--secure_fw/partitions/platform/CMakeLists.txt10
-rw-r--r--secure_fw/partitions/protected_storage/CMakeLists.txt9
-rw-r--r--secure_fw/partitions/psa_proxy/CMakeLists.txt9
-rw-r--r--secure_fw/partitions/psa_proxy/psa_proxy.c4
-rw-r--r--secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml9
-rw-r--r--secure_fw/partitions/tfm_ffm11_partition/CMakeLists.txt10
-rw-r--r--secure_fw/partitions/tfm_service_list.inc.template61
-rwxr-xr-xsecure_fw/spm/CMakeLists.txt10
-rw-r--r--secure_fw/spm/cmsis_func/arch.c19
-rw-r--r--secure_fw/spm/cmsis_func/include/spm_func.h4
-rw-r--r--secure_fw/spm/cmsis_func/include/tfm_core_svc.h29
-rw-r--r--secure_fw/spm/cmsis_func/include/tfm_irq_list.h (renamed from secure_fw/spm/include/tfm_irq_list.h)2
-rw-r--r--secure_fw/spm/cmsis_func/spm_func.c47
-rw-r--r--secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c11
-rw-r--r--secure_fw/spm/cmsis_func/tfm_nspm_func.c62
-rw-r--r--secure_fw/spm/cmsis_func/tfm_secure_irq_handlers.inc.template2
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch.c6
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c2
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c10
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c9
-rw-r--r--secure_fw/spm/cmsis_psa/main.c20
-rw-r--r--secure_fw/spm/cmsis_psa/spm_ipc.c298
-rw-r--r--secure_fw/spm/cmsis_psa/spm_ipc.h96
-rw-r--r--secure_fw/spm/cmsis_psa/static_load.c205
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c14
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_nspm_ipc.c51
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_pools.c6
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_pools.h3
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_rpc.c5
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_secure_irq_handlers_ipc.inc.template65
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_spm_db_ipc.inc.template186
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_thread.c4
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_thread.h6
-rw-r--r--secure_fw/spm/ffm/psa_client_service_apis.c53
-rw-r--r--secure_fw/spm/ffm/spm_psa_client_call.c13
-rw-r--r--secure_fw/spm/ffm/tfm_boot_data.c7
-rw-r--r--secure_fw/spm/include/compiler_ext_defs.h27
-rw-r--r--secure_fw/spm/include/interface/svc_num.h53
-rw-r--r--secure_fw/spm/include/load/asset_defs.h37
-rw-r--r--secure_fw/spm/include/load/irq_defs.h21
-rw-r--r--secure_fw/spm/include/load/partition_defs.h63
-rw-r--r--secure_fw/spm/include/load/service_defs.h50
-rw-r--r--secure_fw/spm/include/load/spm_load_api.h70
-rw-r--r--secure_fw/spm/include/tfm_platform_core_api.h9
-rw-r--r--secure_fw/spm/include/tfm_secure_api.h8
-rw-r--r--secure_fw/spm/include/utilities.h4
-rw-r--r--tools/index.rst4
-rw-r--r--tools/tf_fuzz/Makefile225
-rw-r--r--tools/tf_fuzz/README125
-rw-r--r--tools/tf_fuzz/assets/README19
-rw-r--r--tools/tf_fuzz/assets/crypto_asset.cpp102
-rw-r--r--tools/tf_fuzz/assets/crypto_asset.hpp94
-rw-r--r--tools/tf_fuzz/assets/psa_asset.cpp50
-rw-r--r--tools/tf_fuzz/assets/psa_asset.hpp61
-rw-r--r--tools/tf_fuzz/assets/sst_asset.cpp50
-rw-r--r--tools/tf_fuzz/assets/sst_asset.hpp42
-rw-r--r--tools/tf_fuzz/boilerplate/README17
-rw-r--r--tools/tf_fuzz/boilerplate/boilerplate.cpp101
-rw-r--r--tools/tf_fuzz/boilerplate/boilerplate.hpp166
-rw-r--r--tools/tf_fuzz/calls/README16
-rw-r--r--tools/tf_fuzz/calls/crypto_call.cpp311
-rw-r--r--tools/tf_fuzz/calls/crypto_call.hpp178
-rw-r--r--tools/tf_fuzz/calls/psa_call.cpp237
-rw-r--r--tools/tf_fuzz/calls/psa_call.hpp132
-rw-r--r--tools/tf_fuzz/calls/security_call.cpp79
-rw-r--r--tools/tf_fuzz/calls/security_call.hpp46
-rw-r--r--tools/tf_fuzz/calls/sst_call.cpp308
-rw-r--r--tools/tf_fuzz/calls/sst_call.hpp90
-rw-r--r--tools/tf_fuzz/class_forwards.hpp80
-rw-r--r--tools/tf_fuzz/demo/12
-rw-r--r--tools/tf_fuzz/demo/102
-rw-r--r--tools/tf_fuzz/demo/112
-rw-r--r--tools/tf_fuzz/demo/122
-rw-r--r--tools/tf_fuzz/demo/134
-rw-r--r--tools/tf_fuzz/demo/143
-rw-r--r--tools/tf_fuzz/demo/153
-rw-r--r--tools/tf_fuzz/demo/166
-rw-r--r--tools/tf_fuzz/demo/178
-rw-r--r--tools/tf_fuzz/demo/189
-rw-r--r--tools/tf_fuzz/demo/194
-rw-r--r--tools/tf_fuzz/demo/22
-rw-r--r--tools/tf_fuzz/demo/2014
-rw-r--r--tools/tf_fuzz/demo/32
-rw-r--r--tools/tf_fuzz/demo/42
-rw-r--r--tools/tf_fuzz/demo/52
-rw-r--r--tools/tf_fuzz/demo/62
-rw-r--r--tools/tf_fuzz/demo/72
-rw-r--r--tools/tf_fuzz/demo/83
-rw-r--r--tools/tf_fuzz/demo/94
-rw-r--r--tools/tf_fuzz/demo/README18
-rw-r--r--tools/tf_fuzz/demo/r18
-rw-r--r--tools/tf_fuzz/lib/README12
-rw-r--r--tools/tf_fuzz/lib/tfm_boilerplate.txt227
-rw-r--r--tools/tf_fuzz/parser/README13
-rw-r--r--tools/tf_fuzz/parser/tf_fuzz_grammar.l107
-rw-r--r--tools/tf_fuzz/parser/tf_fuzz_grammar.y1140
-rw-r--r--tools/tf_fuzz/regression/000001_set_sst_uid_data_expect_pass/check.py17
-rw-r--r--tools/tf_fuzz/regression/000001_set_sst_uid_data_expect_pass/exp_stdout_stderr19
-rw-r--r--tools/tf_fuzz/regression/000001_set_sst_uid_data_expect_pass/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000001_set_sst_uid_data_expect_pass/template2
-rw-r--r--tools/tf_fuzz/regression/000002_set_sst_name_data_expect_nothing/check.py17
-rw-r--r--tools/tf_fuzz/regression/000002_set_sst_name_data_expect_nothing/exp_stdout_stderr19
-rw-r--r--tools/tf_fuzz/regression/000002_set_sst_name_data_expect_nothing/exp_test.c68
-rw-r--r--tools/tf_fuzz/regression/000002_set_sst_name_data_expect_nothing/template2
-rw-r--r--tools/tf_fuzz/regression/000003_set_sst_name_data/check.py17
-rw-r--r--tools/tf_fuzz/regression/000003_set_sst_name_data/exp_stdout_stderr18
-rw-r--r--tools/tf_fuzz/regression/000003_set_sst_name_data/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000003_set_sst_name_data/template2
-rw-r--r--tools/tf_fuzz/regression/000004_set_sst_name_rand_data/check.py17
-rw-r--r--tools/tf_fuzz/regression/000004_set_sst_name_rand_data/exp_stdout_stderr17
-rw-r--r--tools/tf_fuzz/regression/000004_set_sst_name_rand_data/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000004_set_sst_name_rand_data/template2
-rw-r--r--tools/tf_fuzz/regression/000005_set_sst_rand_name_rand_data/check.py17
-rw-r--r--tools/tf_fuzz/regression/000005_set_sst_rand_name_rand_data/exp_stdout_stderr16
-rw-r--r--tools/tf_fuzz/regression/000005_set_sst_rand_name_rand_data/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000005_set_sst_rand_name_rand_data/template2
-rw-r--r--tools/tf_fuzz/regression/000006_set_sst_multi_name_rand_data/check.py17
-rw-r--r--tools/tf_fuzz/regression/000006_set_sst_multi_name_rand_data/exp_stdout_stderr21
-rw-r--r--tools/tf_fuzz/regression/000006_set_sst_multi_name_rand_data/exp_test.c131
-rw-r--r--tools/tf_fuzz/regression/000006_set_sst_multi_name_rand_data/template2
-rw-r--r--tools/tf_fuzz/regression/000007_set_sst_multi_uid_rand_data/check.py17
-rw-r--r--tools/tf_fuzz/regression/000007_set_sst_multi_uid_rand_data/exp_stdout_stderr22
-rw-r--r--tools/tf_fuzz/regression/000007_set_sst_multi_uid_rand_data/exp_test.c146
-rw-r--r--tools/tf_fuzz/regression/000007_set_sst_multi_uid_rand_data/template2
-rw-r--r--tools/tf_fuzz/regression/000008_set_sst_name_rand_data_read_check_wrong/check.py17
-rw-r--r--tools/tf_fuzz/regression/000008_set_sst_name_rand_data_read_check_wrong/exp_stdout_stderr25
-rw-r--r--tools/tf_fuzz/regression/000008_set_sst_name_rand_data_read_check_wrong/exp_test.c86
-rw-r--r--tools/tf_fuzz/regression/000008_set_sst_name_rand_data_read_check_wrong/template3
-rw-r--r--tools/tf_fuzz/regression/000009_set_sst_name_rand_data_read_check_var_read_print/check.py17
-rw-r--r--tools/tf_fuzz/regression/000009_set_sst_name_rand_data_read_check_var_read_print/exp_stdout_stderr33
-rw-r--r--tools/tf_fuzz/regression/000009_set_sst_name_rand_data_read_check_var_read_print/exp_test.c96
-rw-r--r--tools/tf_fuzz/regression/000009_set_sst_name_rand_data_read_check_var_read_print/template4
-rw-r--r--tools/tf_fuzz/regression/000010_read_nonexistent_sst_check_string/check.py17
-rw-r--r--tools/tf_fuzz/regression/000010_read_nonexistent_sst_check_string/exp_stdout_stderr18
-rw-r--r--tools/tf_fuzz/regression/000010_read_nonexistent_sst_check_string/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000010_read_nonexistent_sst_check_string/template2
-rw-r--r--tools/tf_fuzz/regression/000011_read_nonexistent_sst_check_string_expect_pass/check.py17
-rw-r--r--tools/tf_fuzz/regression/000011_read_nonexistent_sst_check_string_expect_pass/exp_stdout_stderr19
-rw-r--r--tools/tf_fuzz/regression/000011_read_nonexistent_sst_check_string_expect_pass/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000011_read_nonexistent_sst_check_string_expect_pass/template2
-rw-r--r--tools/tf_fuzz/regression/000012_read_nonexistent_sst_check_string_expect_other/check.py17
-rw-r--r--tools/tf_fuzz/regression/000012_read_nonexistent_sst_check_string_expect_other/exp_stdout_stderr20
-rw-r--r--tools/tf_fuzz/regression/000012_read_nonexistent_sst_check_string_expect_other/exp_test.c71
-rw-r--r--tools/tf_fuzz/regression/000012_read_nonexistent_sst_check_string_expect_other/template2
-rw-r--r--tools/tf_fuzz/regression/000013_set_sst_name_rand_data_remove_twice/check.py17
-rw-r--r--tools/tf_fuzz/regression/000013_set_sst_name_rand_data_remove_twice/exp_stdout_stderr31
-rw-r--r--tools/tf_fuzz/regression/000013_set_sst_name_rand_data_remove_twice/exp_test.c78
-rw-r--r--tools/tf_fuzz/regression/000013_set_sst_name_rand_data_remove_twice/template4
-rw-r--r--tools/tf_fuzz/regression/000014_set_sst_name_rand_data_remove_other/check.py17
-rw-r--r--tools/tf_fuzz/regression/000014_set_sst_name_rand_data_remove_other/exp_stdout_stderr24
-rw-r--r--tools/tf_fuzz/regression/000014_set_sst_name_rand_data_remove_other/exp_test.c76
-rw-r--r--tools/tf_fuzz/regression/000014_set_sst_name_rand_data_remove_other/template3
-rw-r--r--tools/tf_fuzz/regression/README135
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000015_set_sst_multi_name_remove_rand_active/exp_stdout_stderr28
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000015_set_sst_multi_name_remove_rand_active/exp_test.c123
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000015_set_sst_multi_name_remove_rand_active/template3
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000016_set_sst_multi_name_remove_multi_rand_active_remove_rand_deleted/exp_stdout_stderr46
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000016_set_sst_multi_name_remove_multi_rand_active_remove_rand_deleted/exp_test.c129
-rw-r--r--tools/tf_fuzz/regression/add_these_tests/000016_set_sst_multi_name_remove_multi_rand_active_remove_rand_deleted/template6
-rw-r--r--tools/tf_fuzz/regression/regress18
-rw-r--r--tools/tf_fuzz/template/README14
-rw-r--r--tools/tf_fuzz/template/crypto_template_line.cpp353
-rw-r--r--tools/tf_fuzz/template/crypto_template_line.hpp151
-rw-r--r--tools/tf_fuzz/template/secure_template_line.cpp83
-rw-r--r--tools/tf_fuzz/template/secure_template_line.hpp60
-rw-r--r--tools/tf_fuzz/template/sst_template_line.cpp303
-rw-r--r--tools/tf_fuzz/template/sst_template_line.hpp100
-rw-r--r--tools/tf_fuzz/template/template_line.cpp207
-rw-r--r--tools/tf_fuzz/template/template_line.hpp173
-rw-r--r--tools/tf_fuzz/tests/README12
-rw-r--r--tools/tf_fuzz/tests/example_template20
-rw-r--r--tools/tf_fuzz/tests/sstReads87
-rw-r--r--tools/tf_fuzz/tests/sstSets59
-rw-r--r--tools/tf_fuzz/tf_fuzz.cpp356
-rw-r--r--tools/tf_fuzz/tf_fuzz.hpp178
-rw-r--r--tools/tf_fuzz/utility/README15
-rw-r--r--tools/tf_fuzz/utility/compute.cpp76
-rw-r--r--tools/tf_fuzz/utility/compute.hpp37
-rw-r--r--tools/tf_fuzz/utility/data_blocks.cpp242
-rw-r--r--tools/tf_fuzz/utility/data_blocks.hpp144
-rw-r--r--tools/tf_fuzz/utility/find_or_create_asset.hpp156
-rw-r--r--tools/tf_fuzz/utility/gibberish.cpp191
-rw-r--r--tools/tf_fuzz/utility/gibberish.hpp50
-rw-r--r--tools/tf_fuzz/utility/randomization.cpp139
-rw-r--r--tools/tf_fuzz/utility/randomization.hpp21
-rw-r--r--tools/tf_fuzz/utility/string_ops.cpp34
-rw-r--r--tools/tf_fuzz/utility/string_ops.hpp27
-rw-r--r--tools/tf_fuzz/visualStudio/README16
-rw-r--r--tools/tf_fuzz/visualStudio/unistd.c3
-rw-r--r--tools/tf_fuzz/visualStudio/unistd.h2
-rw-r--r--tools/tfm_manifest_list.yaml16
-rw-r--r--tools/tfm_parse_manifest_list.py187
854 files changed, 5184 insertions, 93419 deletions
diff --git a/bl2/CMakeLists.txt b/bl2/CMakeLists.txt
index 0fc72d61e..cbdd796cc 100644
--- a/bl2/CMakeLists.txt
+++ b/bl2/CMakeLists.txt
@@ -60,7 +60,7 @@ target_compile_definitions(bl2_mbedcrypto_config
INTERFACE
$<$<STREQUAL:${MCUBOOT_SIGNATURE_TYPE},RSA>:MCUBOOT_SIGN_RSA>
$<$<STREQUAL:${MCUBOOT_SIGNATURE_TYPE},RSA>:MCUBOOT_SIGN_RSA_LEN=${MCUBOOT_SIGNATURE_KEY_LEN}>
- MBEDTLS_CONFIG_FILE="$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/ext/mcuboot/config/mcuboot-mbedtls-cfg.h>"
+ MBEDTLS_CONFIG_FILE="${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}"
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
$<$<OR:$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
)
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 3cb8749b2..454851569 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -62,6 +62,7 @@ configure_file(include/mcuboot_config/mcuboot_config.h.in
find_package(Python3)
set(FLASH_AREA_NUM 0)
+set(IMAGE_TYPE "S_IMAGE")
if (MCUBOOT_IMAGE_NUMBER GREATER 1)
configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
@@ -82,6 +83,7 @@ target_compile_definitions(signing_layout_s
PRIVATE
$<$<BOOL:${BL2}>:BL2>
$<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
)
target_link_libraries(signing_layout_s
PRIVATE
@@ -135,6 +137,7 @@ add_custom_command(OUTPUT tfm_s_signed.bin
)
set(FLASH_AREA_NUM 1)
+set(IMAGE_TYPE "NS_IMAGE")
configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
@@ -148,6 +151,7 @@ target_compile_definitions(signing_layout_ns
PRIVATE
$<$<BOOL:${BL2}>:BL2>
$<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
)
target_link_libraries(signing_layout_ns
PRIVATE
diff --git a/bl2/ext/mcuboot/scripts/macro_parser.py b/bl2/ext/mcuboot/scripts/macro_parser.py
index 5d9418a4e..12e8a92f1 100644
--- a/bl2/ext/mcuboot/scripts/macro_parser.py
+++ b/bl2/ext/mcuboot/scripts/macro_parser.py
@@ -1,7 +1,7 @@
#! /usr/bin/env python3
#
# -----------------------------------------------------------------------------
-# Copyright (c) 2019, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -11,7 +11,8 @@
import re
import os
-expression_re = re.compile(r"[(]?(([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*([\+\-]\s*([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*)*)[)]?")
+# Match (((x) + (y))) mode and ((x) + (y)) mode. x, y can be HEX or DEC value.
+expression_re = re.compile(r"([(]?[(]?[(]?(([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*([\+\-]\s*([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*)*)[)]?\s*([\+\-])\s*[(]?(([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*([\+\-]\s*([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*)*)[)]?[)]?[)]?)|([(]?[(]?[(]?(([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*([\+\-]\s*([(]?(((0x)[0-9a-fA-F]+)|([0-9]+))[)]?)\s*)*)[)]?[)]?[)]?)")
# Simple parser that takes a string and evaluates an expression from it.
# The expression might contain additions and subtractions amongst numbers that
diff --git a/bl2/ext/mcuboot/scripts/wrapper/wrapper.py b/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
index 7799ce06d..247cb1042 100755
--- a/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
+++ b/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
@@ -1,7 +1,7 @@
#! /usr/bin/env python3
#
# -----------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -26,6 +26,7 @@ import macro_parser
sign_bin_size_re = re.compile(r"^\s*RE_SIGN_BIN_SIZE\s*=\s*(.*)")
load_addr_re = re.compile(r"^\s*RE_IMAGE_LOAD_ADDRESS\s*=\s*(.*)")
+rom_fixed_re = re.compile(r"^\s*RE_IMAGE_ROM_FIXED\s*=\s*(.*)")
#This works around Python 2 and Python 3 handling character encodings
#differently. More information about this issue at
@@ -91,7 +92,7 @@ def wrap(key, align, version, header_size, pad_header, layout, pad, confirm,
slot_size = macro_parser.evaluate_macro(layout, sign_bin_size_re, 0, 1)
load_addr = macro_parser.evaluate_macro(layout, load_addr_re, 0, 1)
-
+ rom_fixed = macro_parser.evaluate_macro(layout, rom_fixed_re, 0, 1)
if "_s" in layout:
boot_record = "SPE"
elif "_ns" in layout:
@@ -104,7 +105,8 @@ def wrap(key, align, version, header_size, pad_header, layout, pad, confirm,
pad=pad, confirm=confirm, align=int(align),
slot_size=slot_size, max_sectors=max_sectors,
overwrite_only=overwrite_only, endian=endian,
- load_addr=load_addr, erased_val=erased_val,
+ load_addr=load_addr, rom_fixed=rom_fixed,
+ erased_val=erased_val,
save_enctlv=save_enctlv,
security_counter=security_counter)
diff --git a/bl2/ext/mcuboot/signing_layout.c.in b/bl2/ext/mcuboot/signing_layout.c.in
index f0d490c69..e9f69b1d0 100644
--- a/bl2/ext/mcuboot/signing_layout.c.in
+++ b/bl2/ext/mcuboot/signing_layout.c.in
@@ -1,10 +1,10 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
-#include "flash_layout.h"
+#include "region_defs.h"
/* Enumeration that is used by the assemble.py and imgtool.py scripts
* for correct binary generation when nested macros are used
*/
@@ -17,4 +17,7 @@ enum image_attributes {
RE_IMAGE_LOAD_ADDRESS = IMAGE_LOAD_ADDRESS,
#endif
RE_SIGN_BIN_SIZE = FLASH_AREA_@FLASH_AREA_NUM@_SIZE,
+#ifdef IMAGE_ROM_FIXED
+ RE_IMAGE_ROM_FIXED = @IMAGE_TYPE@_PRIMARY_PARTITION_OFFSET
+#endif
};
diff --git a/bl2/src/shared_data.c b/bl2/src/shared_data.c
index 10ad0419b..b2f3e4257 100644
--- a/bl2/src/shared_data.c
+++ b/bl2/src/shared_data.c
@@ -66,9 +66,6 @@ int boot_save_shared_data(const struct image_header *hdr,
image_ver = hdr->ih_ver;
- /* TODO: add the module identifier into the fwu_minor after the module
- * arg is supported.
- */
/* Currently hardcode it to 0 which indicates the full image. */
fwu_minor = SET_FWU_MINOR(mcuboot_image_id, SW_VERSION);
return boot_add_data_to_shared_area(TLV_MAJOR_FWU,
diff --git a/cmake/install.cmake b/cmake/install.cmake
index 2187e6206..653dcc494 100644
--- a/cmake/install.cmake
+++ b/cmake/install.cmake
@@ -44,6 +44,11 @@ install(FILES ${INTERFACE_INC_DIR}/tfm_api.h
install(FILES ${INTERFACE_INC_DIR}/ext/tz_context.h
DESTINATION ${INSTALL_INTERFACE_INC_DIR}/ext)
+if (TFM_PSA_API)
+ install(FILES ${INTERFACE_INC_DIR}/tfm_psa_call_param.h
+ DESTINATION ${INSTALL_INTERFACE_INC_DIR})
+endif()
+
if (TFM_MULTI_CORE_TOPOLOGY)
install(FILES ${INTERFACE_INC_DIR}/multi_core/tfm_multi_core_api.h
${INTERFACE_INC_DIR}/multi_core/tfm_ns_mailbox.h
diff --git a/config/check_config.cmake b/config/check_config.cmake
index ced60540d..b20cfc487 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -21,7 +21,7 @@ endfunction()
tfm_invalid_config(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS "7.3.1")
-set (TFM_L3_PLATFORM_LISTS mps2/an521 musca_b1/sse_200 stm/stm32l562e_dk)
+set (TFM_L3_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1/sse_200 stm/stm32l562e_dk)
tfm_invalid_config(TFM_ISOLATION_LEVEL LESS 1 OR TFM_ISOLATION_LEVEL GREATER 3)
tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT TFM_PLATFORM IN_LIST TFM_L3_PLATFORM_LISTS)
@@ -32,6 +32,7 @@ tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND NOT TFM_PSA_API)
tfm_invalid_config(TEST_S AND TEST_PSA_API)
tfm_invalid_config(TEST_NS AND TEST_PSA_API)
+tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
tfm_invalid_config((TFM_PARTITION_PROTECTED_STORAGE AND PS_ROLLBACK_PROTECTION) AND NOT TFM_PARTITION_PLATFORM)
tfm_invalid_config(PS_ROLLBACK_PROTECTION AND NOT PS_ENCRYPTION)
@@ -55,7 +56,7 @@ tfm_invalid_config(NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST)
####################### Code sharing ###########################################
-set(TFM_CODE_SHARING_PLATFORM_LISTS mps2/an521 musca_b1/sse_200) # Without crypto hw acceleration
+set(TFM_CODE_SHARING_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1/sse_200) # Without crypto hw acceleration
tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT TFM_PLATFORM IN_LIST TFM_CODE_SHARING_PLATFORM_LISTS)
tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND CRYPTO_HW_ACCELERATOR)
tfm_invalid_config(TFM_CODE_SHARING STREQUAL "OFF" AND TFM_CODE_SHARING_PATH)
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 915880957..b9f221584 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -50,6 +50,7 @@ set(MCUBOOT_EXECUTION_SLOT 1 CACHE STRING "Slot from w
set(MCUBOOT_LOG_LEVEL "INFO" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
set(MCUBOOT_HW_KEY ON CACHE BOOL "Whether to embed the entire public key in the image metadata instead of the hash only")
set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Upgrade strategy for images")
+set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode")
set(MCUBOOT_MEASURED_BOOT ON CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token")
set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters")
set(MCUBOOT_ENC_IMAGES OFF CACHE BOOL "Enable encrypted image upgrade support")
@@ -72,6 +73,8 @@ set(MCUBOOT_SECURITY_COUNTER_NS "auto" CACHE STRING "Security co
set(MCUBOOT_S_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of secure image required by the non-secure image for upgrade to this non-secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
set(MCUBOOT_NS_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of non-secure image required by the secure image for upgrade to this secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
+set(MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h" CACHE FILEPATH "Mbedtls config file to use with MCUboot")
+
############################ Platform ##########################################
set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Whether to build for a dual-cpu architecture")
@@ -89,6 +92,7 @@ set(PLATFORM_DUMMY_CRYPTO_KEYS TRUE CACHE BOOL "Use dummy c
set(PLATFORM_DUMMY_ROTPK TRUE CACHE BOOL "Use dummy root of trust public key. Dummy key is the public key for the default keys in bl2. Should not be used in production.")
set(PLATFORM_DUMMY_IAK TRUE CACHE BOOL "Use dummy initial attestation_key. Should not be used in production.")
set(PLATFORM_DEFAULT_UART_STDOUT TRUE CACHE BOOL "Use default uart stdout implementation.")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
############################ Partitions ########################################
@@ -119,8 +123,8 @@ set(CRYPTO_AEAD_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA
set(CRYPTO_MAC_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto MAC module")
set(CRYPTO_HASH_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Hash module")
set(CRYPTO_CIPHER_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Cipher module")
-set(CRYPTO_GENERATOR_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Key Derivation module")
-set(CRYPTO_ASYMMETRIC_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Asymmetric key module")
+set(CRYPTO_ASYM_SIGN_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
set(CRYPTO_KEY_DERIVATION_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto key derivation module")
set(CRYPTO_IOVEC_BUFFER_SIZE 5120 CACHE STRING "Default size of the internal scratch buffer used for PSA FF IOVec allocations")
@@ -135,7 +139,7 @@ set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audi
set(FORWARD_PROT_MSG OFF CACHE BOOL "Whether to forward all PSA RoT messages to a Secure Enclave")
set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
-set(TFM_FWU_BOOTLOADER_LIB ${CMAKE_SOURCE_DIR}/secure_fw/partitions/firmware_update/bootloader/mcuboot/mcuboot_utilities.cmake CACHE FILEPATH "Bootloader configure file for Firmware Update partition")
+set(TFM_FWU_BOOTLOADER_LIB "mcuboot" CACHE STRING "Bootloader configure file for Firmware Update partition")
################################## Tests #######################################
@@ -156,25 +160,28 @@ set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test SHA-51
set(TFM_FWU_TEST_REQUEST_REBOOT OFF CACHE BOOL "Test psa_fwu_request_reboot")
set(TFM_FWU_TEST_WRITE_WITH_NULL OFF CACHE BOOL "Test psa_fwu_write with data block NULL")
set(TFM_FWU_TEST_QUERY_WITH_NULL OFF CACHE BOOL "Test psa_fwu_query with info NULL")
+set(TFM_FWU_TEST_SECURE OFF CACHE BOOL "Enable the secure firmware update tests")
+
+set(ATTEST_TEST_GET_PUBLIC_KEY OFF CACHE BOOL "Require to retrieve Initial Attestation public in runtime for test purpose")
################################## Dependencies ################################
set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
-set(MBEDCRYPTO_VERSION "mbedtls-2.25.0" CACHE STRING "The version of Mbed Crypto to use")
+set(MBEDCRYPTO_VERSION "mbedtls-2.26.0" CACHE STRING "The version of Mbed Crypto to use")
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MBEDCRYPTO_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING "Build type of Mbed Crypto library")
set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h" CACHE PATH "Config to use for Mbed Crypto")
set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH "" CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
set(TFM_TEST_REPO_PATH "DOWNLOAD" CACHE PATH "Path to TFM-TEST repo (or DOWNLOAD to fetch automatically")
-set(TFM_TEST_REPO_VERSION "d2c78e7" CACHE STRING "The version of tf-m-tests to use")
+set(TFM_TEST_REPO_VERSION "e212bcc7" CACHE STRING "The version of tf-m-tests to use")
set(CMSIS_5_PATH "DOWNLOAD" CACHE PATH "Path to CMSIS_5 (or DOWNLOAD to fetch automatically")
set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
-set(MCUBOOT_VERSION "v1.7.2" CACHE STRING "The version of MCUboot to use")
+set(MCUBOOT_VERSION "fbeef9b" CACHE STRING "The version of MCUboot to use")
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
-set(PSA_ARCH_TESTS_VERSION "b0635d9" CACHE STRING "The version of PSA arch tests to use")
+set(PSA_ARCH_TESTS_VERSION "02d145d" CACHE STRING "The version of PSA arch tests to use")
################################################################################
################################################################################
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 54c37bc97..16f9c226a 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -15,6 +15,8 @@ set(ITS_BUF_SIZE 32 CACHE STRING "Size of the
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
+
set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
################################## Tests #######################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index f87e71329..ab71cc0fa 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -19,7 +19,14 @@ set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Prot
set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(CRYPTO_ASYMMETRIC_MODULE_DISABLED TRUE CACHE BOOL "Disable PSA Crypto Asymmetric key module")
+set(CRYPTO_CONC_OPER_NUM 4 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
+# Profile Small assigns a much smller heap size for backend crypto library as
+# asymmetric cryptography is not enabled.
+# Assign 0x200 bytes for each operation and totally 0x800 byets for max 4
+# concurrent operation as set in CRYPTO_CONC_OPER_NUM above
+set(CRYPTO_ENGINE_BUF_SIZE 0x800 CACHE STRING "Heap size for the crypto backend")
+set(CRYPTO_ASYM_SIGN_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
diff --git a/docs/_static/images/tfm-contribution.png b/docs/_static/images/tfm-contribution.png
new file mode 100644
index 000000000..9fa52f95e
--- /dev/null
+++ b/docs/_static/images/tfm-contribution.png
Binary files differ
diff --git a/docs/_static/images/tfm-documentation.png b/docs/_static/images/tfm-documentation.png
new file mode 100644
index 000000000..925c52e8c
--- /dev/null
+++ b/docs/_static/images/tfm-documentation.png
Binary files differ
diff --git a/docs/_static/images/tfm-integration.png b/docs/_static/images/tfm-integration.png
new file mode 100644
index 000000000..a25f51261
--- /dev/null
+++ b/docs/_static/images/tfm-integration.png
Binary files differ
diff --git a/docs/_static/images/tfm-introduction.png b/docs/_static/images/tfm-introduction.png
new file mode 100644
index 000000000..73998eb7d
--- /dev/null
+++ b/docs/_static/images/tfm-introduction.png
Binary files differ
diff --git a/docs/_static/images/tfm-platform.png b/docs/_static/images/tfm-platform.png
new file mode 100644
index 000000000..5a5fa5f2b
--- /dev/null
+++ b/docs/_static/images/tfm-platform.png
Binary files differ
diff --git a/docs/_static/images/tfm-reference.png b/docs/_static/images/tfm-reference.png
new file mode 100644
index 000000000..b53eaa496
--- /dev/null
+++ b/docs/_static/images/tfm-reference.png
Binary files differ
diff --git a/docs/_static/images/tfm-release.png b/docs/_static/images/tfm-release.png
new file mode 100644
index 000000000..056bfac7e
--- /dev/null
+++ b/docs/_static/images/tfm-release.png
Binary files differ
diff --git a/docs/_static/images/tfm.png b/docs/_static/images/tfm.png
index 3a8cabf77..b4454c8f6 100644
--- a/docs/_static/images/tfm.png
+++ b/docs/_static/images/tfm.png
Binary files differ
diff --git a/docs/getting_started/index.rst b/docs/getting_started/index.rst
index c6d8d3497..2952f19cb 100644
--- a/docs/getting_started/index.rst
+++ b/docs/getting_started/index.rst
@@ -9,7 +9,6 @@ Getting Started Guides
tfm_build_instruction
tfm_build_instruction_iar
tfm_user_guide
- /tools/index
--------------
diff --git a/docs/getting_started/tfm_build_instruction.rst b/docs/getting_started/tfm_build_instruction.rst
index 403fccd50..f64528a89 100644
--- a/docs/getting_started/tfm_build_instruction.rst
+++ b/docs/getting_started/tfm_build_instruction.rst
@@ -262,7 +262,7 @@ Example: building TF-M for AN521 platform using GCC:
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -272,7 +272,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake
make install
.. Note::
@@ -292,7 +292,7 @@ specify in the command line
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DTEST_S=ON -DTEST_NS=ON
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DTEST_S=ON -DTEST_NS=ON
cmake --build cmake_build -- install
Regression Tests for the AN521 target platform
@@ -306,7 +306,7 @@ features are enabled.
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTEST_S=ON -DTEST_NS=ON
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_S=ON -DTEST_NS=ON
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -316,7 +316,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTEST_S=ON -DTEST_NS=ON
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_S=ON -DTEST_NS=ON
make install
Build for PSA Functional API compliance tests
@@ -342,7 +342,7 @@ tests for the Crypto service:
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTEST_PSA_API=CRYPTO
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=CRYPTO
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -352,7 +352,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTEST_PSA_API=CRYPTO
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=CRYPTO
make install
Build for PSA FF (IPC) compliance tests
@@ -368,7 +368,7 @@ compliance test. This support is controlled by the TEST_PSA_API variable:
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -378,7 +378,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
make install
Location of build artifacts
@@ -419,7 +419,7 @@ Building the Reference Manual
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_doc -DTFM_PLATFORM=mps2/an521
+ cmake -S . -B cmake_doc -DTFM_PLATFORM=arm/mps2/an521
cmake --build cmake_doc -- tfm_docs_refman_html tfm_docs_refman_pdf
The documentation files will be available under the directory::
@@ -431,7 +431,7 @@ Building the User Guide
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_doc -DTFM_PLATFORM=mps2/an521
+ cmake -S . -B cmake_doc -DTFM_PLATFORM=arm/mps2/an521
cmake --build cmake_doc -- tfm_docs_userguide_html tfm_docs_userguide_pdf
The documentation files will be available under the directory::
@@ -553,7 +553,7 @@ With new cmake syntax
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DMBEDCRYPTO_PATH=<Mbed Crypto base folder>/mbedtls
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DMBEDCRYPTO_PATH=<Mbed Crypto base folder>/mbedtls
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -563,7 +563,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DMBEDCRYPTO_PATH=<Mbed Crypto base folder>/mbedtls
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DMBEDCRYPTO_PATH=<Mbed Crypto base folder>/mbedtls
make install
--------------
diff --git a/docs/getting_started/tfm_build_instruction_iar.rst b/docs/getting_started/tfm_build_instruction_iar.rst
index a32048836..b9e8b2de1 100644
--- a/docs/getting_started/tfm_build_instruction_iar.rst
+++ b/docs/getting_started/tfm_build_instruction_iar.rst
@@ -28,7 +28,7 @@ Example: building TF-M for AN521 platform using IAR:
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_IARARM.cmake
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_IARARM.cmake
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -38,7 +38,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_IARARM.cmake
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_IARARM.cmake
make install
Regression Tests for the AN521 target platform
@@ -47,7 +47,7 @@ Regression Tests for the AN521 target platform
.. code-block:: bash
cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_IARARM.cmake -DTEST_S=ON -DTEST_NS=ON
+ cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_IARARM.cmake -DTEST_S=ON -DTEST_NS=ON
cmake --build cmake_build -- install
Alternately using traditional cmake syntax
@@ -57,7 +57,7 @@ Alternately using traditional cmake syntax
cd <TF-M base folder>
mkdir cmake_build
cd cmake_build
- cmake .. -DTFM_PLATFORM=mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_IARARM.cmake -DTEST_S=ON -DTEST_NS=ON
+ cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_IARARM.cmake -DTEST_S=ON -DTEST_NS=ON
make install
*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
diff --git a/docs/getting_started/tfm_user_guide.rst b/docs/getting_started/tfm_user_guide.rst
index d2b01937c..bd9ce9111 100644
--- a/docs/getting_started/tfm_user_guide.rst
+++ b/docs/getting_started/tfm_user_guide.rst
@@ -224,7 +224,7 @@ Execute TF-M example and regression tests on Musca test chip boards
.. Note::
Before executing any images on Musca-B1 board, please check the
- :doc:`target platform readme </platform/ext/target/musca_b1/sse_200/readme>`
+ :doc:`target platform readme </platform/ext/target/arm/musca_b1/sse_200/readme>`
to have the correct setup.
Example application with BL2 bootloader
@@ -416,7 +416,7 @@ Example application or regression tests on Musca-B1 using the Secure Enclave
============================================================================
Follow the above procedures, but to create a unified hex please check the
-:doc:`Musca-B1 Secure Enclave readme </platform/ext/target/musca_b1/secure_enclave/readme>`.
+:doc:`Musca-B1 Secure Enclave readme </platform/ext/target/arm/musca_b1/secure_enclave/readme>`.
********************************************************
Execute TF-M example and regression tests on MPS3 boards
diff --git a/docs/index.rst b/docs/index.rst
index fed9d425e..955c28b9e 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -16,7 +16,7 @@ Trusted Firmware-M Documentation
<ul class="grid">
<li class="grid-item">
<a href="docs/introduction/readme.html">
- <img alt="" src="_static/images/tfm.png"/>
+ <img alt="" src="_static/images/tfm-introduction.png"/>
<h2>Introduction</h2>
</a>
<p>Introducing the Trusted Firmware-M Project: overview,
@@ -24,38 +24,38 @@ Trusted Firmware-M Documentation
</li>
<li class="grid-item">
<a href="docs/getting_started/index.html">
- <img alt="" src="_static/images/tfm.png"/>
- <h2>Getting Started Guides</h2>
+ <img alt="" src="_static/images/tfm-documentation.png"/>
+ <h2>Getting Started</h2>
</a>
<p>Follow this guide to set up a development environment on your
system, and then build and run a sample application.</p>
</li>
<li class="grid-item">
<a href="platform/ext/index.html">
- <img alt="" src="_static/images/tfm.png"/>
+ <img alt="" src="_static/images/tfm-platform.png"/>
<h2>Supported Platforms</h2>
</a>
<p>List of supported boards and platforms.</p>
</li>
<li class="grid-item">
<a href="docs/contributing/index.html">
- <img alt="" src="_static/images/tfm.png"/>
- <h2>Contribution Guidelines</h2>
+ <img alt="" src="_static/images/tfm-contribution.png"/>
+ <h2>Contribution</h2>
</a>
<p>As an open-source project, we welcome and encourage the community
to submit patches directly to the project.</p>
</li>
<li class="grid-item">
<a href="docs/integration_guide/index.html">
- <img alt="" src="_static/images/tfm.png"/>
- <h2>Integration Guidelines</h2>
+ <img alt="" src="_static/images/tfm-integration.png"/>
+ <h2>Integration</h2>
</a>
<p>Guidelines for integration with TF-M.</p>
</li>
<li class="grid-item">
<a href="docs/technical_references/index.html">
- <img alt="" src="_static/images/tfm.png"/>
- <h2>Technical References</h2>
+ <img alt="" src="_static/images/tfm-reference.png"/>
+ <h2>References</h2>
</a>
<p>Design documents.</p>
</li>
@@ -69,7 +69,7 @@ Trusted Firmware-M Documentation
</li>
<li class="grid-item">
<a href="docs/releases/index.html">
- <img alt="" src="_static/images/tfm.png"/>
+ <img alt="" src="_static/images/tfm-release.png"/>
<h2>Releases</h2>
</a>
<p>Release notes.</p>
diff --git a/docs/integration_guide/SQUAD_Dashboard.rst b/docs/integration_guide/SQUAD_Dashboard.rst
new file mode 100644
index 000000000..5022ed6fc
--- /dev/null
+++ b/docs/integration_guide/SQUAD_Dashboard.rst
@@ -0,0 +1,113 @@
+#######################
+SQUAD metrics dashboard
+#######################
+
+:Authors: Hugo L'Hostis
+:Organization: Arm Limited
+:Contact: hugo.lhostis@arm.com
+
+******************
+SQUAD Presentation
+******************
+
+Software Quality Dashboard (SQUAD) is a tool used by Trusted Firmware-M (TF-M)
+to keep track of some metrics for the project. It is a Linaro project (see here
+a link to the `SQUAD Documentation`_).
+
+For TF-M the purpose of having such a tool available is to have a history on
+some metrics of the project for different configurations of TF-M.
+
+The TF-M SQUAD is available here : `TFM's SQUAD`_. There are several
+configurations and metrics that can be selected, here is a link with some of
+them already selected :
+`SQUAD parametered for Default, profileS and MinsizeProfileS`_.
+
+**************************
+Metrics and configurations
+**************************
+
+The metrics sent to the dashboard are currently the memory footprint
+measurements from the TFM project calculated by the arm-none-eabi-size
+function for the 2 files bl2.axf and tfm_s.axf :
+
+ - Text section size.
+ - bss section size.
+ - data total size.
+ - Total file size.
+
+Each metric sent to the dashboard can be compared for different configurations
+used. The configurations available currently are the following :
+
+ - Default
+ - CoreIPC
+ - CoreIPCTfmLevel2
+ - DefaultProfileS
+ - DefaultProfileM
+ - DefaultProfileL
+ - MinSizeProfileS (DefaultProfileS with MinsizeRel Cmake type)
+
+For all of the configurations, tests are disabled and the release build type is
+used. For more details about the configurations and how the rest of the options
+are set for each of them, see
+:ref:`Build instructions </docs/getting_started/tfm_build_instruction:Migration from legacy buildsystem>`.
+More configurations and metrics could be added to the dashboard in the future.
+
+For each metric sent to the SQUAD dashboard, the metric must be linked with the
+state of the TF-M repository at the time of the build. On the dashboard this is
+visible from a string of numbers in the abscissa of the graphs displayed in
+SQUAD. This is the change ID of the latest commit used for the build. This
+means that in the case of 2 consecutive days with no new commit for TF-M, no
+new data points will be created.
+
+**************
+CI integration
+**************
+
+The data is currently sent by the `TFM CI's nightly build`_.
+
+The parameter "SQUAD_CONFIGURATIONS" of the CI build is what will trigger the
+configurations sent to the SQUAD dashboard. It should be set to the
+configurations's names separated by a comma, example :
+
+``SQUAD_CONFIGURATIONS = Default,DefaultProfileS``
+
+In this case, the 2 configurations Default and DefaultProfileS will be enabled
+and the data for those (and only those 2) will be sent to the dashboard.
+This is case insensitive and will ignore any space between the configurations.
+All the files manipulating the data and sending the data is available in the
+`tf-m-ci-scripts repo`_.
+
+The script `memory_footprint.py`_ is launched by the CI nightly build, it
+gathers and sends the data.
+
+*********************
+Adding a new platform
+*********************
+
+Currently, all the data sent is from AN521 builds. To add a new platform to the
+dashboard :
+
+1. If the new platform is not already tested by the CI nightly build, it needs
+to be added.
+
+2. The ``memory_footprint.py`` file in the `tf-m-ci-scripts repo`_ has to be
+modified to recognise the new platform.
+
+3. If ``memory_footprint.py`` detects the new platform with a reference
+configuration, it should send a new metric with a different name to the
+existing ones containing the platform's name.
+
+The data will then be accessible by selecting the correct metrics on the
+dashboard.
+
+
+.. _SQUAD Documentation: https://squad.readthedocs.io/en/latest/index.html
+.. _TFM's SQUAD: https://qa-reports.linaro.org/tf/tf-m/metrics/
+.. _SQUAD parametered for Default, profileS and MinsizeProfileS: https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=Default&environment=DefaultProfileS&environment=MinSizeProfileS&metric=tfms_size&metric=tfms_data&metric=tfms_bss&metric=bl2_size&metric=bl2_data&metric=bl2_bss&range_tfms_size=0,100&range_tfms_data=0,100&range_tfms_bss=0,100&range_bl2_size=0,100&range_bl2_data=0,100&range_bl2_bss=0,100
+.. _TFM CI's nightly build: https://ci.trustedfirmware.org/view/TF-M/job/tf-m-nightly/
+.. _tf-m-ci-scripts repo: https://review.trustedfirmware.org/admin/repos/ci/tf-m-ci-scripts
+.. _memory_footprint.py: https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git/tree/memory_footprint.py?h=refs/heads/master
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/integration_guide/services/tfm_attestation_integration_guide.rst b/docs/integration_guide/services/tfm_attestation_integration_guide.rst
index 2c43ea7bd..dfbcfe7d5 100644
--- a/docs/integration_guide/services/tfm_attestation_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_attestation_integration_guide.rst
@@ -237,12 +237,6 @@ interface:
psa_initial_attest_get_token_size(size_t challenge_size,
size_t *token_size);
- psa_status_t
- tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type);
-
The caller must allocate a large enough buffer, where the token is going to be
created by Initial Attestation Service. The size of the created token is highly
dependent on the number of software components in the system and the provided
@@ -582,10 +576,6 @@ does not need to operate such a service.
+=========================+=========================================+=========================================+
| Authentication mode | HMAC over SHA256 | ECDSA P256 over SHA256 |
+-------------------------+-----------------------------------------+-----------------------------------------+
-| Supported APIs | - psa_initial_attest_get_token(..) | - psa_initial_attest_get_token(..) |
-| | - psa_initial_attest_get_token_size(..) | - psa_initial_attest_get_token_size(..) |
-| | | - tfm_initial_attest_get_public_key(..) |
-+-------------------------+-----------------------------------------+-----------------------------------------+
| Crypto key type in HW | Symmetric key | ECDSA private key (secp256r1) |
+-------------------------+-----------------------------------------+-----------------------------------------+
| Secrets are stored | Device and database | Device only |
@@ -603,13 +593,15 @@ does not need to operate such a service.
************
Verification
************
+
+Regression test
+===============
+
The initial attestation token is verified by the attestation test suite in
``test/suites/attestation``. The test suite is responsible for verifying the
token signature and parsing the token to verify its encoding and the presence of
the mandatory claims. This test suite can be executed on the device. It is part
-of the regression test suite. When the user builds TF-M with any of the
-``ConfigRegression*.cmake`` configurations then this test is executed
-automatically. The test suite is configurable in the
+of the regression test suite. The test suite is configurable in the
``test/suites/attestation/attest_token_test_values.h`` header file. In this file
there are two attributes for each claim which are configurable (more details
in the header file):
@@ -618,6 +610,23 @@ in the header file):
- Expected value: Value check can be disabled or expected value can be provided
here.
+For asymmetric initial attestation test, the **dummy** initial attestation
+public key is hard-coded in ``tfm_initial_attest_pub_key.c``, which is exported
+and built with initial attestation regresstion test when tests are enabled.
+Initial attestation regression test verifies the IAT generated by initial
+attestation service with the exported public key.
+
+Some develep boards are provisioned in runtime with a random initial attestation
+key pair, whose public key is unknown to regression test. Select test flag
+``ATTEST_TEST_GET_PUBLIC_KEY`` to enable a specific test secure partition to
+retrieve initial attestation public key for initial attestation test in runtime.
+``ATTEST_TEST_GET_PUBLIC_KEY`` shall be selected only when the initial
+attestation public key can only be retrieved in runtime.
+By default, ``ATTEST_TEST_GET_PUBLIC_KEY`` is ``OFF``.
+
+iat-verifier
+============
+
There is another possibility to verify the attestation token. This addresses
the off-device testing when the token is already retrieved from the device and
verification is done on the requester side. There is a Python script for this
@@ -668,4 +677,4 @@ that user has license for DS-5 and FVP models:
--------------
-*Copyright (c) 2018-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2018-2021, Arm Limited. All rights reserved.*
diff --git a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
index 2c0509b3f..9b8ed3d4c 100644
--- a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
@@ -67,12 +67,14 @@ Integration Guide
*****************
- Non-secure mailbox interface must be provided.
- Shared memory must be configured:
+
- If Secure Enclave can access TF-M's BSS section it is enough to set the
area's size by the ``SHARED_BUFFER_SIZE`` macro.
- If a special memory region must be used as the shared memory the
``PSA_PROXY_SHARED_MEMORY_BASE`` and ``PSA_PROXY_SHARED_MEMORY_SIZE``
macros must be set. (Not just for compilation but for linking as well,
becuase these macros used in the linker script/scatter file too.)
+
- If memories are mapped to different addresses for Host and Secure Enclave
address translation can be turned on by setting
``PSA_PROXY_ADDR_TRANSLATION`` macro and implementing the interface defined
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst
index 9343aab2d..27dc7dab0 100644
--- a/docs/integration_guide/services/tfm_secure_partition_addition.rst
+++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst
@@ -200,6 +200,25 @@ Here is the RoT Service ID table used in TF-M.
tfm_ps_test_service 0x0000F 0x0C0-0x0DF
=========================== ====================== ========================
+RoT Service Stateless Handle Distribution
+-----------------------------------------
+A RoT Service may include stateless services. They are distinguished and
+referenced by stateless handles. In manifest, a ``stateless_handle`` attribute
+is set for indexing stateless services. The valid range is [1, 32] in current
+implementation and may extend.
+
+Here is the stateless handle allocation for partitions in TF-M. Partitions not
+listed are not applied to stateless mechanism yet.
+
+.. table:: Stateless Handle table
+ :widths: auto
+
+ =============================== =======================
+ **Partition name** **Stateless Handle**
+ =============================== =======================
+ TFM_SP_CRYPTO 1
+ =============================== =======================
+
mmio_regions
------------
This attribute is a list of MMIO region objects which the Secure Partition
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst
index e246ad043..a68dbc9db 100644
--- a/docs/releases/1.3.0.rst
+++ b/docs/releases/1.3.0.rst
@@ -48,7 +48,7 @@ New platforms supported
- Secure Enclave system:
- - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>`
+ - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/arm/musca_b1/secure_enclave/readme>`
Deprecated platforms
====================
diff --git a/docs/releases/index.rst b/docs/releases/index.rst
index 125888537..baed156b9 100644
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@@ -30,6 +30,23 @@ Releases
| :doc:`v1.3.0 </docs/releases/1.3.0>` | 2021-04-07 | 1.3.0 release | b0635d9 |
+--------------------------------------+--------------+--------------------+-------------------+
+Future release plans
+====================
+
+The dates below are tentative and subject to change.
+
++--------------------------------------+--------------+--------------------+
+| Version | Date | Description |
++======================================+==============+====================+
+| v1.4.0 | 2021-07-16 | Code freeze |
+| | | |
+| | 2021-07-30 | Release |
++--------------------------------------+--------------+--------------------+
+| v1.5.0 | 2021-11-12 | Code freeze |
+| | | |
+| | 2021-11-26 | Release |
++--------------------------------------+--------------+--------------------+
+
Please refer to
:ref:`docs/releases/release_process:Release Cadence and Process` for
interpreting version numbers.
diff --git a/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst b/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
new file mode 100644
index 000000000..a450de36f
--- /dev/null
+++ b/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
@@ -0,0 +1,209 @@
+Advisory TFMV-3
+===============
+
++-----------------+------------------------------------------------------------+
+| Title | ``abort()`` function may not take effect in TF-M Crypto |
+| | multi-part MAC/hashing/cipher operations. |
++=================+============================================================+
+| CVE ID | CVE-2021-32032 |
++-----------------+------------------------------------------------------------+
+| Public | May 10, 2021 |
+| Disclosure Date | |
++-----------------+------------------------------------------------------------+
+| Versions | Affected all versions up to and including TF-M v1.3.0 |
+| Affected | |
++-----------------+------------------------------------------------------------+
+| Configurations | All |
++-----------------+------------------------------------------------------------+
+| Impact | It can cause memory leakage in TF-M Crypto service, |
+| | eventually making TF-M Crypto service unavailable and |
+| | impacting other services relied on it. |
++-----------------+------------------------------------------------------------+
+| Fix Version | commit `7e2e52`_ |
++-----------------+------------------------------------------------------------+
+| Credit | | Chongqing Lei, Southeast University |
+| | | Zhen Ling, Associate Professor, Southeast University |
+| | | Xinwen Fu, Professor, University of Massachusetts Lowell |
++-----------------+------------------------------------------------------------+
+
+Background
+----------
+
+PSA multi-part crypto operation sequence
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PSA Crypto API specification defines a common sequence for all multi-part crypto
+operations. The sequence can be simplified to the following steps:
+
+- ``setup()`` sets up the multi-part operation.
+- ``update()`` adds data/configurations into the multi-part operation.
+- ``finish()`` completes the multi-part operation.
+
+PSA Crypto API specification requests that the corresponding ``abort()``
+function shall be called when ``update()`` or ``finish()`` function fails.
+The ``abort()`` function aborts the ongoing multi-part operation and cleans up
+the operation context.
+
+TF-M multi-part crypto operation functions eventually call the underlying crypto
+library (Mbed TLS by default) to perform those steps, including ``abort()``
+step.
+
+PSA multi-part crypto operation objects
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+PSA Crypto API specification defines an operation object for each type of
+multi-part crypto operations. For example, ``psa_mac_operation_t`` for
+multi-part MAC operations and ``psa_hash_operation_t`` for multi-part hashing
+operations.
+
+TF-M Crypto service relies on the underlying crypto library (Mbed TLS by
+default) to implement those objects. The structures of those objects are crypto
+library specific and hidden to TF-M. The underlying crypto library usually
+stores and manages the context of ongoing multi-part crypto operations in the
+corresponding PSA operation object. For example, Mbed TLS stores multi-part
+hashing operation context in its ``psa_hash_operation_t`` implementation.
+
+The context is cleaned up in crypto library ``abort()`` function when the client
+calls ``abort()`` to handle a previous error. The clean-up execution can include
+zeroing the memory area and freeing allocated memory.
+
+TF-M multi-part crypto operation objects
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+TF-M Crypto service defines a dedicated operation structure
+``tfm_crypto_operation_s`` to wrap PSA multi-part crypto operation object and
+maintains its own status, as shown in the code block below.
+
+.. code-block:: c
+
+ struct tfm_crypto_operation_s {
+
+ ...
+
+ union {
+ psa_cipher_operation_t cipher; /*!< Cipher operation context */
+ psa_mac_operation_t mac; /*!< MAC operation context */
+ psa_hash_operation_t hash; /*!< Hash operation context */
+ psa_key_derivation_operation_t key_deriv; /*!< Key derivation operation context */
+ } operation;
+ };
+
+TF-M Crypto service assigns a ``tfm_crypto_operation_s`` object for each
+multi-part crypto operation sequence during ``setup()`` step. The
+``tfm_crypto_operation_s`` object content will be cleaned after the sequence
+completes or fails.
+
+Impact
+------
+
+During multi-part hashing/MAC/cipher operations, if the underlying crypto
+library function returns an error code, TF-M ``update()`` and ``finish()``
+functions will immediately clean up the structure ``tfm_crypto_operation_s``
+content and exit.
+
+When ``tfm_crypto_operation_s`` content is cleaned in TF-M ``update()`` and
+``finish()`` functions, the content in PSA multi-part crypto operation object
+inside ``tfm_crypto_operation_s`` is also cleaned. If the underlying crypto
+library stores operation context in the PSA operation object, the operation
+context is lost before clients call ``abort()`` to handle the error.
+
+Therefore, the underlying crypto library ``abort()`` function can be unable to
+perform normal abort operation if it cannot fetch the context or its content.
+In other words, the underlying crypto library ``abort()`` may not work normally
+or take effect.
+
+In theory when the case analyzed above occurs:
+
+- If the underlying crypto library dynamically allocates some memory regions
+ during multi-part operation and stores those memory region pointers in the PSA
+ multi-part operation object, the underlying crypto library will be unable to
+ locate and free those allocated memory regions in ``abort()``.
+ It will cause memory leakage in TF-M Crypto service. It may further make TF-M
+ Crypto service unavailable and affect other services relying on TF-M Crypto
+ service.
+
+- The underlying crypto library ``abort()`` may still consider the field values
+ in the context as valid. ``abort()`` may perform unexpected behaviors or
+ access invalid memory regions. It may trigger further faults and block TF-M
+ Crypto service or even the whole system.
+
+.. note::
+
+ The actual consequences depend on the implementation of the multi-part
+ operations in the underlying crypto library.
+
+Impacted PSA Crypto API functions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The following PSA multi-part crypto operation functions are impacted:
+
+- Multi-part hashing operations
+
+ - ``psa_hash_update()``
+ - ``psa_hash_finish()``
+ - ``psa_hash_verify()``
+ - ``psa_hash_clone()``
+
+- Multi-part MAC operations
+
+ - ``psa_mac_update()``
+ - ``psa_mac_sign_finish()``
+ - ``psa_mac_verify_finish()``
+
+- Multi-part cipher operations
+
+ - ``psa_cipher_generate_iv()``
+ - ``psa_cipher_set_iv()``
+ - ``psa_cipher_update()``
+ - ``psa_cipher_finish()``
+
+Justifications on unaffected multi-part operations
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+TF-M multi-part AEAD operations and multi-part key derivation operations are not
+impacted by this issue.
+
+TF-M Crypto service has not implemented multi-part AEAD operations. TF-M
+multi-part AEAD functions directly return an error of unsupported operations.
+
+In TF-M key derivation implementation, the ``psa_key_derivation_operation_t``
+object is only cleaned in the ``abort()`` function after the underlying crypto
+library completes abort.
+
+Mitigation
+----------
+
+The clean-up operation shall be removed from error handling routines in the
+following TF-M Crypto functions:
+
+- Multi-part hashing operations
+
+ - ``tfm_crypto_hash_update()``
+ - ``tfm_crypto_hash_finish()``
+ - ``tfm_crypto_hash_verify()``
+ - ``tfm_crypto_hash_clone()``
+
+- Multi-part MAC operations
+
+ - ``tfm_crypto_mac_update()``
+ - ``tfm_crypto_mac_sign_finish()``
+ - ``tfm_crypto_mac_verify_finish()``
+
+- Multi-part cipher operations
+
+ - ``tfm_crypto_cipher_generate_iv()``
+ - ``tfm_crypto_cipher_set_iv()``
+ - ``tfm_crypto_cipher_update()``
+ - ``tfm_crypto_cipher_finish()``
+
+.. note::
+
+ This mitigation assumes that client follows the sequence specified in PSA
+ Crypto API specification to call ``abort()`` when an error occurs during
+ multi-part crypto operations.
+
+.. _7e2e52: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9
+
+---------------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/security/security_advisories/index.rst b/docs/security/security_advisories/index.rst
index 85119084e..5f03f31cf 100644
--- a/docs/security/security_advisories/index.rst
+++ b/docs/security/security_advisories/index.rst
@@ -5,7 +5,9 @@ Security Advisories
:maxdepth: 1
:glob:
- *
+ stack_seal_vulnerability
+ svc_caller_sp_fetching_vulnerability
+ crypto_multi_part_ops_abort_fail
--------------
diff --git a/docs/security/threat_models/generic_threat_model.rst b/docs/security/threat_models/generic_threat_model.rst
index 5659c243e..63569512f 100644
--- a/docs/security/threat_models/generic_threat_model.rst
+++ b/docs/security/threat_models/generic_threat_model.rst
@@ -6,8 +6,8 @@ Trusted Firmware-M Generic Threat Model
Introduction
************
-This document introduces a generic thread model of Trusted Firmware-M (TF-M).
-This generic thread model provides an overall analysis of TF-M implementation
+This document introduces a generic threat model of Trusted Firmware-M (TF-M).
+This generic threat model provides an overall analysis of TF-M implementation
and identifies general threats and mitigation.
.. note::
@@ -28,7 +28,7 @@ Root of Trust (RoT) service. Those RoT services belong to diverse RoT
each RoT service may require a dedicated threat model.
The analysis on specific models, topologies or RoT services may be covered in
-dedicated thread model documents. Those threat models are out of the scope of
+dedicated threat model documents. Those threat models are out of the scope of
this document.
Methodology
@@ -69,7 +69,7 @@ The TOE in this general model is the SPE, including TF-M and other components
running in SPE.
The TOE can vary in different TF-M models, RoT services and usage scenarios.
-Refer to dedicated thread models for the specific TOE definitions.
+Refer to dedicated threat models for the specific TOE definitions.
********************
Asset identification
@@ -113,7 +113,7 @@ The Trust Boundary isolates SPE from NSPE, according to the TOE definition in
in the figure below. Other modules inside SPE stay in the same TOE as TF-M does.
Valid Data flows across the Trust Boundary are also shown in the figure below.
-This thread model only focuses on the data flows related to TF-M.
+This threat model only focuses on the data flows related to TF-M.
.. figure:: overall-DFD.png
diff --git a/docs/technical_references/code_sharing.rst b/docs/technical_references/code_sharing.rst
index 45aec7e01..322d7eddc 100644
--- a/docs/technical_references/code_sharing.rst
+++ b/docs/technical_references/code_sharing.rst
@@ -5,7 +5,6 @@ Code sharing between independently linked XIP binaries
:Authors: Tamas Ban
:Organization: Arm Limited
:Contact: tamas.ban@arm.com
-:Status: Draft
**********
Motivation
diff --git a/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst b/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
index 2bb3762ae..1ab1413d3 100644
--- a/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
+++ b/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
@@ -424,8 +424,7 @@ TF-M PendSV handler calls this function to handle NSPE PSA client call request.
void tfm_rpc_client_call_handler(void);
-Usage
-~~~~~
+**Usage**
``tfm_rpc_client_call_handler()`` invokes callback function ``handle_req()`` to
execute specific mailbox handling.
@@ -442,8 +441,7 @@ result to NSPE.
void tfm_rpc_client_call_reply(const void *owner, int32_t ret);
-Parameters
-~~~~~~~~~~
+**Parameters**
+-----------+--------------------------------------------------------------+
| ``owner`` | A handle to identify the owner of the PSA client call return |
@@ -452,8 +450,7 @@ Parameters
| ``ret`` | PSA client call return result value. |
+-----------+--------------------------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_client_call_reply()`` invokes callback function ``reply()`` to execute
specific mailbox reply.
@@ -470,8 +467,7 @@ the caller after PSA client call is completed.
void tfm_rpc_set_caller_data(struct tfm_msg_body_t *msg, int32_t client_id);
-Parameters
-~~~~~~~~~~
+**Parameters**
+---------------+-----------------------------------------------------+
| ``msg`` | TF-M message to be set with NS caller private data. |
@@ -479,8 +475,7 @@ Parameters
| ``client_id`` | The client ID of the NS caller. |
+---------------+-----------------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_set_caller_data()`` invokes callback function ``get_caller_data()`` to
fetch the private data of caller of PSA client call and set it into TF-M message
@@ -530,15 +525,13 @@ This function registers underlying mailbox operations into TF-M RPC callbacks.
int32_t tfm_rpc_register_ops(const struct tfm_rpc_ops_t *ops_ptr);
-Parameters
-~~~~~~~~~~
+**Parameters**
+-------------+----------------------------------------------+
| ``ops_ptr`` | Pointer to the specific operation structure. |
+-------------+----------------------------------------------+
-Return
-~~~~~~
+**Return**
+----------------------+-----------------------------------------+
| ``TFM_RPC_SUCCESS`` | Operations are successfully registered. |
@@ -546,8 +539,7 @@ Return
| ``Other error code`` | Fail to register operations. |
+----------------------+-----------------------------------------+
-Usage
-~~~~~
+**Usage**
Mailbox should register TF-M RPC callbacks during mailbox initialization, before
enabling secure services for NSPE.
@@ -564,8 +556,7 @@ This function unregisters underlying mailbox operations from TF-M RPC callbacks.
void tfm_rpc_unregister_ops(void);
-Usage
-~~~~~
+**Usage**
Currently one and only one underlying mailbox communication implementation is
allowed in runtime.
@@ -579,16 +570,14 @@ TF-M RPC handler for psa_framework_version().
uint32_t tfm_rpc_psa_framework_version(void);
-Return
-~~~~~~
+**Return**
+-------------+---------------------------------------------------------+
| ``version`` | The version of the PSA Framework implementation that is |
| | providing the runtime services. |
+-------------+---------------------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_psa_framework_version()`` invokes common ``psa_framework_version()``
handler in TF-M.
@@ -603,8 +592,7 @@ TF-M RPC handler for psa_version().
uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params,
bool ns_caller);
-Parameters
-~~~~~~~~~~
+**Parameters**
+---------------+-----------------------------------+
| ``params`` | Base address of parameters. |
@@ -612,8 +600,7 @@ Parameters
| ``ns_caller`` | Whether the caller is non-secure. |
+---------------+-----------------------------------+
-Return
-~~~~~~
+**Return**
+----------------------+------------------------------------------------------+
| ``PSA_VERSION_NONE`` | The RoT Service is not implemented, or the caller is |
@@ -622,8 +609,7 @@ Return
| ``> 0`` | The minor version of the implemented RoT Service. |
+----------------------+------------------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_psa_version()`` invokes common ``psa_version()`` handler in TF-M.
The parameters in params should be prepared before calling
@@ -639,8 +625,7 @@ TF-M RPC handler for ``psa_connect()``.
psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params,
bool ns_caller);
-Parameters
-~~~~~~~~~~
+**Parameters**
+---------------+-----------------------------------+
| ``params`` | Base address of parameters. |
@@ -648,8 +633,7 @@ Parameters
| ``ns_caller`` | Whether the caller is non-secure. |
+---------------+-----------------------------------+
-Return
-~~~~~~
+**Return**
+-------------------------+---------------------------------------------------+
| ``PSA_SUCCESS`` | Success. |
@@ -661,8 +645,7 @@ Return
| | service. |
+-------------------------+---------------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_psa_connect()`` invokes common ``psa_connect()`` handler in TF-M.
The parameters in params should be prepared before calling
@@ -678,8 +661,7 @@ TF-M RPC handler for ``psa_call()``.
psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params,
bool ns_caller);
-Parameters
-~~~~~~~~~~
+**Parameters**
+---------------+-----------------------------------+
| ``params`` | Base address of parameters. |
@@ -687,8 +669,7 @@ Parameters
| ``ns_caller`` | Whether the caller is non-secure. |
+---------------+-----------------------------------+
-Return
-~~~~~~
+**Return**
+---------------------+---------------------------------------------+
| ``PSA_SUCCESS`` | Success. |
@@ -696,8 +677,7 @@ Return
| ``Does not return`` | The call is invalid, or invalid parameters. |
+---------------------+---------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_psa_call()`` invokes common ``psa_call()`` handler in TF-M.
The parameters in params should be prepared before calling
@@ -713,8 +693,7 @@ TF-M RPC ``psa_close()`` handler
void tfm_rpc_psa_close(const struct client_call_params_t *params,
bool ns_caller);
-Parameters
-~~~~~~~~~~
+**Parameters**
+---------------+-----------------------------------+
| ``params`` | Base address of parameters. |
@@ -722,8 +701,7 @@ Parameters
| ``ns_caller`` | Whether the caller is non-secure. |
+---------------+-----------------------------------+
-Return
-~~~~~~
+**Return**
+---------------------+---------------------------------------------+
| ``void`` | Success. |
@@ -731,8 +709,7 @@ Return
| ``Does not return`` | The call is invalid, or invalid parameters. |
+---------------------+---------------------------------------------+
-Usage
-~~~~~
+**Usage**
``tfm_rpc_psa_close()`` invokes common ``psa_close()`` handler in TF-M.
The parameters in params should be prepared before calling
diff --git a/docs/technical_references/index.rst b/docs/technical_references/index.rst
index bd7c57203..b98df2338 100644
--- a/docs/technical_references/index.rst
+++ b/docs/technical_references/index.rst
@@ -8,8 +8,9 @@ Technical References
:numbered:
*/index
+ /tools/index
*
--------------
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/profiles/tfm_profile_large.rst b/docs/technical_references/profiles/tfm_profile_large.rst
index 2e0bc76de..89edd2978 100644
--- a/docs/technical_references/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/profiles/tfm_profile_large.rst
@@ -407,7 +407,7 @@ build type **MinSizeRel**, built by **Armclang**.
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_large \
-DCMAKE_BUILD_TYPE=MinSizeRel \
@@ -421,7 +421,7 @@ The following commands build Profile Large with regression test cases on
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_large \
-DCMAKE_BUILD_TYPE=MinSizeRel \
diff --git a/docs/technical_references/profiles/tfm_profile_medium.rst b/docs/technical_references/profiles/tfm_profile_medium.rst
index b1ab1c178..ae24b98db 100644
--- a/docs/technical_references/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/profiles/tfm_profile_medium.rst
@@ -33,7 +33,7 @@ TF-M Profile Medium defines the following feature set:
- Crypto
- - Support both symmetric ciphers and asymmetric ciphers
+ - Support both symmetric cryptography and asymmetric cryptography
- Asymmetric key based cipher suite suggested in TLS/DTLS profiles for
IoT [RFC7925]_ and CoAP [RFC7252]_, including
@@ -94,8 +94,9 @@ TF-M IPC model implementation follows the PSA Firmware Framework for M
Crypto service
==============
-Compared to Profile Small, Profile Medium includes asymmetric cipher to support
-direct connection to Cloud services via common protocols, such as TLS/DTLS 1.2.
+Compared to Profile Small, Profile Medium includes asymmetric cryptography to
+support direct connection to Cloud services via common protocols, such as
+TLS/DTLS 1.2.
As suggested in CoAP [RFC7252]_ and [RFC7925]_, TF-M Profile Medium by default
selects ``TLS_ECDHE_ECDSA_WITH_AES_128_CCM`` as reference, which requires:
@@ -253,6 +254,9 @@ shown below.
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_CRYPTO`` | ``ON`` | Enable Crypto service |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ | ``CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED`` | ``ON`` | Disable Crypto asymmetric |
+ | | | encryption operations |
+ +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_MBEDCRYPTO_CONFIG_PATH`` | ``${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h`` | Mbed Crypto config file path |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_INITIAL_ATTESTATION`` | ``ON`` | Enable Initial Attestation service |
@@ -292,23 +296,23 @@ Some cryptography tests are disabled due to the reduced Mbed Crypto config.
:widths: auto
:align: center
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | Configs | Default value | Descriptions |
- +============================================+=====================================================================================================+=====================================+
- | ``TFM_CRYPTO_TEST_ALG_CBC`` | ``OFF`` | Test CBC cryptography mode |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_ALG_CCM`` | ``ON`` | Test CCM cryptography mode |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_ALG_CFB`` | ``OFF`` | Test CFB cryptography mode |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_ALG_CTR`` | ``OFF`` | Test CTR cryptography mode |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_ALG_GCM`` | ``OFF`` | Test GCM cryptography mode |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_ALG_SHA_512`` | ``OFF`` | Test SHA-512 cryptography algorithm |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_HKDF`` | ``OFF`` | Test SHA-512 cryptography algorithm |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ +--------------------------------------------+---------------+--------------------------------+
+ | Configs | Default value | Descriptions |
+ +============================================+===============+================================+
+ | ``TFM_CRYPTO_TEST_ALG_CBC`` | ``OFF`` | Disable CBC mode test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ALG_CCM`` | ``ON`` | Enable CCM mode test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ALG_CFB`` | ``OFF`` | Disable CFB mode test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ALG_CTR`` | ``OFF`` | Disable CTR mode test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ALG_GCM`` | ``OFF`` | Disable GCM mode test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ALG_SHA_512`` | ``OFF`` | Disable SHA-512 algorithm test |
+ +--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_HKDF`` | ``OFF`` | Disable HKDF algorithm test |
+ +--------------------------------------------+---------------+--------------------------------+
Device configuration extension
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -323,16 +327,24 @@ Crypto service configurations
Crypto Secure Partition
^^^^^^^^^^^^^^^^^^^^^^^
-TF-M Profile Medium enables Crypto SP in top-level CMake config file and selects
-all the Crypto modules.
+TF-M Profile Medium enables Crypto SP in top-level CMake config file.
+The following PSA Crypto operationts are enabled by default.
+
+ - Hash operations
+ - Message authentication codes
+ - Symmetric ciphers
+ - AEAD operations
+ - Asymmetric key algorithm based signature and verification
+ - Key derivation
+ - Key management
Mbed Crypto configurations
^^^^^^^^^^^^^^^^^^^^^^^^^^
TF-M Profile Medium adds a dedicated Mbed Crypto config file
``tfm_mbedcrypto_config_profile_medium.h`` at
-``/lib/ext/mbedcrypto/mbedcrypto_config``
-file, instead of the common one ``tfm_mbedcrypto_config_default.h`` [CRYPTO-DESIGN]_.
+``/lib/ext/mbedcrypto/mbedcrypto_config`` folder, instead of the common one
+``tfm_mbedcrypto_config_default.h`` [CRYPTO-DESIGN]_.
Major Mbed Crypto configurations are set as listed below:
@@ -418,7 +430,7 @@ build type **MinSizeRel**, built by **Armclang**.
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_medium \
-DCMAKE_BUILD_TYPE=MinSizeRel \
@@ -432,7 +444,7 @@ The following commands build Profile Medium with regression test cases on
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_medium \
-DCMAKE_BUILD_TYPE=MinSizeRel \
diff --git a/docs/technical_references/profiles/tfm_profile_small.rst b/docs/technical_references/profiles/tfm_profile_small.rst
index 189b1a56a..a97a1e11e 100644
--- a/docs/technical_references/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/profiles/tfm_profile_small.rst
@@ -381,7 +381,9 @@ shown below.
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_MBEDCRYPTO_CONFIG_PATH`` | ``${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h`` | Mbed Crypto config file path |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``CRYPTO_ASYMMETRIC_MODULE_DISABLED`` | ``ON`` | Disable asymmetric crypto |
+ | ``CRYPTO_ASYM_SIGN_MODULE_DISABLED`` | ``ON`` | Disable asymmetric signature |
+ +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ | ``CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED`` | ``ON`` | Disable asymmetric encryption |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_INITIAL_ATTESTATION`` | ``ON`` | Enable Initial Attestation service |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
@@ -582,7 +584,7 @@ build type **MinSizeRel**, built by **Armclang**.
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_small \
-DCMAKE_BUILD_TYPE=MinSizeRel \
@@ -596,7 +598,7 @@ with build type **MinSizeRel**, built by **Armclang**.
cd <TFM root dir>
mkdir build && cd build
- cmake -DTFM_PLATFORM=mps2/an521 \
+ cmake -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake \
-DTFM_PROFILE=profile_small \
-DCMAKE_BUILD_TYPE=MinSizeRel \
diff --git a/docs/technical_references/secure_enclave_solution.rst b/docs/technical_references/secure_enclave_solution.rst
index ce665ac22..1f4ecc629 100644
--- a/docs/technical_references/secure_enclave_solution.rst
+++ b/docs/technical_references/secure_enclave_solution.rst
@@ -5,7 +5,6 @@ Secure Enclave solution for Trusted Firmware-M
:Author: Mark Horvath
:Organization: Arm Limited
:Contact: Mark Horvath <mark.horvath@arm.com>
-:Status: Draft
********
Abstract
diff --git a/docs/technical_references/tfm_code_generation_with_jinja2.rst b/docs/technical_references/tfm_code_generation_with_jinja2.rst
index 2e730238d..f16fc29fe 100644
--- a/docs/technical_references/tfm_code_generation_with_jinja2.rst
+++ b/docs/technical_references/tfm_code_generation_with_jinja2.rst
@@ -64,7 +64,7 @@ Example
Below code snippet enumerates services in Secure Partitions:
-.. code-block::
+.. code-block:: jinja
{% for partition in partitions %}
{% if partition.manifest.services %}
@@ -74,4 +74,6 @@ Below code snippet enumerates services in Secure Partitions:
{% endif %}
{% endfor %}
+--------------
+
*Copyright (c) 2019-2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/tfm_fwu_service.rst b/docs/technical_references/tfm_fwu_service.rst
index 6d90de457..46c98f32f 100644
--- a/docs/technical_references/tfm_fwu_service.rst
+++ b/docs/technical_references/tfm_fwu_service.rst
@@ -5,7 +5,6 @@ Firmware Update Service
:Author: Sherry Zhang
:Organization: Arm Limited
:Contact: Sherry Zhang <Sherry.Zhang2@arm.com>
-:Status: Draft
.. contents:: Table of Contents
@@ -66,7 +65,7 @@ The structure of the TF-M Firmware Update service is listed below:
***********************
Service API description
***********************
-This service follows the `Firmware Update API <https://developer.arm.com/documentation/ihi0093/0000/>`_ spec of version 0.7.
+This service follows the PSA Firmware Update API spec of version 0.7 [1]_.
It implements the mandatory interface functions listed in section 5.1 and the
optional interface ``psa_fwu_accept()``. Please refer to Firmware Update spec
for the detailed description.
@@ -108,26 +107,25 @@ Parameters
fwu_bootloader_staging_area_init(function)
------------------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
+
.. code-block:: c
psa_status_t fwu_bootloader_staging_area_init(bl_image_id_t bootloader_image_id);
-Description
-^^^^^^^^^^^
+**Description**
+
Prepare the staging area of the image with the given ID for image download.
For example, initialize the staging area, open the flash area, and so on.
The image will be written into the staging area later.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
- ``bootloader_image_id``: The identifier of the target image in bootloader.
fwu_bootloader_load_image(function)
-----------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
.. code-block:: c
@@ -136,12 +134,12 @@ Prototype
const void *block,
size_t block_size);
-Description
-^^^^^^^^^^^
+**Description**
+
Load the image to its staging area.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
- ``bootloader_image_id``: The identifier of the target image in bootloader.
- ``image_offset``: The offset of the image being passed into block, in bytes.
- ``block``: A buffer containing a block of image data. This might be a complete image or a subset.
@@ -149,78 +147,78 @@ Parameters
fwu_bootloader_install_image(function)
---------------------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
+
.. code-block:: c
psa_status_t fwu_bootloader_install_image(bl_image_id_t bootloader_image_id,
bl_image_id_t *dependency,
psa_image_version_t *dependency_version);
-Description
-^^^^^^^^^^^
+**Description**
+
Check the authenticity and integrity of the image. If a reboot is required to
complete the check, then mark this image as a candidate so that the next time
bootloader runs it will take this image as a candidate one to bootup. Return
the error code PSA_SUCCESS_REBOOT.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
- ``bootloader_image_id``: The identifier of the target image in bootloader.
- ``dependency``: Bootloader image ID of dependency if needed.
- ``dependency_version``: Bootloader image version of dependency if needed.
fwu_bootloader_mark_image_accepted(function)
--------------------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
+
.. code-block:: c
- psa_status_t fwu_bootloader_mark_image_accepted(void);
+ psa_status_t fwu_bootloader_mark_image_accepted(bl_image_id_t bootloader_image_id);
+
+**Description**
-Description
-^^^^^^^^^^^
Call this API to mark the running images as permanent/accepted to avoid
revert when next time bootup. Usually, this API is called after the running
images have been verified as valid.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
N/A
fwu_bootloader_abort(function)
------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
+
.. code-block:: c
psa_status_t fwu_bootloader_abort(void);
-Description
-^^^^^^^^^^^
+**Description**
+
Abort the current image download process.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
N/A
fwu_bootloader_get_image_info(function)
---------------------------------------
-Prototype
-^^^^^^^^^
+**Prototype**
+
.. code-block:: c
psa_status_t fwu_bootloader_get_image_info(bl_image_id_t bootloader_image_id,
bool staging_area,
tfm_image_info_t *info);
-Description
-^^^^^^^^^^^
+**Description**
+
Get the image information of the given bootloader_image_id in the staging area
or the running area.
-Parameters
-^^^^^^^^^^
+**Parameters**
+
- ``bootloader_image_id``: The identifier of the target image in bootloader.
- ``active_image``: Indicates image location.
@@ -253,10 +251,6 @@ Three image types are defined in this partition.
- FWU_IMAGE_TYPE_SECURE: the secure image
- FWU_IMAGE_TYPE_FULL: the secure + non_secure image
-.. Note::
-
- Currently, images update with dependency is not supported by FWU in multiple image boot.
-
Macros **FWU_CALCULATE_IMAGE_ID**, **FWU_IMAGE_ID_GET_TYPE** and
**FWU_IMAGE_ID_GET_SLOT** are dedicated to converting the image id, type, and
slot. The service users can call these macros to get the image ID.
@@ -271,9 +265,9 @@ Benefits Analysis on this Partition
Implement the FWU functionality in the non-secure side
======================================================
-The Firmware Update APIs listed in `User interfaces`_ can also be implemented
-in the non-secure side. The library model implementation can be referred to for
-the non-secure side implementation.
+The APIs listed in PSA Firmware Update API spec [1]_ can also be implemented in
+the non-secure side. The library model implementation can be referred to for the
+non-secure side implementation.
Pros and Cons for Implementing FWU APIs in Secure Side
======================================================
@@ -310,4 +304,12 @@ Users can decide whether to call the FWU service in TF-M directly or implement
the Firmware Update APIs in the non-secure side based on the pros and cons
analysis above.
+*********
+Reference
+*********
+
+.. [1] `PSA Firwmare Update API <https://developer.arm.com/documentation/ihi0093/0000/>`_
+
+--------------
+
*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/tfm_its_512_flash.rst b/docs/technical_references/tfm_its_512_flash.rst
index aa58c2b03..00f60f8ac 100644
--- a/docs/technical_references/tfm_its_512_flash.rst
+++ b/docs/technical_references/tfm_its_512_flash.rst
@@ -72,7 +72,7 @@ Functional flow diagram
The logic of the proposal is described in the following diagram
-.. code-block::
+.. code-block:: rst
|----------------------|
| data write() |
diff --git a/docs/technical_references/tfm_non_secure_client_management.rst b/docs/technical_references/tfm_non_secure_client_management.rst
index 970550aa4..133ae92e4 100644
--- a/docs/technical_references/tfm_non_secure_client_management.rst
+++ b/docs/technical_references/tfm_non_secure_client_management.rst
@@ -83,15 +83,13 @@ TZ_MemoryId_t data type
TZ Memory ID identifies an allocated memory slot.
-TF-M usage
-""""""""""
+**TF-M usage**
``TZ_MemoryId_t`` is used for an index into an array containing active NS client
IDs. The memory ID is required by CMSIS to be a positive integer, so it is
mapped to the array index by being decremented by 1.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -102,20 +100,17 @@ Context management initialization: TZ_InitContextSystem_S
Initialize secure context memory system.
-Return value
-""""""""""""
+**Return value**
This function returns execution status: 1 for success, 0 for error.
-TF-M usage
-""""""""""
+**TF-M usage**
This function call is used to identify a non-secure RTOS that has TZ context
management capabilities, as this function is expected to be called before any
other TZ API function is used.
-Signature
-""""""""""
+**Signature**
.. code-block:: c
@@ -126,27 +121,23 @@ Context allocation: TZ_AllocModuleContext_S
Allocate context memory for calling secure software modules in TrustZone.
-Parameters
-""""""""""
+**Parameters**
``module`` [input]: identifies software modules called from non-secure mode
-Return value
-""""""""""""
+**Return value**
``value != 0`` TrustZone memory slot identifier
``value == 0`` no memory available or internal error
-TF-M usage
-""""""""""
+**TF-M usage**
This function is used to identify a new non-secure thread that may be identified
as a client in the non-secure domain. The ``module`` parameter is unused. The
returned ``TZ_MemoryId_t`` value is the index in the ``NsClientIdList`` array
where the client ID for the newly allocated context is stored.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -157,26 +148,22 @@ Context freeing: TZ_FreeModuleContext_S
Free context memory that was previously allocated with TZ_AllocModuleContext_S
-Parameters
-""""""""""
+**Parameters**
``id`` [input]: TrustZone memory slot identifier
-Return value
-""""""""""""
+**Return value**
Execution status (1: success, 0: error)
-TF-M usage
-""""""""""
+**TF-M usage**
This function indicates that a non-secure client is inactive, meaning that any
subsequent references to the client ID are considered erroneous. In effect, the
client ID indexed by ``(id – 1)`` is cleared and the memory slot flagged as
free.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -187,25 +174,21 @@ Context activation: TZ_LoadContext_S
Load secure context (called on RTOS thread context switch)
-Parameters
-""""""""""
+**Parameters**
``id`` [input]: TrustZone memory slot identifier
-Return value
-""""""""""""
+**Return value**
Execution status (1: success, 0: error)
-TF-M usage
-""""""""""
+**TF-M usage**
The client ID indexed by ``(id – 1)`` becomes the active NS client. Any
subsequent secure service requests coming from non-secure domain will be
associated with this client ID.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -216,25 +199,21 @@ Context deactivation: TZ_StoreContext_S
Store secure context (called on RTOS thread context switch)
-Parameters
-""""""""""
+**Parameters**
``id`` [input]: TrustZone memory slot identifier
-Return value
-""""""""""""
+**Return value**
Execution status (1: success, 0: error)
-TF-M usage
-""""""""""
+**TF-M usage**
The client ID indexed by ``(id – 1)`` becomes inactive. Any subsequent secure
service requests coming from non-secure domain will be invalid until a new NS
context is loaded.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -302,19 +281,16 @@ Secure and non-secure client IDs are allocated from different ranges (negative
IDs for non-secure clients, positive for secure clients). The function call is
rejected if called with a secure ID.
-Parameters
-""""""""""
+**Parameters**
``ns_client_id`` [input]: The client ID to be assigned to the current context
-Return value
-""""""""""""
+**Return value**
``TFM_SUCCESS`` (0) if the client ID assigned successfully, a non-zero error
code in case of error.
-Signature
-"""""""""
+**Signature**
.. code-block:: c
@@ -385,4 +361,6 @@ References
Description of the TZ API:
https://www.keil.com/pack/doc/CMSIS/Core/html/group__context__trustzone__functions.html
-*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* \ No newline at end of file
+--------------
+
+*Copyright (c) 2019-2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/tfm_partition_and_service_design_document.rst b/docs/technical_references/tfm_partition_and_service_design_document.rst
index 500e7a11d..223e212cf 100644
--- a/docs/technical_references/tfm_partition_and_service_design_document.rst
+++ b/docs/technical_references/tfm_partition_and_service_design_document.rst
@@ -113,7 +113,7 @@ defined structure for service information:
.. code-block:: c
struct tfm_spm_service_t {
- const struct tfm_spm_service_db_t *service_db;
+ const struct tfm_spm_service_db_t *p_ldinf;
struct spm_partition_desc_t *partition;
struct bi_list_node_t handle_list;
struct tfm_msg_queue_t msg_queue;
diff --git a/docs/technical_references/tfm_physical_attack_mitigation.rst b/docs/technical_references/tfm_physical_attack_mitigation.rst
index a167d1253..ee0734eb8 100644
--- a/docs/technical_references/tfm_physical_attack_mitigation.rst
+++ b/docs/technical_references/tfm_physical_attack_mitigation.rst
@@ -5,7 +5,6 @@ Physical attack mitigation in Trusted Firmware-M
:Authors: Tamas Ban; David Hu
:Organization: Arm Limited
:Contact: tamas.ban@arm.com; david.hu@arm.com
-:Status: Draft
************
Requirements
@@ -395,7 +394,7 @@ harden it against physical attacks.
enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void);
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data);
enum tfm_hal_status_t tfm_hal_mpu_update_partition_boundary(uintptr_t start,
uintptr_t end);
@@ -624,3 +623,7 @@ Reference
.. [2] `MCUboot project <https://github.com/mcu-tools/mcuboot/blob/master/boot/bootutil/include/bootutil/fault_injection_hardening.h>`_
.. [3] `MCUboot fault injection mitigation <https://www.trustedfirmware.org/docs/TF-M_fault_injection_mitigation.pdf>`_
+
+--------------------------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/tfm_secure_boot.rst b/docs/technical_references/tfm_secure_boot.rst
index 528e7b768..61bdcb55f 100644
--- a/docs/technical_references/tfm_secure_boot.rst
+++ b/docs/technical_references/tfm_secure_boot.rst
@@ -309,7 +309,7 @@ compile time switches:
Example of how to provide the secure image minimum version::
- cmake -DTFM_PLATFORM=musca_b1/sse_200 -DMCUBOOT_S_IMAGE_MIN_VER=1.2.3+4 ..
+ cmake -DTFM_PLATFORM=arm/musca_b1/sse_200 -DMCUBOOT_S_IMAGE_MIN_VER=1.2.3+4 ..
********************
Signature algorithms
@@ -427,7 +427,7 @@ images.
The version number of the image (single image boot) can manually be passed in
through the command line in the cmake configuration step::
- cmake -DTFM_PLATFORM=musca_b1/sse_200 -DIMAGE_VERSION_S=1.2.3+4 ..
+ cmake -DTFM_PLATFORM=arm/musca_b1/sse_200 -DIMAGE_VERSION_S=1.2.3+4 ..
Alternatively, the version number can be less specific (e.g 1, 1.2, or 1.2.3),
where the missing numbers are automatically set to zero. The image version
@@ -461,7 +461,7 @@ and its value should always be increased if a security flaw was fixed in the
current image version. The value of the security counter (single image boot) can
be specified at build time in the cmake configuration step::
- cmake -DTFM_PLATFORM=musca_b1/sse_200 -DSECURITY_COUNTER_S=42 ../
+ cmake -DTFM_PLATFORM=arm/musca_b1/sse_200 -DSECURITY_COUNTER_S=42 ../
The security counter can be independent from the image version, but not
necessarily. Alternatively, if it is not specified at build time with the
@@ -797,8 +797,9 @@ Integration with Firmware Update service
The shim layer of the Firmware Update partition calls the APIs in
bootutil_misc.c to control the image status.
-- Call ``boot_write_magic()`` to make the image as a candidate image for booting.
-- Call ``boot_set_confirmed()`` to make the image as a permanent image.
+- Call ``boot_set_pending_multi()`` to make the image as a candidate image for
+ booting.
+- Call ``boot_set_confirmed_multi()`` to make the image as a permanent image.
.. Note::
Currently, in direct-xip mode and ram-load mode, TF-M cannot get the
diff --git a/docs/technical_references/tfm_secure_irq_handling.rst b/docs/technical_references/tfm_secure_irq_handling.rst
index 8cd664e26..253ef355b 100644
--- a/docs/technical_references/tfm_secure_irq_handling.rst
+++ b/docs/technical_references/tfm_secure_irq_handling.rst
@@ -80,7 +80,7 @@ An IRQ handler is defined by the following nodes:
``signal`` and ``source`` are mandatory.
``tfm_irq_priority`` is optional. If ``tfm_irq_priority`` is not set for an
- IRQ, the default is value is ``TFM_DEFAULT_SECURE_IRQ_PRIOTITY``.
+ IRQ, the default is value is ``TFM_DEFAULT_SECURE_IRQ_PRIORITY``.
If an IRQ handler is registered, TF-M will:
@@ -153,7 +153,7 @@ lowest interrupt of 'A' is triggered. This can go until the highest priority
interrupt of 'A' is triggered, and then this last handler is interrupted. At
this point the context stack looks like this:
-.. code-block::
+.. code-block:: rst
+------------+
| [intr_ctx] |
@@ -172,11 +172,10 @@ this point the context stack looks like this:
So the max stack size can be calculated as a function of the IRQ count of 'A':
-.. code-block::
-
+.. code-block:: c
max_stack_size = intr_ctx_size + (IRQ_CNT * (intr_ctx_size + hndl_ctx_size))
--------------
-*Copyright (c) 2018-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2018-2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst b/docs/technical_references/tfm_secure_partition_interrupt_handling.rst
index 6d9a5e1d0..79dea0c01 100644
--- a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst
+++ b/docs/technical_references/tfm_secure_partition_interrupt_handling.rst
@@ -124,15 +124,13 @@ control is taken back to client.
The only signals implemented in the current TF-M implementation are
interrupt signals.
-Signature
----------
+**Signature**
.. code-block:: c
psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout);
-Parameters
-----------
+**Parameters**
``psa_signal_t signal_mask`` defines the set of interrupt signals that can
resume execution of the secure service.
@@ -140,8 +138,7 @@ resume execution of the secure service.
``uint32_t timeout`` defines timeout for the function, as defined in PSA
Firmware Framework 1.0-beta-0 (Chapter 4.3.3).
-Return
-------
+**Return**
The return value indicates the signal(s) that triggered the resumption of the
service; i.e. If multiple interrupt events have been handled, it will be
@@ -152,20 +149,17 @@ tfm_enable_irq()
A call to ``tfm_enable_irq()`` from a secure service enables an irq.
-Signature
----------
+**Signature**
.. code-block:: c
void tfm_enable_irq(psa_signal_t irq_signal);
-Parameters
-----------
+**Parameters**
``psa_signal_t irq_signal`` defines the interrupt signal to be enabled.
-Return
-------
+**Return**
``void`` Success.
@@ -179,19 +173,17 @@ tfm_disable_irq()
A call to ``tfm_disable_irq()`` from a secure service disables an irq.
-Signature
----------
+**Signature**
.. code-block:: c
void tfm_disable_irq(psa_signal_t irq_signal);
-Parameters
-----------
+**Parameters**
+
``psa_signal_t irq_signal`` defines the interrupt signal to be disabled.
-Return
-------
+**Return**
``void``: Success.
@@ -207,21 +199,18 @@ A call ``to psa_eoi()`` from a secure service function or a Partition ISR
informs SPM that an interrupt has been processed. This clears the IRQ signal in
the asserted signal mask associated with the partition.
-Signature
----------
+**Signature**
.. code-block:: c
void psa_eoi(psa_signal_t irq_signal);
-Parameters
-----------
+**Parameters**
``psa_signal_t irq_signal`` defines the interrupt signal that has been
processed.
-Return
-------
+**Return**
``void``: Success.
@@ -231,4 +220,6 @@ Does not return: The call is invalid, one or more of the following are true:
- ``irq_signal`` indicates more than one signal.
- ``irq_signal`` is not currently asserted.
+--------------
+
*Copyright (c) 2019-2021, Arm Limited. All rights reserved.*
diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h
index d92de026f..7aee1e5e6 100644
--- a/interface/include/psa/client.h
+++ b/interface/include/psa/client.h
@@ -130,6 +130,14 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t version);
/**
* \brief Call an RoT Service on an established connection.
*
+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ * support at most 4 parameters. TF-M chooses to encode 'in_len',
+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ * Compared with struct-based encoding, this method saves extra memory
+ * check and memory copy operation. The disadvantage is that the 'type'
+ * range has to be reduced into a 16-bit integer. So with this encoding,
+ * the valid range for 'type' is 0-32767.
+ *
* \param[in] handle A handle to an established connection.
* \param[in] type The request type.
* Must be zero( \ref PSA_IPC_CALL) or positive.
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index e9d3c66d4..0099baab7 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -78,10 +78,14 @@ extern "C" {
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
*/
psa_status_t psa_crypto_init(void);
@@ -228,6 +232,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
* - An algorithm value permits this particular algorithm.
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
* signature scheme with any hash algorithm.
+ * - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
+ * any MAC algorithm from the same base class (e.g. CMAC) which
+ * generates/verifies a MAC length greater than or equal to the length
+ * encoded in the wildcard algorithm.
+ * - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
+ * allows any AEAD algorithm from the same base class (e.g. CCM) which
+ * generates/verifies a tag length greater than or equal to the length
+ * encoded in the wildcard algorithm.
*
* This function overwrites any algorithm policy
* previously set in \p attributes.
@@ -336,6 +348,8 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -469,6 +483,8 @@ psa_status_t psa_purge_key(psa_key_id_t key);
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
@@ -508,6 +524,10 @@ psa_status_t psa_copy_key(psa_key_id_t source_key,
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* There was an failure in communication with the cryptoprocessor.
* The key material may still be present in the cryptoprocessor.
+ * \retval #PSA_ERROR_DATA_INVALID
+ * This error is typically a result of either storage corruption on a
+ * cleartext storage backend, or an attempt to read data that was
+ * written by an incompatible version of the library.
* \retval #PSA_ERROR_STORAGE_FAILURE
* The storage is corrupted. Implementations shall make a best effort
* to erase key material even in this stage, however applications
@@ -593,6 +613,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key);
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -681,7 +703,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
- * #PSA_KEY_EXPORT_MAX_SIZE(\c type, \c bits)
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -751,7 +773,7 @@ psa_status_t psa_export_key(psa_key_id_t key,
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
- * #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -790,7 +812,7 @@ psa_status_t psa_export_public_key(psa_key_id_t key,
* \param hash_size Size of the \p hash buffer in bytes.
* \param[out] hash_length On success, the number of bytes
* that make up the hash value. This is always
- * #PSA_HASH_SIZE(\p alg).
+ * #PSA_HASH_LENGTH(\p alg).
*
* \retval #PSA_SUCCESS
* Success.
@@ -1000,7 +1022,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
* \param hash_size Size of the \p hash buffer in bytes.
* \param[out] hash_length On success, the number of bytes
* that make up the hash value. This is always
- * #PSA_HASH_SIZE(\c alg) where \c alg is the
+ * #PSA_HASH_LENGTH(\c alg) where \c alg is the
* hash algorithm that is calculated.
*
* \retval #PSA_SUCCESS
@@ -1009,7 +1031,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
* The operation state is not valid (it must be active).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p hash buffer is too small. You can determine a
- * sufficient buffer size by calling #PSA_HASH_SIZE(\c alg)
+ * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
* where \c alg is the hash algorithm that is calculated.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -1447,7 +1469,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
* \param mac_size Size of the \p mac buffer in bytes.
* \param[out] mac_length On success, the number of bytes
* that make up the MAC value. This is always
- * #PSA_MAC_FINAL_SIZE(\c key_type, \c key_bits, \c alg)
+ * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
* where \c key_type and \c key_bits are the type and
* bit-size respectively of the key and \c alg is the
* MAC algorithm that is calculated.
@@ -1459,7 +1481,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
* operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
- * sufficient buffer size by calling PSA_MAC_FINAL_SIZE().
+ * sufficient buffer size by calling PSA_MAC_LENGTH().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
@@ -3524,6 +3546,8 @@ psa_status_t psa_key_derivation_output_bytes(
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
@@ -3689,6 +3713,8 @@ psa_status_t psa_generate_random(uint8_t *output,
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
diff --git a/interface/include/psa/crypto_compat.h b/interface/include/psa/crypto_compat.h
index 8ca1f6a68..17dcee2d9 100644
--- a/interface/include/psa/crypto_compat.h
+++ b/interface/include/psa/crypto_compat.h
@@ -98,7 +98,18 @@ typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
-
+#define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
+#define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
+#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
+#define PSA_HASH_SIZE( alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
+#define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
+#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
/*
* Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3)
*/
@@ -232,6 +243,15 @@ MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
#define PSA_ALG_CHACHA20 \
MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
+/*
+ * Renamed AEAD tag length macros (PSA Crypto API <= 1.0 beta3)
+ */
+#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
+#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
+
+
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/** Open a handle to an existing persistent key.
@@ -287,6 +307,8 @@ MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 4d13e412a..0608d71d1 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -47,11 +47,9 @@
*
* \return The hash size for the specified hash algorithm.
* If the hash algorithm is not recognized, return 0.
- * An implementation may return either 0 or the correct size
- * for a hash algorithm that it recognizes, but does not support.
*/
-#define PSA_HASH_SIZE(alg) \
- ( \
+#define PSA_HASH_LENGTH(alg) \
+ ( \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
@@ -73,9 +71,8 @@
*
* Maximum size of a hash.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a hash supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a hash in bytes.
*/
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
@@ -87,9 +84,8 @@
*
* Maximum size of a MAC.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a MAC supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a MAC in bytes.
*/
/* All non-HMAC MACs have a maximum size that's smaller than the
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
@@ -109,15 +105,18 @@
* tag that can be distinguished from the rest of
* the ciphertext, return 0.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_TAG_LENGTH(alg) \
(PSA_ALG_IS_AEAD(alg) ? \
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
0)
+/** The maximum tag size for all supported AEAD algorithms, in bytes.
+ *
+ * See also #PSA_AEAD_TAG_LENGTH(\p alg).
+ */
+#define PSA_AEAD_TAG_MAX_SIZE 16
+
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
*
@@ -136,10 +135,11 @@
/* The maximum size of an ECC key on this implementation, in bits */
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
-/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
+/** This macro returns the maximum supported length of the PSK for the
+ * TLS-1.2 PSK-to-MS key derivation
+ * (#PSA_ALG_TLS12_PSK_TO_MS(\p hash_alg)).
*
- * This macro returns the maximum length of the PSK supported
- * by the TLS-1.2 PSK-to-MS key derivation.
+ * The maximum supported length does not depend on the chosen hash algorithm.
*
* Quoting RFC 4279, Sect 5.3:
* TLS implementations supporting these ciphersuites MUST support
@@ -148,17 +148,22 @@
* keys is RECOMMENDED.
*
* Therefore, no implementation should define a value smaller than 64
- * for #PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN.
+ * for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
*/
-#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
+#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+
+/** The maximum size of a block cipher. */
+#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
-/** The maximum size of a block cipher supported by the implementation. */
-#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
* This is also the MAC size that psa_mac_verify_finish() expects.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param key_type The type of the MAC key.
* \param key_bits The size of the MAC key in bits.
* \param alg A MAC algorithm (\c PSA_ALG_XXX value such that
@@ -172,10 +177,10 @@
* \return Unspecified if the key parameters are not consistent
* with the algorithm.
*/
-#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
- ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
- PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
- PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
+#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
+ ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
+ PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
+ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
((void)(key_type), (void)(key_bits), 0))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
@@ -185,6 +190,10 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the ciphertext may be smaller.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -193,15 +202,33 @@
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
0)
+/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the ciphertext buffer is at least this large, it is guaranteed
+ * that psa_aead_encrypt() will not fail due to an insufficient buffer size.
+ *
+ * \note This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
+ *
+ * \param plaintext_length Size of the plaintext in bytes.
+ *
+ * \return A sufficient output buffer size for any of the
+ * supported key types and AEAD algorithms.
+ *
+ */
+#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
+ ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
+
+
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
*
* If the size of the plaintext buffer is at least this large, it is
@@ -209,6 +236,10 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the plaintext may be smaller.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -217,15 +248,78 @@
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
0)
+/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the plaintext buffer is at least this large, it is guaranteed
+ * that psa_aead_decrypt() will not fail due to an insufficient buffer size.
+ *
+ * \note This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
+ *
+ * \param ciphertext_length Size of the ciphertext in bytes.
+ *
+ * \return A sufficient output buffer size for any of the
+ * supported key types and AEAD algorithms.
+ *
+ */
+#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
+ (ciphertext_length)
+
+/** The default nonce size for an AEAD algorithm, in bytes.
+ *
+ * This macro can be used to allocate a buffer of sufficient size to
+ * store the nonce output from #psa_aead_generate_nonce().
+ *
+ * See also #PSA_AEAD_NONCE_MAX_SIZE.
+ *
+ * \note This is not the maximum size of nonce supported as input to
+ * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
+ * just the default size that is generated by #psa_aead_generate_nonce().
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type A symmetric key type that is compatible with
+ * algorithm \p alg.
+ *
+ * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return The default nonce size for the specified key type and algorithm.
+ * If the key type or AEAD algorithm is not recognized,
+ * or the parameters are incompatible, return 0.
+ */
+#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
+ (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
+ (key_type) == PSA_KEY_TYPE_CHACHA20 && \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+ 0)
+
+/** The maximum default nonce size among all supported pairs of key types and
+ * AEAD algorithms, in bytes.
+ *
+ * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH()
+ * may return.
+ *
+ * \note This is not the maximum size of nonce supported as input to
+ * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
+ * just the largest size that may be generated by
+ * #psa_aead_generate_nonce().
+ */
+#define PSA_AEAD_NONCE_MAX_SIZE 12
+
/** A sufficient output buffer size for psa_aead_update().
*
* If the size of the output buffer is at least this large, it is
@@ -233,6 +327,10 @@
* insufficient buffer size. The actual size of the output may be smaller
* in any given call.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -241,19 +339,29 @@
* \return A sufficient output buffer size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
/* For all the AEAD modes defined in this specification, it is possible
* to emit output without delay. However, hardware may not always be
* capable of this. So for modes based on a block cipher, allow the
* implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
+ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
(input_length))
+/** A sufficient output buffer size for psa_aead_update(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_aead_update() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
+
/** A sufficient ciphertext buffer size for psa_aead_finish().
*
* If the size of the ciphertext buffer is at least this large, it is
@@ -268,15 +376,19 @@
* \return A sufficient ciphertext buffer size for the
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
0)
+/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
+ */
+#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
/** A sufficient plaintext buffer size for psa_aead_verify().
*
* If the size of the plaintext buffer is at least this large, it is
@@ -291,18 +403,22 @@
* \return A sufficient plaintext buffer size for the
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
0)
+/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
+ */
+#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
- 2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
+ 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
11 /*PKCS#1v1.5*/)
/**
@@ -336,9 +452,8 @@
* a buffer size in bytes that guarantees that
* psa_sign_hash() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -354,9 +469,8 @@
*
* Maximum size of an asymmetric signature.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a signature supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a signature in bytes.
*/
#define PSA_SIGNATURE_MAX_SIZE \
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
@@ -383,9 +497,8 @@
* a buffer size in bytes that guarantees that
* psa_asymmetric_encrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -394,6 +507,15 @@
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0)
+/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
+ * supported asymmetric encryption.
+ *
+ * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
+ */
+/* This macro assumes that RSA is the only supported asymmetric encryption. */
+#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
+
/** Sufficient output buffer size for psa_asymmetric_decrypt().
*
* This macro returns a sufficient buffer size for a plaintext produced using
@@ -414,9 +536,8 @@
* a buffer size in bytes that guarantees that
* psa_asymmetric_decrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -425,6 +546,16 @@
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
0)
+/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
+ * supported asymmetric decryption.
+ *
+ * This macro assumes that RSA is the only supported asymmetric encryption.
+ *
+ * See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
+ */
+#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
+
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
* number of bits.
*
@@ -535,12 +666,13 @@
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits))
-/** Sufficient output buffer size for psa_export_key() or psa_export_public_key().
+/** Sufficient output buffer size for psa_export_key() or
+ * psa_export_public_key().
*
* This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
- * \warning This function may call its arguments multiple times or
+ * \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
@@ -553,7 +685,7 @@
* if (status != PSA_SUCCESS) handle_error(...);
* psa_key_type_t key_type = psa_get_key_type(&attributes);
* size_t key_bits = psa_get_key_bits(&attributes);
- * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
+ * size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
* psa_reset_key_attributes(&attributes);
* uint8_t *buffer = malloc(buffer_size);
* if (buffer == NULL) handle_error(...);
@@ -562,18 +694,46 @@
* if (status != PSA_SUCCESS) handle_error(...);
* \endcode
*
- * For psa_export_public_key(), calculate the buffer size from the
- * public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
- * to convert a key pair type to the corresponding public key type.
+ * \param key_type A supported key type.
+ * \param key_bits The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_export_key() or psa_export_public_key() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
+ * If the parameters are not valid, the return value is unspecified.
+ */
+#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
+ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ 0)
+
+/** Sufficient output buffer size for psa_export_public_key().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * The following code illustrates how to allocate enough memory to export
+ * a public key by querying the key type and size at runtime.
* \code{c}
* psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
* psa_status_t status;
* status = psa_get_key_attributes(key, &attributes);
* if (status != PSA_SUCCESS) handle_error(...);
* psa_key_type_t key_type = psa_get_key_type(&attributes);
- * psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
* size_t key_bits = psa_get_key_bits(&attributes);
- * size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
+ * size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
* psa_reset_key_attributes(&attributes);
* uint8_t *buffer = malloc(buffer_size);
* if (buffer == NULL) handle_error(...);
@@ -582,73 +742,96 @@
* if (status != PSA_SUCCESS) handle_error(...);
* \endcode
*
- * \param key_type A supported key type.
- * \param key_bits The size of the key in bits.
- *
- * \return If the parameters are valid and supported, return
- * a buffer size in bytes that guarantees that
- * psa_sign_hash() will not fail with
- * #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
- * If the parameters are not valid, the
- * return value is unspecified.
+ * \param key_type A public key or key pair key type.
+ * \param key_bits The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_export_public_key() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not
+ * supported, return either a sensible size or 0.
+ * If the parameters are not valid,
+ * the return value is unspecified.
+ *
+ * If the parameters are valid and supported,
+ * return the same result as
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(
+ * \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type),
+ * \p key_bits).
*/
-#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
- (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
- (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
- (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
- (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
- PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0)
-/** The default nonce size for an AEAD algorithm, in bytes.
+/** Sufficient buffer size for exporting any asymmetric key pair.
*
- * This macro can be used to allocate a buffer of sufficient size to
- * store the nonce output from #psa_aead_generate_nonce().
+ * This macro expands to a compile-time constant integer. This value is
+ * a sufficient buffer size when calling psa_export_key() to export any
+ * asymmetric key pair, regardless of the exact key type and key size.
*
- * See also #PSA_AEAD_NONCE_MAX_SIZE.
+ * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
+ */
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
+ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+
+/** Sufficient buffer size for exporting any asymmetric public key.
*
- * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
- * #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by
- * #psa_aead_generate_nonce().
+ * This macro expands to a compile-time constant integer. This value is
+ * a sufficient buffer size when calling psa_export_key() or
+ * psa_export_public_key() to export any asymmetric public key,
+ * regardless of the exact key type and key size.
+ *
+ * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
+ */
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
+ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+
+/** Sufficient output buffer size for psa_raw_key_agreement().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
*
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
- * \param key_type A symmetric key type that is compatible with algorithm \p alg.
+ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
*
- * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param key_type A supported key type.
+ * \param key_bits The size of the key in bits.
*
- * \return The default nonce size for the specified key type and algorithm.
- * If the key type or AEAD algorithm is not recognized,
- * or the parameters are incompatible, return 0.
- * An implementation can return either 0 or a correct size for a key type
- * and AEAD algorithm that it recognizes, but does not support.
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_raw_key_agreement() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that
+ * is not supported, return either a sensible size or 0.
+ * If the parameters are not valid,
+ * the return value is unspecified.
*/
-#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
- (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \
- (PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \
- PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \
- (key_type) == PSA_KEY_TYPE_CHACHA20 && \
- PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+/* FFDH is not yet supported in PSA. */
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
+ PSA_BITS_TO_BYTES(key_bits) : \
0)
-/** The maximum default nonce size among all supported pairs of key types and
- * AEAD algorithms, in bytes.
+/** Maximum size of the output from psa_raw_key_agreement().
*
- * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.
+ * This macro expands to a compile-time constant integer. This value is the
+ * maximum size of the output any raw key agreement algorithm, in bytes.
*
- * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
- * #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by
- * #psa_aead_generate_nonce().
+ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
/** The default IV size for a cipher algorithm, in bytes.
*
@@ -674,17 +857,15 @@
* If the algorithm does not use an IV, return 0.
* If the key type or cipher algorithm is not recognized,
* or the parameters are incompatible, return 0.
- * An implementation can return either 0 or a correct size for a key type
- * and cipher algorithm that it recognizes, but does not support.
*/
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
- (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
((alg) == PSA_ALG_CTR || \
(alg) == PSA_ALG_CFB || \
(alg) == PSA_ALG_OFB || \
(alg) == PSA_ALG_XTS || \
(alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
+ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
0)
@@ -695,4 +876,163 @@
*/
#define PSA_CIPHER_IV_MAX_SIZE 16
+/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
+ * Depending on the algorithm, the actual size of the output might be smaller.
+ *
+ * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
+ */
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0))
+
+/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ *
+ */
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1) + \
+ PSA_CIPHER_IV_MAX_SIZE)
+
+/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
+ * Depending on the algorithm, the actual size of the output might be smaller.
+ *
+ * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
+ */
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
+ ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
+ (input_length) : \
+ 0)
+
+/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (input_length)
+
+/** A sufficient output buffer size for psa_cipher_update().
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_update() will not fail due to an insufficient buffer size.
+ * The actual size of the output might be smaller in any given call.
+ *
+ * See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible, return 0.
+ */
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : \
+ 0)
+
+/** A sufficient output buffer size for psa_cipher_update(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_update() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
+
+/** A sufficient ciphertext buffer size for psa_cipher_finish().
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_cipher_finish() will not fail due to an insufficient
+ * ciphertext buffer size. The actual size of the output might be smaller in
+ * any given call.
+ *
+ * See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE().
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible, return 0.
+ */
+#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ 0) : \
+ 0)
+
+/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
+ */
+#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
+ (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
#endif /* PSA_CRYPTO_SIZES_H */
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index bf51a2fa4..0588d51d8 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -103,14 +103,14 @@ typedef uint32_t psa_algorithm_t;
* whether the key is _volatile_ or _persistent_.
* See ::psa_key_persistence_t for more information.
* - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
- * location indicator. This value indicates where the key is stored
- * and where operations on the key are performed.
+ * location indicator. This value indicates which part of the system
+ * has access to the key material and can perform operations using the key.
* See ::psa_key_location_t for more information.
*
* Volatile keys are automatically destroyed when the application instance
* terminates or on a power reset of the device. Persistent keys are
* preserved until the application explicitly destroys them or until an
- * implementation-specific device management event occurs (for example,
+ * integration-specific device management event occurs (for example,
* a factory reset).
*
* Persistent keys have a key identifier of type #psa_key_id_t.
@@ -119,12 +119,10 @@ typedef uint32_t psa_algorithm_t;
* The application can call psa_open_key() to open a persistent key that
* it created previously.
*
- * This specification defines two basic lifetime values:
- * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
- * All implementations should support this lifetime.
- * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
- * All implementations that have access to persistent storage with
- * appropriate security guarantees should support this lifetime.
+ * The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
+ * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
+ * available. Other lifetime values may be supported depending on the
+ * library configuration.
*/
typedef uint32_t psa_key_lifetime_t;
@@ -137,35 +135,21 @@ typedef uint32_t psa_key_lifetime_t;
* actually affect persistent keys at different levels is outside the
* scope of the PSA Cryptography specification.
*
- * This specification defines the following values of persistence levels:
+ * The PSA Cryptography specification defines the following values of
+ * persistence levels:
* - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
* A volatile key is automatically destroyed by the implementation when
* the application instance terminates. In particular, a volatile key
* is automatically destroyed on a power reset of the device.
* - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
* persistent key with a default lifetime.
- * Implementations should support this value if they support persistent
- * keys at all.
- * Applications should use this value if they have no specific needs that
- * are only met by implementation-specific features.
- * - \c 2-127: persistent key with a PSA-specified lifetime.
- * The PSA Cryptography specification does not define the meaning of these
- * values, but other PSA specifications may do so.
- * - \c 128-254: persistent key with a vendor-specified lifetime.
- * No PSA specification will define the meaning of these values, so
- * implementations may choose the meaning freely.
- * As a guideline, higher persistence levels should cause a key to survive
- * more management events than lower levels.
+ * - \c 2-254: currently not supported by Mbed TLS.
* - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
* read-only or write-once key.
* A key with this persistence level cannot be destroyed.
- * Implementations that support such keys may either allow their creation
- * through the PSA Cryptography API, preferably only to applications with
- * the appropriate privilege, or only expose keys created through
- * implementation-specific means such as a factory ROM engraving process.
- * Note that keys that are read-only due to policy restrictions
- * rather than due to physical limitations should not have this
- * persistence levels.
+ * Mbed TLS does not currently offer a way to create such keys, but
+ * integrations of Mbed TLS can use it for built-in keys that the
+ * application cannot modify (for example, a hardware unique key (HUK)).
*
* \note Key persistence levels are 8-bit values. Key management
* interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
@@ -175,28 +159,30 @@ typedef uint8_t psa_key_persistence_t;
/** Encoding of key location indicators.
*
- * If an implementation of this API can make calls to external
+ * If an integration of Mbed TLS can make calls to external
* cryptoprocessors such as secure elements, the location of a key
* indicates which secure element performs the operations on the key.
- * If an implementation offers multiple physical locations for persistent
- * storage, the location indicator reflects at which physical location
- * the key is stored.
+ * Depending on the design of the secure element, the key
+ * material may be stored either in the secure element, or
+ * in wrapped (encrypted) form alongside the key metadata in the
+ * primary local storage.
*
- * This specification defines the following values of location indicators:
+ * The PSA Cryptography API specification defines the following values of
+ * location indicators:
* - \c 0: primary local storage.
- * All implementations should support this value.
+ * This location is always available.
* The primary local storage is typically the same storage area that
* contains the key metadata.
* - \c 1: primary secure element.
- * Implementations should support this value if there is a secure element
- * attached to the operating environment.
+ * Integrations of Mbed TLS should support this value if there is a secure
+ * element attached to the operating environment.
* As a guideline, secure elements may provide higher resistance against
* side channel and physical attacks than the primary local storage, but may
* have restrictions on supported key types, sizes, policies and operations
* and may have different performance characteristics.
* - \c 2-0x7fffff: other locations defined by a PSA specification.
* The PSA Cryptography API does not currently assign any meaning to these
- * locations, but future versions of this specification or other PSA
+ * locations, but future versions of that specification or other PSA
* specifications may do so.
* - \c 0x800000-0xffffff: vendor-defined locations.
* No PSA specification will assign a meaning to locations in this range.
@@ -211,7 +197,7 @@ typedef uint32_t psa_key_location_t;
*
* - Applications may freely choose key identifiers in the range
* #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
- * - Implementations may define additional key identifiers in the range
+ * - The implementation may define additional key identifiers in the range
* #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
* - 0 is reserved as an invalid key identifier.
* - Key identifiers outside these ranges are reserved for future use.
@@ -243,23 +229,18 @@ typedef uint32_t psa_key_usage_t;
* - The key's policy, comprising usage flags and a specification of
* the permitted algorithm(s).
* - Information about the key itself: the key type and its size.
- * - Implementations may define additional attributes.
+ * - Additional implementation-defined attributes.
*
* The actual key material is not considered an attribute of a key.
* Key attributes do not contain information that is generally considered
* highly confidential.
*
- * An attribute structure can be a simple data structure where each function
+ * An attribute structure works like a simple data structure where each function
* `psa_set_key_xxx` sets a field and the corresponding function
* `psa_get_key_xxx` retrieves the value of the corresponding field.
- * However, implementations may report values that are equivalent to the
- * original one, but have a different encoding. For example, an
- * implementation may use a more compact representation for types where
- * many bit-patterns are invalid or not supported, and store all values
- * that it does not support as a special marker value. In such an
- * implementation, after setting an invalid value, the corresponding
- * get function returns an invalid value which may not be the one that
- * was originally stored.
+ * However, a future version of the library may report values that are
+ * equivalent to the original one, but have a different encoding. Invalid
+ * values may be mapped to different, also invalid values.
*
* An attribute structure may contain references to auxiliary resources,
* for example pointers to allocated memory or indirect references to
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 9cca6b24c..25c6662c1 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -262,6 +262,46 @@
*/
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
+/** Stored data has been corrupted.
+ *
+ * This error indicates that some persistent storage has suffered corruption.
+ * It does not indicate the following situations, which have specific error
+ * codes:
+ *
+ * - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED.
+ * - A communication error between the cryptoprocessor and its external
+ * storage - use #PSA_ERROR_COMMUNICATION_FAILURE.
+ * - When the storage is in a valid state but is full - use
+ * #PSA_ERROR_INSUFFICIENT_STORAGE.
+ * - When the storage fails for other reasons - use
+ * #PSA_ERROR_STORAGE_FAILURE.
+ * - When the stored data is not valid - use #PSA_ERROR_DATA_INVALID.
+ *
+ * \note A storage corruption does not indicate that any data that was
+ * previously read is invalid. However this previously read data might no
+ * longer be readable from storage.
+ *
+ * When a storage failure occurs, it is no longer possible to ensure the
+ * global integrity of the keystore.
+ */
+#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
+
+/** Data read from storage is not valid for the implementation.
+ *
+ * This error indicates that some data read from storage does not have a valid
+ * format. It does not indicate the following situations, which have specific
+ * error codes:
+ *
+ * - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT
+ * - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE
+ * - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT
+ *
+ * This error is typically a result of either storage corruption on a
+ * cleartext storage backend, or an attempt to read data that was
+ * written by an incompatible version of the library.
+ */
+#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
+
/**@}*/
/** \defgroup crypto_types Key and algorithm types
@@ -355,7 +395,7 @@
* used for.
*
* HMAC keys should generally have the same size as the underlying hash.
- * This size can be calculated with #PSA_HASH_SIZE(\c alg) where
+ * This size can be calculated with #PSA_HASH_LENGTH(\c alg) where
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
@@ -586,9 +626,9 @@
*
* \warning This macro may evaluate its argument multiple times.
*/
-#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
+#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
- 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
+ 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
0u)
/** Vendor-defined algorithm flag.
@@ -818,6 +858,14 @@
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
#define PSA_MAC_TRUNCATION_OFFSET 16
+/* In the encoding of a MAC algorithm, the bit corresponding to
+ * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
+ * is a wildcard algorithm. A key with such wildcard algorithm as permitted
+ * algorithm policy can be used with any algorithm corresponding to the
+ * same base class and having a (potentially truncated) MAC length greater or
+ * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
+#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+
/** Macro to build a truncated MAC algorithm.
*
* A truncated MAC algorithm is identical to the corresponding MAC
@@ -851,8 +899,9 @@
* MAC algorithm or if \p mac_length is too small or
* too large for the specified MAC algorithm.
*/
-#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
- (((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \
+#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
+ (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
+ PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
/** Macro to build the base MAC algorithm corresponding to a truncated
@@ -867,8 +916,9 @@
* \return Unspecified if \p alg is not a supported
* MAC algorithm.
*/
-#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
- ((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
+#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
+ ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
+ PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
/** Length to which a MAC algorithm is truncated.
*
@@ -884,6 +934,34 @@
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
+/** Macro to build a MAC minimum-MAC-length wildcard algorithm.
+ *
+ * A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
+ * sharing the same base algorithm, and where the (potentially truncated) MAC
+ * length of the specific algorithm is equal to or larger then the wildcard
+ * algorithm's minimum MAC length.
+ *
+ * \note When setting the minimum required MAC length to less than the
+ * smallest MAC length allowed by the base algorithm, this effectively
+ * becomes an 'any-MAC-length-allowed' policy for that base algorithm.
+ *
+ * \param mac_alg A MAC algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
+ * is true).
+ * \param min_mac_length Desired minimum length of the message authentication
+ * code in bytes. This must be at most the untruncated
+ * length of the MAC and must be at least 1.
+ *
+ * \return The corresponding MAC wildcard algorithm with the
+ * specified minimum length.
+ * \return Unspecified if \p mac_alg is not a supported MAC
+ * algorithm or if \p min_mac_length is less than 1 or
+ * too large for the specified MAC algorithm.
+ */
+#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
+ ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
+ PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
+
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
/** The CBC-MAC construction over a block cipher
*
@@ -1044,6 +1122,14 @@
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
+/* In the encoding of an AEAD algorithm, the bit corresponding to
+ * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
+ * is a wildcard algorithm. A key with such wildcard algorithm as permitted
+ * algorithm policy can be used with any algorithm corresponding to the
+ * same base class and having a tag length greater than or equal to the one
+ * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
+#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+
/** Macro to build a shortened AEAD algorithm.
*
* A shortened AEAD algorithm is similar to the corresponding AEAD
@@ -1062,11 +1148,27 @@
* AEAD algorithm or if \p tag_length is not valid
* for the specified AEAD algorithm.
*/
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \
- (((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \
+#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
+ (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
+ PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
PSA_ALG_AEAD_TAG_LENGTH_MASK))
+/** Retrieve the tag length of a specified AEAD algorithm
+ *
+ * \param aead_alg An AEAD algorithm identifier (value of type
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * is true).
+ *
+ * \return The tag length specified by the input algorithm.
+ * \return Unspecified if \p alg is not a supported
+ * AEAD algorithm or if \p tag_length is not valid
+ * for the specified AEAD algorithm.
+ */
+#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
+ (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
+ PSA_AEAD_TAG_LENGTH_OFFSET )
+
/** Calculate the corresponding AEAD algorithm with the default tag length.
*
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
@@ -1075,17 +1177,45 @@
* \return The corresponding AEAD algorithm with the default
* tag length for that algorithm.
*/
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
+#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
( \
- PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CCM) \
- PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_GCM) \
- PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
0)
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, ref) \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
+#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
ref :
+/** Macro to build an AEAD minimum-tag-length wildcard algorithm.
+ *
+ * A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
+ * sharing the same base algorithm, and where the tag length of the specific
+ * algorithm is equal to or larger then the minimum tag length specified by the
+ * wildcard algorithm.
+ *
+ * \note When setting the minimum required tag length to less than the
+ * smallest tag length allowed by the base algorithm, this effectively
+ * becomes an 'any-tag-length-allowed' policy for that base algorithm.
+ *
+ * \param aead_alg An AEAD algorithm identifier (value of type
+ * #psa_algorithm_t such that
+ * #PSA_ALG_IS_AEAD(\p aead_alg) is true).
+ * \param min_tag_length Desired minimum length of the authentication tag in
+ * bytes. This must be at least 1 and at most the largest
+ * allowed tag length of the algorithm.
+ *
+ * \return The corresponding AEAD wildcard algorithm with the
+ * specified minimum length.
+ * \return Unspecified if \p aead_alg is not a supported
+ * AEAD algorithm or if \p min_tag_length is less than 1
+ * or too large for the specified AEAD algorithm.
+ */
+#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
+ ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
+ PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
+
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
/** RSA PKCS#1 v1.5 signature with hashing.
*
@@ -1532,9 +1662,13 @@
* \return This macro may return either 0 or 1 if \c alg is not a supported
* algorithm identifier.
*/
-#define PSA_ALG_IS_WILDCARD(alg) \
- (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
- PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
+#define PSA_ALG_IS_WILDCARD(alg) \
+ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
+ PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
+ PSA_ALG_IS_MAC(alg) ? \
+ (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
+ PSA_ALG_IS_AEAD(alg) ? \
+ (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
(alg) == PSA_ALG_ANY_HASH)
/**@}*/
@@ -1560,13 +1694,12 @@
*
* A persistent key remains in storage until it is explicitly destroyed or
* until the corresponding storage area is wiped. This specification does
- * not define any mechanism to wipe a storage area, but implementations may
+ * not define any mechanism to wipe a storage area, but integrations may
* provide their own mechanism (for example to perform a factory reset,
* to prepare for device refurbishment, or to uninstall an application).
*
* This lifetime value is the default storage area for the calling
- * application. Implementations may offer other storage areas designated
- * by other lifetime values as implementation-specific extensions.
+ * application. Integrations of Mbed TLS may support other persistent lifetimes.
* See ::psa_key_lifetime_t for more information.
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h
index 50dd479c6..3e661e094 100644
--- a/interface/include/psa/initial_attestation.h
+++ b/interface/include/psa/initial_attestation.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -201,26 +201,6 @@ psa_status_t
psa_initial_attest_get_token_size(size_t challenge_size,
size_t *token_size);
-/**
- * \brief Get the initial attestation public key.
- *
- * \param[out] public_key Pointer to the buffer where the public key
- * will be stored.
- * \param[in] key_buf_size Size of allocated buffer for key, in bytes.
- * \param[out] public_key_len Size of public key in bytes.
- * \param[out] public_key_curve Type of the elliptic curve which the key
- * belongs to.
- *
- * \note Currently only the ECDSA P-256 over SHA-256 algorithm is supported.
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-psa_status_t
-tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type);
-
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/psa/update.h b/interface/include/psa/update.h
index 65d7d2dd6..d7de5ac9d 100644
--- a/interface/include/psa/update.h
+++ b/interface/include/psa/update.h
@@ -207,6 +207,8 @@ psa_status_t psa_fwu_request_reboot(void);
/**
* \brief Indicates to the implementation that the upgrade was successful.
*
+ * \param[in] image_id The image_id of the image to query
+ *
* \return A status indicating the success/failure of the operation
*
* \retval PSA_SUCCESS The image and its dependencies have
@@ -217,7 +219,7 @@ psa_status_t psa_fwu_request_reboot(void);
* \retval PSA_ERROR_NOT_PERMITTED The caller is not permitted to make
* this call
*/
-psa_status_t psa_fwu_accept(void);
+psa_status_t psa_fwu_accept(psa_image_id_t image_id);
/**
* \brief Stores a manifest object and associates it with a particular image ID.
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
index 9d0df047a..1d4c9ee5a 100644
--- a/interface/include/tfm_api.h
+++ b/interface/include/tfm_api.h
@@ -53,6 +53,7 @@ enum tfm_status_e
TFM_ERROR_NOT_INITIALIZED,
TFM_ERROR_NO_ACTIVE_PARTITION,
TFM_ERROR_INVALID_EXC_MODE,
+ TFM_ERROR_NOT_IN_RANGE,
TFM_SECURE_LOCK_FAILED,
TFM_SECURE_UNLOCK_FAILED,
TFM_ERROR_GENERIC = 0x1F,
diff --git a/interface/src/psa/psa_client.c b/interface/src/psa/psa_client.c
index 2d921825c..6960ac67a 100644
--- a/interface/src/psa/psa_client.c
+++ b/interface/src/psa/psa_client.c
@@ -6,9 +6,10 @@
*/
#include <inttypes.h>
-#include "tfm/tfm_core_svc.h"
#include "psa/client.h"
+#include "svc_num.h"
#include "tfm_api.h"
+#include "tfm_hal_device_header.h"
#include "tfm_psa_call_param.h"
__attribute__((naked))
@@ -55,10 +56,9 @@ psa_status_t psa_call(psa_handle_t handle,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return psa_call_param_pack(handle,
diff --git a/interface/src/psa/psa_lifecycle.c b/interface/src/psa/psa_lifecycle.c
index 313bfd56d..cee7dfd4d 100644
--- a/interface/src/psa/psa_lifecycle.c
+++ b/interface/src/psa/psa_lifecycle.c
@@ -1,12 +1,13 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <inttypes.h>
#include "psa/lifecycle.h"
-#include "tfm/tfm_core_svc.h"
+#include "svc_num.h"
+#include "tfm_hal_device_header.h"
__attribute__((naked))
uint32_t psa_rot_lifecycle_state(void)
diff --git a/interface/src/psa/psa_service.c b/interface/src/psa/psa_service.c
index 7ae3bd1f1..a8ecef426 100644
--- a/interface/src/psa/psa_service.c
+++ b/interface/src/psa/psa_service.c
@@ -7,9 +7,10 @@
#include <inttypes.h>
#include <stdio.h>
-#include "tfm/tfm_core_svc.h"
#include "psa/client.h"
#include "psa/service.h"
+#include "svc_num.h"
+#include "tfm_hal_device_header.h"
__attribute__((naked))
psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout)
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index c8e657670..6ff25a1e7 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -1190,31 +1190,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
return status;
}
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_get_key_domain_parameters(
- const psa_key_attributes_t *attributes,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index b5f59c221..e925c36ea 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -11,22 +11,13 @@
#include "psa_manifest/sid.h"
#include "psa/client.h"
-#define PSA_CONNECT(service) \
- psa_handle_t ipc_handle; \
- ipc_handle = psa_connect(service##_SID, service##_VERSION); \
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \
- return PSA_ERROR_GENERIC_ERROR; \
- } \
-
-#define PSA_CLOSE() psa_close(ipc_handle)
-
#define API_DISPATCH(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
out_vec, IOVEC_LEN(out_vec))
#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
(psa_outvec *)NULL, 0)
@@ -53,13 +44,9 @@ psa_status_t psa_open_key(psa_key_id_t id,
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_open_key,
TFM_CRYPTO_OPEN_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -74,13 +61,9 @@ psa_status_t psa_close_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key,
TFM_CRYPTO_CLOSE_KEY);;
- PSA_CLOSE();
-
return status;
}
@@ -102,11 +85,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_import_key,
TFM_CRYPTO_IMPORT_KEY);
- PSA_CLOSE();
return status;
}
@@ -122,11 +102,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key,
TFM_CRYPTO_DESTROY_KEY);
- PSA_CLOSE();
return status;
}
@@ -146,11 +123,8 @@ psa_status_t psa_get_key_attributes(psa_key_id_t key,
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_get_key_attributes,
TFM_CRYPTO_GET_KEY_ATTRIBUTES);
- PSA_CLOSE();
return status;
}
@@ -167,15 +141,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- psa_handle_t ipc_handle;
- ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION);
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) {
- return;
- }
-
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
- TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
- PSA_CLOSE();
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
return;
}
@@ -197,15 +164,11 @@ psa_status_t psa_export_key(psa_key_id_t key,
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_key,
TFM_CRYPTO_EXPORT_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -227,15 +190,11 @@ psa_status_t psa_export_public_key(psa_key_id_t key,
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_public_key,
TFM_CRYPTO_EXPORT_PUBLIC_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -250,13 +209,9 @@ psa_status_t psa_purge_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
TFM_CRYPTO_PURGE_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -280,13 +235,9 @@ psa_status_t psa_copy_key(psa_key_id_t source_key,
{.base = target_key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_copy_key,
TFM_CRYPTO_COPY_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -309,15 +260,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
{.base = iv, .len = iv_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_generate_iv,
TFM_CRYPTO_CIPHER_GENERATE_IV);
*iv_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -339,13 +286,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_set_iv,
TFM_CRYPTO_CIPHER_SET_IV);
- PSA_CLOSE();
-
return status;
}
@@ -368,13 +311,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup,
TFM_CRYPTO_CIPHER_ENCRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -397,13 +336,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup,
TFM_CRYPTO_CIPHER_DECRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -429,15 +364,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
{.base = output, .len = output_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_update,
TFM_CRYPTO_CIPHER_UPDATE);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -456,13 +387,9 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_abort,
TFM_CRYPTO_CIPHER_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -485,15 +412,11 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_finish,
TFM_CRYPTO_CIPHER_FINISH);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -514,13 +437,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_setup,
TFM_CRYPTO_HASH_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -542,13 +461,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_update,
TFM_CRYPTO_HASH_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -571,15 +486,11 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
{.base = hash, .len = hash_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_finish,
TFM_CRYPTO_HASH_FINISH);
*hash_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -601,13 +512,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_verify,
TFM_CRYPTO_HASH_VERIFY);
- PSA_CLOSE();
-
return status;
}
@@ -626,13 +533,9 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_abort,
TFM_CRYPTO_HASH_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -656,13 +559,9 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
return PSA_ERROR_BAD_STATE;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_clone,
TFM_CRYPTO_HASH_CLONE);
- PSA_CLOSE();
-
return status;
}
@@ -688,15 +587,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
{.base = hash, .len = hash_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_compute,
TFM_CRYPTO_HASH_COMPUTE);
*hash_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -718,13 +613,9 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
{.base = hash, .len = hash_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
TFM_CRYPTO_HASH_COMPARE);
- PSA_CLOSE();
-
return status;
}
@@ -747,13 +638,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_setup,
TFM_CRYPTO_MAC_SIGN_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -776,13 +663,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_setup,
TFM_CRYPTO_MAC_VERIFY_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -804,13 +687,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_update,
TFM_CRYPTO_MAC_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -833,15 +712,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
{.base = mac, .len = mac_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_finish,
TFM_CRYPTO_MAC_SIGN_FINISH);
*mac_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -863,13 +738,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_finish,
TFM_CRYPTO_MAC_VERIFY_FINISH);
- PSA_CLOSE();
-
return status;
}
@@ -888,13 +759,9 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_abort,
TFM_CRYPTO_MAC_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -943,19 +810,15 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key,
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*ciphertext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1004,19 +867,15 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key,
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*plaintext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1054,15 +913,11 @@ psa_status_t psa_sign_hash(psa_key_id_t key,
{.base = signature, .len = signature_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_sign_hash,
TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1096,13 +951,9 @@ psa_status_t psa_verify_hash(psa_key_id_t key,
{.base = signature, .len = signature_length}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
TFM_CRYPTO_VERIFY_HASH);
- PSA_CLOSE();
-
return status;
}
@@ -1138,19 +989,15 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1186,19 +1033,15 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1220,13 +1063,9 @@ psa_status_t psa_key_derivation_get_capacity(
{.base = capacity, .len = sizeof(size_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
- PSA_CLOSE();
-
return status;
}
@@ -1249,13 +1088,9 @@ psa_status_t psa_key_derivation_output_bytes(
{.base = output, .len = output_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
- PSA_CLOSE();
-
return status;
}
@@ -1276,13 +1111,9 @@ psa_status_t psa_key_derivation_input_key(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -1303,13 +1134,9 @@ psa_status_t psa_key_derivation_abort(
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_abort,
TFM_CRYPTO_KEY_DERIVATION_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -1333,13 +1160,9 @@ psa_status_t psa_key_derivation_key_agreement(
{.base = peer_key, .len = peer_key_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement,
TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
- PSA_CLOSE();
-
return status;
}
@@ -1363,13 +1186,9 @@ psa_status_t psa_generate_random(uint8_t *output,
return PSA_SUCCESS;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_random,
TFM_CRYPTO_GENERATE_RANDOM);
- PSA_CLOSE();
-
return status;
}
@@ -1390,36 +1209,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_key,
TFM_CRYPTO_GENERATE_KEY);
- PSA_CLOSE();
-
- return status;
-}
-
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_get_key_domain_parameters(
- const psa_key_attributes_t *attributes,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
return status;
}
@@ -1556,15 +1347,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_raw_key_agreement,
TFM_CRYPTO_RAW_KEY_AGREEMENT);
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1585,11 +1372,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_setup,
TFM_CRYPTO_KEY_DERIVATION_SETUP);
- PSA_CLOSE();
return status;
}
@@ -1609,11 +1393,8 @@ psa_status_t psa_key_derivation_set_capacity(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
- PSA_CLOSE();
return status;
}
@@ -1636,11 +1417,8 @@ psa_status_t psa_key_derivation_input_bytes(
{.base = data, .len = data_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
- PSA_CLOSE();
return status;
}
@@ -1665,11 +1443,8 @@ psa_status_t psa_key_derivation_output_key(
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
- PSA_CLOSE();
return status;
}
diff --git a/interface/src/tfm_firmware_update_func_api.c b/interface/src/tfm_firmware_update_func_api.c
index 487028897..5100d4439 100644
--- a/interface/src/tfm_firmware_update_func_api.c
+++ b/interface/src/tfm_firmware_update_func_api.c
@@ -122,12 +122,15 @@ psa_status_t psa_fwu_request_reboot(void)
return status;
}
-psa_status_t psa_fwu_accept(void)
+psa_status_t psa_fwu_accept(psa_image_id_t image_id)
{
psa_status_t status;
+ psa_invec in_vec[] = {
+ { .base = &image_id, .len = sizeof(image_id) }
+ };
status = tfm_ns_interface_dispatch((veneer_fn)tfm_fwu_accept_req_veneer,
- (uint32_t)NULL, 0,
+ (uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)NULL, 0);
if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
diff --git a/interface/src/tfm_firmware_update_ipc_api.c b/interface/src/tfm_firmware_update_ipc_api.c
index a21a3339f..60d4b2e6d 100644
--- a/interface/src/tfm_firmware_update_ipc_api.c
+++ b/interface/src/tfm_firmware_update_ipc_api.c
@@ -155,10 +155,13 @@ psa_status_t psa_fwu_request_reboot(void)
return status;
}
-psa_status_t psa_fwu_accept(void)
+psa_status_t psa_fwu_accept(psa_image_id_t image_id)
{
psa_handle_t handle;
psa_status_t status;
+ psa_invec in_vec[] = {
+ { .base = &image_id, .len = sizeof(image_id) }
+ };
handle = psa_connect(TFM_FWU_ACCEPT_SID,
TFM_FWU_ACCEPT_VERSION);
@@ -166,7 +169,7 @@ psa_status_t psa_fwu_accept(void)
return PSA_ERROR_GENERIC_ERROR;
}
- status = psa_call(handle, PSA_IPC_CALL, NULL, 0, NULL, 0);
+ status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
psa_close(handle);
diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c
index 48dbbe183..31f1d6bcc 100644
--- a/interface/src/tfm_initial_attestation_func_api.c
+++ b/interface/src/tfm_initial_attestation_func_api.c
@@ -56,25 +56,3 @@ psa_initial_attest_get_token_size(size_t challenge_size,
(uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)out_vec, IOVEC_LEN(out_vec));
}
-
-psa_status_t
-tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type)
-{
- int32_t res;
-
- psa_outvec out_vec[] = {
- {.base = public_key, .len = public_key_buf_size},
- {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)},
- {.base = public_key_len, .len = sizeof(*public_key_len)}
- };
-
- res = tfm_ns_interface_dispatch(
- (veneer_fn)tfm_initial_attest_get_public_key_veneer,
- (uint32_t)NULL, 0,
- (uint32_t)out_vec, IOVEC_LEN(out_vec));
-
- return (psa_status_t) res;
-}
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index fa7a956bd..43c9b0e47 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -72,32 +72,3 @@ psa_initial_attest_get_token_size(size_t challenge_size,
return status;
}
-
-psa_status_t
-tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type)
-{
- psa_handle_t handle = PSA_NULL_HANDLE;
- psa_status_t status;
-
- psa_outvec out_vec[] = {
- {.base = public_key, .len = public_key_buf_size},
- {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)},
- {.base = public_key_len, .len = sizeof(*public_key_len)}
- };
-
- handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
- TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
- NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
-
- return status;
-}
diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c
index 9d60a11d7..751216dd0 100644
--- a/interface/src/tfm_psa_ns_api.c
+++ b/interface/src/tfm_psa_ns_api.c
@@ -50,10 +50,9 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return tfm_ns_interface_dispatch(
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/secure_enclave/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/secure_enclave/dx_reg_base_host.h
index 2cf03682a..2cf03682a 100644
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/secure_enclave/dx_reg_base_host.h
+++ b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/secure_enclave/dx_reg_base_host.h
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/sse_200/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/sse_200/dx_reg_base_host.h
index 1d97bf121..1d97bf121 100644
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_b1/sse_200/dx_reg_base_host.h
+++ b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_b1/sse_200/dx_reg_base_host.h
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_s1/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_s1/dx_reg_base_host.h
index baec7048a..baec7048a 100644
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/musca_s1/dx_reg_base_host.h
+++ b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/musca_s1/dx_reg_base_host.h
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2.cm33/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2.cm33/dx_reg_base_host.h
deleted file mode 100644
index 54f04138a..000000000
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2.cm33/dx_reg_base_host.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __DX_REG_BASE_HOST_H__
-#define __DX_REG_BASE_HOST_H__
-
-/* Identify platform: ARM MPS2 PLUS */
-#define DX_PLAT_MPS2_PLUS 1
-
-#define DX_BASE_CC 0x50088000
-#define DX_BASE_CODE 0x1E000000
-
-#define DX_BASE_ENV_REGS 0x400A8000
-#define DX_BASE_ENV_NVM_LOW 0x400AA000
-#define DX_BASE_ENV_NVM_HI 0x400AB000
-#define DX_BASE_ENV_PERF_RAM 0x400A9000
-
-#define DX_BASE_HOST_RGF 0x0UL
-#define DX_BASE_CRY_KERNEL 0x0UL
-
-#define DX_BASE_RNG 0x0000UL
-
-#endif /*__DX_REG_BASE_HOST_H__*/
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2/dx_reg_base_host.h
deleted file mode 100644
index ac957b02c..000000000
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/mps2/dx_reg_base_host.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef __DX_REG_BASE_HOST_H__
-#define __DX_REG_BASE_HOST_H__
-
-/* Identify platform: ARM MPS2 PLUS */
-#define DX_PLAT_MPS2_PLUS 1
-
-#define DX_BASE_CC 0x50010000
-#define DX_BASE_CODE 0x50030000
-
-#define DX_BASE_ENV_REGS 0x50028000
-#define DX_BASE_ENV_NVM_LOW 0x5002A000
-#define DX_BASE_ENV_NVM_HI 0x5002B000
-#define DX_BASE_ENV_PERF_RAM 0x40009000
-
-#define DX_BASE_HOST_RGF 0x0UL
-#define DX_BASE_CRY_KERNEL 0x0UL
-
-#define DX_BASE_RNG 0x0000UL
-#endif /*__DX_REG_BASE_HOST_H__*/
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/zynq/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/zynq/dx_reg_base_host.h
deleted file mode 100644
index 001de06a5..000000000
--- a/lib/ext/cryptocell-312-runtime/shared/hw/include/zynq/dx_reg_base_host.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-#ifndef __DX_REG_BASE_HOST_H__
-#define __DX_REG_BASE_HOST_H__
-
-/* Identify platform: Xilinx Zynq7000 ZC706 */
-#define DX_PLAT_ZYNQ7000 1
-#define DX_PLAT_ZYNQ7000_ZC706 1
-
-#define DX_BASE_CC 0x60000000
-
-#define DX_BASE_ENV_REGS 0x40008000
-#define DX_BASE_ENV_CC_MEMORIES 0x40008000
-#define DX_BASE_ENV_PERF_RAM 0x40009000
-
-#define DX_BASE_HOST_RGF 0x0UL
-#define DX_BASE_CRY_KERNEL 0x0UL
-#define DX_BASE_ROM 0x40000000
-
-#define DX_BASE_RNG 0x0000UL
-#endif /*__DX_REG_BASE_HOST_H__*/
diff --git a/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch b/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch
new file mode 100644
index 000000000..6e127b977
--- /dev/null
+++ b/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch
@@ -0,0 +1,64 @@
+From 374c93c43f8c299adcee91cfbc90a15037317d18 Mon Sep 17 00:00:00 2001
+From: Maulik Patel <Maulik.Patel@arm.com>
+Date: Mon, 15 Mar 2021 14:48:14 +0000
+Subject: [PATCH 3/3] Fix:4162 Return correct error type for invalid key
+
+Return PSA_ERROR_INVALID_HANDLE instead of
+PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
+operations.
+
+Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
+---
+ library/psa_crypto_slot_management.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
+index dcbee31aa..b7e3442fb 100644
+--- a/library/psa_crypto_slot_management.c
++++ b/library/psa_crypto_slot_management.c
+@@ -305,13 +305,15 @@ psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
+
+ status = psa_load_persistent_key_into_slot( *p_slot );
+ if( status != PSA_SUCCESS )
++ {
+ psa_wipe_key_slot( *p_slot );
+-
++ if( status == PSA_ERROR_DOES_NOT_EXIST )
++ status = PSA_ERROR_INVALID_HANDLE;
++ }
+ return( status );
+ #else
+- return( PSA_ERROR_DOES_NOT_EXIST );
++ return( PSA_ERROR_INVALID_HANDLE );
+ #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+-
+ }
+
+ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
+@@ -399,6 +401,9 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
+ if( status != PSA_SUCCESS )
+ {
+ *handle = PSA_KEY_HANDLE_INIT;
++ if( status == PSA_ERROR_INVALID_HANDLE )
++ status = PSA_ERROR_DOES_NOT_EXIST;
++
+ return( status );
+ }
+
+@@ -423,8 +428,12 @@ psa_status_t psa_close_key( psa_key_handle_t handle )
+
+ status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
+ if( status != PSA_SUCCESS )
+- return( status );
++ {
++ if( status == PSA_ERROR_DOES_NOT_EXIST )
++ status = PSA_ERROR_INVALID_HANDLE;
+
++ return( status );
++ }
+ if( slot->lock_count <= 1 )
+ return( psa_wipe_key_slot( slot ) );
+ else
+--
+2.25.1
+
diff --git a/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch b/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch
new file mode 100644
index 000000000..9f1be4cde
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch
@@ -0,0 +1,86 @@
+From 9c4d00b01062dbb2e0f124027e19562b3c2a3538 Mon Sep 17 00:00:00 2001
+From: Maulik Patel <Maulik.Patel@arm.com>
+Date: Fri, 7 May 2021 13:42:20 +0100
+Subject: [PATCH] Update test cases for psa mac sign and verify.
+
+Update test cases for psa_mac_sign_setup (226) and
+psa_mac_verify_setup (229) against unknown MAC algorithm such that
+key passed is valid but the algorithm is unknown.
+Also, as per PSA Crypto Spec 1.0.0, fix the expected return value to PSA_ERROR_INVALID_ARGUMENT for incompatible key to MAC algorithm.
+
+Change-Id: I8f42736a9e5bd7fbf604146b43ef28180e741fc3
+Signed-off-by: Maulik Patel <maulik.patel@arm.com>
+---
+ api-tests/dev_apis/crypto/test_c026/test_data.h | 15 +++++++++------
+ api-tests/dev_apis/crypto/test_c029/test_data.h | 15 +++++++++------
+ 2 files changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c026/test_data.h b/api-tests/dev_apis/crypto/test_c026/test_data.h
+index 306522a..39619f0 100644
+--- a/api-tests/dev_apis/crypto/test_c026/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c026/test_data.h
+@@ -67,7 +67,7 @@ static const test_data check1[] = {
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_INVALID_ARGUMENT
+ },
+ #endif
+
+@@ -116,11 +116,14 @@ static const test_data check1[] = {
+ #endif
+ #endif
+
+-#ifdef ARCH_TEST_AES_128
+-{"Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_AES,
+-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+- 0x5F, 0xC9, 0x00},
+- AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
++#ifdef ARCH_TEST_HMAC
++{"Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_HMAC,
++{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
++ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
++ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
++ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
++ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
++ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+ },
+ #endif
+diff --git a/api-tests/dev_apis/crypto/test_c029/test_data.h b/api-tests/dev_apis/crypto/test_c029/test_data.h
+index 3b4b121..1b85212 100644
+--- a/api-tests/dev_apis/crypto/test_c029/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c029/test_data.h
+@@ -68,7 +68,7 @@ static const test_data check1[] = {
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_INVALID_ARGUMENT
+ },
+ #endif
+
+@@ -116,11 +116,14 @@ static const test_data check1[] = {
+ },
+ #endif
+
+-#ifdef ARCH_TEST_AES_128
+-{"Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_AES,
+-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+- 0x5F, 0xC9, 0x00},
+- AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
++#ifdef ARCH_TEST_HMAC
++{"Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_HMAC,
++{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
++ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
++ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
++ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
++ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
++ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+ },
+ #endif
+--
+2.17.1
+
diff --git a/lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch b/lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch
new file mode 100644
index 000000000..bebe183a3
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch
@@ -0,0 +1,78 @@
+From d2a1b0816667392b771193abfa532deb24699204 Mon Sep 17 00:00:00 2001
+From: David Hu <david.hu@arm.com>
+Date: Thu, 3 Jun 2021 15:03:33 +0800
+Subject: [PATCH] Workaround for removal of initial attest get public key API
+
+TF-M self-defined API of getting initial attestation public key has been
+removed to optimize initial attestation interface and implementation.
+
+Attestation test suite relies on get public key API. Add a workaround to
+enable attestation test suite to fetch Initial Attestation public key.
+
+Signed-off-by: David Hu <david.hu@arm.com>
+---
+ api-tests/CMakeLists.txt | 4 ++++
+ .../pal_attestation_crypto.c | 23 +++++++++++++++----
+ 2 files changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/api-tests/CMakeLists.txt b/api-tests/CMakeLists.txt
+index 07f78fe..06d9207 100644
+--- a/api-tests/CMakeLists.txt
++++ b/api-tests/CMakeLists.txt
+@@ -472,6 +472,10 @@ endif()
+
+ # Build PAL NSPE LIB
+ include(${PSA_ROOT_DIR}/platform/targets/${TARGET}/target.cmake)
++# Import dummy Initial Attestation public key from TF-M for test
++if (${SUITE} STREQUAL "INITIAL_ATTESTATION")
++ target_sources(${PSA_TARGET_PAL_NSPE_LIB} PRIVATE ${CMAKE_SOURCE_DIR}/platform/ext/common/template/tfm_initial_attest_pub_key.c)
++endif()
+ # Build VAL NSPE LIB
+ #add_definitions(-DVAL_NSPE_BUILD)
+ include(${PSA_ROOT_DIR}/val/val_nspe.cmake)
+diff --git a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+index 7f748c2..a45355e 100644
+--- a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
++++ b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+@@ -17,9 +17,14 @@
+
+ #include "pal_attestation_crypto.h"
+
+-static uint32_t public_key_registered;
++static uint32_t public_key_registered = 0;
+ static psa_key_handle_t public_key_handle;
+
++/* Dummy Initial Attestation public key exported by TF-M for test */
++extern const psa_ecc_family_t initial_attest_curve_type;
++extern const uint8_t initial_attest_pub_key[];
++extern const uint32_t initial_attest_pub_key_size;
++
+ static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
+ size_t amount)
+ {
+@@ -201,10 +206,18 @@ static int32_t pal_attest_get_public_key(uint8_t *public_key_buff, size_t public
+ memcpy(public_key_buff, (void *)&attest_public_key, *public_key_len);
+ status = PSA_SUCCESS;
+ #else
+- status = tfm_initial_attest_get_public_key(public_key_buff,
+- public_key_buf_size,
+- public_key_len,
+- elliptic_curve_type);
++ if (initial_attest_curve_type != PSA_ECC_CURVE_SECP256R1)
++ return PAL_ATTEST_ERR_KEY_FAIL;
++
++ if (public_key_buf_size < initial_attest_pub_key_size)
++ return PAL_ATTEST_ERR_SMALL_BUFFER;
++
++ memcpy(public_key_buff, initial_attest_pub_key,
++ initial_attest_pub_key_size);
++ *public_key_len = initial_attest_pub_key_size;
++ *elliptic_curve_type = initial_attest_curve_type;
++
++ status = PSA_SUCCESS;
+ #endif
+
+ return status;
+--
+2.25.1
+
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
index f239f39f7..8bcf77797 100755
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -39,7 +39,6 @@ target_include_directories(platform_s
target_sources(platform_s
PRIVATE
- ext/common/template/attest_hal.c
$<$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/tfm_hal_ps.c>
$<$<BOOL:${TFM_PARTITION_INTERNAL_TRUSTED_STORAGE}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/tfm_hal_its.c>
ext/common/tfm_platform.c
@@ -51,6 +50,7 @@ target_sources(platform_s
$<$<BOOL:${PLATFORM_DUMMY_CRYPTO_KEYS}>:ext/common/template/crypto_keys.c>
$<$<BOOL:${PLATFORM_DUMMY_ROTPK}>:ext/common/template/tfm_rotpk.c>
$<$<BOOL:${PLATFORM_DUMMY_IAK}>:ext/common/template/tfm_initial_attestation_key_material.c>
+ $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_S}>>:ext/common/template/tfm_initial_attest_pub_key.c>
)
target_link_libraries(platform_s
@@ -87,6 +87,7 @@ target_include_directories(platform_ns
target_sources(platform_ns
PRIVATE
$<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/uart_stdout.c>
+ $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_NS}>>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/template/tfm_initial_attest_pub_key.c>
)
target_link_libraries(platform_ns
@@ -136,6 +137,7 @@ if(BL2)
PUBLIC
BL2
MCUBOOT_${MCUBOOT_UPGRADE_STRATEGY}
+ $<$<BOOL:${MCUBOOT_DIRECT_XIP_REVERT}>:MCUBOOT_DIRECT_XIP_REVERT>
$<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
$<$<BOOL:${MCUBOOT_HW_KEY}>:MCUBOOT_HW_KEY>
MCUBOOT_FIH_PROFILE_${MCUBOOT_FIH_PROFILE}
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct
index 4186d09cb..c7d66b4b0 100644
--- a/platform/ext/common/armclang/tfm_common_s.sct
+++ b/platform/ext/common/armclang/tfm_common_s.sct
@@ -34,6 +34,11 @@ LR_CODE S_CODE_START S_CODE_SIZE {
*psa_lifecycle.* (+RO)
}
+ /**** Section for holding partition RO load data */
+ TFM_SP_LOAD_LIST +0 ALIGN 4 {
+ *(.part_load)
+ }
+
/**** PSA RoT RO part (CODE + RODATA) start here */
/*
* This empty, zero long execution region is here to mark the start address
diff --git a/platform/ext/common/armclang/tfm_isolation_l3.sct.template b/platform/ext/common/armclang/tfm_isolation_l3.sct.template
index cb108df6f..dcb67ae64 100644
--- a/platform/ext/common/armclang/tfm_isolation_l3.sct.template
+++ b/platform/ext/common/armclang/tfm_isolation_l3.sct.template
@@ -40,6 +40,11 @@ LR_CODE S_CODE_START {
* (+RO)
}
+ /**** Section for holding partition RO load data */
+ TFM_SP_LOAD_LIST +0 ALIGN 4 {
+ *(.part_load)
+ }
+
/**** PSA RoT CODE + RO-data starts here */
{% for partition in partitions %}
{% if partition.manifest.type == 'PSA-ROT' %}
diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld
index 3939b6471..5cdb16cd3 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld
+++ b/platform/ext/common/gcc/tfm_common_s.ld
@@ -141,6 +141,15 @@ SECTIONS
Image$$TFM_UNPRIV_CODE$$RO$$Base = ADDR(.TFM_UNPRIV_CODE);
Image$$TFM_UNPRIV_CODE$$RO$$Limit = ADDR(.TFM_UNPRIV_CODE) + SIZEOF(.TFM_UNPRIV_CODE);
+ /**** Section for holding partition RO load data */
+ .TFM_SP_LOAD_LIST : ALIGN(4)
+ {
+ KEEP(*(.part_load))
+ } > FLASH
+ Image$$TFM_SP_LOAD_LIST$$RO$$Base = ADDR(.TFM_SP_LOAD_LIST);
+ Image$$TFM_SP_LOAD_LIST$$RO$$Limit = ADDR(.TFM_SP_LOAD_LIST) + SIZEOF(.TFM_SP_LOAD_LIST);
+ . = ALIGN(32);
+
/**** PSA RoT RO part (CODE + RODATA) start here */
Image$$TFM_PSA_CODE_START$$Base = .;
diff --git a/platform/ext/common/gcc/tfm_isolation_l3.ld.template b/platform/ext/common/gcc/tfm_isolation_l3.ld.template
index 493870eb2..438425681 100644
--- a/platform/ext/common/gcc/tfm_isolation_l3.ld.template
+++ b/platform/ext/common/gcc/tfm_isolation_l3.ld.template
@@ -101,6 +101,15 @@ SECTIONS
. = ALIGN(32);
Image$$PT_RO_START$$Base = .;
+ /**** Section for holding partition RO load data */
+ .TFM_SP_LOAD_LIST : ALIGN(4)
+ {
+ KEEP(*(.part_load))
+ } > FLASH
+ Image$$TFM_SP_LOAD_LIST$$RO$$Base = ADDR(.TFM_SP_LOAD_LIST);
+ Image$$TFM_SP_LOAD_LIST$$RO$$Limit = ADDR(.TFM_SP_LOAD_LIST) + SIZEOF(.TFM_SP_LOAD_LIST);
+ . = ALIGN(32);
+
/**** PSA RoT RO CODE + RO-data starts here */
{% for partition in partitions %}
{% if partition.manifest.type == 'PSA-ROT' %}
diff --git a/platform/ext/common/iar/tfm_common_s.icf b/platform/ext/common/iar/tfm_common_s.icf
index c9d49e9c0..3da205dd3 100644
--- a/platform/ext/common/iar/tfm_common_s.icf
+++ b/platform/ext/common/iar/tfm_common_s.icf
@@ -39,6 +39,11 @@ define block TFM_UNPRIV_CODE with alignment = 32 {
ro object tfm_log_raw.o
};
+ /**** Section for holding partition RO load data */
+define block TFM_SP_LOAD_LIST with alignment = 4 {
+ ro section .part_load object load_info_*.o,
+};
+
/**** PSA RoT RO part (CODE + RODATA) start here */
/*
* This empty, zero long execution region is here to mark the start address
@@ -159,6 +164,16 @@ keep {block HEAP, block ARM_LIB_HEAP};
define block ER_TFM_DATA with alignment = 8 {readwrite};
+define block ER_PART_RT_POOL with alignment = 4 {
+ zi section .bss.part_runtime
+};
+
+define block ER_SERV_RT_POOL with alignment = 4 {
+ zi section .bss.serv_runtime
+};
+
+keep {block ER_PART_RT_POOL, block ER_SERV_RT_POOL};
+
/**** PSA RoT DATA start here */
/*
* This empty, zero long execution region is here to mark the start address
@@ -196,6 +211,9 @@ define block SRAM_WATERMARK with size = 0 { };
define block LR_CODE with fixed order {
block ER_TFM_CODE,
block TFM_UNPRIV_CODE,
+
+ block TFM_SP_LOAD_LIST,
+
block TFM_PSA_CODE_START,
block TFM_PSA_ROT_LINKER,
@@ -306,6 +324,10 @@ define block PRIV_DATA with fixed order {
block ER_TFM_DATA,
+ block ER_PART_RT_POOL,
+
+ block ER_SERV_RT_POOL,
+
/**** PSA RoT DATA start here */
/*
* This empty, zero long execution region is here to mark the start address
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c
new file mode 100644
index 000000000..cb21fc79b
--- /dev/null
+++ b/platform/ext/common/template/crypto_dummy_nv_seed.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "mbedtls/entropy.h"
+#include "tfm_plat_crypto_dummy_nv_seed.h"
+
+/* NOTE: The seed value here is only an example, please do not use it in
+ * production. Platform vendor should implement their own seed value.
+ */
+const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = {
+ 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78,
+ 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca,
+ 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79,
+ 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85,
+ 0xde, 0xc4, 0x5f, 0x66, 0x21, 0x52, 0xf9, 0x39,
+ 0xd9, 0x77, 0x93, 0x28, 0xb0, 0x5e, 0x02, 0xfa,
+ 0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb,
+ 0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66,
+};
+
+int tfm_plat_crypto_create_entropy_seed(void)
+{
+ return tfm_plat_crypto_nv_seed_write(seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+}
diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c
new file mode 100644
index 000000000..c868d953b
--- /dev/null
+++ b/platform/ext/common/template/crypto_nv_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stddef.h>
+#include "tfm_plat_crypto_nv_seed.h"
+#include "psa/internal_trusted_storage.h"
+
+int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+ size_t data_length = 0;
+
+ status = psa_its_get(uid, 0, buf_len, buf, &data_length);
+
+ if (status == PSA_SUCCESS && data_length == buf_len) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}
+
+int tfm_plat_crypto_nv_seed_write(const unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+
+ status = psa_its_set(uid, buf_len, buf, 0);
+
+ if (status == PSA_SUCCESS) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}
diff --git a/platform/ext/common/template/tfm_initial_attest_pub_key.c b/platform/ext/common/template/tfm_initial_attest_pub_key.c
new file mode 100644
index 000000000..6a664aedd
--- /dev/null
+++ b/platform/ext/common/template/tfm_initial_attest_pub_key.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+#include "psa/crypto.h"
+
+/*
+ * This file contains the hard coded public key part of the ECDSA P-256 secret
+ * key in: platform/ext/common/template/tfm_initial_attestation_key.pem
+ *
+ * The public key is used to verify the initial attestation token (IAT) for test
+ * and debug purpose only. This file is built only when tests are enabled.
+ *
+ * The key is stored in raw format, without any encoding(ASN.1, COSE).
+ *
+ * ####### DO NOT USE THIS KEY IN PRODUCTION #######
+ */
+
+/* Type of the EC curve which the key belongs to, in PSA curve ID form */
+const psa_ecc_family_t initial_attest_curve_type = PSA_ECC_CURVE_SECP256R1;
+
+/*
+ * Initial attestation public key in raw format, without any encoding.
+ * It belongs to the ECDSA P-256 curve.
+ *
+ * The octet string below is the output of psa_export_public_key(), which
+ * consists of the following parts:
+ * - The byte 0x04;
+ * - x_P as a 32 byte string, big-endian;
+ * - y_P as a 32 byte string, big-endian;
+ *
+ * The octet string can be passed to psa_import_key() to create a public key
+ * object for IAT verification.
+ *
+ * See psa_export_public_key() in PSA Crypto API spec for more details of
+ * representation of the public key.
+ */
+const uint8_t initial_attest_pub_key[] =
+{
+ 0x04, 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50,
+ 0xA6, 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0,
+ 0x7A, 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1,
+ 0x7D, 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC,
+ 0x3F, 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68,
+ 0xBF, 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5,
+ 0x8D, 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3,
+ 0x08, 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68,
+ 0x64,
+};
+
+const uint32_t initial_attest_pub_key_size = sizeof(initial_attest_pub_key);
diff --git a/platform/ext/common/tfm_hal_sp_logdev_periph.c b/platform/ext/common/tfm_hal_sp_logdev_periph.c
index 177fb8386..9929d53a2 100644
--- a/platform/ext/common/tfm_hal_sp_logdev_periph.c
+++ b/platform/ext/common/tfm_hal_sp_logdev_periph.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -7,7 +7,12 @@
#include "tfm_hal_sp_logdev.h"
#include "uart_stdout.h"
-#include "tfm/tfm_core_svc.h"
+#ifdef TFM_PSA_API
+#include "svc_num.h"
+#else
+#include "tfm_core_svc.h"
+#endif /* TFM_PSA_API */
+#include "tfm_hal_device_header.h"
__attribute__((naked))
static int tfm_output_unpriv_string(const unsigned char *str, size_t len)
diff --git a/platform/ext/index.rst b/platform/ext/index.rst
index 3c3e8d176..36e3af98f 100644
--- a/platform/ext/index.rst
+++ b/platform/ext/index.rst
@@ -15,8 +15,7 @@ Supported Platforms
:caption: arm
:glob:
- target/musca_*/**
- target/mps*/**
+ target/arm/**
otp_provisioning.rst
.. toctree::
diff --git a/platform/ext/platform_introduction.rst b/platform/ext/platform_introduction.rst
index 6bf10640b..fec964122 100644
--- a/platform/ext/platform_introduction.rst
+++ b/platform/ext/platform_introduction.rst
@@ -48,7 +48,7 @@ Platforms introduction
- Secure Enclave system:
- - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>`
+ - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/arm/musca_b1/secure_enclave/readme>`
The document :doc:`Platform Deprecation and Removal </platform/ext/platform_deprecation>`
lists the deprecated platforms planned to be removed from upstream.
diff --git a/platform/ext/target/mps2/an519/CMakeLists.txt b/platform/ext/target/arm/mps2/an519/CMakeLists.txt
index 7a665eb53..7a665eb53 100644
--- a/platform/ext/target/mps2/an519/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/an519/CMakeLists.txt
diff --git a/platform/ext/target/mps2/an519/RTE_Device.h b/platform/ext/target/arm/mps2/an519/RTE_Device.h
index 3eef147e1..3eef147e1 100644
--- a/platform/ext/target/mps2/an519/RTE_Device.h
+++ b/platform/ext/target/arm/mps2/an519/RTE_Device.h
diff --git a/platform/ext/target/mps2/an519/armclang/mps2_an519_bl2.sct b/platform/ext/target/arm/mps2/an519/armclang/mps2_an519_bl2.sct
index 309bddfda..309bddfda 100644
--- a/platform/ext/target/mps2/an519/armclang/mps2_an519_bl2.sct
+++ b/platform/ext/target/arm/mps2/an519/armclang/mps2_an519_bl2.sct
diff --git a/platform/ext/target/mps2/an519/armclang/mps2_an519_ns.sct b/platform/ext/target/arm/mps2/an519/armclang/mps2_an519_ns.sct
index e25b2d72f..e25b2d72f 100644
--- a/platform/ext/target/mps2/an519/armclang/mps2_an519_ns.sct
+++ b/platform/ext/target/arm/mps2/an519/armclang/mps2_an519_ns.sct
diff --git a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s
index 658b9285c..658b9285c 100644
--- a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s
+++ b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_bl2.s
diff --git a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s
index a56a26d44..a56a26d44 100644
--- a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s
+++ b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_ns.s
diff --git a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s
index 2bcbb6702..2bcbb6702 100644
--- a/platform/ext/target/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s
+++ b/platform/ext/target/arm/mps2/an519/armclang/startup_cmsdk_mps2_an519_s.s
diff --git a/platform/ext/target/mps2/an519/boot_hal.c b/platform/ext/target/arm/mps2/an519/boot_hal.c
index 865700039..865700039 100644
--- a/platform/ext/target/mps2/an519/boot_hal.c
+++ b/platform/ext/target/arm/mps2/an519/boot_hal.c
diff --git a/platform/ext/target/mps2/an519/cmsis_core/cmsis.h b/platform/ext/target/arm/mps2/an519/cmsis_core/cmsis.h
index 90807395e..90807395e 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/cmsis.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/cmsis.h
diff --git a/platform/ext/target/mps2/an519/cmsis_core/cmsis_cpu.h b/platform/ext/target/arm/mps2/an519/cmsis_core/cmsis_cpu.h
index cd9cff61c..cd9cff61c 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/cmsis_cpu.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/cmsis_cpu.h
diff --git a/platform/ext/target/mps2/an519/cmsis_core/mps2_an519.h b/platform/ext/target/arm/mps2/an519/cmsis_core/mps2_an519.h
index 52153eeca..52153eeca 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/mps2_an519.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/mps2_an519.h
diff --git a/platform/ext/target/mps2/an519/cmsis_core/platform_irq.h b/platform/ext/target/arm/mps2/an519/cmsis_core/platform_irq.h
index 856b4d60d..856b4d60d 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/platform_irq.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/platform_irq.h
diff --git a/platform/ext/target/mps2/an519/cmsis_core/platform_regs.h b/platform/ext/target/arm/mps2/an519/cmsis_core/platform_regs.h
index 789661e12..789661e12 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/platform_regs.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/platform_regs.h
diff --git a/platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c b/platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c
index 0cb198fe5..0cb198fe5 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.c
diff --git a/platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h b/platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h
index a98ea4ba6..a98ea4ba6 100644
--- a/platform/ext/target/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_core/system_cmsdk_mps2_an519.h
diff --git a/platform/ext/target/mps2/an519/cmsis_driver_config.h b/platform/ext/target/arm/mps2/an519/cmsis_driver_config.h
index cab3b63d8..cab3b63d8 100644
--- a/platform/ext/target/mps2/an519/cmsis_driver_config.h
+++ b/platform/ext/target/arm/mps2/an519/cmsis_driver_config.h
diff --git a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_Flash.c b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_Flash.c
index 525956d4a..525956d4a 100644
--- a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_Flash.c
+++ b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_Flash.c
diff --git a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_MPC.c b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_MPC.c
index b0e62dddd..b0e62dddd 100644
--- a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_MPC.c
+++ b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_MPC.c
diff --git a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_PPC.c b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_PPC.c
index fc198a2bd..fc198a2bd 100644
--- a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_PPC.c
+++ b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_PPC.c
diff --git a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_USART.c b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_USART.c
index 3b35d0a9d..3b35d0a9d 100644
--- a/platform/ext/target/mps2/an519/cmsis_drivers/Driver_USART.c
+++ b/platform/ext/target/arm/mps2/an519/cmsis_drivers/Driver_USART.c
diff --git a/platform/ext/target/mps2/an519/config.cmake b/platform/ext/target/arm/mps2/an519/config.cmake
index a81c8a113..a81c8a113 100644
--- a/platform/ext/target/mps2/an519/config.cmake
+++ b/platform/ext/target/arm/mps2/an519/config.cmake
diff --git a/platform/ext/target/mps2/an519/device_cfg.h b/platform/ext/target/arm/mps2/an519/device_cfg.h
index 2a0f944f1..2a0f944f1 100644
--- a/platform/ext/target/mps2/an519/device_cfg.h
+++ b/platform/ext/target/arm/mps2/an519/device_cfg.h
diff --git a/platform/ext/target/mps2/an519/gcc/mps2_an519_bl2.ld b/platform/ext/target/arm/mps2/an519/gcc/mps2_an519_bl2.ld
index 2a8eae34e..2a8eae34e 100644
--- a/platform/ext/target/mps2/an519/gcc/mps2_an519_bl2.ld
+++ b/platform/ext/target/arm/mps2/an519/gcc/mps2_an519_bl2.ld
diff --git a/platform/ext/target/mps2/an519/gcc/mps2_an519_ns.ld b/platform/ext/target/arm/mps2/an519/gcc/mps2_an519_ns.ld
index 1bdcbfb1f..1bdcbfb1f 100644
--- a/platform/ext/target/mps2/an519/gcc/mps2_an519_ns.ld
+++ b/platform/ext/target/arm/mps2/an519/gcc/mps2_an519_ns.ld
diff --git a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S
index 1816a0c11..1816a0c11 100644
--- a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S
+++ b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_bl2.S
diff --git a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S
index 9edcfdba9..9edcfdba9 100644
--- a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S
+++ b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_ns.S
diff --git a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S
index aca6a49af..aca6a49af 100644
--- a/platform/ext/target/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S
+++ b/platform/ext/target/arm/mps2/an519/gcc/startup_cmsdk_mps2_an519_s.S
diff --git a/platform/ext/target/mps2/an519/iar/mps2_an519_bl2.icf b/platform/ext/target/arm/mps2/an519/iar/mps2_an519_bl2.icf
index 9bdd8bf3e..9bdd8bf3e 100644
--- a/platform/ext/target/mps2/an519/iar/mps2_an519_bl2.icf
+++ b/platform/ext/target/arm/mps2/an519/iar/mps2_an519_bl2.icf
diff --git a/platform/ext/target/mps2/an519/iar/mps2_an519_ns.icf b/platform/ext/target/arm/mps2/an519/iar/mps2_an519_ns.icf
index 1eb6137e3..1eb6137e3 100644
--- a/platform/ext/target/mps2/an519/iar/mps2_an519_ns.icf
+++ b/platform/ext/target/arm/mps2/an519/iar/mps2_an519_ns.icf
diff --git a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s
index 753e5f661..753e5f661 100644
--- a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s
+++ b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_bl2.s
diff --git a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s
index 62b98c6d4..62b98c6d4 100644
--- a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s
+++ b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_ns.s
diff --git a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s
index d1043e92c..d1043e92c 100644
--- a/platform/ext/target/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s
+++ b/platform/ext/target/arm/mps2/an519/iar/startup_cmsdk_mps2_an519_s.s
diff --git a/platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.c b/platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.c
index d61ae483a..d61ae483a 100644
--- a/platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.c
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.c
diff --git a/platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.h b/platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.h
index 64d82000d..64d82000d 100644
--- a/platform/ext/target/mps2/an519/native_drivers/arm_uart_drv.h
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/arm_uart_drv.h
diff --git a/platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.c b/platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.c
index e842681cd..e842681cd 100644
--- a/platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.c
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.c
diff --git a/platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.h b/platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.h
index 02bd1d919..02bd1d919 100644
--- a/platform/ext/target/mps2/an519/native_drivers/mpc_sie200_drv.h
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/mpc_sie200_drv.h
diff --git a/platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.c b/platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.c
index 9a2656cd4..9a2656cd4 100644
--- a/platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.c
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.c
diff --git a/platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.h b/platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.h
index 70590bcd2..70590bcd2 100644
--- a/platform/ext/target/mps2/an519/native_drivers/mpu_armv8m_drv.h
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/mpu_armv8m_drv.h
diff --git a/platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.c b/platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.c
index 8db96e24a..8db96e24a 100644
--- a/platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.c
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.c
diff --git a/platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.h b/platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.h
index c09650bac..c09650bac 100644
--- a/platform/ext/target/mps2/an519/native_drivers/ppc_sse200_drv.h
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/ppc_sse200_drv.h
diff --git a/platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c b/platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c
index 1037f2da0..1037f2da0 100644
--- a/platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.c
diff --git a/platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h b/platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h
index 52d9d5c98..52d9d5c98 100644
--- a/platform/ext/target/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h
+++ b/platform/ext/target/arm/mps2/an519/native_drivers/timer_cmsdk/timer_cmsdk.h
diff --git a/platform/ext/target/mps2/an519/partition/flash_layout.h b/platform/ext/target/arm/mps2/an519/partition/flash_layout.h
index 6c3208d8f..6c3208d8f 100644
--- a/platform/ext/target/mps2/an519/partition/flash_layout.h
+++ b/platform/ext/target/arm/mps2/an519/partition/flash_layout.h
diff --git a/platform/ext/target/mps2/an519/partition/region_defs.h b/platform/ext/target/arm/mps2/an519/partition/region_defs.h
index 417aa23e1..417aa23e1 100644
--- a/platform/ext/target/mps2/an519/partition/region_defs.h
+++ b/platform/ext/target/arm/mps2/an519/partition/region_defs.h
diff --git a/platform/ext/target/mps2/an519/plat_test.c b/platform/ext/target/arm/mps2/an519/plat_test.c
index e77eb1a2a..e77eb1a2a 100644
--- a/platform/ext/target/mps2/an519/plat_test.c
+++ b/platform/ext/target/arm/mps2/an519/plat_test.c
diff --git a/platform/ext/target/mps2/an519/preload.cmake b/platform/ext/target/arm/mps2/an519/preload.cmake
index 31d5c7481..31d5c7481 100644
--- a/platform/ext/target/mps2/an519/preload.cmake
+++ b/platform/ext/target/arm/mps2/an519/preload.cmake
diff --git a/platform/ext/target/mps2/an519/retarget/platform_retarget.h b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget.h
index aeed37663..aeed37663 100644
--- a/platform/ext/target/mps2/an519/retarget/platform_retarget.h
+++ b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget.h
diff --git a/platform/ext/target/mps2/an519/retarget/platform_retarget_dev.c b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c
index f76347996..f76347996 100644
--- a/platform/ext/target/mps2/an519/retarget/platform_retarget_dev.c
+++ b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c
diff --git a/platform/ext/target/mps2/an519/retarget/platform_retarget_dev.h b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.h
index d8028d7c1..d8028d7c1 100644
--- a/platform/ext/target/mps2/an519/retarget/platform_retarget_dev.h
+++ b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.h
diff --git a/platform/ext/target/mps2/an519/retarget/platform_retarget_pins.h b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_pins.h
index a20f584f4..a20f584f4 100644
--- a/platform/ext/target/mps2/an519/retarget/platform_retarget_pins.h
+++ b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_pins.h
diff --git a/platform/ext/target/mps2/an519/services/src/tfm_platform_system.c b/platform/ext/target/arm/mps2/an519/services/src/tfm_platform_system.c
index 44fafbccd..44fafbccd 100644
--- a/platform/ext/target/mps2/an519/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/mps2/an519/services/src/tfm_platform_system.c
diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/arm/mps2/an519/spm_hal.c
index 02cd47a97..c192152c7 100644
--- a/platform/ext/target/mps2/an519/spm_hal.c
+++ b/platform/ext/target/arm/mps2/an519/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -22,11 +22,9 @@ extern ARM_DRIVER_MPC Driver_SRAM1_MPC;
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/mps2/an519/target_cfg.c b/platform/ext/target/arm/mps2/an519/target_cfg.c
index 9127926bf..9127926bf 100644
--- a/platform/ext/target/mps2/an519/target_cfg.c
+++ b/platform/ext/target/arm/mps2/an519/target_cfg.c
diff --git a/platform/ext/target/mps2/an519/target_cfg.h b/platform/ext/target/arm/mps2/an519/target_cfg.h
index f427b5f19..f427b5f19 100644
--- a/platform/ext/target/mps2/an519/target_cfg.h
+++ b/platform/ext/target/arm/mps2/an519/target_cfg.h
diff --git a/platform/ext/target/mps2/an519/tfm_hal_isolation.c b/platform/ext/target/arm/mps2/an519/tfm_hal_isolation.c
index a396e51ab..a396e51ab 100644
--- a/platform/ext/target/mps2/an519/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/mps2/an519/tfm_hal_isolation.c
diff --git a/platform/ext/target/mps2/an519/tfm_peripherals_def.h b/platform/ext/target/arm/mps2/an519/tfm_peripherals_def.h
index 4ddf169ea..4ddf169ea 100644
--- a/platform/ext/target/mps2/an519/tfm_peripherals_def.h
+++ b/platform/ext/target/arm/mps2/an519/tfm_peripherals_def.h
diff --git a/platform/ext/target/mps2/an521/CMakeLists.txt b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
index d1ca90d9b..840fded59 100644
--- a/platform/ext/target/mps2/an521/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
@@ -167,3 +167,21 @@ if(BL2)
native_drivers
)
endif()
+
+#========================= Crypto =============================================#
+
+target_sources(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<BOOL:${TFM_PSA_API}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_nv_seed.c>
+ $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_dummy_nv_seed.c>
+)
+
+target_compile_definitions(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:PLATFORM_DUMMY_NV_SEED>
+)
+
+target_include_directories(crypto_service_mbedcrypto
+ PUBLIC
+ ${CMAKE_SOURCE_DIR}/platform/include
+)
diff --git a/platform/ext/target/mps2/an521/RTE_Device.h b/platform/ext/target/arm/mps2/an521/RTE_Device.h
index 3eef147e1..3eef147e1 100644
--- a/platform/ext/target/mps2/an521/RTE_Device.h
+++ b/platform/ext/target/arm/mps2/an521/RTE_Device.h
diff --git a/platform/ext/target/mps2/an521/armclang/mps2_an521_bl2.sct b/platform/ext/target/arm/mps2/an521/armclang/mps2_an521_bl2.sct
index 6a6bcd481..6a6bcd481 100644
--- a/platform/ext/target/mps2/an521/armclang/mps2_an521_bl2.sct
+++ b/platform/ext/target/arm/mps2/an521/armclang/mps2_an521_bl2.sct
diff --git a/platform/ext/target/mps2/an521/armclang/mps2_an521_ns.sct b/platform/ext/target/arm/mps2/an521/armclang/mps2_an521_ns.sct
index e25b2d72f..e25b2d72f 100644
--- a/platform/ext/target/mps2/an521/armclang/mps2_an521_ns.sct
+++ b/platform/ext/target/arm/mps2/an521/armclang/mps2_an521_ns.sct
diff --git a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s
index 615d608c6..615d608c6 100644
--- a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s
+++ b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_bl2.s
diff --git a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s
index 96089a15f..96089a15f 100644
--- a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s
+++ b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_ns.s
diff --git a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s
index 23f2cc88d..23f2cc88d 100644
--- a/platform/ext/target/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s
+++ b/platform/ext/target/arm/mps2/an521/armclang/startup_cmsdk_mps2_an521_s.s
diff --git a/platform/ext/target/mps2/an521/boot_hal.c b/platform/ext/target/arm/mps2/an521/boot_hal.c
index 9e9397248..9e9397248 100644
--- a/platform/ext/target/mps2/an521/boot_hal.c
+++ b/platform/ext/target/arm/mps2/an521/boot_hal.c
diff --git a/platform/ext/target/mps2/an521/cmsis_core/cmsis.h b/platform/ext/target/arm/mps2/an521/cmsis_core/cmsis.h
index 8c82e5a47..8c82e5a47 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/cmsis.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/cmsis.h
diff --git a/platform/ext/target/mps2/an521/cmsis_core/cmsis_cpu.h b/platform/ext/target/arm/mps2/an521/cmsis_core/cmsis_cpu.h
index b94fcd9a4..b94fcd9a4 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/cmsis_cpu.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/cmsis_cpu.h
diff --git a/platform/ext/target/mps2/an521/cmsis_core/mps2_an521.h b/platform/ext/target/arm/mps2/an521/cmsis_core/mps2_an521.h
index a42670a87..a42670a87 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/mps2_an521.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/mps2_an521.h
diff --git a/platform/ext/target/mps2/an521/cmsis_core/platform_irq.h b/platform/ext/target/arm/mps2/an521/cmsis_core/platform_irq.h
index a27571499..a27571499 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/platform_irq.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/platform_irq.h
diff --git a/platform/ext/target/mps2/an521/cmsis_core/platform_regs.h b/platform/ext/target/arm/mps2/an521/cmsis_core/platform_regs.h
index 5844b6074..5844b6074 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/platform_regs.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/platform_regs.h
diff --git a/platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c b/platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c
index c4d42fc8c..c4d42fc8c 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.c
diff --git a/platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h b/platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h
index 0bd1727f6..0bd1727f6 100644
--- a/platform/ext/target/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_core/system_cmsdk_mps2_an521.h
diff --git a/platform/ext/target/mps2/an521/cmsis_driver_config.h b/platform/ext/target/arm/mps2/an521/cmsis_driver_config.h
index cab3b63d8..cab3b63d8 100644
--- a/platform/ext/target/mps2/an521/cmsis_driver_config.h
+++ b/platform/ext/target/arm/mps2/an521/cmsis_driver_config.h
diff --git a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_Flash.c b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_Flash.c
index 525956d4a..525956d4a 100644
--- a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_Flash.c
+++ b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_Flash.c
diff --git a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_MPC.c b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_MPC.c
index b0e62dddd..b0e62dddd 100644
--- a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_MPC.c
+++ b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_MPC.c
diff --git a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_PPC.c b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_PPC.c
index fc198a2bd..fc198a2bd 100644
--- a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_PPC.c
+++ b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_PPC.c
diff --git a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_USART.c b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_USART.c
index 3b35d0a9d..3b35d0a9d 100644
--- a/platform/ext/target/mps2/an521/cmsis_drivers/Driver_USART.c
+++ b/platform/ext/target/arm/mps2/an521/cmsis_drivers/Driver_USART.c
diff --git a/platform/ext/target/arm/mps2/an521/config.cmake b/platform/ext/target/arm/mps2/an521/config.cmake
new file mode 100644
index 000000000..b0dbc04c5
--- /dev/null
+++ b/platform/ext/target/arm/mps2/an521/config.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/arm/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
+
+if(TFM_PSA_API)
+ set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH ${CMAKE_CURRENT_LIST_DIR}/mbedtls_an521_conf.h CACHE FILEPATH "Config to append to standard Mbed Crypto config, used by platforms to configure feature support")
+ set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
+endif()
diff --git a/platform/ext/target/mps2/an521/device_cfg.h b/platform/ext/target/arm/mps2/an521/device_cfg.h
index 2a0f944f1..2a0f944f1 100644
--- a/platform/ext/target/mps2/an521/device_cfg.h
+++ b/platform/ext/target/arm/mps2/an521/device_cfg.h
diff --git a/platform/ext/target/mps2/an521/gcc/mps2_an521_bl2.ld b/platform/ext/target/arm/mps2/an521/gcc/mps2_an521_bl2.ld
index 1b4b99559..1b4b99559 100644
--- a/platform/ext/target/mps2/an521/gcc/mps2_an521_bl2.ld
+++ b/platform/ext/target/arm/mps2/an521/gcc/mps2_an521_bl2.ld
diff --git a/platform/ext/target/mps2/an521/gcc/mps2_an521_ns.ld b/platform/ext/target/arm/mps2/an521/gcc/mps2_an521_ns.ld
index da4dfe5e9..da4dfe5e9 100644
--- a/platform/ext/target/mps2/an521/gcc/mps2_an521_ns.ld
+++ b/platform/ext/target/arm/mps2/an521/gcc/mps2_an521_ns.ld
diff --git a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S
index a841d043d..a841d043d 100644
--- a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S
+++ b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_bl2.S
diff --git a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S
index cc55453bc..cc55453bc 100644
--- a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S
+++ b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_ns.S
diff --git a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S
index b2063174d..b2063174d 100644
--- a/platform/ext/target/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S
+++ b/platform/ext/target/arm/mps2/an521/gcc/startup_cmsdk_mps2_an521_s.S
diff --git a/platform/ext/target/mps2/an521/generated_file_list.yaml b/platform/ext/target/arm/mps2/an521/generated_file_list.yaml
index fc36ea2f4..fc36ea2f4 100644
--- a/platform/ext/target/mps2/an521/generated_file_list.yaml
+++ b/platform/ext/target/arm/mps2/an521/generated_file_list.yaml
diff --git a/platform/ext/target/mps2/an521/iar/mps2_an521_bl2.icf b/platform/ext/target/arm/mps2/an521/iar/mps2_an521_bl2.icf
index c336ef5a2..c336ef5a2 100644
--- a/platform/ext/target/mps2/an521/iar/mps2_an521_bl2.icf
+++ b/platform/ext/target/arm/mps2/an521/iar/mps2_an521_bl2.icf
diff --git a/platform/ext/target/mps2/an521/iar/mps2_an521_ns.icf b/platform/ext/target/arm/mps2/an521/iar/mps2_an521_ns.icf
index 440867a70..440867a70 100644
--- a/platform/ext/target/mps2/an521/iar/mps2_an521_ns.icf
+++ b/platform/ext/target/arm/mps2/an521/iar/mps2_an521_ns.icf
diff --git a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s
index 5b5079052..5b5079052 100644
--- a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s
+++ b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_bl2.s
diff --git a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s
index 403a90e3c..403a90e3c 100644
--- a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s
+++ b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_ns.s
diff --git a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s
index 713f22ce7..713f22ce7 100644
--- a/platform/ext/target/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s
+++ b/platform/ext/target/arm/mps2/an521/iar/startup_cmsdk_mps2_an521_s.s
diff --git a/platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h b/platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h
new file mode 100644
index 000000000..ba37aff9e
--- /dev/null
+++ b/platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __MBEDTLS_AN521_CONF_H__
+#define __MBEDTLS_AN521_CONF_H__
+
+#include "tfm_plat_crypto_nv_seed.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+#define MBEDTLS_ENTROPY_NV_SEED
+#ifndef MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO tfm_plat_crypto_nv_seed_read
+#endif
+#ifndef MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO tfm_plat_crypto_nv_seed_write
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __MBEDTLS_AN521_CONF_H__ */
diff --git a/platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.c b/platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.c
index d61ae483a..d61ae483a 100644
--- a/platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.c
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.c
diff --git a/platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.h b/platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.h
index 64d82000d..64d82000d 100644
--- a/platform/ext/target/mps2/an521/native_drivers/arm_uart_drv.h
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/arm_uart_drv.h
diff --git a/platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.c b/platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.c
index e842681cd..e842681cd 100644
--- a/platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.c
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.c
diff --git a/platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.h b/platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.h
index 02bd1d919..02bd1d919 100644
--- a/platform/ext/target/mps2/an521/native_drivers/mpc_sie200_drv.h
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/mpc_sie200_drv.h
diff --git a/platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.c b/platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.c
index 823181123..823181123 100644
--- a/platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.c
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.c
diff --git a/platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.h b/platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.h
index 78da63930..78da63930 100644
--- a/platform/ext/target/mps2/an521/native_drivers/mpu_armv8m_drv.h
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/mpu_armv8m_drv.h
diff --git a/platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.c b/platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.c
index 8db96e24a..8db96e24a 100644
--- a/platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.c
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.c
diff --git a/platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.h b/platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.h
index c09650bac..c09650bac 100644
--- a/platform/ext/target/mps2/an521/native_drivers/ppc_sse200_drv.h
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/ppc_sse200_drv.h
diff --git a/platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c b/platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c
index 1037f2da0..1037f2da0 100644
--- a/platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.c
diff --git a/platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h b/platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h
index 52d9d5c98..52d9d5c98 100644
--- a/platform/ext/target/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h
+++ b/platform/ext/target/arm/mps2/an521/native_drivers/timer_cmsdk/timer_cmsdk.h
diff --git a/platform/ext/target/mps2/an521/partition/flash_layout.h b/platform/ext/target/arm/mps2/an521/partition/flash_layout.h
index 6a0e442e6..6a0e442e6 100644
--- a/platform/ext/target/mps2/an521/partition/flash_layout.h
+++ b/platform/ext/target/arm/mps2/an521/partition/flash_layout.h
diff --git a/platform/ext/target/mps2/an521/partition/region_defs.h b/platform/ext/target/arm/mps2/an521/partition/region_defs.h
index bef2b5120..bef2b5120 100644
--- a/platform/ext/target/mps2/an521/partition/region_defs.h
+++ b/platform/ext/target/arm/mps2/an521/partition/region_defs.h
diff --git a/platform/ext/target/mps2/an521/plat_test.c b/platform/ext/target/arm/mps2/an521/plat_test.c
index 83528581a..83528581a 100644
--- a/platform/ext/target/mps2/an521/plat_test.c
+++ b/platform/ext/target/arm/mps2/an521/plat_test.c
diff --git a/platform/ext/target/mps2/an521/preload.cmake b/platform/ext/target/arm/mps2/an521/preload.cmake
index 436fed720..436fed720 100644
--- a/platform/ext/target/mps2/an521/preload.cmake
+++ b/platform/ext/target/arm/mps2/an521/preload.cmake
diff --git a/platform/ext/target/mps2/an521/retarget/platform_retarget.h b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget.h
index 9c93895fb..9c93895fb 100644
--- a/platform/ext/target/mps2/an521/retarget/platform_retarget.h
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget.h
diff --git a/platform/ext/target/mps2/an521/retarget/platform_retarget_dev.c b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
index 620b39075..620b39075 100644
--- a/platform/ext/target/mps2/an521/retarget/platform_retarget_dev.c
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
diff --git a/platform/ext/target/mps2/an521/retarget/platform_retarget_dev.h b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h
index 772a5af37..772a5af37 100644
--- a/platform/ext/target/mps2/an521/retarget/platform_retarget_dev.h
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h
diff --git a/platform/ext/target/mps2/an521/retarget/platform_retarget_pins.h b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_pins.h
index d2b7e438a..d2b7e438a 100644
--- a/platform/ext/target/mps2/an521/retarget/platform_retarget_pins.h
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_pins.h
diff --git a/platform/ext/target/mps2/an521/services/src/tfm_platform_system.c b/platform/ext/target/arm/mps2/an521/services/src/tfm_platform_system.c
index 93ba614c4..93ba614c4 100644
--- a/platform/ext/target/mps2/an521/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/mps2/an521/services/src/tfm_platform_system.c
diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/arm/mps2/an521/spm_hal.c
index 58dee4d88..9390b46fe 100644
--- a/platform/ext/target/mps2/an521/spm_hal.c
+++ b/platform/ext/target/arm/mps2/an521/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,16 +33,15 @@ uint32_t periph_num_count = 0;
#ifdef TFM_FIH_PROFILE_ON
fih_int tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
#else /* TFM_FIH_PROFILE_ON */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
#endif /* TFM_FIH_PROFILE_ON */
{
fih_int fih_rc = FIH_FAILURE;
- bool privileged = tfm_is_partition_privileged(partition_idx);
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/mps2/an521/target_cfg.c b/platform/ext/target/arm/mps2/an521/target_cfg.c
index a57a2e80c..a57a2e80c 100644
--- a/platform/ext/target/mps2/an521/target_cfg.c
+++ b/platform/ext/target/arm/mps2/an521/target_cfg.c
diff --git a/platform/ext/target/mps2/an521/target_cfg.h b/platform/ext/target/arm/mps2/an521/target_cfg.h
index 25cc28ae5..25cc28ae5 100644
--- a/platform/ext/target/mps2/an521/target_cfg.h
+++ b/platform/ext/target/arm/mps2/an521/target_cfg.h
diff --git a/platform/ext/target/mps2/an521/tfm_hal_isolation.c b/platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c
index dfafd3909..dfafd3909 100644
--- a/platform/ext/target/mps2/an521/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c
diff --git a/platform/ext/target/mps2/an521/tfm_peripherals_def.h b/platform/ext/target/arm/mps2/an521/tfm_peripherals_def.h
index c5b80bf3b..c5b80bf3b 100644
--- a/platform/ext/target/mps2/an521/tfm_peripherals_def.h
+++ b/platform/ext/target/arm/mps2/an521/tfm_peripherals_def.h
diff --git a/platform/ext/target/mps2/common/smm_mps2.h b/platform/ext/target/arm/mps2/common/smm_mps2.h
index 2d6fabe02..2d6fabe02 100644
--- a/platform/ext/target/mps2/common/smm_mps2.h
+++ b/platform/ext/target/arm/mps2/common/smm_mps2.h
diff --git a/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt b/platform/ext/target/arm/mps2/fvp_sse300/CMakeLists.txt
index 6b417cd94..6b417cd94 100644
--- a/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/fvp_sse300/CMakeLists.txt
diff --git a/platform/ext/target/mps2/fvp_sse300/boot_hal.c b/platform/ext/target/arm/mps2/fvp_sse300/boot_hal.c
index 9e9397248..9e9397248 100644
--- a/platform/ext/target/mps2/fvp_sse300/boot_hal.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/boot_hal.c
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c
index 25966e5eb..25966e5eb 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_Flash.c
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c
index 53a46180e..53a46180e 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_MPC.c
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c
index c16cc4aa0..c16cc4aa0 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.c
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h
index c07fed07f..c07fed07f 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_SSE300_PPC.h
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c
index cb3a14ad3..cb3a14ad3 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/Driver_USART.c
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h
index 92661543e..92661543e 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/RTE_Device.h
diff --git a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h
index ba3639413..ba3639413 100644
--- a/platform/ext/target/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/cmsis_drivers/config/cmsis_driver_config.h
diff --git a/platform/ext/target/mps2/fvp_sse300/config.cmake b/platform/ext/target/arm/mps2/fvp_sse300/config.cmake
index a81c8a113..a81c8a113 100644
--- a/platform/ext/target/mps2/fvp_sse300/config.cmake
+++ b/platform/ext/target/arm/mps2/fvp_sse300/config.cmake
diff --git a/platform/ext/target/mps2/fvp_sse300/device/config/device_cfg.h b/platform/ext/target/arm/mps2/fvp_sse300/device/config/device_cfg.h
index cdc20a0e8..cdc20a0e8 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/config/device_cfg.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/config/device_cfg.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/cmsis.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/cmsis.h
index dbd93f43d..dbd93f43d 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/cmsis.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/cmsis.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/device_definition.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/device_definition.h
index c83f0e699..c83f0e699 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/device_definition.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/device_definition.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/platform_description.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_description.h
index 8ec0197d3..8ec0197d3 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/platform_description.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_description.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/platform_irq.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_irq.h
index 7a90b8b8e..7a90b8b8e 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/platform_irq.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_irq.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/platform_regs.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_regs.h
index a3ec626b6..a3ec626b6 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/platform_regs.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/platform_regs.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/include/system_core_init.h b/platform/ext/target/arm/mps2/fvp_sse300/device/include/system_core_init.h
index 26e2cbd1c..26e2cbd1c 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/include/system_core_init.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/include/system_core_init.h
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct b/platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct
index 1f6a34aff..1f6a34aff 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_bl2.sct
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct b/platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct
index 92707b9ce..92707b9ce 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/armclang/fvp_sse300_mps2_ns.sct
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/device_definition.c b/platform/ext/target/arm/mps2/fvp_sse300/device/source/device_definition.c
index 5b57b7c65..5b57b7c65 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/device_definition.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/device_definition.c
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf b/platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf
index 05c2c8364..05c2c8364 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_bl2.icf
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf b/platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf
index 1eb6137e3..1eb6137e3 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/iar/fvp_sse300_mps2_ns.icf
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c
index e36715d06..e36715d06 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_bl2.c
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c
index 90230777e..90230777e 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_ns.c
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c
index 8c6046fb2..8c6046fb2 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/startup_fvp_sse300_mps2_s.c
diff --git a/platform/ext/target/mps2/fvp_sse300/device/source/system_core_init.c b/platform/ext/target/arm/mps2/fvp_sse300/device/source/system_core_init.c
index 99ef007b8..99ef007b8 100644
--- a/platform/ext/target/mps2/fvp_sse300/device/source/system_core_init.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/device/source/system_core_init.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c
index 23dbf50ac..23dbf50ac 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h
index 927d0a80d..927d0a80d 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpc_sie_drv.h
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c
index 0caa02467..0caa02467 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h
index de51999c3..de51999c3 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/mpu_armv8m_drv.h
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c
index 38d068d74..38d068d74 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h
index a3f7e1d70..a3f7e1d70 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/ppc_sse300_drv.h
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c
index c7b4b153a..c7b4b153a 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h
index d14d2f79e..d14d2f79e 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/systimer_armv8-m_drv.h
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c
index c3d123005..c3d123005 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.c
diff --git a/platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h
index 2d3278ef6..2d3278ef6 100644
--- a/platform/ext/target/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/native_drivers/uart_cmsdk_drv.h
diff --git a/platform/ext/target/mps2/fvp_sse300/partition/flash_layout.h b/platform/ext/target/arm/mps2/fvp_sse300/partition/flash_layout.h
index 9fc1db022..9fc1db022 100644
--- a/platform/ext/target/mps2/fvp_sse300/partition/flash_layout.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/partition/flash_layout.h
diff --git a/platform/ext/target/mps2/fvp_sse300/partition/platform_base_address.h b/platform/ext/target/arm/mps2/fvp_sse300/partition/platform_base_address.h
index c8bc75f52..c8bc75f52 100644
--- a/platform/ext/target/mps2/fvp_sse300/partition/platform_base_address.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/partition/platform_base_address.h
diff --git a/platform/ext/target/mps2/fvp_sse300/partition/region_defs.h b/platform/ext/target/arm/mps2/fvp_sse300/partition/region_defs.h
index 9f9d50616..9f9d50616 100644
--- a/platform/ext/target/mps2/fvp_sse300/partition/region_defs.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/partition/region_defs.h
diff --git a/platform/ext/target/mps2/fvp_sse300/plat_test.c b/platform/ext/target/arm/mps2/fvp_sse300/plat_test.c
index bdcbd48e4..bdcbd48e4 100644
--- a/platform/ext/target/mps2/fvp_sse300/plat_test.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/plat_test.c
diff --git a/platform/ext/target/mps2/fvp_sse300/preload.cmake b/platform/ext/target/arm/mps2/fvp_sse300/preload.cmake
index ae27ca9eb..ae27ca9eb 100644
--- a/platform/ext/target/mps2/fvp_sse300/preload.cmake
+++ b/platform/ext/target/arm/mps2/fvp_sse300/preload.cmake
diff --git a/platform/ext/target/mps2/fvp_sse300/services/src/tfm_platform_system.c b/platform/ext/target/arm/mps2/fvp_sse300/services/src/tfm_platform_system.c
index 44fafbccd..44fafbccd 100644
--- a/platform/ext/target/mps2/fvp_sse300/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/services/src/tfm_platform_system.c
diff --git a/platform/ext/target/mps2/fvp_sse300/spm_hal.c b/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c
index 6b2d8a6d4..ff26d6fc7 100644
--- a/platform/ext/target/mps2/fvp_sse300/spm_hal.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -27,11 +27,10 @@ uint32_t periph_num_count = 0;
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
- bool privileged = tfm_is_partition_privileged(partition_idx);
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/mps2/fvp_sse300/target_cfg.c b/platform/ext/target/arm/mps2/fvp_sse300/target_cfg.c
index 717661650..717661650 100644
--- a/platform/ext/target/mps2/fvp_sse300/target_cfg.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/target_cfg.c
diff --git a/platform/ext/target/mps2/fvp_sse300/target_cfg.h b/platform/ext/target/arm/mps2/fvp_sse300/target_cfg.h
index 6a8c97e68..6a8c97e68 100644
--- a/platform/ext/target/mps2/fvp_sse300/target_cfg.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/target_cfg.h
diff --git a/platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c b/platform/ext/target/arm/mps2/fvp_sse300/tfm_hal_isolation.c
index 4cbce3014..4cbce3014 100644
--- a/platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/tfm_hal_isolation.c
diff --git a/platform/ext/target/mps2/fvp_sse300/tfm_peripherals_def.h b/platform/ext/target/arm/mps2/fvp_sse300/tfm_peripherals_def.h
index ae21ca295..ae21ca295 100644
--- a/platform/ext/target/mps2/fvp_sse300/tfm_peripherals_def.h
+++ b/platform/ext/target/arm/mps2/fvp_sse300/tfm_peripherals_def.h
diff --git a/platform/ext/target/mps3/an524/CMakeLists.txt b/platform/ext/target/arm/mps3/an524/CMakeLists.txt
index e7244c4ff..e7244c4ff 100644
--- a/platform/ext/target/mps3/an524/CMakeLists.txt
+++ b/platform/ext/target/arm/mps3/an524/CMakeLists.txt
diff --git a/platform/ext/target/mps3/an524/boot_hal.c b/platform/ext/target/arm/mps3/an524/boot_hal.c
index 9e9397248..9e9397248 100644
--- a/platform/ext/target/mps3/an524/boot_hal.c
+++ b/platform/ext/target/arm/mps3/an524/boot_hal.c
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_Flash.c b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_Flash.c
index 0582300f8..0582300f8 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_Flash.c
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_Flash.c
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_MPC.c b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_MPC.c
index 5894ad863..5894ad863 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_MPC.c
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_MPC.c
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_PPC.c b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_PPC.c
index 9ffc35f51..9ffc35f51 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_PPC.c
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_PPC.c
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_USART.c b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_USART.c
index f127e761a..f127e761a 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/Driver_USART.c
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/Driver_USART.c
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/config/RTE_Device.h b/platform/ext/target/arm/mps3/an524/cmsis_drivers/config/RTE_Device.h
index 0f1106470..0f1106470 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/config/RTE_Device.h
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/config/RTE_Device.h
diff --git a/platform/ext/target/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h b/platform/ext/target/arm/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h
index 0644561e2..0644561e2 100644
--- a/platform/ext/target/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h
+++ b/platform/ext/target/arm/mps3/an524/cmsis_drivers/config/cmsis_driver_config.h
diff --git a/platform/ext/target/mps3/an524/config.cmake b/platform/ext/target/arm/mps3/an524/config.cmake
index a1a74a568..a1a74a568 100644
--- a/platform/ext/target/mps3/an524/config.cmake
+++ b/platform/ext/target/arm/mps3/an524/config.cmake
diff --git a/platform/ext/target/mps3/an524/device/config/device_cfg.h b/platform/ext/target/arm/mps3/an524/device/config/device_cfg.h
index 29e992e82..29e992e82 100644
--- a/platform/ext/target/mps3/an524/device/config/device_cfg.h
+++ b/platform/ext/target/arm/mps3/an524/device/config/device_cfg.h
diff --git a/platform/ext/target/mps3/an524/device/include/cmsis.h b/platform/ext/target/arm/mps3/an524/device/include/cmsis.h
index 44068a101..44068a101 100644
--- a/platform/ext/target/mps3/an524/device/include/cmsis.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/cmsis.h
diff --git a/platform/ext/target/mps3/an524/device/include/device_definition.h b/platform/ext/target/arm/mps3/an524/device/include/device_definition.h
index a978ac990..a978ac990 100644
--- a/platform/ext/target/mps3/an524/device/include/device_definition.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/device_definition.h
diff --git a/platform/ext/target/mps3/an524/device/include/platform_base_address.h b/platform/ext/target/arm/mps3/an524/device/include/platform_base_address.h
index 52d4b36b9..52d4b36b9 100644
--- a/platform/ext/target/mps3/an524/device/include/platform_base_address.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/platform_base_address.h
diff --git a/platform/ext/target/mps3/an524/device/include/platform_description.h b/platform/ext/target/arm/mps3/an524/device/include/platform_description.h
index 85fc44050..85fc44050 100644
--- a/platform/ext/target/mps3/an524/device/include/platform_description.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/platform_description.h
diff --git a/platform/ext/target/mps3/an524/device/include/platform_irq.h b/platform/ext/target/arm/mps3/an524/device/include/platform_irq.h
index c84684c82..c84684c82 100644
--- a/platform/ext/target/mps3/an524/device/include/platform_irq.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/platform_irq.h
diff --git a/platform/ext/target/mps3/an524/device/include/platform_pins.h b/platform/ext/target/arm/mps3/an524/device/include/platform_pins.h
index e5fcfccab..e5fcfccab 100644
--- a/platform/ext/target/mps3/an524/device/include/platform_pins.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/platform_pins.h
diff --git a/platform/ext/target/mps3/an524/device/include/platform_regs.h b/platform/ext/target/arm/mps3/an524/device/include/platform_regs.h
index 1e5e92fac..1e5e92fac 100644
--- a/platform/ext/target/mps3/an524/device/include/platform_regs.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/platform_regs.h
diff --git a/platform/ext/target/mps3/an524/device/include/system_core_init.h b/platform/ext/target/arm/mps3/an524/device/include/system_core_init.h
index ab59ce554..ab59ce554 100644
--- a/platform/ext/target/mps3/an524/device/include/system_core_init.h
+++ b/platform/ext/target/arm/mps3/an524/device/include/system_core_init.h
diff --git a/platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_bl2.sct b/platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_bl2.sct
index 5426db88e..5426db88e 100644
--- a/platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_bl2.sct
+++ b/platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_bl2.sct
diff --git a/platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_ns.sct b/platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_ns.sct
index 55d9774ca..55d9774ca 100644
--- a/platform/ext/target/mps3/an524/device/source/armclang/mps3_an524_ns.sct
+++ b/platform/ext/target/arm/mps3/an524/device/source/armclang/mps3_an524_ns.sct
diff --git a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s
index 98d325e0c..98d325e0c 100644
--- a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_bl2.s
diff --git a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s
index 47d22cc91..47d22cc91 100644
--- a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_ns.s
diff --git a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s
index ff9a8d322..ff9a8d322 100644
--- a/platform/ext/target/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/armclang/startup_cmsdk_mps3_an524_s.s
diff --git a/platform/ext/target/mps3/an524/device/source/device_definition.c b/platform/ext/target/arm/mps3/an524/device/source/device_definition.c
index 6e3834b41..6e3834b41 100644
--- a/platform/ext/target/mps3/an524/device/source/device_definition.c
+++ b/platform/ext/target/arm/mps3/an524/device/source/device_definition.c
diff --git a/platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_bl2.ld b/platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_bl2.ld
index ce1ffc099..ce1ffc099 100644
--- a/platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_bl2.ld
+++ b/platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_bl2.ld
diff --git a/platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_ns.ld b/platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_ns.ld
index 9488ae899..9488ae899 100644
--- a/platform/ext/target/mps3/an524/device/source/gcc/mps3_an524_ns.ld
+++ b/platform/ext/target/arm/mps3/an524/device/source/gcc/mps3_an524_ns.ld
diff --git a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S
index 93328a31c..93328a31c 100644
--- a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S
+++ b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_bl2.S
diff --git a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S
index beac3cd4a..beac3cd4a 100644
--- a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S
+++ b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_ns.S
diff --git a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S
index b8fb9302f..b8fb9302f 100644
--- a/platform/ext/target/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S
+++ b/platform/ext/target/arm/mps3/an524/device/source/gcc/startup_cmsdk_mps3_an524_s.S
diff --git a/platform/ext/target/mps3/an524/device/source/iar/mps3_an524_bl2.icf b/platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_bl2.icf
index aae828dc9..aae828dc9 100644
--- a/platform/ext/target/mps3/an524/device/source/iar/mps3_an524_bl2.icf
+++ b/platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_bl2.icf
diff --git a/platform/ext/target/mps3/an524/device/source/iar/mps3_an524_ns.icf b/platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_ns.icf
index 3eb9717d7..3eb9717d7 100644
--- a/platform/ext/target/mps3/an524/device/source/iar/mps3_an524_ns.icf
+++ b/platform/ext/target/arm/mps3/an524/device/source/iar/mps3_an524_ns.icf
diff --git a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s
index 164161c22..164161c22 100644
--- a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_bl2.s
diff --git a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s
index 66f060d52..66f060d52 100644
--- a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_ns.s
diff --git a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s
index 855a7af8e..855a7af8e 100644
--- a/platform/ext/target/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s
+++ b/platform/ext/target/arm/mps3/an524/device/source/iar/startup_cmsdk_mps3_an524_s.s
diff --git a/platform/ext/target/mps3/an524/device/source/system_core_init.c b/platform/ext/target/arm/mps3/an524/device/source/system_core_init.c
index 9aba91074..9aba91074 100644
--- a/platform/ext/target/mps3/an524/device/source/system_core_init.c
+++ b/platform/ext/target/arm/mps3/an524/device/source/system_core_init.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.c b/platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.c
index b6dd8e99f..b6dd8e99f 100644
--- a/platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.c
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.h b/platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.h
index 998a5f108..998a5f108 100644
--- a/platform/ext/target/mps3/an524/native_drivers/mpc_sie200_drv.h
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/mpc_sie200_drv.h
diff --git a/platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.c b/platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.c
index ad9efab9c..ad9efab9c 100644
--- a/platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.c
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.h b/platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.h
index d427604f3..d427604f3 100644
--- a/platform/ext/target/mps3/an524/native_drivers/mpu_armv8m_drv.h
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/mpu_armv8m_drv.h
diff --git a/platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.c b/platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.c
index dda05506d..dda05506d 100644
--- a/platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.c
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.h b/platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.h
index 7a08a8f9f..7a08a8f9f 100644
--- a/platform/ext/target/mps3/an524/native_drivers/ppc_sse200_drv.h
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/ppc_sse200_drv.h
diff --git a/platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.c b/platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.c
index b051909b2..b051909b2 100644
--- a/platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.c
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.h b/platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.h
index a374e63b0..a374e63b0 100644
--- a/platform/ext/target/mps3/an524/native_drivers/timer_cmsdk_drv.h
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/timer_cmsdk_drv.h
diff --git a/platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.c b/platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.c
index c3d123005..c3d123005 100644
--- a/platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.c
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.c
diff --git a/platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.h b/platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.h
index 2d3278ef6..2d3278ef6 100644
--- a/platform/ext/target/mps3/an524/native_drivers/uart_cmsdk_drv.h
+++ b/platform/ext/target/arm/mps3/an524/native_drivers/uart_cmsdk_drv.h
diff --git a/platform/ext/target/mps3/an524/partition/flash_layout.h b/platform/ext/target/arm/mps3/an524/partition/flash_layout.h
index 35e7d1e20..35e7d1e20 100644
--- a/platform/ext/target/mps3/an524/partition/flash_layout.h
+++ b/platform/ext/target/arm/mps3/an524/partition/flash_layout.h
diff --git a/platform/ext/target/mps3/an524/partition/region_defs.h b/platform/ext/target/arm/mps3/an524/partition/region_defs.h
index 089a3b72e..089a3b72e 100644
--- a/platform/ext/target/mps3/an524/partition/region_defs.h
+++ b/platform/ext/target/arm/mps3/an524/partition/region_defs.h
diff --git a/platform/ext/target/mps3/an524/plat_test.c b/platform/ext/target/arm/mps3/an524/plat_test.c
index cdfcfa209..cdfcfa209 100644
--- a/platform/ext/target/mps3/an524/plat_test.c
+++ b/platform/ext/target/arm/mps3/an524/plat_test.c
diff --git a/platform/ext/target/mps3/an524/preload.cmake b/platform/ext/target/arm/mps3/an524/preload.cmake
index 436fed720..436fed720 100644
--- a/platform/ext/target/mps3/an524/preload.cmake
+++ b/platform/ext/target/arm/mps3/an524/preload.cmake
diff --git a/platform/ext/target/mps3/an524/services/src/tfm_platform_system.c b/platform/ext/target/arm/mps3/an524/services/src/tfm_platform_system.c
index aa77e5d96..aa77e5d96 100644
--- a/platform/ext/target/mps3/an524/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/mps3/an524/services/src/tfm_platform_system.c
diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/arm/mps3/an524/spm_hal.c
index 8abe9d8a5..30907b20d 100644
--- a/platform/ext/target/mps3/an524/spm_hal.c
+++ b/platform/ext/target/arm/mps3/an524/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,11 +33,9 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/mps3/an524/target_cfg.c b/platform/ext/target/arm/mps3/an524/target_cfg.c
index 0648984c4..0648984c4 100644
--- a/platform/ext/target/mps3/an524/target_cfg.c
+++ b/platform/ext/target/arm/mps3/an524/target_cfg.c
diff --git a/platform/ext/target/mps3/an524/target_cfg.h b/platform/ext/target/arm/mps3/an524/target_cfg.h
index 8246b7aca..8246b7aca 100644
--- a/platform/ext/target/mps3/an524/target_cfg.h
+++ b/platform/ext/target/arm/mps3/an524/target_cfg.h
diff --git a/platform/ext/target/mps3/an524/tfm_hal_isolation.c b/platform/ext/target/arm/mps3/an524/tfm_hal_isolation.c
index 0f27cba96..0f27cba96 100644
--- a/platform/ext/target/mps3/an524/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/mps3/an524/tfm_hal_isolation.c
diff --git a/platform/ext/target/mps3/an524/tfm_peripherals_def.h b/platform/ext/target/arm/mps3/an524/tfm_peripherals_def.h
index 643046cd0..643046cd0 100644
--- a/platform/ext/target/mps3/an524/tfm_peripherals_def.h
+++ b/platform/ext/target/arm/mps3/an524/tfm_peripherals_def.h
diff --git a/platform/ext/target/mps3/an547/CMakeLists.txt b/platform/ext/target/arm/mps3/an547/CMakeLists.txt
index 51e36bed2..51e36bed2 100644
--- a/platform/ext/target/mps3/an547/CMakeLists.txt
+++ b/platform/ext/target/arm/mps3/an547/CMakeLists.txt
diff --git a/platform/ext/target/mps3/an547/README.rst b/platform/ext/target/arm/mps3/an547/README.rst
index 65c47ad49..6760ef696 100644
--- a/platform/ext/target/mps3/an547/README.rst
+++ b/platform/ext/target/arm/mps3/an547/README.rst
@@ -4,18 +4,19 @@ Corstone-300 Ethos-U55 FPGA and FVP
Building TF-M
-------------
-Follow the instructions in Getting started guide / 2. Build instructions with platform name: mps3/an547 (-DTFM_PLATFORM=mps3/an547).
+Follow the instructions in :doc:`Building instructions </docs/getting_started/tfm_build_instruction>`.
+Build instructions with platform name: mps3/an547 (-DTFM_PLATFORM=mps3/an547).
-Note
-----
+.. note::
-This platform support does not provide software for Ethos-U55 IP, only contains base address and interrupt number for it.
+ This platform support does not provide software for Ethos-U55 IP, only
+ contains base address and interrupt number for it.
-Note
-----
+.. note::
-The built binaries can be run on both the Corstone-300 Ethos-U55 Ecosystem FVP (FVP_SSE300_MPS3) and Corstone SSE-300 with
-Ethos-U55 Example Subsystem for MPS3 (AN547).
+ The built binaries can be run on both the Corstone-300 Ethos-U55 Ecosystem
+ FVP (FVP_SSE300_MPS3) and Corstone SSE-300 with Ethos-U55 Example Subsystem
+ for MPS3 (AN547).
To run the example code on Corstone SSE-300 with Ethos-U55 Example Subsystem for MPS3 (AN547)
---------------------------------------------------------------------------------------------
diff --git a/platform/ext/target/mps3/an547/boot_hal.c b/platform/ext/target/arm/mps3/an547/boot_hal.c
index 9e9397248..9e9397248 100644
--- a/platform/ext/target/mps3/an547/boot_hal.c
+++ b/platform/ext/target/arm/mps3/an547/boot_hal.c
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c
index 4b24631f7..4b24631f7 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_AN547_MPC.c
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_Flash.c b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_Flash.c
index 06d3546f0..06d3546f0 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_Flash.c
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_Flash.c
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c
index c16cc4aa0..c16cc4aa0 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.c
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h
index c07fed07f..c07fed07f 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_SSE300_PPC.h
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_USART.c b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_USART.c
index cb3a14ad3..cb3a14ad3 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/Driver_USART.c
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/Driver_USART.c
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/config/RTE_Device.h b/platform/ext/target/arm/mps3/an547/cmsis_drivers/config/RTE_Device.h
index ef808ce67..ef808ce67 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/config/RTE_Device.h
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/config/RTE_Device.h
diff --git a/platform/ext/target/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h b/platform/ext/target/arm/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h
index edc4633a2..edc4633a2 100644
--- a/platform/ext/target/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h
+++ b/platform/ext/target/arm/mps3/an547/cmsis_drivers/config/cmsis_driver_config.h
diff --git a/platform/ext/target/mps3/an547/config.cmake b/platform/ext/target/arm/mps3/an547/config.cmake
index a81c8a113..a81c8a113 100644
--- a/platform/ext/target/mps3/an547/config.cmake
+++ b/platform/ext/target/arm/mps3/an547/config.cmake
diff --git a/platform/ext/target/mps3/an547/device/config/device_cfg.h b/platform/ext/target/arm/mps3/an547/device/config/device_cfg.h
index 33a2b90a7..33a2b90a7 100644
--- a/platform/ext/target/mps3/an547/device/config/device_cfg.h
+++ b/platform/ext/target/arm/mps3/an547/device/config/device_cfg.h
diff --git a/platform/ext/target/mps3/an547/device/include/cmsis.h b/platform/ext/target/arm/mps3/an547/device/include/cmsis.h
index dbd93f43d..dbd93f43d 100644
--- a/platform/ext/target/mps3/an547/device/include/cmsis.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/cmsis.h
diff --git a/platform/ext/target/mps3/an547/device/include/device_definition.h b/platform/ext/target/arm/mps3/an547/device/include/device_definition.h
index 754f8dd15..754f8dd15 100644
--- a/platform/ext/target/mps3/an547/device/include/device_definition.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/device_definition.h
diff --git a/platform/ext/target/mps3/an547/device/include/platform_description.h b/platform/ext/target/arm/mps3/an547/device/include/platform_description.h
index 6800c0557..6800c0557 100644
--- a/platform/ext/target/mps3/an547/device/include/platform_description.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/platform_description.h
diff --git a/platform/ext/target/mps3/an547/device/include/platform_irq.h b/platform/ext/target/arm/mps3/an547/device/include/platform_irq.h
index ae706ba5c..ae706ba5c 100644
--- a/platform/ext/target/mps3/an547/device/include/platform_irq.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/platform_irq.h
diff --git a/platform/ext/target/mps3/an547/device/include/platform_pins.h b/platform/ext/target/arm/mps3/an547/device/include/platform_pins.h
index f5eda8cef..f5eda8cef 100644
--- a/platform/ext/target/mps3/an547/device/include/platform_pins.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/platform_pins.h
diff --git a/platform/ext/target/mps3/an547/device/include/platform_regs.h b/platform/ext/target/arm/mps3/an547/device/include/platform_regs.h
index 696d95f39..696d95f39 100644
--- a/platform/ext/target/mps3/an547/device/include/platform_regs.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/platform_regs.h
diff --git a/platform/ext/target/mps3/an547/device/include/system_core_init.h b/platform/ext/target/arm/mps3/an547/device/include/system_core_init.h
index feba5e9aa..feba5e9aa 100644
--- a/platform/ext/target/mps3/an547/device/include/system_core_init.h
+++ b/platform/ext/target/arm/mps3/an547/device/include/system_core_init.h
diff --git a/platform/ext/target/mps3/an547/device/source/armclang/an547_bl2.sct b/platform/ext/target/arm/mps3/an547/device/source/armclang/an547_bl2.sct
index 1f6a34aff..1f6a34aff 100644
--- a/platform/ext/target/mps3/an547/device/source/armclang/an547_bl2.sct
+++ b/platform/ext/target/arm/mps3/an547/device/source/armclang/an547_bl2.sct
diff --git a/platform/ext/target/mps3/an547/device/source/armclang/an547_ns.sct b/platform/ext/target/arm/mps3/an547/device/source/armclang/an547_ns.sct
index 92707b9ce..92707b9ce 100644
--- a/platform/ext/target/mps3/an547/device/source/armclang/an547_ns.sct
+++ b/platform/ext/target/arm/mps3/an547/device/source/armclang/an547_ns.sct
diff --git a/platform/ext/target/mps3/an547/device/source/device_definition.c b/platform/ext/target/arm/mps3/an547/device/source/device_definition.c
index 4a18c1c82..4a18c1c82 100644
--- a/platform/ext/target/mps3/an547/device/source/device_definition.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/device_definition.c
diff --git a/platform/ext/target/mps3/an547/device/source/startup_an547_bl2.c b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_bl2.c
index b64ffa044..b64ffa044 100644
--- a/platform/ext/target/mps3/an547/device/source/startup_an547_bl2.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_bl2.c
diff --git a/platform/ext/target/mps3/an547/device/source/startup_an547_ns.c b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_ns.c
index 4118c5383..4118c5383 100644
--- a/platform/ext/target/mps3/an547/device/source/startup_an547_ns.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_ns.c
diff --git a/platform/ext/target/mps3/an547/device/source/startup_an547_s.c b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c
index 66d6ce144..66d6ce144 100644
--- a/platform/ext/target/mps3/an547/device/source/startup_an547_s.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c
diff --git a/platform/ext/target/mps3/an547/device/source/system_core_init.c b/platform/ext/target/arm/mps3/an547/device/source/system_core_init.c
index 6fe49b325..6fe49b325 100644
--- a/platform/ext/target/mps3/an547/device/source/system_core_init.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/system_core_init.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.c
index 23dbf50ac..23dbf50ac 100644
--- a/platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.h
index 927d0a80d..927d0a80d 100644
--- a/platform/ext/target/mps3/an547/native_drivers/mpc_sie_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/mpc_sie_drv.h
diff --git a/platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.c
index 0caa02467..0caa02467 100644
--- a/platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.h
index de51999c3..de51999c3 100644
--- a/platform/ext/target/mps3/an547/native_drivers/mpu_armv8m_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/mpu_armv8m_drv.h
diff --git a/platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.c
index 38d068d74..38d068d74 100644
--- a/platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.h
index a3f7e1d70..a3f7e1d70 100644
--- a/platform/ext/target/mps3/an547/native_drivers/ppc_sse300_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/ppc_sse300_drv.h
diff --git a/platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c
index 832bb0292..832bb0292 100644
--- a/platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h
index e84786d23..e84786d23 100644
--- a/platform/ext/target/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/syscounter_armv8-m_cntrl_drv.h
diff --git a/platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.c
index c7b4b153a..c7b4b153a 100644
--- a/platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.h
index d14d2f79e..d14d2f79e 100644
--- a/platform/ext/target/mps3/an547/native_drivers/systimer_armv8-m_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/systimer_armv8-m_drv.h
diff --git a/platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.c b/platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.c
index c3d123005..c3d123005 100644
--- a/platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.c
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.c
diff --git a/platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.h b/platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.h
index 2d3278ef6..2d3278ef6 100644
--- a/platform/ext/target/mps3/an547/native_drivers/uart_cmsdk_drv.h
+++ b/platform/ext/target/arm/mps3/an547/native_drivers/uart_cmsdk_drv.h
diff --git a/platform/ext/target/mps3/an547/partition/flash_layout.h b/platform/ext/target/arm/mps3/an547/partition/flash_layout.h
index a571b07ad..a571b07ad 100644
--- a/platform/ext/target/mps3/an547/partition/flash_layout.h
+++ b/platform/ext/target/arm/mps3/an547/partition/flash_layout.h
diff --git a/platform/ext/target/mps3/an547/partition/platform_base_address.h b/platform/ext/target/arm/mps3/an547/partition/platform_base_address.h
index ba3923556..ba3923556 100644
--- a/platform/ext/target/mps3/an547/partition/platform_base_address.h
+++ b/platform/ext/target/arm/mps3/an547/partition/platform_base_address.h
diff --git a/platform/ext/target/mps3/an547/partition/region_defs.h b/platform/ext/target/arm/mps3/an547/partition/region_defs.h
index bf747de85..bf747de85 100644
--- a/platform/ext/target/mps3/an547/partition/region_defs.h
+++ b/platform/ext/target/arm/mps3/an547/partition/region_defs.h
diff --git a/platform/ext/target/mps3/an547/plat_test.c b/platform/ext/target/arm/mps3/an547/plat_test.c
index 12bd4372e..12bd4372e 100644
--- a/platform/ext/target/mps3/an547/plat_test.c
+++ b/platform/ext/target/arm/mps3/an547/plat_test.c
diff --git a/platform/ext/target/mps3/an547/preload.cmake b/platform/ext/target/arm/mps3/an547/preload.cmake
index ae27ca9eb..ae27ca9eb 100644
--- a/platform/ext/target/mps3/an547/preload.cmake
+++ b/platform/ext/target/arm/mps3/an547/preload.cmake
diff --git a/platform/ext/target/mps3/an547/services/src/tfm_platform_system.c b/platform/ext/target/arm/mps3/an547/services/src/tfm_platform_system.c
index 44fafbccd..44fafbccd 100644
--- a/platform/ext/target/mps3/an547/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/mps3/an547/services/src/tfm_platform_system.c
diff --git a/platform/ext/target/mps3/an547/spm_hal.c b/platform/ext/target/arm/mps3/an547/spm_hal.c
index 840deac1b..e8c8c8d68 100644
--- a/platform/ext/target/mps3/an547/spm_hal.c
+++ b/platform/ext/target/arm/mps3/an547/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -29,11 +29,10 @@ uint32_t periph_num_count = 0;
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
- bool privileged = tfm_is_partition_privileged(partition_idx);
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/mps3/an547/target_cfg.c b/platform/ext/target/arm/mps3/an547/target_cfg.c
index ef9c023b4..ef9c023b4 100644
--- a/platform/ext/target/mps3/an547/target_cfg.c
+++ b/platform/ext/target/arm/mps3/an547/target_cfg.c
diff --git a/platform/ext/target/mps3/an547/target_cfg.h b/platform/ext/target/arm/mps3/an547/target_cfg.h
index 6f0e4f833..6f0e4f833 100644
--- a/platform/ext/target/mps3/an547/target_cfg.h
+++ b/platform/ext/target/arm/mps3/an547/target_cfg.h
diff --git a/platform/ext/target/mps3/an547/tfm_hal_isolation.c b/platform/ext/target/arm/mps3/an547/tfm_hal_isolation.c
index 419ad0fe0..419ad0fe0 100644
--- a/platform/ext/target/mps3/an547/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/mps3/an547/tfm_hal_isolation.c
diff --git a/platform/ext/target/mps3/an547/tfm_peripherals_def.h b/platform/ext/target/arm/mps3/an547/tfm_peripherals_def.h
index 1c00be592..1c00be592 100644
--- a/platform/ext/target/mps3/an547/tfm_peripherals_def.h
+++ b/platform/ext/target/arm/mps3/an547/tfm_peripherals_def.h
diff --git a/platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c b/platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c
index c929e7e0e..c929e7e0e 100644
--- a/platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c
+++ b/platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_GFC100_EFlash.c
diff --git a/platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c b/platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c
index 195cb80ac..195cb80ac 100644
--- a/platform/ext/target/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c
+++ b/platform/ext/target/arm/musca_b1/common/CMSIS_Driver/Driver_QSPI_Flash.c
diff --git a/platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.c b/platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.c
index 578cc5b37..578cc5b37 100644
--- a/platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.c
+++ b/platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.c
diff --git a/platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.h b/platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.h
index c2dac2ca2..c2dac2ca2 100644
--- a/platform/ext/target/musca_b1/common/Libraries/mt25ql_flash_lib.h
+++ b/platform/ext/target/arm/musca_b1/common/Libraries/mt25ql_flash_lib.h
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.c b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.c
index b8bf522c9..b8bf522c9 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.c
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.c
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.h b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.h
index b4d6cfbc7..b4d6cfbc7 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_eflash_drv.h
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_eflash_drv.h
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_process_spec_api.h b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_process_spec_api.h
index 723ea25dd..723ea25dd 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/gfc100_process_spec_api.h
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/gfc100_process_spec_api.h
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.c b/platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.c
index b228c3f19..b228c3f19 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.c
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.c
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.h b/platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.h
index 08e0dd3b2..08e0dd3b2 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/mhu_v2_x.h
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/mhu_v2_x.h
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c b/platform/ext/target/arm/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c
index ccfde9ce3..ccfde9ce3 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/musca_b1_eflash_drv.c
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c b/platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c
index bb13a4219..bb13a4219 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.c
diff --git a/platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h b/platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h
index 69929255d..69929255d 100644
--- a/platform/ext/target/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h
+++ b/platform/ext/target/arm/musca_b1/common/Native_Driver/qspi_ip6514e_drv.h
diff --git a/platform/ext/target/musca_b1/generated_file_list.yaml b/platform/ext/target/arm/musca_b1/generated_file_list.yaml
index ff0182422..ff0182422 100644
--- a/platform/ext/target/musca_b1/generated_file_list.yaml
+++ b/platform/ext/target/arm/musca_b1/generated_file_list.yaml
diff --git a/platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h b/platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h
index 6303551db..6303551db 100644
--- a/platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/RTE_Device.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h b/platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h
index b633da37b..b633da37b 100644
--- a/platform/ext/target/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/CMSIS_Driver/Config/cmsis_driver_config.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/CMakeLists.txt b/platform/ext/target/arm/musca_b1/secure_enclave/CMakeLists.txt
index 961a000e5..961a000e5 100644
--- a/platform/ext/target/musca_b1/secure_enclave/CMakeLists.txt
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/CMakeLists.txt
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Config/device_cfg.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Config/device_cfg.h
index b093b1952..b093b1952 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Config/device_cfg.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Config/device_cfg.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/cmsis.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/cmsis.h
index 97e564367..97e564367 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/cmsis.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/cmsis.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/device_definition.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/device_definition.h
index 2f1c02e99..2f1c02e99 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/device_definition.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/device_definition.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_base_address.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_base_address.h
index a0ee419a4..a0ee419a4 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_base_address.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_base_address.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_description.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_description.h
index 6ea03bacd..6ea03bacd 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_description.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_description.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_irq.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_irq.h
index a5df3f7dc..a5df3f7dc 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/platform_irq.h
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/platform_irq.h
diff --git a/platform/ext/target/musca_b1/secure_enclave/Device/Include/system_core_init.h b/platform/ext/target/arm/musca_b1/secure_enclave/Device/Include/system_core_init.h
index 8f4d33c43..8f4d33c43 100644
--- a/platform/ext/target/musca_b1/secure_enclave/Device/Include/system_core_init.h
+++ b/