diff options
-rw-r--r-- | CommonConfig.cmake | 8 | ||||
-rw-r--r-- | platform/ext/target/cypress/psoc64/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/mps2/an519/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/spm_hal.c | 14 | ||||
-rw-r--r-- | platform/ext/target/mps2/an539/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/mps3/an524/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/musca_a/spm_hal.c | 14 | ||||
-rw-r--r-- | platform/ext/target/musca_b1/spm_hal.c | 14 | ||||
-rw-r--r-- | platform/ext/target/musca_s1/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/sse-200_aws/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/include/tfm_spm_hal.h | 4 | ||||
-rw-r--r-- | secure_fw/core/tfm_core.c | 4 |
12 files changed, 45 insertions, 37 deletions
diff --git a/CommonConfig.cmake b/CommonConfig.cmake index c34ee5a53d..e1f1f7e51f 100644 --- a/CommonConfig.cmake +++ b/CommonConfig.cmake @@ -156,6 +156,10 @@ option(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE "Enable the TF-M internal trusted option(TFM_PARTITION_CRYPTO "Enable the TF-M crypto partition" ON) option(TFM_PARTITION_INITIAL_ATTESTATION "Enable the TF-M initial attestation partition" ON) +if (NOT TFM_LVL EQUAL 1 AND NOT DEFINED CONFIG_TFM_ENABLE_MEMORY_PROTECT) + set (CONFIG_TFM_ENABLE_MEMORY_PROTECT ON) +endif() + if (TFM_PARTITION_INITIAL_ATTESTATION OR TFM_PARTITION_SECURE_STORAGE) #PSA Initial Attestation and Protected storage rely on Cryptography API set(TFM_PARTITION_CRYPTO ON) @@ -309,6 +313,10 @@ if (TFM_PARTITION_TEST_SECURE_SERVICES) add_definitions(-DTFM_PARTITION_TEST_SECURE_SERVICES) endif() +if (CONFIG_TFM_ENABLE_MEMORY_PROTECT) + add_definitions(-DCONFIG_TFM_ENABLE_MEMORY_PROTECT) +endif() + if (PSA_API_TEST) add_definitions(-DPSA_API_TEST_NS) set(PSA_API_TEST_NS ON) diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c index d911020a0d..39e7deee6e 100644 --- a/platform/ext/target/cypress/psoc64/spm_hal.c +++ b/platform/ext/target/cypress/psoc64/spm_hal.c @@ -57,7 +57,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 @@ -199,7 +199,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ uint32_t tfm_spm_hal_get_ns_VTOR(void) { diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/mps2/an519/spm_hal.c index e1a8d1253d..833aa41012 100644 --- a/platform/ext/target/mps2/an519/spm_hal.c +++ b/platform/ext/target/mps2/an519/spm_hal.c @@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 @@ -178,7 +178,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/mps2/an521/spm_hal.c index 02124ea108..8e559b2082 100644 --- a/platform/ext/target/mps2/an521/spm_hal.c +++ b/platform/ext/target/mps2/an521/spm_hal.c @@ -27,7 +27,7 @@ extern const struct memory_region_limits memory_regions; struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 @@ -38,7 +38,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; #define PARTITION_REGION_PERIPH_MAX_NUM 2 uint32_t periph_num_count = 0; -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) { @@ -58,7 +58,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( const struct tfm_spm_partition_platform_data_t *platform_data) { bool privileged = tfm_is_partition_privileged(partition_idx); -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) struct mpu_armv8m_region_cfg_t region_cfg; #endif @@ -66,7 +66,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_INVALID_INPUT; } -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) if (!privileged) { region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count; @@ -90,7 +90,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); } -#endif /* TFM_LVL != 1 */ +#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */ if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, @@ -106,7 +106,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base); REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); @@ -211,7 +211,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/mps2/an539/spm_hal.c b/platform/ext/target/mps2/an539/spm_hal.c index aeaebc95cc..959bd4520a 100644 --- a/platform/ext/target/mps2/an539/spm_hal.c +++ b/platform/ext/target/mps2/an539/spm_hal.c @@ -76,7 +76,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 @@ -198,7 +198,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/mps3/an524/spm_hal.c index debdae2363..a25aec9337 100644 --- a/platform/ext/target/mps3/an524/spm_hal.c +++ b/platform/ext/target/mps3/an524/spm_hal.c @@ -70,7 +70,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 @@ -192,7 +192,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/musca_a/spm_hal.c b/platform/ext/target/musca_a/spm_hal.c index 099c941589..4f78ca1cc7 100644 --- a/platform/ext/target/musca_a/spm_hal.c +++ b/platform/ext/target/musca_a/spm_hal.c @@ -25,7 +25,7 @@ extern const struct memory_region_limits memory_regions; struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 @@ -36,7 +36,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; #define PARTITION_REGION_PERIPH_MAX_NUM 2 uint32_t periph_num_count = 0; -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) { @@ -56,7 +56,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( const struct tfm_spm_partition_platform_data_t *platform_data) { bool privileged = tfm_is_partition_privileged(partition_idx); -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) struct mpu_armv8m_region_cfg_t region_cfg; #endif @@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_INVALID_INPUT; } -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) if (!privileged) { region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count; @@ -88,7 +88,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); } -#endif /* TFM_LVL != 1 */ +#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */ if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, @@ -104,7 +104,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); @@ -218,7 +218,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/musca_b1/spm_hal.c b/platform/ext/target/musca_b1/spm_hal.c index f81c0d44bf..49285a364d 100644 --- a/platform/ext/target/musca_b1/spm_hal.c +++ b/platform/ext/target/musca_b1/spm_hal.c @@ -26,7 +26,7 @@ extern const struct memory_region_limits memory_regions; struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 @@ -37,7 +37,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE }; #define PARTITION_REGION_PERIPH_MAX_NUM 2 uint32_t periph_num_count = 0; -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) { @@ -60,7 +60,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( const struct tfm_spm_partition_platform_data_t *platform_data) { bool privileged = tfm_is_partition_privileged(partition_idx); -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) struct mpu_armv8m_region_cfg_t region_cfg; #endif @@ -68,7 +68,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_INVALID_INPUT; } -#if TFM_LVL != 1 +#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) if (!privileged) { region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count; @@ -92,7 +92,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); } -#endif /* TFM_LVL != 1 */ +#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */ if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, @@ -108,7 +108,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); @@ -222,7 +222,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/musca_s1/spm_hal.c b/platform/ext/target/musca_s1/spm_hal.c index 5d3ba3ca63..5d038f6e74 100644 --- a/platform/ext/target/musca_s1/spm_hal.c +++ b/platform/ext/target/musca_s1/spm_hal.c @@ -63,7 +63,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 @@ -187,7 +187,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/ext/target/sse-200_aws/spm_hal.c b/platform/ext/target/sse-200_aws/spm_hal.c index 1e8e833fcc..be0463789c 100644 --- a/platform/ext/target/sse-200_aws/spm_hal.c +++ b/platform/ext/target/sse-200_aws/spm_hal.c @@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation( return TFM_PLAT_ERR_SUCCESS; } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 @@ -178,7 +178,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) } return TFM_PLAT_ERR_SUCCESS; } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ void MPC_Handler(void) { diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h index 0435212554..3607753630 100644 --- a/platform/include/tfm_spm_hal.h +++ b/platform/include/tfm_spm_hal.h @@ -105,7 +105,7 @@ enum tfm_plat_err_t tfm_spm_hal_post_init_platform(void); */ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void); -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT /** * \brief This function initialises the HW used for isolation, and sets the * default configuration for them. @@ -114,7 +114,7 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void); * \return Returns values as specified by the \ref tfm_plat_err_t */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void); -#endif +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ /** * \brief Configure peripherals for a partition based on the platform data and diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c index 33a18de7b6..b00bf4ee3c 100644 --- a/secure_fw/core/tfm_core.c +++ b/secure_fw/core/tfm_core.c @@ -208,11 +208,11 @@ int main(void) tfm_core_panic(); } -#if TFM_LVL != 1 +#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT if (tfm_spm_hal_setup_isolation_hw() != TFM_PLAT_ERR_SUCCESS) { tfm_core_panic(); } -#endif /* TFM_LVL != 1 */ +#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ #ifndef TFM_PSA_API tfm_spm_partition_set_state(TFM_SP_CORE_ID, SPM_PARTITION_STATE_RUNNING); |