aboutsummaryrefslogtreecommitdiff
path: root/platform
diff options
context:
space:
mode:
Diffstat (limited to 'platform')
-rw-r--r--platform/ext/common/template/crypto_dummy_nv_seed.c29
-rw-r--r--platform/ext/common/template/crypto_nv_seed.c39
-rw-r--r--platform/ext/target/mps2/an521/CMakeLists.txt13
-rw-r--r--platform/ext/target/mps2/an521/config.cmake5
-rw-r--r--platform/ext/target/mps2/an521/mbedtls_an521_conf.h30
-rw-r--r--platform/include/tfm_plat_crypto_dummy_nv_seed.h21
-rw-r--r--platform/include/tfm_plat_crypto_nv_seed.h41
7 files changed, 178 insertions, 0 deletions
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c
new file mode 100644
index 0000000000..cb21fc79bb
--- /dev/null
+++ b/platform/ext/common/template/crypto_dummy_nv_seed.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "mbedtls/entropy.h"
+#include "tfm_plat_crypto_dummy_nv_seed.h"
+
+/* NOTE: The seed value here is only an example, please do not use it in
+ * production. Platform vendor should implement their own seed value.
+ */
+const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = {
+ 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78,
+ 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca,
+ 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79,
+ 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85,
+ 0xde, 0xc4, 0x5f, 0x66, 0x21, 0x52, 0xf9, 0x39,
+ 0xd9, 0x77, 0x93, 0x28, 0xb0, 0x5e, 0x02, 0xfa,
+ 0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb,
+ 0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66,
+};
+
+int tfm_plat_crypto_create_entropy_seed(void)
+{
+ return tfm_plat_crypto_nv_seed_write(seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+}
diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c
new file mode 100644
index 0000000000..97535da064
--- /dev/null
+++ b/platform/ext/common/template/crypto_nv_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stddef.h>
+#include "tfm_plat_crypto_nv_seed.h"
+#include "psa/internal_trusted_storage.h"
+
+int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+ size_t data_length = 0;
+
+ status = psa_its_get(uid, 0, buf_len, buf, &data_length);
+
+ if (status == PSA_SUCCESS && data_length == buf_len) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}
+
+int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len)
+{
+ psa_storage_uid_t uid = NV_SEED_FILE_ID;
+ psa_status_t status;
+
+ status = psa_its_set(uid, buf_len, buf, 0);
+
+ if (status == PSA_SUCCESS) {
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ } else {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ }
+}
diff --git a/platform/ext/target/mps2/an521/CMakeLists.txt b/platform/ext/target/mps2/an521/CMakeLists.txt
index d1ca90d9be..e4f798cf62 100644
--- a/platform/ext/target/mps2/an521/CMakeLists.txt
+++ b/platform/ext/target/mps2/an521/CMakeLists.txt
@@ -167,3 +167,16 @@ if(BL2)
native_drivers
)
endif()
+
+#========================= Crypto =============================================#
+
+target_sources(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<BOOL:${TFM_PSA_API}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_nv_seed.c>
+ $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_dummy_nv_seed.c>
+)
+
+target_compile_definitions(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:PLATFORM_DUMMY_NV_SEED>
+)
diff --git a/platform/ext/target/mps2/an521/config.cmake b/platform/ext/target/mps2/an521/config.cmake
index 945a30edda..1d3b682c6a 100644
--- a/platform/ext/target/mps2/an521/config.cmake
+++ b/platform/ext/target/mps2/an521/config.cmake
@@ -6,3 +6,8 @@
#-------------------------------------------------------------------------------
set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
+
+if(TFM_PSA_API)
+ set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH ${CMAKE_CURRENT_LIST_DIR}/mbedtls_an521_conf.h CACHE FILEPATH "Config to append to standard Mbed Crypto config, used by platforms to configure feature support")
+ set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
+endif()
diff --git a/platform/ext/target/mps2/an521/mbedtls_an521_conf.h b/platform/ext/target/mps2/an521/mbedtls_an521_conf.h
new file mode 100644
index 0000000000..6094cb05f0
--- /dev/null
+++ b/platform/ext/target/mps2/an521/mbedtls_an521_conf.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __MBEDTLS_AN521_CONF_H__
+#define __MBEDTLS_AN521_CONF_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+#define MBEDTLS_ENTROPY_NV_SEED
+#ifndef MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO tfm_plat_crypto_nv_seed_read
+#endif
+#ifndef MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO tfm_plat_crypto_nv_seed_write
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __MBEDTLS_AN521_CONF_H__ */
diff --git a/platform/include/tfm_plat_crypto_dummy_nv_seed.h b/platform/include/tfm_plat_crypto_dummy_nv_seed.h
new file mode 100644
index 0000000000..08bec766ba
--- /dev/null
+++ b/platform/include/tfm_plat_crypto_dummy_nv_seed.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__
+#define __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__
+
+#include "tfm_plat_crypto_nv_seed.h"
+
+/**
+ * \brief Create a dummy entropy seed when platform doesn't provision the seed.
+ * Do NOT call this function in production.
+ *
+ * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success,
+ * or TFM_CRYPTO_NV_SEED_FAILED on failure.
+ */
+int tfm_plat_crypto_create_entropy_seed(void);
+
+#endif /* __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__ */
diff --git a/platform/include/tfm_plat_crypto_nv_seed.h b/platform/include/tfm_plat_crypto_nv_seed.h
new file mode 100644
index 0000000000..39b9e377c3
--- /dev/null
+++ b/platform/include/tfm_plat_crypto_nv_seed.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __TFM_PLAT_CRYPTO_NV_SEED_H__
+#define __TFM_PLAT_CRYPTO_NV_SEED_H__
+
+#include <stddef.h>
+
+#ifndef NV_SEED_FILE_ID
+#define NV_SEED_FILE_ID 9
+#endif
+
+#define TFM_CRYPTO_NV_SEED_SUCCESS 0
+#define TFM_CRYPTO_NV_SEED_FAILED -1
+
+/**
+ * \brief Read Seed from NV storage.
+ *
+ * \param[out] buf Buffer to store the seed
+ * \param[in] buf_len Buffer length to read
+ *
+ * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success,
+ * or TFM_CRYPTO_NV_SEED_FAILED on failure.
+ */
+int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len);
+
+/**
+ * \brief Write Seed to NV storage.
+ *
+ * \param[in] buf Buffer storing the seed
+ * \param[in] buf_len Buffer length to write
+ *
+ * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success,
+ * or TFM_CRYPTO_NV_SEED_FAILED on failure.
+ */
+int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len);
+
+#endif /* __TFM_PLAT_CRYPTO_NV_SEED_H__ */