aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-06-22Build: Enable symmetric initial attestation in Profile S Default configDavid Hu
Setup SYMMETRIC_INITIAL_ATTESTATION in CommonConfig.cmake. Enable Initial Attestation service and symmetric key algorithm based Initial Attestation in TF-M Profile Small Default config. Change-Id: I728d968108eb3e7050ca2e2522191f005ac489b4 Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Build: Skip T_COSE test cases when ENABLE_T_COSE_TESTS is OFFDavid Hu
T_COSE test files are always built even if ENABLE_T_COSE_TESTS is set to OFF. Since test cases for COSE_Mac0 are not implemented, T_COSE test build will fail for symmetric key algorithm based Initial Attestation. Disable the ENABLE_T_COSE_TESTS if SERVICES_TEST_ENABLED is OFF. Skip T_COSE test cases when ENABLE_T_COSE_TESTS is OFF as a workaround of build failure with symmetric key algorithm based Initial Attestation. Change-Id: If9f58900b95113c642b0c32204135b14e438f42f Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: attest_token_start()/finish() for symmetric Initial AttestationDavid Hu
Implement attest_token_start() and attest_token_finish() for symmetric key algorithm based Initial Attestation. attest_token_start() and attest_token_finish() call COSE_Mac0 APIs from t_cose library. Change-Id: Idb33f33a2f531a13aa217171fcd007d71f8164bb Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22COSE: Add COSE_Mac0 support in t_cose libraryDavid Hu
Add t_cose_mac0_init() and t_cose_mac0_finish() to complete COSE_Mac0 structure. Implement HMAC operations for COSE_Mac0 based on PSA crypto MAC operations. Change-Id: Ic55a34d24100adb1c839b0d3ff7cb4d2da09d4cb Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: Create Instance ID in symmetric Initial AttestationDavid Hu
Calculate the Instance ID based on symmetric IAK when IAK raw data is fetched. Implement attest_add_instance_id_claim() to construct the Instance ID claim for symmetric algorithm based Initial Attestation. Change-Id: I4d5d3aa935ce08d2c5a6e9132274d36d9e28b78c Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: Fetch symmetric Initial Attestation KeyDavid Hu
Implement attest_register_initial_attest_key() to fetch and register a symmetric Initial Attestation Key (IAK). Add tfm_plat_get_symmetric_iak() to receive the key raw data from platform. Add attest_get_signing_key_handle() to get the key handle of the initial attestation key for signing IAT. Replace attest_get_initial_attestation_private_key_handle() with attest_get_signing_key_handle(). Also add a binary symmetric IAK file for token verification in other tools. Change-Id: Id2e3647cc85abd0eacbf2a0e53b6d2cd927acaaf Signed-off-by: David Hu <david.hu@arm.com>
2020-06-19Tools: add Mac0Message support to iatverifierSergei Trofimov
Add support for the Mac0Message COSE format to iatverifier, as the alternative to the Sign1Message currently used. Change-Id: I6baa87209fd17afe52ff1c6f936693e3b9dc9b9f Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
2020-06-19Build: Create hex and elf files of executablesØyvind Rønningstad
Install hex and elf files to the same location as the axf and bin files Change-Id: I20a54560e733df875705f98b0ec3c3a1f5a01657 Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-06-19Docs: Restructuring and new layoutMinos Galanakis
This patch implements a set of user-experiences aimed changes.It modifies the documentation structure and switches to a more reactive design for the rtd theme. * The documentation layout has been redesigned to be more intuitive,easier to maintain and and scale. * The landing page introduces a new dashboard. * Introduced dedicated space for release documents, and changelog has been modified to directly source content from referenced documents. * Added quick-link navigation for items that need emphasis. * Relevant design documents can now be grouped in suf-folders. * There is dedicated space for custom platform, and third party tools documents. * Wildcard and regex matching has been introduced to indexes. Change-Id: Ib02d17d5d26187d397ba17317788cf2a01401b07 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2020-06-19Core: Move spm header files to 'spm' folderMingyang Sun
- Move 'spm_xxx.h' to 'spm' folder, they should belong to 'spm'. - Fix and simplify inclusion of header file. - Fix format and typo error. Change-Id: I129c6626ddffbbdba0e7edc27e9307f0d6ea9b79 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-19Core: Use separate '.inc' file and init functionMingyang Sun
- Remove the 'tfm_spm_db.inc', use separate files, separate SPM initialization functions for different models. - Remove unused inclusion of header file 'spm_db.h'. Change-Id: I7427eaee691a02c9b25579972902974ac9d32fd7 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-18Doc: Update email address for feedback and supportKevin Peng
Change-Id: I7ed5837de4501c0872b265d2737310492daf431c Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2020-06-16test: core: Remove unneeded #include <platform_irq.h>Øyvind Rønningstad
It's not used, and interferes when a platform doesn't have this file. Change-Id: Icbffa7e912f297cbeaf4d1edfbd20fdf96efcacd Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-06-16Build: Fix cmake implicitly converting warningsKumar Gala
Fix warnings of the form: implicitly converting 'bool' to 'STRING' type. implicitly converting 'internal' to 'STRING' type. implicitly converting 'string' to 'STRING' type. by changing the type to STRING. Change-Id: I888126809cd0b9ae4841585979f8ebed6e357160 Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2020-06-16Platform: Fix Musca-B1 eFlash driver issueJamie Fox
Changes the eFlash driver functions to only check the CMD_PENDING bit of the status register, and ignore the ARBITRATION_LOCKED bit, before proceeding. This prevents the functions from failing unnecessarily when an AHB access is taking priority over any APB accesses. Change-Id: I57290e04397ee1c8f2b79219feee47990d7b8747 Signed-off-by: Jamie Fox <jamie.fox@arm.com>
2020-06-16Docs: Clarify that Profile Small doesn't cover all the platformsDavid Hu
Add notes in build instruction document to clairfy that Profile Small config doesn't all the platforms supported in TF-M. Change-Id: I5cc94e02175276d1954505e68e89321c0a418a48 Signed-off-by: David Hu <david.hu@arm.com>
2020-06-16Platform: PSoC64: Increase ITS_MAX_BLOCK_DATA_COPY to 512Chris Brand
PSoC64 has 512-byte flash sectors, so bumping this to 512 can significantly reduce the number of read and write operations, depending on the alignment of the reads and writes. Change-Id: I9f156542f0d489ec13a0894d035bef7dff882f25 Signed-off-by: Chris Brand <chris.brand@cypress.com>
2020-06-16Platform: PSoC64: Make NV counters and ITS Flash regions privileged-onlyChris Brand
No unprivileged code needs access to these regions. Change-Id: Idb724d7a654d3b9fddeae51ff9b250ca69f87e72 Signed-off-by: Chris Brand <chris.brand@cypress.com>
2020-06-16Platform: PSoC64: Change SMPU regions usedChris Brand
Rather than using SMPU region 10, use 8. Later versions of the bootloader use the higher-numbered SMPU regions. Signed-off-by: Chris Brand <chris.brand@cypress.com> Change-Id: Idac3c9bbbffb1a67c9d12e04d74082f8e0826170
2020-06-15Boot: Fix BL2 and NS scatter filesBalint Matyi
The maximum size of the region ER_DATA in BL2 scatter files is set to BL2_DATA_SIZE, which is usually equal to the size of the available RAM. But the BOOT_DATA, the heap and the MSP stack also have to be placed into RAM. In addition, if the TFM_MULTI_CORE_TOPOLOGY macro is set then the BOOT_DATA is not placed at the start of the RAM in TF-M, but after unprivileged data. In the case of NS scatter files, NS_DATA_SIZE is usually set to half of the available RAM, or the size of the RAM, minus the size of the S image. Nevertheless, the stack and the heap still have to fit in the ER_DATA region. So the scatter files are modified like in tfm_common_s.sct, adjusting the size of the ER_DATA region. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I8deafe4c3846c5f1615b5842c6d65d9d5bb7c4a0
2020-06-15Config: Add stm targets in single entry pointLudovic Barre
This patch allows to group all stm targets in single cmake entry point. The stm TARGET_PLATFORM should prefix by "STM". stm platforms supports CoreIPC, CoreIPCTfmLevel2 and RegressionIPCTfmLevel2 Build with GNUARM toolchain. Change-Id: I6535420b2304c18f2ab260620c38fef632eb7488 Signed-off-by: Ludovic Barre <ludovic.barre@st.com> Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2020-06-15Platform: Add the support of stm32l5xxMichel Jaouen
- nucleo_l552ze_q and disco_l562qe boards supported and build with gnuarm compiler. - dummy driver for nvm counter, - mcuboot config overwrite only and 2 images, - timer not supported - icache ip not activated Change-Id: I6c87662ae26fc6552e0b65f35000cfc73735fd21 Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2020-06-15Core: Simplify the service lookup procedureSummer Qin
There are only IPC partitions under IPC model now. Enumerate from the service list start directly instead of partition list. Change-Id: I000cd0a06a75ee873462fd6fda271f19af950819 Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-06-15Core: IAR fix for 94d424a5TTornblom
Removed conditional on __GNUC__. This code needs to be compiled with all toolchains. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I0a5d5213704e4cb2f1a905cefde7c0d53f1d3e4e
2020-06-15Platform: Update including path for CC312 buildingKen Liu
Update the including path for CC312 building after folder structure adjustment. Change-Id: Ia444acac19df280be35d42e6345f51059d474c59 Signed-off-by: Ken Liu <ken.liu@arm.com>
2020-06-12Platform: Rename SST to PS for FVP_SSE300_MPS2Jamie Fox
Updates FVP_SSE300_MPS2 platform files to use PS names instead of SST. Change-Id: I428668a645cb0c47b6f5b62ab9a0fc61e116c2fc Signed-off-by: Jamie Fox <jamie.fox@arm.com>
2020-06-12SST: Rename SST(Secure STorage) to PS(Protected Storage)Kevin Peng
This patches renames SST(Secure STorage) to PS(Protected Storage) for files, folders and any contents in files to align with the PSA Storage API spec. Change-Id: Icf991f59512875780c159f22737b521b3b2d4924 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2020-06-11Test: Modify IRQ test flow for toolMate Toth-Pal
Modify the flow of the IRQ test case so it can be executed with the IRQ testing tool. Change-Id: Ibc646baf2b979a0c054cc969b5a061e3c0e79081 Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
2020-06-11Platform: Add FVP_SSE300_MPS2 targetMark Horvath
Add support for FVP_SSE300_MPS2 platform Change-Id: Ieddb5adbdc0cc47690bbe0b3dfbaf39d005d03ea Signed-off-by: Mark Horvath <mark.horvath@arm.com> Signed-off-by: Marton Berke <marton.berke@arm.com>
2020-06-11Docs: Update TF-M repository referenceMinos Galanakis
The TF-M repository has been moved from git.trustedfirmware.org/trusted-firmware-m to git.trustedfirmware.org/TF-M/trusted-firmware-m This patch updates references to the documentation to reflect that change. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com> Change-Id: Ib7d4d45bae7790bf69fcad4fd16f558716b20d92
2020-06-10Docs: Fixed minor formatting error in IAR build instructionsTTornblom
Added supported toolchain versions. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I01f9d5a6d12f1e1032776da78dc52e9278bd4e18
2020-06-10Tools: Use build system appropriate newlinesTTornblom
After running tools/tfm_parse_manifest_list.py on Windows, git lists all generated files as changed, even if it is just the newlines that has changed. git converts the newlines on checkout and commit, so the files should really have newlines that are appropriate for the build system. This change makes python generate the appropriate newlines so that only truly changed files will be listed by git. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: Iba0a0a7f162de432f2c5eba938539759e00dd376
2020-06-10App: IAR fix for 8fa3a7b6TTornblom
Commit 8fa3a7b6 uses "Image$$ARM_LIB_STACK_MSP$$ZI$$Base" instead of using the REGION_DECLARE macros in region.h. This causes link issues with IAR. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7
2020-06-09Build: Minor IAR warnings elimination and fix for 8f17a711TTornblom
Update the IAR CMSE_FLAG handling for 8f17a711 Fixed a few warnings about unused variables with IAR Disabled some harmless warnings for IAR Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I7197ae009e3e85bcb8d8b21b7528108d966ee330
2020-06-09crypto: decouple the PSA Crypto interface from TF-M flagsSoby Mathew
This patch cleanup the PSA Crypto interface headers files and decouples it from TF-M build flag dependencies. The `psa_key_attributes_t` struct definition previously depended on various config options. The struct now only has fields which can be set and read by the client. Hence the client view of the structure is now defined separately in the crypto_client_struct.h header. The platform dependant definitions of the PSA Crypto types are fixed and hence the crypto_platform.h header is removed and the contents are moved to other PSA crypto headers. The previous intermediate solution for hiding the type differences between crypto server and client view via `psa_client_core_key_attributes_t` is now removed. Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-06-08Boot: Replace hard-coded image indexDavid Vincze
Fix1: replace hard-coded value with the image index variable. It remained from when only 1 image was supported by the rollback protection mechanism. Fix2: typo in NV counter identifier. Change-Id: Iaa275d02ad34ca6e95a01a0d3f85fd190d44bc3d Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-06-08Boot: Fix misplaced preprocessor directiveDavid Vincze
Fix misplaced preprocessor directive which caused the bootloader to use the NO_SWAP strategy as default instead of overwrite-only. Fix "maximum line length" coding rule violations. Change-Id: Ib82fb567912873add2c5b4407c59deb92791dbaa Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-06-08Core: Update the include statementMingyang Sun
Change the absolute including into relative including for core sources. Change-Id: Ic5b47c149a3739ad5e79af8231e48dfc68074369 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-08Service: Update the include statementsMingyang Sun
Change the absolute including into relative including for partition service sources. Change-Id: I1cc2057e5965046242a9b70e01e937243cacfc7e Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-08Platform: Update the include statementsMingyang Sun
Change the absolute including into relative path including for platform sources. Change-Id: I594577eae7689ea8ac6cb557d5b0b5a048ee9b4d Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-05Gerrit: Update .gitreview to new locationBenjamin Copeland
Change-Id: If09018fead554a66cb7e415cbe3b3dfc47c9e8ef
2020-06-05Platform: Unify NS and secure UART STDOUT implementationKevin Peng
The uart_stdout implementations are actually identical for Non-secure and Secure. The only difference is the actual underlying stdio driver. This patch unifies the implementations to one file, using Macro to distinguish different drivers. The patch also removes the unused enum uart_channel. Change-Id: Ice89127cc98bd185947ce8de7af5190bd5bd69dc Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2020-06-05Docs: Update path 'services' to 'partitions'Ken Liu
Due to the folder name is updated from 'secure_fw/services' to 'secure_fw/partitions', update related documents with updated name. Change-Id: I5b85d3c2c4f2a4e1f7fd422910e968e970d70527 Signed-off-by: Ken Liu <ken.liu@arm.com>
2020-06-05Docs: Update glossaryEdison Ai
Add the related glossaries for TF-M HAL. Change-Id: Ic14b1058f1a1c7bcf29ee906ebd8118c3d88afa1 Signed-off-by: Edison Ai <edison.ai@arm.com>
2020-06-05Docs: Refine glossary.rstEdison Ai
- Change "Trusted Firmware - M" to "Trusted Firmware-M". - Align the glossary.rst in 80 columns. - Sort by alphabet. Change-Id: I5ef05409a310b0edd8a1c96c283f332b4062a85a Signed-off-by: Edison Ai <edison.ai@arm.com>
2020-06-04Test: Add attestation claim value check switchBalint Matyi
Control checking for hard-coded claim values in the attestation suite by introducing the 'ATTEST_CLAIM_VALUE_CHECK' flag. When set to 'ON', the test will check if the claim values match the constant values found in 'platform/ext/common/template/attest_hal.c'. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I22ab1471609d6b931deaf97f31cb3a0dcd83fda0
2020-06-04Boot: Add requirements.txt fileKevin Townsend
This commit adds a requirements.txt file listing the requirements for the image signing script, etc. Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org> Change-Id: I3c19c06046cc051113ea80ad370e56c56c45a999
2020-06-04Docs: Replace True/False with ON/OFF in attestation guideBalint Matyi
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I356119b7dd0a1b6c62e6255e2baf4e992a29a86f
2020-06-04Boot: Add byte cast when signing payloadKevin Townsend
This commit adds an explicit cast to `bytes` for the payload when signing data with imgtool. On some systems, the data may be provided as a `ByteArray`, which will cause the signing function to fail since the underlying library expects `bytes`. Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org> Change-Id: I7405d9e76570d61cc745dcd81e6033dec637d2f3
2020-06-04Build: Enable ninja-based buildsKevin Townsend
This commit enables to use of `-GNinja` for builds, which provides significantly faster TF-M builds, and enables building TF-M as a cmake external project with Zephyr's build system. ``` $ cmake -GNinja \ -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` \ -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. $ ninja ``` Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org> Change-Id: I5deaaf9ffb3ec3329174881d70fe7033b531ec49