aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-07-26Test: Update the psa arch test versionTF-Mv1.4.0-RC2Summer Qin
Update the psa arch test version. Change-Id: I4ab265fe7c86636920d19e60b70dbbe3c76dca27 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-26Crypto: Add config checkSummer Qin
PLATFORM_DUMMY_NV_SEED and CRYPTO_HW_ACCELERATOR should not be disabled at the same time. Only one of them should be set to ON. Change-Id: I1c0c5b187734e3a49b0cea9a3562693bd1d0e11c Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-23Revert "PS: Update non-static label implementation"Anton Komlev
This reverts commit e21144c46f540747947db361932613eb5d77f2bb. Reason for revert: Minimise changes in core during code freeze unless it is essential for the release. This PS must be applied immediately after release v1.4.0 Change-Id: I15f39c0a093c75841c051d015a9b9202db848fcd
2021-07-23PS: Update non-static label implementationDavid Hu
Define client ID and UID in the PS Crypto ref structure, to replace the static array. Therefore, it can prevent defining a static array with a fixed length of psa_storage_uid_t, whose size may actually vary. Change-Id: I1f9934638807725ae47f9a0eeaa339de89eeeaa4 Signed-off-by: David Hu <david.hu@arm.com>
2021-07-21Test: Update the tfm test versionTF-Mv1.4.0-RC1Summer Qin
Update the TFM_TEST_REPO_VERSION which align with mbedtls-3.0.0 and support crypto single-shot test cases. Change-Id: Ic61e5a4b31395df0864b21dac28ca02d62f25328 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Platform: Update STM accelerator for mbedtls 3.0Raef Coles
Change-Id: I402532359fdb6fc8aa8605712465025412a87e74 Signed-off-by: Raef Coles <raef.coles@arm.com>
2021-07-21Platform: Expand CMSE_VENEER_REGION_SIZE for musca_b1Summer Qin
Expand CMSE_VENEER_REGION_SIZE for musca_b1. Change-Id: Iebbae7cd4a76e2151bf545c7cf7f866e9094fa4e Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21CC312: Align CC312 with mbedtls 3.0.0Summer Qin
Change-Id: I97de9292688e4991d7414e176c3bab96c84345cd Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Crypto: Use NV SEED as default entropy sourceSummer Qin
MBEDTLS_TEST_NULL_ENTROPY is removed from mbedtls 3.0.0. Change to use 'MBEDTLS_ENTROPY_NV_SEED' as the default entropy source if a platform doesn't generate entropy from hardware. Change-Id: If03c9dec3c6fb0d7bb98721963ac2142d43ed00d Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Crypto: Fix handle_owner allocation issueSummer Qin
Source key and target key should be allocated in different handle_owner slot. Change-Id: Ia3052c24fb0dd4489bb2a12ac4611bc9f4a597b1 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Crypto: Add support for message signing operationSummer Qin
Add support for crypto message signing operation: -psa_sign_message() -psa_verify_message() Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I685d4c12c8c132ce4ce0c79542ad9143076f3600
2021-07-21Crypto: Add support for some cipher and mac functionsSummer Qin
Add support for 'psa_cipher_encrypt', 'psa_cipher_decrypt', 'psa_mac_compute' and 'psa_mac_verify' since mbedtls-3.0.0 has implemented them. Change-Id: Iec2c5799cd7e44a9f478bd1f36234bdc548a559e Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Crypto: Upgrade mbedtls to v3.0.0Summer Qin
- Remove deprecated macros and functions - Enable SHA-224 cryptographic hash algorithm by 'define MBEDTLS_SHA224_C' - Enable SHA-384 cryptographic hash algorithm by 'define MBEDTLS_SHA384_C' - 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by mbedtls-3.0.0 - 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0 - mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs to align. Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Crypto: Align PSA Crypto API to 1.0 versionSummer Qin
Some functions and macros are deprecated in PSA Crypto spec 1.0. Align them with the spec definition. Change-Id: Icc2a8c6fe245873ea76b3e0a1bdf32a87fd016ad Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-21Partitions: Add psa_wait when wake up in Idle PartitionKevin Peng
There could be the following case that SPE would stuck in Idle Partition: - The NSPE preemptes the Idle Partition - A Secure Interrupt then preempts the NSPE - The interrupt handling triggers scheduling. - But the NSPE was preempted, scheduling is skipped to avoid context mismatch between NSPE and SPE - Execution goes back from NSPE to SPE At this point, some events from the resumed Partition to trigger the scheduler again is expected, for example a psa_wait or psa_reply call. But the Idle Partition does nothing. So this patch adds a dummy psa_wait to fix this issue, using PSA_POLL to avoid the Idle Partition being set to "BLOCK" state. Change-Id: I69e79b25ba88eea40d18b1c7c29690bc1cadf242 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-21SPM: Activate scheduler in psa_wait() if no signal assertedKevin Peng
psa_wait() should always activate scheduler if the expected signal is not asserted. Change-Id: I7b910320e7c473b30ef764fdf19f2a04195fa3b1 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-21SPM: Add error check of NULL stateless serviceMingyang Sun
Add NULL service check after getting the stateless service to avoid NULL pointer reference. Change-Id: Ia409f7fe88191291b93c6effb1a956b88df2e78b Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-20Platform: LPCXpresso55s69: Synchronized platform code with NXP SDK portMartinaHanusovaNXP
Synchronized platform/ext/target/nxp folder with MCUx latest SDK port: - Common: o Replaced Driver_Flash.c with Driver_Flash_iap1.c in CMSIS_Driver o Deleted mini_mbedcrypto_config.h, added mbedcrypto_user_config.h instead o Added crypto_hw.c - LPCXpresso55s69: o Deleted lpcxpresso55s69_mbedcrypto_config.h o Updated README file  Added -DTFM_PROFILE=profile_medium into build instructions  Added Linux/Windows and PyOCD/JLink tab sections  Fixed mistake in flash instructions for PyOCD o Updated scripts  Added -DTFM_PROFILE=profile_medium attribute into build scripts  Fixed previous file removement in flash scripts o Synchronized BL2 startup file with SDK o Moved project_template folder from Native_Driver to lpcxpresso55s69 o Automatically fetched common project template files from NXP git (board, pin_mux, peripherals) Signed-off-by: MartinaHanusovaNXP <martina.hanusova@nxp.com> Change-Id: Id6a0c905bf7df1032bc3352c5907223e0ffcb2db
2021-07-20Crypto: Fix -Wint-conversion warningSummer Qin
Fix -Wint-conversion warning when assign NULL to 'key'. Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I41fe5423ffdbdeb9517696ed04d5bffdc7327dd8
2021-07-20Boot: Integrate MCUboot based on mbedtls-3.0.0Sherry Zhang
Change-Id: Ia4150d99c8a4c0f73e94030864bb6baf7e75ef49 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-07-20Boot: Update MCUboot to version 4f80913Sherry Zhang
Change-Id: If9e5749694300c22b4c8857c9c06f355bc4d0a46 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-07-20Docs: Turn warnings into errors in html generationSummer Qin
Turn warnings into errors in html generation, it helps to maintain documentation. Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I669f6f79d0917ff9e4ab70ab4420ad8763cc167b
2021-07-20FWU: Fix build error when MCUBOOT_ENC_IMAGES is enabledSherry Zhang
Change-Id: I7b6c1f90b90ce199194ffe37e572562f293333f8 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-07-19Platform: Disable FLIH testing by default on AN521Kevin Peng
Change-Id: Ic48ecedb9d857645bd8b3cb16f13ce1ac9c0641c Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-19protected_storage: Enable non static key labelsGeorgios Vasilakis
-Adds non static key labels for the key derivation of the ps objects -The (Client id + UID) is used as the label -The ps_table still has a static label Author: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Change-Id: I52af6278586cdee83008d3c8c73b41faa62e584c
2021-07-16SPM: Fix GNUARM compiler warningMingyang Sun
Fix the warning of "'inline' is not at beginning of declaration". Change-Id: Ic6e3f5cb5b9d4d018765412949de32b51d4cc5d4 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-16Tools: Fixed slashes mismatch in manifest parsing toolMartinaHanusovaNXP
When generating manifest files on Windows and the output option (-o) is specified, there are different types of slashes in the include paths of generated files (the part of specified folder uses Windows slashes (\) whereas the rest of path uses Unix slashes (/)). This patch unified it to use only Unix slashes. Also it was deleted converting to absolute paths functionality when specifying output folder, now it uses relative paths as it was originally. This allows to update files in their locations even outside the root folder of the directory. Signed-off-by: MartinaHanusovaNXP <martina.hanusova@nxp.com> Change-Id: I9469d658afbce001ce45abe2e61ccc2dc4b5a02d
2021-07-16SPM: Minor refinement of "load info" templateMingyang Sun
- Simplify the template a little. - Avoid declaring a 0-sized array if a partition does not have services. Change-Id: Id769ddc2283d9c4f9c0a92903baf70deeec112af Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-16Platform: stm: Fix for TF-M small profile supportMichel Jaouen
Since platform is not built in small profile, Error_Handler defined in platform service and used only by low_level_rng is removed. Since stm platform does not support for now MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_SETKEY_DEC_ALT beeing defined in small profile, they are undefined. Signed-off-by: Michel Jaouen <michel.jaouen@st.com> Change-Id: I32c4808865558a6ce42105ef978b53740e8d52d6
2021-07-16Partitions: Change the crypto service in Proxy Partition to stateless.Shawn Shan
The TF-M crypto service has been changed to stateless while crypto service in Proxy Partition has not been changed. The crypto service in Proxy Partition is not working. This patch changes the crypto service in Proxy Partition to stateless. Change-Id: I42f22ce199283150f37bf4c48f0d4faadefa215b Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-07-16Platform: Add a customized manifest list for Musca-B1Kevin Peng
When the Secure Enclave is enabled, the host core does not provide PSA RoT Services and Protected Storage services. Instead a Proxy Partition is provided to forward service requests to the SE. The manifest list does not need to include those Partitions. Having those Partitions causes potential conflicts with the Proxy Partition because they provide same services and use the same manifest items. This patch adds a customized manifest list for Musca-B1 with Secure Encalve and removes the Proxy Partition in the common manifest list. Change-Id: Ib83ee415b7b3fc8a53eb59e2de42964f8c5fe326 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-16Build: Allow customized manifest listsKevin Peng
The tfm_manifest_list.yaml is used by default and only extra manifest lists are allowed for customization. This patch makes the default manifest list replacable as well. This can avoid issues that the extra manifest and the default manifest may have conflict Partitions or there could be conflicts within the default manifest list on some specific builds. Note: The Partition configuration switches defined in "conditional" are still required to set to OFF to disable building Partitions even if they are not in manifest lists. This patch also fixes the wrong directory in config/set_config.cmake which happens to be correct when building. Change-Id: Id701e174d511c8fe34d62e8a3ff4813460aab2e9 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-16Update Version of Test RepoXinyu Zhang
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I90d70ac6363901e37cda7146ec17daad85408ee7
2021-07-16Platform: Enable IRQ testing on some platforms by defaultKevin Peng
This patch enables the following IRQ tests by default so that CI could cover the testing: - FLIH test on AN521 - SLIH test on Musca-B1 Because FLIH and SLIH test can not be enabled at the same time, let users choose which to enable on other platforms. Note: Currently, FLIH test is only supported on AN519 and AN521. Change-Id: I2c40b46841ac54a3c8bc5e788c9184047626db4a Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-16Platform: Musca-B1: Enable Test SLIH on isolation L2 & 3Kevin Peng
This patch enables testing SLIH on isolation L2 & 3 by putting the timer driver needed by the ARoT test Partition to SPRT. This patch also change to build plat_test.c when either TEST_S or TEST_NS is enabled. plat_test.c is not part of Platform Partition but for test purpose. Change-Id: I639ec956ca09ad45454e0e730f832231e9ab6d32 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-16PsoC64: Make some functions staticChris Brand
Two of the functions in the mailbox directory are only ever called from within the same file, so they should be static. Change-Id: Id3fd7d8599d1740757f575378296a15406aa1b56 Signed-off-by: Chris Brand <chris.brand@cypress.com>
2021-07-16SPM: Fix irq template for cmsis func.Michel Jaouen
Without this fix, IAR is not building with DTFM_PSA_API=OFF Change-Id: Ifc7b271d88cc24a07dd442a3693745d91b6b0d73 Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2021-07-16Docs: update NUCLEO-L552ZE-Q builds to use TFM_TOOLCHAIN_FILEAbbas Bracken Ziad
The build instructions for NUCLEO-L552ZE-Q were using the now deprecated CMAKE_TOOLCHAIN_FILE setting. In fact, the build would fail as this setting no longer accepts relative paths. There are two options: supply an absolute path or instead use TFM_TOOLCHAIN_FILE. This patch applies the second option. Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com> Change-Id: Id03dbf263afa466fc6c022a414d8d31b5bb40d5c
2021-07-16Build: Add config check for FLIH TestingKevin Peng
Library Mode does not support FLIH. This patch adds config check for FLIH test being enabled for Lib Mode. Change-Id: I567c9de279fcfba1bef6222a4a4070abf0be74bc Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-15SPM: Make boot data table only have enabled PartitionKevin Peng
The access policy table for boot data should only have enabled Partition. Change-Id: I125e980f265df3798e6bcee7be8b0e9aa545b652 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-15Build: Update tf-m-tests default commitshejia01
Update Version of Test Repo Signed-off-by: Jianliang Shen <jianliang.shen@arm.com> Change-Id: Iad3c7a9f67677eebd54f67f8f900c5a0b7504c16
2021-07-15Build: Fix the t_cose and attestation test suites build errorshejia01
When build t_cose or attestation test suites, t_cose build failed when NS crypto tests is not enabled. Such a dependency is incorrect. This patch fixes t_cose build when symmetric attestation is enabled. Signed-off-by: Jianliang Shen <jianliang.shen@arm.com> Change-Id: I1b16edc5c62178a3a8c91e78db689e16ee586232
2021-07-14PS: Fix bug when encrypt/decrypt PS objectsSherry Zhang
In Protected Storage partition, the IV which is used for object encrypt/decrypto is protected by the PSA ITS service together with the object data. When calculating the size of the 'iv' field, byte alignment is out of consideration which leads decrypt failure when reading an encrypted object. Change-Id: I282152660bf4bddc4829b3ca2adb94143610d179 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-07-13Docs: Add requirement of librsvg2-bin for doc generationDavid Hu
Require tool librsvg2-bin in docs for user guide generation. librsvg2-bin shall be installed to support sphinxcontrib-svg2pdfconverter. Otherwise, user guide build will throw out warnings that RSVG converter command 'rsvg-convert' cannot be run. Change-Id: Ic988b2771c0c5317b130bb37696c1c2833c162f7 Signed-off-by: David Hu <david.hu@arm.com>
2021-07-13Docs: Move design documents into a dedicated folderDavid Hu
Collect all the design documents under a dedicated design_docs folder. Update the links in other documents. Change-Id: I2da761a11317144185e960c539f2245d3d46fd2a Signed-off-by: David Hu <david.hu@arm.com>
2021-07-13Docs: Fix Sphinx version in getting startedDavid Hu
Update Sphinx version to 2.0.1 to align with that in requirements.txt. Change-Id: I3420e823426d4c7cbb83271ddf0a1a974f7ae9f1 Signed-off-by: David Hu <david.hu@arm.com>
2021-07-13Docs: Fix doc links in porting_TFM_to_a_new_hardware.rstDavid Hu
Change-Id: Iec42e7f37b07ac9b9089351d3f6108ab05011049 Signed-off-by: David Hu <david.hu@arm.com>
2021-07-13Platforms: Put timer driver to SPRT for IRQ testing onlyKevin Peng
In a previous change 362817f1713321203eb3147801e0711369060687 the timer driver was put into SPRT by default. That change was actually for testing purpose only. This patch puts timer driver to SPRT only when IRQ testing is enabled. Change-Id: I8d7629d30b56f3982b041bbe8edf0c89a685f4bc Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-09Platform: stm: fix after spm modificationMichel Jaouen
This fix is required for build with GNUARM. Change-Id: I5e10e7b21104673e3f4f26eaf209bfb5b93e3954 Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2021-07-08psoc64: Disable watchdog on bootRaymondNgun
Bootloader may enable watchdog. The SPE needs to disable WDG on successful boot. Change-Id: If45c2c182c4f9f2741757951d8ef13966a76d0ca Signed-off-by: Raymond Ngun <raymond.ngun@infineon.com>