Age | Commit message (Collapse) | Author |
|
Update the psa arch test version.
Change-Id: I4ab265fe7c86636920d19e60b70dbbe3c76dca27
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
PLATFORM_DUMMY_NV_SEED and CRYPTO_HW_ACCELERATOR
should not be disabled at the same time.
Only one of them should be set to ON.
Change-Id: I1c0c5b187734e3a49b0cea9a3562693bd1d0e11c
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
This reverts commit e21144c46f540747947db361932613eb5d77f2bb.
Reason for revert: Minimise changes in core during code freeze unless it is essential for the release. This PS must be applied immediately after release v1.4.0
Change-Id: I15f39c0a093c75841c051d015a9b9202db848fcd
|
|
Define client ID and UID in the PS Crypto ref structure, to replace the
static array. Therefore, it can prevent defining a static array with
a fixed length of psa_storage_uid_t, whose size may actually vary.
Change-Id: I1f9934638807725ae47f9a0eeaa339de89eeeaa4
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Update the TFM_TEST_REPO_VERSION which align with mbedtls-3.0.0
and support crypto single-shot test cases.
Change-Id: Ic61e5a4b31395df0864b21dac28ca02d62f25328
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Change-Id: I402532359fdb6fc8aa8605712465025412a87e74
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Expand CMSE_VENEER_REGION_SIZE for musca_b1.
Change-Id: Iebbae7cd4a76e2151bf545c7cf7f866e9094fa4e
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Change-Id: I97de9292688e4991d7414e176c3bab96c84345cd
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
MBEDTLS_TEST_NULL_ENTROPY is removed from mbedtls 3.0.0.
Change to use 'MBEDTLS_ENTROPY_NV_SEED' as the default entropy source
if a platform doesn't generate entropy from hardware.
Change-Id: If03c9dec3c6fb0d7bb98721963ac2142d43ed00d
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Source key and target key should be allocated in different
handle_owner slot.
Change-Id: Ia3052c24fb0dd4489bb2a12ac4611bc9f4a597b1
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Add support for crypto message signing operation:
-psa_sign_message()
-psa_verify_message()
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I685d4c12c8c132ce4ce0c79542ad9143076f3600
|
|
Add support for 'psa_cipher_encrypt', 'psa_cipher_decrypt',
'psa_mac_compute' and 'psa_mac_verify' since mbedtls-3.0.0 has
implemented them.
Change-Id: Iec2c5799cd7e44a9f478bd1f36234bdc548a559e
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
- Remove deprecated macros and functions
- Enable SHA-224 cryptographic hash algorithm by 'define
MBEDTLS_SHA224_C'
- Enable SHA-384 cryptographic hash algorithm by 'define
MBEDTLS_SHA384_C'
- 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by
mbedtls-3.0.0
- 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0
- mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs
to align.
Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Some functions and macros are deprecated in PSA Crypto spec 1.0.
Align them with the spec definition.
Change-Id: Icc2a8c6fe245873ea76b3e0a1bdf32a87fd016ad
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
There could be the following case that SPE would stuck in Idle
Partition:
- The NSPE preemptes the Idle Partition
- A Secure Interrupt then preempts the NSPE
- The interrupt handling triggers scheduling.
- But the NSPE was preempted, scheduling is skipped to avoid context
mismatch between NSPE and SPE
- Execution goes back from NSPE to SPE
At this point, some events from the resumed Partition to trigger the
scheduler again is expected, for example a psa_wait or psa_reply call.
But the Idle Partition does nothing.
So this patch adds a dummy psa_wait to fix this issue, using PSA_POLL
to avoid the Idle Partition being set to "BLOCK" state.
Change-Id: I69e79b25ba88eea40d18b1c7c29690bc1cadf242
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
psa_wait() should always activate scheduler if the expected signal
is not asserted.
Change-Id: I7b910320e7c473b30ef764fdf19f2a04195fa3b1
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Add NULL service check after getting the stateless service to
avoid NULL pointer reference.
Change-Id: Ia409f7fe88191291b93c6effb1a956b88df2e78b
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Synchronized platform/ext/target/nxp folder with MCUx latest SDK port:
- Common:
o Replaced Driver_Flash.c with Driver_Flash_iap1.c in CMSIS_Driver
o Deleted mini_mbedcrypto_config.h, added mbedcrypto_user_config.h
instead
o Added crypto_hw.c
- LPCXpresso55s69:
o Deleted lpcxpresso55s69_mbedcrypto_config.h
o Updated README file
Added -DTFM_PROFILE=profile_medium into build instructions
Added Linux/Windows and PyOCD/JLink tab sections
Fixed mistake in flash instructions for PyOCD
o Updated scripts
Added -DTFM_PROFILE=profile_medium attribute into build scripts
Fixed previous file removement in flash scripts
o Synchronized BL2 startup file with SDK
o Moved project_template folder from Native_Driver to
lpcxpresso55s69
o Automatically fetched common project template files from NXP git
(board, pin_mux, peripherals)
Signed-off-by: MartinaHanusovaNXP <martina.hanusova@nxp.com>
Change-Id: Id6a0c905bf7df1032bc3352c5907223e0ffcb2db
|
|
Fix -Wint-conversion warning when assign NULL to 'key'.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I41fe5423ffdbdeb9517696ed04d5bffdc7327dd8
|
|
Change-Id: Ia4150d99c8a4c0f73e94030864bb6baf7e75ef49
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Change-Id: If9e5749694300c22b4c8857c9c06f355bc4d0a46
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Turn warnings into errors in html generation, it helps to
maintain documentation.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I669f6f79d0917ff9e4ab70ab4420ad8763cc167b
|
|
Change-Id: I7b6c1f90b90ce199194ffe37e572562f293333f8
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Change-Id: Ic48ecedb9d857645bd8b3cb16f13ce1ac9c0641c
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
-Adds non static key labels for the key derivation
of the ps objects
-The (Client id + UID) is used as the label
-The ps_table still has a static label
Author: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Change-Id: I52af6278586cdee83008d3c8c73b41faa62e584c
|
|
Fix the warning of "'inline' is not at beginning of declaration".
Change-Id: Ic6e3f5cb5b9d4d018765412949de32b51d4cc5d4
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
When generating manifest files on Windows and the output option (-o) is
specified, there are different types of slashes in the include paths of
generated files (the part of specified folder uses Windows slashes (\)
whereas the rest of path uses Unix slashes (/)). This patch unified it
to use only Unix slashes.
Also it was deleted converting to absolute paths functionality when
specifying output folder, now it uses relative paths as it was
originally. This allows to update files in their locations even outside
the root folder of the directory.
Signed-off-by: MartinaHanusovaNXP <martina.hanusova@nxp.com>
Change-Id: I9469d658afbce001ce45abe2e61ccc2dc4b5a02d
|
|
- Simplify the template a little.
- Avoid declaring a 0-sized array if a partition does not
have services.
Change-Id: Id769ddc2283d9c4f9c0a92903baf70deeec112af
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Since platform is not built in small profile, Error_Handler defined
in platform service and used only by low_level_rng is removed.
Since stm platform does not support for now MBEDTLS_AES_SETKEY_DEC_ALT
and MBEDTLS_AES_SETKEY_DEC_ALT beeing defined in small profile, they
are undefined.
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Change-Id: I32c4808865558a6ce42105ef978b53740e8d52d6
|
|
The TF-M crypto service has been changed to stateless while crypto
service in Proxy Partition has not been changed. The crypto service in
Proxy Partition is not working. This patch changes the crypto service in
Proxy Partition to stateless.
Change-Id: I42f22ce199283150f37bf4c48f0d4faadefa215b
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
When the Secure Enclave is enabled, the host core does not provide
PSA RoT Services and Protected Storage services. Instead a Proxy
Partition is provided to forward service requests to the SE.
The manifest list does not need to include those Partitions. Having
those Partitions causes potential conflicts with the Proxy Partition
because they provide same services and use the same manifest items.
This patch adds a customized manifest list for Musca-B1 with Secure
Encalve and removes the Proxy Partition in the common manifest list.
Change-Id: Ib83ee415b7b3fc8a53eb59e2de42964f8c5fe326
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
The tfm_manifest_list.yaml is used by default and only extra
manifest lists are allowed for customization.
This patch makes the default manifest list replacable as well.
This can avoid issues that the extra manifest and the default
manifest may have conflict Partitions or there could be conflicts
within the default manifest list on some specific builds.
Note: The Partition configuration switches defined in "conditional"
are still required to set to OFF to disable building Partitions even
if they are not in manifest lists.
This patch also fixes the wrong directory in config/set_config.cmake
which happens to be correct when building.
Change-Id: Id701e174d511c8fe34d62e8a3ff4813460aab2e9
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: I90d70ac6363901e37cda7146ec17daad85408ee7
|
|
This patch enables the following IRQ tests by default so that
CI could cover the testing:
- FLIH test on AN521
- SLIH test on Musca-B1
Because FLIH and SLIH test can not be enabled at the same time,
let users choose which to enable on other platforms.
Note: Currently, FLIH test is only supported on AN519 and AN521.
Change-Id: I2c40b46841ac54a3c8bc5e788c9184047626db4a
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
This patch enables testing SLIH on isolation L2 & 3 by putting the
timer driver needed by the ARoT test Partition to SPRT.
This patch also change to build plat_test.c when either TEST_S or
TEST_NS is enabled. plat_test.c is not part of Platform Partition
but for test purpose.
Change-Id: I639ec956ca09ad45454e0e730f832231e9ab6d32
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Two of the functions in the mailbox directory are only ever called
from within the same file, so they should be static.
Change-Id: Id3fd7d8599d1740757f575378296a15406aa1b56
Signed-off-by: Chris Brand <chris.brand@cypress.com>
|
|
Without this fix, IAR is not building with DTFM_PSA_API=OFF
Change-Id: Ifc7b271d88cc24a07dd442a3693745d91b6b0d73
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
|
|
The build instructions for NUCLEO-L552ZE-Q were using the now deprecated
CMAKE_TOOLCHAIN_FILE setting. In fact, the build would fail as this
setting no longer accepts relative paths. There are two options: supply
an absolute path or instead use TFM_TOOLCHAIN_FILE. This patch applies
the second option.
Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
Change-Id: Id03dbf263afa466fc6c022a414d8d31b5bb40d5c
|
|
Library Mode does not support FLIH.
This patch adds config check for FLIH test being enabled for Lib Mode.
Change-Id: I567c9de279fcfba1bef6222a4a4070abf0be74bc
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
The access policy table for boot data should only have enabled
Partition.
Change-Id: I125e980f265df3798e6bcee7be8b0e9aa545b652
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Update Version of Test Repo
Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
Change-Id: Iad3c7a9f67677eebd54f67f8f900c5a0b7504c16
|
|
When build t_cose or attestation test suites, t_cose build failed
when NS crypto tests is not enabled. Such a dependency is incorrect.
This patch fixes t_cose build when symmetric attestation is enabled.
Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
Change-Id: I1b16edc5c62178a3a8c91e78db689e16ee586232
|
|
In Protected Storage partition, the IV which is used for
object encrypt/decrypto is protected by the PSA ITS service
together with the object data. When calculating the size
of the 'iv' field, byte alignment is out of consideration
which leads decrypt failure when reading an encrypted object.
Change-Id: I282152660bf4bddc4829b3ca2adb94143610d179
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Require tool librsvg2-bin in docs for user guide generation.
librsvg2-bin shall be installed to support
sphinxcontrib-svg2pdfconverter.
Otherwise, user guide build will throw out warnings that RSVG converter
command 'rsvg-convert' cannot be run.
Change-Id: Ic988b2771c0c5317b130bb37696c1c2833c162f7
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Collect all the design documents under a dedicated design_docs folder.
Update the links in other documents.
Change-Id: I2da761a11317144185e960c539f2245d3d46fd2a
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Update Sphinx version to 2.0.1 to align with that in requirements.txt.
Change-Id: I3420e823426d4c7cbb83271ddf0a1a974f7ae9f1
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Change-Id: Iec42e7f37b07ac9b9089351d3f6108ab05011049
Signed-off-by: David Hu <david.hu@arm.com>
|
|
In a previous change 362817f1713321203eb3147801e0711369060687
the timer driver was put into SPRT by default.
That change was actually for testing purpose only.
This patch puts timer driver to SPRT only when IRQ testing is enabled.
Change-Id: I8d7629d30b56f3982b041bbe8edf0c89a685f4bc
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
This fix is required for build with GNUARM.
Change-Id: I5e10e7b21104673e3f4f26eaf209bfb5b93e3954
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
|
|
Bootloader may enable watchdog. The SPE needs to disable WDG on successful boot.
Change-Id: If45c2c182c4f9f2741757951d8ef13966a76d0ca
Signed-off-by: Raymond Ngun <raymond.ngun@infineon.com>
|