Age | Commit message (Collapse) | Author |
|
Modify the build system (by removing restrictions) to allow boot data
sharing (measured boot) when the 'UPSTREAM' MCUboot repository is
selected as MCUboot v1.6.0 (current default bootloader) already includes
this feature.
Move target specific macros definitions to target specific header files
so that they are not only available in TF-M's MCUboot fork.
Change-Id: Ib30976419d9d668e588c2e4fdb9f42d90d57a7e2
Signed-off-by: David Vincze <david.vincze@linaro.org>
|
|
The definition of the 'tlv_len' field in the shared boot data entry
header differs in upstream MCUboot repo and in its TF-M fork.
In the upstream repo the 'tlv_len' only covers the length of the payload
but not the size of the entry header. But in the TF-M fork the 'tlv_len'
covers the size of entry header and payload together. This discrepancy
is distinguished during the shared boot data processing based on which
MCUboot version is used along with TF-M runtime.
Change-Id: I0cc4b2a2e6c53d125514b1da7e44be474abdd9e4
Signed-off-by: David Vincze <david.vincze@linaro.org>
|
|
Removes the REFERENCE_PLATFORM build variable as it is no longer
required.
Change-Id: I6572f0bd377474af473a66838045360cc430f751
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Changes the common configuration to disable the ITS and PS RAM FS by
default, even when running the regression tests. Testing with persistent
storage allows for greater coverage of scenarios such as initialisation
with existing storage and correct erasing of flash before overwriting.
The setting can still be overridden in the platform CMake config, or by
providing it on the command line if flash wear is a concern.
Change-Id: If950e13d5f89ff164b47ed8d6602cdef5d4d6b5e
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Setup SYMMETRIC_INITIAL_ATTESTATION in CommonConfig.cmake.
Enable Initial Attestation service and symmetric key algorithm
based Initial Attestation in TF-M Profile Small Default config.
Change-Id: I728d968108eb3e7050ca2e2522191f005ac489b4
Signed-off-by: David Hu <david.hu@arm.com>
|
|
This patches renames SST(Secure STorage) to
PS(Protected Storage) for files, folders and any contents
in files to align with the PSA Storage API spec.
Change-Id: Icf991f59512875780c159f22737b521b3b2d4924
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Update the IAR CMSE_FLAG handling for 8f17a711
Fixed a few warnings about unused variables with IAR
Disabled some harmless warnings for IAR
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: I7197ae009e3e85bcb8d8b21b7528108d966ee330
|
|
Control checking for hard-coded claim values in the attestation suite
by introducing the 'ATTEST_CLAIM_VALUE_CHECK' flag. When set to 'ON',
the test will check if the claim values match the constant values found
in 'platform/ext/common/template/attest_hal.c'.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: I22ab1471609d6b931deaf97f31cb3a0dcd83fda0
|
|
In CommonConfig.cmake, check if a Secure Partition is already
disabled/enabled in top-level configuration file.
If so, keep using the setting from top-level configuration file.
Otherwise, continue the default setting.
Change-Id: Ie4d8220fc775d455c3a1ff981a602ff0e99155ba
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Remove the 'INDIVIDUAL_SW_COMPONENTS' feature, which has been
deprecated for a while. From now on, initial attestation service
will require SW components related claims to be CBOR encoded in
advance (build time or by bootloader). The initial attestation
service just copies the CBOR object from the shared memory area
and inserts it to the token, without applying any encoding on it.
Removes all mentions of 'INDIVIDUAL_SW_COMPONENTS' and
'ATTEST_BOOT_INTERFACE' from attestation, MCUBoot and CMake.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: I14a3a273d70ee1f94d18c78ae8a8b52a7d8f085b
|
|
New option : -DPSA_API_TEST_STORAGE=ON
Example usage: -DPSA_API_TEST_INTERNAL_TRUSTED_STORAGE=ON
-DPSA_API_TEST_PROTECTED_STORAGE=ON
-DPSA_API_TEST_STORAGE=ON
Change-Id: Ib3dbe7d5e7e8281855b7b7c6021820ef2dedfa4b
Signed-off-by: Vinay Kumar Kotegowder <vinaykumar.kotegowder@arm.com>
|
|
Assign '-fno-builtin' to avoid optimizing toolchain library functions,
this could ensure a safe overridden on toolchain library functions
(mostly libc functions).
This flag is supported by Arm Compiler and GNUARM toolchain.
Arm Compiler needs one more '-nostdlib' to disable all optimizations.
Otherwise, some symbols like 'snprintf' still are optimized and lead
to a link error when default library is not provided:
'Error: L6218E: Undefined symbol __2snprintf'
Change-Id: I464e1e47fa6370feeb041f72d1ffff1b585af71f
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
This is a major type-mismatch cleanup and warnings elimination.
The IAR toolchain runs with more warnings enabled than ARMCLANG or
GNUARM, which has resulted in this effort.
This should make it easier to enable "pedantic" mode also for GNUARM.
There are still a few warnings about jumping past variable
initialization and falling off the end of non-void functions, but there
are comments in some of these parts that implies that this is done to
catch programming errors, like having case labels for all possible enum
values.
Reordered initializer in tfm_attestation_req_mngr.c to eliminate CI
warning.
Disabled "Pe940" warnings in CommonConfig.cmake to suppress warnings
about inline assembly functions declared to return value that doesn't
declare a return value in the __ASM() statement.
Disabled "Pe546" warnings to supress warnings about jumping over
unused initializers.
Fixed what appears to be a copy/paste bug in tfm_ss_core_test.c.
Removed unused variable "ret" in Driver_PPC.c for AN519 and AN521, to
make it similar to AN524.
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: I2b729c73e4b004cff6b0530cc1350fcf900e4272
|
|
- This patch contains IAR specific changes to a few source files,
mostly #pragmas to allow calling external functions from inline.
- Startup code and linker scripts
- cmake files
- cmsis file for the IAR compiler
Other targets are added in later commits
There are still lots of warnings generated for non-standard C, which
I plan to address in later updates
- Cleaned out some dead definitions in the common linker script in
preparation for psoc64 integration.
- Made sure that .rodata from tfm_its_secure_api.o is placed in
TFM_UNPRIV_CODE, which otherwised caused a memory management fault
in test TFM_ITS_TEST_2023 when compiled without optimization.
- Added dummy initializers to tfm_secure_irq_handlers.inc.template to
avoid illegal empty arrays.
- Reworked the iovec_args_t struct handling in tfm_func_api.c, which
was causing runtime errors when compiled with optimization.
According to the compiler developers the old implemetation is
illegal, you are not allowed to use the address of a scalar as an
address outside of that scalar.
- Added conditional around ".syntax unified" in tfm_nspm_ipc.c.
- Added "template" attribute for the IAR linker script in
tfm_generated_file_list.yaml.
- Cleaned up some indentation and tab/space issues
Change-Id: I8599d461f62194bc734e472a28d7111ba3b5046a
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
|
|
The patch includes 3 refines:
1. Removes deprecated TFM_LEGACY_API config
2. CORE_TEST_POSITIVE tests can be enabled only in TFM isolation
level 1. The check is currently done in the non_secure_suites.c.
This patch moves the check from source file to CMake file to
align with the other test suites.
3. Removes extra #if check for audit log test suite in source code.
The check has been done in CMake
Change-Id: I1b28f5f5139a0ff762f73334aadd38a931440b29
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Don't define the C macro __ARM_FEATURE_CMSE at all, as that is done by
the compiler by passing the -mcmse (or equivalent) switch to the
compiler command. Also don't pass command line switch -mcmse to compiler
in case of NS build.
Change-Id: If9ab8e879b81b63b97c6785320225537004b35b1
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
SST calls ITS APIs as its backend filesystem.
So it's impossible to build SST without ITS.
This patch forces to enable ITS when SST is enabled.
Change-Id: I09866c2d96c2b3b64e7c32b556d32ed078098636
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
To keep macro align with psa-arch-tests. Changes:
PSA_API_TEST_SECURE_STORAGE
-->PSA_API_TEST_PROTECTED_STORAGE
PSA_API_TEST_ATTESTATION
-->PSA_API_TEST_INITIAL_ATTESTATION
Change-Id: Icf3d0434cc863fe38704fddff37982754edeae75
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
|
|
Add a config macro "CONFIG_TFM_ENABLE_MEMORY_PROTECT" to control if the
memory protection function is enabled or not. The default value is "OFF"
and it is set to "ON" when the isolation level greater than 1.
Change-Id: I3e5495c97183e07a0f9b82ea4923ea20ee10071a
Signed-off-by: Edison Ai <edison.ai@arm.com>
Co-authored-by: Shawn Shan <shawn.shan@arm.com>
|
|
This change modifies the build system to support linking
the PSA FF compliance test static libraries at secure and
non-secure side both.
Signed-off-by: Jaykumar Pitambarbhai Patel <jaykumar.pitambarbhaipatel@arm.com>
Change-Id: I5ba925752afbe9f5a15f8df4ae12e44e712435a9
|
|
Add an option flag TFM_MULTI_CORE_TEST to control multi-core
specific tests. The multi-core platform should explicitly set it to
ON to enable multi-core tests.
Change-Id: I3f6e6aaa0ecaa109db1a503a26e05bb52f12f07c
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Secure context management is only needed in multiple secure context
model. This patch adds a build flag to disable context management.
It's set to ON by default.
Note that the NS client ID functionality will lose if secure context
management is disabled.
Change-Id: I06ed4fdee20a0192c54e2d08d453ee965ee3cbfc
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Enable building TF-M with the original MCUBoot (alongside the forked one
in the TF-M repository). Before building with the upstream MCUBoot repo,
it must be cloned into the TF-M base folder (into which the TF-M was
cloned previously) and the -DMCUBOOT_REPO=UPSTREAM option must be added
to the command line at the CMake configuration step.
The MCUBOOT_REPO option determines the repository from which it will use
the MCUBoot. By default it will use it from the TF-M repository.
Add description of how to build TF-M with upstream MCUBoot to the
documentation.
Change-Id: I2cfa55039943a9ac919156570120367d9603a816
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Introduce the BOOT_DATA_AVAILABLE CMake variable to indicate whether
boot data is available in the shared data area (between the boot loader
and runtime firmware). If it's false the content of the shared data area
will be ignored and thus all the tests will pass for example when TF-M
is used with a boot loader that doesn't provide any boot data or when a
boot loader is not used at all.
Change-Id: Ic6d32cfdc8741018c6668692d64f81236006b593
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
To have more granular config options for attestation
separate the test code and COSE key-id inclusion to be
dependent on different compile time options.
Change-Id: I351ce445f7beacf3378bbec4f740923bcd352f90
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
This is already the mechanism to build secure partitions conditionally.
Only audit log and platform service partitions were using it.
This patch applies it to the reset of the secure partitions and
takes care of the dependencies.
Change-Id: Icc94db113cf90ed20c84c57a52e85756dba342f0
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
The SST_TEST_NV_COUNTERS should be set to ON only when SST regression
is ON for all level of isolation.
This patch first moves out the test configurations out of
test/CMakeLists.txt to a seperate file for CommonConfig.cmake to
include and then set SST_TEST_NV_COUNTERS to on when SST regression
is on.
Change-Id: Icc7c7086023d73f2570ef27233abc2cdc0c480e0
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Extract the identical dummy_device_id.c from targets and merge its
content to attest_hal.c under platform/common/template.
Remove BUILD_DEVICE_ID flag from build system.
Change-Id: Id25ecaa326a5c0abb6d56d9ff3cccad09465f05d
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Extract the identical dummy_boot_seed.c from targets and merge its
content into platform/common/template/attest_hal.c.
Remove BUILD_BOOT_SEED flag from build system.
Change-Id: I60cb12f0613ad60a2f06e4694b5f40d8576820cc
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Perform a partial synchronization between the MCUBoot files in TF-M
and in the original repository. The hash of the source commit in the
original repository: 4f0ea747c314547daa6b6299ccbd77ae4dee6758.
Main changes:
- Remove current_image global variable and make it part
of the boot state struct
- Update routines to receive the boot state by parameter
- Refactor dependency check functions
- Reorganize the flash map and related files
- Fix swap status control
Change-Id: Ibe948792b306e96282fb82447bb3f05a0c6389ef
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Improve and fix the multi-core build configurations in
CommonConfig.cmake
Change-Id: I1e8abe81edaa6e76901f27ab02f2e8cbb15cc9a6
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Enable Platform Secure service in IPC model
- modify Cmake files to build the service for IPC model
- create NS API source file
- add IPC model implementation to secure API file
- add services to Platform Secure partition's yaml file
- declare IPC support for the Platform Secure partition in
tfm_manifest_list.yaml
- enable reset service /SPM request in IPC mode
Change-Id: I553b7c64bb90c65e6200c619b7c0b30881bf490f
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
Replace the dependency on mbedtls with the version of mbedtls packaged
with mbed-crypto.
Change-Id: I17a68f904c9cd68085ecb4432a7a10d6b64494a1
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Adds an SST test partition, which can be used to call the
sst_system_prepare() function from the SST test partition's
context.
Change-Id: Ib07a88e5f05fc181da2b9276279e57618fb059e4
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Support is provided for both the PSA IPC and Library models.
To enable platform specific SVC handlers, add
-DPLATFORM_SVC_HANDLERS=True to the CMAKE command line.
When PLATFORM_SVC_HANDLERS is defined, user must provide an
implementation of:
int32_t platform_svc_handlers(tfm_svc_number_t svc_num,
uint32_t *ctx, uint32_t lr);
Change-Id: I5fc641038732d2630e954f6c9b12df929b65c24a
Signed-off-by: Alan DeMars <ademars@ti.com>
|
|
Force CMAKE_BUILD_TYPE to be lowercase. Change all local cmake tests
that check it to lowercase.
Change-Id: I7465c22a86dcc7e5ff1802b43d1af74de5ba8b43
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Use the build time generated measured boot record structure which is
already CBOR encoded for the creation of the SW_COMPONENTS claim, but
also keep the backward compatibility.
Set the default value of ATTEST_BOOT_INTERFACE to 'CBOR_ENCODED_CLAIMS'
so the bootloader will copy (after a successful image authentication)
the content of the boot record TLV to the shared data area instead of
the individual SW component claims.
Change-Id: I33f1a89f8b2befed914c6ea9c77b1e0f896d27d7
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
This patch provides an alternative implementation of the
boot_save_boot_status() function which can read the already CBOR encoded
measured boot record from the image manifest and writes it to the shared
data area (between the bootloader and runtime SW) instead of copying the
individual (not encoded) claims separately.
Add new ATTEST_BOOT_INTERFACE variable to the build system to be able to
switch between the two behaviours.
Change-Id: I9ee66a5174cb5b851a79262decd35192cae7cc27
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Updates the CMake files to make it possible to link against the
PSA API tests for ITS and makes corresponding updates to the build
instructions.
Change-Id: Ic61788e7253be623cb5da1c2631ebc720be0892f
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Implements the secure and non-secure top layer of the ITS service,
including a new manifest file, and generates the required veneers.
Updates the partition manifest with added SIDs. It also adds the
necessary CMake files to build the ITS service.
Change-Id: I6d66b01de56145d24a0bcbf0597ca158b6da3386
Signed-off-by: Tudor Cretu <tudor.cretu@arm.com>
|
|
Clearing RAM to not leak accidentally any sensitive
information to software components running after boot.
This change also addressing the conformance with
the R30_TBFU_EXEC rule in PSA-TBFU spec (version 1.0.beta.1).
Change-Id: I173ecee9f2c163d385d74c2f14887ed655df7cd5
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Due to code size optimization reasons the test code is
removed from the TF-M release build. Some attestation test
cases (short-circuit signature, get minimal token, passing
option fields to attestation service) only available in
debug builds.
Change-Id: I17f44604bbd30b1d9098a7f6d13a1ca21d5c80ae
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
As part of the optimization work, a compile time switch was
introduced to make possible to exclude the optional claims from
the initial attestation token. Removal of optional claims reduces
the token size and the code size as well. Default behaviour is to
include the optional claims.
Change-Id: Ib48789f8cce1c8fa971ab46d4e09bf2f6bd628a1
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
If the build type is not set explicitly on the command line
then it is unknown what optimization and debug symbol settings
the compiler will use. This patch eliminates this vagueness.
Change-Id: I0493e58ab991d205ba634f7381a69faa07646101
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Enable building multi-core TF-M in a single building execution.
- Add MultiCore.cmake to support bulding in multi-core scenario.
Provide functions to platform specific cmake script to select
secure or non-secure configuration, including cpu type and
platform specific definitions.
- Add a building flag TFM_BUILD_IN_SPE to indicate whether current
building is for SPE or not.
- According to TFM_BUILD_IN_SPE flag value, select corresponding
configuration.
Change-Id: Ic1aca49190af9a9a5ec8ef1b855239a839fabe65
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Twincpu is a system that runs SPE and NSPE on two separate
CPU cores. It assumes secure and non-secure code to be built
independently with different CPU configurations.
Use preprocessor option TFM_MULTI_CORE_TOPOLOGY to skip unnecessary
operations in multi-core scenario.
Add configuration TFM_MULTI_CORE_TOPOLOGY to skip unnecessary
files, definitions or sections during building.
Change-Id: Ib94908c17d9ce80a33f0f1a33d9bd086bd16c751
Signed-off-by: David Hu <david.hu@arm.com>
|
|
- Split nspm into 2 files for IPC and library models
- Clear contents of some unused functions in IPC model, but keep
function definitions to avoid build error.
- Disable TFM_NS_CLIENT_IDENTIFICATION in IPC model.
Change-Id: Id00293a2fa3f4a183b4bef9cafb11f1a75e61e8d
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Adds AN539 platform support files. Adds a new target platform to
the build system: "AN539".
Change-Id: I27336502f9526b0e5476d0d594c2d24fb73e72dc
Signed-off-by: Marton Berke <marton.berke@arm.com>
|
|
Decouple the control flag and logic between Core test, IPC test and
Regression test.
CORE_TEST, IPC_TEST, REGRESSION can control Core test, IPC test and
Regression test respectively.
Change-Id: I0952e7572abe0229b9a09022484573e8805b16b3
Signed-off-by: David Hu <david.hu@arm.com>
|
|
This patch modifies the build system to sign the secure and non-secure
images independently if the MCUBOOT_IMAGE_NUMBER build time switch is
greater than 1. This way the bootloader will be able to handle and
update the S and NS images separately.
Add separate security counter and image version variables for the S and
NS images in the build system. They can be specified at build time with
the SECURITY_COUNTER_S/_NS and IMAGE_VERSION_S/_NS defines.
In that case if any of the security counter values is missing, the
counter value will be generated just like in case of single image boot
(derived from image version).
Change-Id: Ia971fda818b92a7b27ee26f1b3893986322fd62e
Signed-off-by: David Vincze <david.vincze@arm.com>
|