Age | Commit message (Collapse) | Author |
|
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I92274fc6496219a2fef35db4cf02a6fe66f3a276
|
|
- Simplify crypto function SID. Each uint16_t SID consists of function
ID and group ID, without multi-part operation flags.
- Remove multi-part operation flags and relevant functions.
- Simplify group interface dispatcher in crypto_init.c
- Simplify operation handlings for multi-part steps to make the logic
more reader friendly.
- Refine the input/output vectors in psa_hash_clone() otherwise the
frontend and backend operation definitions will be mixed.
Change-Id: If45bd1c5e84364e4a4424c5d2843e151e1161d1a
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Change-Id: Ia0863dd3514b118f6c95358922bfa70f0f0a6b0c
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Adds RSS communication driver for arm/rss platform.
The RSS comms driver functions as the protocol layer in the
inter-core communication and uses MHUs as the transfer layer.
Change-Id: I52333b97e3b7a0ec5a5b011936af5492b9edda47
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
Ailgn FWU service to FF1.1 and convert it into a stateless service.
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: I5719b52e30ba839ab36094005c6e9fc56ad26962
|
|
This patch restructures the way the underlying APIs that
implements the PSA Crypto APIs are interfaced to the TF-M
Crypto service through a thin shim layer. The size of this
layer is reduced by nearly 45% on the default configuration.
Also, it removes the check for parameter number and size on
each function call as that is a redundant check as per the
overall threat model of the interaction between the crypto
service and the partition manager.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I07165bad00346cd12cf63620532f55da0c5d1262
|
|
This patch:
- Removes the duplicated 'client_id' in conn_handle_t as there
is a 'cliend_id' in psa_msg_t struct already. 'client_id' will be
populated by tfm_spm_fill_msg().
- Removes the 'magic' member in conn_handle_t as its validation
can be covered by 'is_valid_chunk_data_in_pool()'.
- Simplifies the input args of handle creation and free API.
- Creates an API to get spm working handle from the client handle,
it is an equivalent API of 'spm_get_handle_by_msg_handle()',
which is used for partition APIs to get the spm working handle
from message handle, and validates the partition id.
- Simplifies the check inside the handle validation API, moves the
check of client id to the new API.
Change-Id: Ia81d868071f7ffe5a79fae97e12a67c56056e5bb
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
This patch adds the interrupt handling support for SFN backend:
- Add two new ops in backend
- Add IRQ APIs for SFN interface
Change-Id: If5c694800f6c882f5852c9092143f4db5f0f4bd1
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
The templates have some logics and validations.
Those codes in jinja2 are not easy to write and understand.
Also the script throws errors earlier than template generated source
codes.
This patch moves amounts of those codes into the python script where
logic and calculation codes are much easier to write and read.
Change-Id: I4e9149b675123ed401fc182b30381ef105d628a7
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
- Make PSA_FWU_MAX_BLOCK_SIZE and internal buf for block write
configurable.
- Decrease the stack size of FWU partition to a reasonable
value.
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: I8aa115d7824bf887b4fe0814c4bdb1dfd3407ce7
|
|
The doorbell APIs are not widely used.
This patch adds a build configuration for them to save memory by
disabling the APIs.
Corresponding changes are made as well:
1. SFN_BACKEND does not support doorbell - it does not provide the
doorbell APIs, so the config should be disabled by default.
2. The psa_wait in SFN backend can be removed as well since neither
of the API consumer, interrupt or doorbell is enabled.
Change-Id: I7c367dc0724f915ec2932b6c29db54bdfac06fa3
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Add configs of optionally building FF-M interrupt APIs. Build:
- psa_irq_enable() and psa_irq_disable() for either FLIH or
SLIH enabled.
- psa_reset_signal() for FLIH enabled.
- psa_eoi() for SLIH enabled.
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
Change-Id: I0822f96c1e827181edf34a409b357b7e81485dc4
|
|
The manifest tool has two places (config_impl.h and config_impl.cmake)
to check SFN/IPC Partitions numbers.
This doubles the maintainance effort.
This patch moves those checks forward to the manifest script.
This patch also adds back all the SPM configurations to config_impl.h
so that all sources need them only have to include the head file but
no need to add compiler definitions.
This patch removes the backend.c and builds the backend_ipc/sfn.c
according to the configurations.
Change-Id: I8da72bccc547df6ee4b2503869daf490b04bcf8b
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
The Secure Function (SFN) is a new terminology introduced in
FF-M v1.1 to refer to RoT Service callback functions.
The "SFN" in crypto is not the same.
This patch renames the SFN/sfn to srv to avoid confusions.
Change-Id: I2e57332fa8c3e71044f2ff73d70cb94f4863ceb3
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
1. config_impl.h is not for Library Model, adds #ifdef TFM_PSA_API
for it.
2. Library Model shares the "entry_point" or "entry_init" in manifest
It should also has checks on these attributes.
Change-Id: Ie905794ef0ab1f6a0729d0b16eabf0ec9ac2587f
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
When there is no connection-based service,
the following PSA APIs are optional:
- psa_connect
- psa_close
- psa_set_rhandle
Currently, they are always built, linked and not removed
because the SVC handler references them.
This patch adds a config CONFIG_TFM_CONNECTION_BASED_SERVICE_API
so that they can be excluded and save memory footprints.
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: I0205ca6a569d375fb1879ab673470a4b2a7a7c01
|
|
tfm_ns_mailbox_thread.c uses the is_full element unconditionally,
so it needs to always be present.
(I thought I should be able to trigger a compilation error to show
this, but it turns out that tfm_ns_mailbox_thread.c is only ever
installed, not built).
Signed-off-by: Chris Brand <chris.brand@cypress.com>
Change-Id: Ifd13a0e09a0d4274f0c5a78a0e9bb967791b5ea9
|
|
1. Enable FP usage in SPE and NSPE by same parameter: CONFIG_TFM_FP
(soft and hard ABI types) for IPC model.
It doesn't support LIBRARY or SFN model at current stage.
2. Enable lazy stacking by CONFIG_TFM_LAZY_STACKING (OFF, ON).
Note: Same FP ABI type shall be used for SPE and NSPE at the same
time, for FP design in Armv8.0-M architecture requires consistent
FP ABI types between SPE and NSPE.
Signed-off-by: Feder Liang <Feder.Liang@arm.com>
Change-Id: I186d55d0a9d47b8d49693c919a6fcd1e061dc36d
|
|
Currently, different models configuration such as
CONFIG_TFM_PSA_API_xxx_CALL are configured in generated header
file config_impl.h. CMake build system has no information on
which model should be built. As a result, files for different
models are always build in IPC model, such as psa_interface_cross.c,
psa_interface_sfn.c and psa_interface_svc.c.
This patch:
- Generate CMake variables for each model.
- Configure the build system based on generated CMake variables.
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: If3f92b07b618b13ca596306ffd19867010de83b7
|
|
- Move NS mailbox test structure and API into a dedicated header
file tfm_ns_mailbox_test.h.
- Replace ns_mailbox_spin_lock()/unlock() with
tfm_ns_mailbox_os_spin_lock()/unlock(), which are implemented by RTOS
specific implementation. It decouples NS mailbox from CMSIS.
Change-Id: I22e8ce1df849529066429dda0640772a68161c60
Signed-off-by: David Hu <david.hu@arm.com>
|
|
This patch adds support in the TF-M Crypto service
frontend for AEAD multipart APIs.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I81b55bc6ae1b0e1c1c015c90577518328a3286fa
|
|
This patch creates a partition_statistics dictionary
to manage ipc_partition_num and sfn_partition_num.
It makes the scripts more readable and easier to maintain.
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: Iee76f011c0611f77e8362105220bf4d7436e15a9
|
|
Update TF-M to migrate to Mbed TLS v3.1.0. And cherry-picks from
the feature-cc-psa-crypto-drivers branch the following patches:
* [2a233b8] CC312: Access curve info members w/o private suffixes
* [330b0ba] CC312: Stub multipart CCM APIs
Change-Id: I850cc171fd8c8857150cfef0f2366a4564b27959
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
|
|
Name "thread call" could not explicitly reflect the behaviour
of call type. This call crosses between caller and callee stack,
which enables caller and callee context to be sealed in their stack.
Rename this call with "cross call" to make the code more readable.
It will also benefit the upcoming optimization work.
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: I7d2de563b6f498bde70e302065e743344d2a20fc
|
|
The config_impl.h is meant to collect runtime features, the header file
psa_interface_redirect.h is unrelated, it should be included in
psa_config.h directly.
Change-Id: I47c8824f70889901fbc5ed150fc424b3e6e97320
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
This patch provides the MMIOVEC APIs for the SFN model.
Change-Id: I86a5b0e303b6212d96ea4f493e9f985aa5f9ccac
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
Current FP implementation only support IPC model in TF-M, add invalid
check for FP support in hybird or hardware ABI type if SFN model is
enabled.
Note:
At current stage, FPU is only enabled in SPE. NSPE is not allowed to
access FPU when FPU is enabled for SPE only.
Signed-off-by: Feder Liang <Feder.Liang@arm.com>
Change-Id: I915d76dbc6f82d762e28007cee68a99aac32367d
|
|
Remove the error from pid.h.template for a partition with a pid
< TFM_SP_BASE. This allows manifests to be used for the idle and
non-secure agent partitions.
Change-Id: I6331788de68741bbc95ce17d5f8a6176cf43753d
Signed-off-by: Chris Brand <chris.brand@cypress.com>
|
|
A backend for implementing 'SFN'. This runtime backend is selected
if:
- All partitions included in the current build are 'SFN' partitions.
- Isolation level 1.
The configuration is generated by tooling, and output to the
generated file 'config_impl.h'.
Change-Id: I819c78c7a912f86174d102d389a2714ae17e5062
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
- Restrict variable replacement on "@VAR@" only
- Set PSA_FRAMEWORK_ISOLATION_LEVEL before configure_file
- Add invalid config check on:
TFM_LIB_MODEL AND PSA_FRAMEWORK_ISOLATION_LEVEL
Change-Id: Ib3a681716dfb148f62ca4ea0c03b2de9a65b7ca5
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Discovering framework feature availability is required by FF-M v1.1.
It's provided in a new header psa/framework_feature.h.
As the framework features are usually coupled to build configurations,
this patch adds a framework_feature.h.in to let build system generate
the framework_feature.h base on build configurations.
This patch also fixes the TFM_ISOLATION_LEVEL validation to limit it
to [1, 2, 3] only.
Change-Id: I8b0d8e14a244f53dfd02b8e7b5da5aa57ca99077
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
- Add APIs for mapping and unmapping Secure Partition RoT Service input
and output vectors.
- Add changes to existing Secure Partition APIs when enable MM-IOVEC.
They are psa_read(), psa_skip() and psa_write().
Note: MM-IOVEC can only support isolation level 1 currently.
Change-Id: I424181025622cb2520bc7a3ab41e305ea722ace3
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
Use global arrays as stack of the ns agent partition instead
of the ER_INITIAL_PSP. The stack size related settings are
added into the 'config_impl.h' template file.
Change-Id: If8443c6fe02d3f1547c637bd51f0a7352aead0c1
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Since the manifest tools is aware of Partition enabled status,
there is no need to add condition check in templates.
Change-Id: I6ce803f9194dbc30a41b1d08a719959df07fba2b
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
Under the SFN backend in isolation level 1, partitions do not need
dedicated stacks since they can work on the caller stack. Let the
tool calculate the sum of stacks and provide for further usage.
NS Agent can allocate stack with this sum since it is the initial
caller of all access.
Change-Id: Iee4ae996fc43cf1fc7f4c1d468372ae5c194bb4f
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
Co-authored-by: Ken Liu <ken.liu@arm.com>
|
|
As LOG_MSG is cleaned up, its implementations codes should be
removed as well.
Change-Id: Ib5afadb88185ca843a9ca46c4baa3e91a5e5c0b0
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
This patch redirects PSA API into a customized 'thread call' ABI to
make it execute in thread mode, when:
- Runtime backend IPC and Isolation Level 1.
This 'thread call' ABI happens in 'Thread mode', and:
- Switch to SPM stack after PSA APIs are called. The working stack
re-uses the NS Agent stack to save runtime memory or allocated a
dedicated stack for it if no Trustzone NS Agent is available. No
need to make SPM working under 'Handler mode' in this case.
- Lock scheduler to ensure PSA API context is not nested because of
scheduling. The locking is performed by setting a flag, and the
scheduler entry checks this flag to decide schedule or not.
- When PSA API returns, switch back to the caller stack. And trigger
scheduler in the caller stack if a scheduling is expected. This
helps the scheduler context management.
- SPM functionalities other than PSA API are still using SVC-based
implementation, such as SPM initialization and log info flushing.
The content of this patch:
- Define interfaces, ABI dispatcher and architecture modifications
to support handling PSA API under thread mode.
- Related header file and source path adjustment to help the build pass.
- Adjust IDLE partition stack size to make runtime execution work, the
original size is too compact to run under debug build of specific
platforms.
Change-Id: I52add3f57ef0f958d25725efb4eb702617586907
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
Co-authored-by: Mingyang Sun <Mingyang.Sun@arm.com>
|
|
TFM_NS_MANAGE_NSID build flag is added to enable NSPE
managing client_id both in library model and IPC model.
Signed-off-by: Sherry Zhnag <sherry.zhang2@arm.com>
Change-Id: I4e8d1bf8967de442787f4989d2bb8e371f78bef6
|
|
The Non-secure client extension is the interface to the non-secure side
for managing the non-secure client context in TF-M side.
For now, the context is used for the non-secure client ID only.
Signed-off-by: David Wang <david.wang@arm.com>
Change-Id: I374ebb2ee148165a3e1d77665cf39a6941087bb6
|
|
Partitions need to add CFlag 'CONFIG_TFM_BUILDING_SPE' when
building to help decide the correct redirecting interface.
This flag affects 'psa_interface_redirect.h', while this file
is put in secure_fw which hards out-of-tree partition build
including.
Move 'psa_interface_redirect.h' into interface folder for
out-of-tree partition including. Also, update the workaround
to append this flag to psa_arch_test build targets.
Signed-off-by: Ken Liu <ken.liu@arm.com>
Change-Id: If8dbd10afce63d6e9309e6815d3a5dd1f014bd37
|
|
The existing PSA interface is based on Supervisor call, it is
feasible to make it based on other ABI type such as direct
function call. Create an ABI type indicator for the existing
PSA Interfaces, redirect the prototypes in PSA headers to a
final definition with the '_svc' suffix.
- Involve 'psa_config.h' and make secure PSA interface redirect-able.
- Define a flag 'CONFIG_TFM_BUILDING_SPE' to indicate which PE build
is ongoing.
- Define 'CONFIG_TFM_PSA_API_SUPERVISOR_CALL' to indicate the current
redirecting ABI for PSA interface.
- Other adjustments to support the changes.
Change-Id: Id58b12df84c0e8fd1d029e8e72c2eb8340a89a52
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
|
|
For implementation runtime model configurations. If there is no
IPC partition, the runtime model can be set as SFN. And the
runtime model is IPC by default.
Generate file 'config_impl.h' to indicate the current runtime
model. This file can be referenced by components like SPM,
partitions and interfaces.
Change-Id: I584ada22446a0da67d15e95d8a64a8700f82c75a
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
|
|
Remove tfm_crypto_set_key_domain_parameters() and
tfm_crypto_get_key_domain_parameters() functions.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: Iec136075e7df5975f2235c3de5f2689e06660381
|
|
Change Initial Attestation services to one stateless service.
Change-Id: Ie4578df8c4295e8c8e74c96c8caeb946bfc1e637
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
Change Internal Trusted Storage services to one stateless service.
Change-Id: I92cad72e85255cf4970f314681e4c871f171b72f
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
Change Protected Storage services to one stateless service.
Change-Id: Ie4d4cb136b2f8ad9f7333c099c93c1c3eae8e8c1
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
Add support for crypto message signing operation:
-psa_sign_message()
-psa_verify_message()
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I685d4c12c8c132ce4ce0c79542ad9143076f3600
|
|
- Remove deprecated macros and functions
- Enable SHA-224 cryptographic hash algorithm by 'define
MBEDTLS_SHA224_C'
- Enable SHA-384 cryptographic hash algorithm by 'define
MBEDTLS_SHA384_C'
- 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by
mbedtls-3.0.0
- 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0
- mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs
to align.
Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
'tfm_partition_ipc' was introduced to distinguish if partitions support
library model only. The FF-M v1.1 introduces a new SFN Model which is
an alternative of IPC Model. This attribute becomes confusing to
indicate the models. Made some changes to remove the attribute
'tfm_partition_ipc'.
Change-Id: Ifba5778caf87bb716993db3dc19986bbde3653c3
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
|
|
The patch includes the changes to Secure Partition API for FLIH
defined by FF-M v1.1 alpha:
- Adding psa_reset_signal() which is for FLIH signals
- Limiting psa_eoi() to SLIH signals
Change-Id: I6b99eb6df3013c898627a48fa98d41c0e7bc5888
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|