path: root/interface
AgeCommit message (Collapse)Author
6 daysCrypto: Add support for message signing operationSummer Qin
Add support for crypto message signing operation: -psa_sign_message() -psa_verify_message() Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I685d4c12c8c132ce4ce0c79542ad9143076f3600
6 daysCrypto: Add support for some cipher and mac functionsSummer Qin
Add support for 'psa_cipher_encrypt', 'psa_cipher_decrypt', 'psa_mac_compute' and 'psa_mac_verify' since mbedtls-3.0.0 has implemented them. Change-Id: Iec2c5799cd7e44a9f478bd1f36234bdc548a559e Signed-off-by: Summer Qin <summer.qin@arm.com>
6 daysCrypto: Upgrade mbedtls to v3.0.0Summer Qin
- Remove deprecated macros and functions - Enable SHA-224 cryptographic hash algorithm by 'define MBEDTLS_SHA224_C' - Enable SHA-384 cryptographic hash algorithm by 'define MBEDTLS_SHA384_C' - 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by mbedtls-3.0.0 - 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0 - mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs to align. Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35 Signed-off-by: Summer Qin <summer.qin@arm.com>
6 daysCrypto: Align PSA Crypto API to 1.0 versionSummer Qin
Some functions and macros are deprecated in PSA Crypto spec 1.0. Align them with the spec definition. Change-Id: Icc2a8c6fe245873ea76b3e0a1bdf32a87fd016ad Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-07-07Tools: Deprecate the attribute 'tfm_partition_ipc'Shawn Shan
'tfm_partition_ipc' was introduced to distinguish if partitions support library model only. The FF-M v1.1 introduces a new SFN Model which is an alternative of IPC Model. This attribute becomes confusing to indicate the models. Made some changes to remove the attribute 'tfm_partition_ipc'. Change-Id: Ifba5778caf87bb716993db3dc19986bbde3653c3 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-06-30SPM: Changes to Secure Partition API for FLIHKevin Peng
The patch includes the changes to Secure Partition API for FLIH defined by FF-M v1.1 alpha: - Adding psa_reset_signal() which is for FLIH signals - Limiting psa_eoi() to SLIH signals Change-Id: I6b99eb6df3013c898627a48fa98d41c0e7bc5888 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-08SPM: Invert tfm_spm_check_buffer_access() logicAntonio de Angelis
Invert the logic for the tfm_spm_check_buffer_access() function to conform to "0 means success" and align to other APIs. Refactor the function itself to provide different return codes on error and a default failure return instead of default success. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I40ef814a472375cdb2c40ac75dd5f605a9eccbfe
2021-06-08Crypto: Change to stateless serviceSummer Qin
Crypto service does not require a client to call to psa_connect() or psa_close(). Instead the service can use a stateless mechanism. Related documents are also updated. Note: Framework version of Crypto partition has been updated to 1.1, but not all features of FF-M 1.1 are implemented now. Change-Id: Iad628667e4b63e809c933fb263734403c6274bf9 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-06-02Attest: Remove initial attestation get public key API functionDavid Hu
It is overkill to implement a dedicated secure function for NS to fetch initial attestation public key just for test purpose. Besides, this function to get public key can be confusing as it is not defined in PSA Initial Attestation API spec. Remove get public key secure function from NS and S sides to simplify TF-M initial attestation implementation and interface. Change-Id: I8d0967698e3d2f2c684194caa9a6234585026a71 Signed-off-by: David Hu <david.hu@arm.com>
2021-05-31SPM: Correct 'invalid parameter' error handlingShawn Shan
- 'Invalid parameter' is regarded as 'programmer error' instead of return 'PSA_ERROR_INVALID_ARGUMENT'. - 'Programmer error' should be handled inside SPM instead of interface, as SPM needs to decide the error handling based on the caller attribute. - Keep the parameters range check inside the interface to give an explicit hint. - Correct 'type' casting to avoid lose sign bit. Change-Id: I35a5b70b5dc1ea7072c45f0ebac0630f65edfa00 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-05-26FWU: Add checking the state of the running imageSherry Zhang
The Firmware Update partition reads the image_ok flag to check whether the running image has been confirmed. The running image state is set according to this flag in psa_fwu_query(). Change-Id: I9cf58b7d6f3b87a50e0ac6f926e30170bb01b8f1 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-05-24Crypto: Delete two deprecated crypto functions.shejia01
The psa_set_key_domain_parameters() and psa_get_key_domain_parameters() apis are not supported so far and have been already deprecated in PSA Crypto spec document. This patch will delete them. Change-Id: I4e49d666971bdc4872c1e1194eca353c0941e12b Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
2021-05-20SPM: Convert SVC number to uint8_tKevin Peng
SVC number encoded in SVC instruction is 8-bit long. Currently it relies on the short-enum compiler option to have a 8-bit long SVC number type. This patch converts the enum to uint8_t for SVC number and divids the SVC numbers to two parts for IPC model: - 0x0 ~ 0x7F for SVC calls only allowed from Thread Mode - 0x80 ~ 0xFF for SVC calls only allowed from interrupt handling Note: For library model, the SVC numbers have no restrictions. Since the requirements for SVC number assignment are different, this patch also split the SVC number header for IPC and Library models. Change-Id: I0fb4dd110be6bab05e1c4b9a8fc55e1b8bfbc0eb Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-05-17Crypto: Upgrade MbedTLS to 2.26Maulik Patel
Sets the MBEDCRYPTO_VERSION to 2.26.0. Updates headers in include/psa folder. Adds a patch for psa arch test. This patch updates crypto api test cases for psa_mac_sign_setup (226) and psa_mac_verify_setup (229) against unknown MAC algorithm such that key passed is valid but the algorithm is unknown. Also, as per PSA Crypto Spec 1.0.0, Fix the expected return value to PSA_ERROR_INVALID_ARGUMENT for incompatible key to MAC algorithm. Signed-off-by: Maulik Patel <maulik.patel@arm.com> Change-Id: I8f42736a9e5bd7fbf604146b43ef28180e741fc3
2021-04-30Interface: Change control param to uint32_t preprocessorXinyu Zhang
Define a uint32_t preprocessor to pack control params. Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I0992620af1c39ef6dba182cac88e81cd666be0c6
2021-04-29Crypto: Modify client view of key attributesDevaraj Ranganna
Client view of key attributes struct ensures that implementation details of key attributes are hidden from the non-secure world. However, while using Mbed TLS with TF-M backend (for crypto services), Mbed TLS assumes complete key attributes are returned when queried. But TF-M only returns client view of key attributes. This causes certain Mbed TLS check failures especially on the key type. As a temporary solution, element order of client view of key attributes struct has been modified to match core key attributes. This resolves Mbed TLS failures and at the same time still hiding implementation details from non-secure world. In addition to adjusting the element order of client view of key attributes struct, size of `bits` is changed from `size_t` to `uint16_t`. This is to match the size of `bits` same as that of `mbed-crypto`. Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org> Change-Id: I6e93f26926a815a7430f1167dc9d8b76c19c7dcf
2021-04-29Interface: Remove NS specific implementation of test interfaceDavid Hu
Remove some test interface files to decouple TF-M from NS speific implementation. Those files will be moved to tf-m-tests. Those files include NS client identification management and NS mailbox test utilities. Change-Id: I963ccae2b50d6124e3ac84547d91b09b28fddfd5 Signed-off-by: David Hu <david.hu@arm.com>
2021-04-29Interface: Remove NS RTOS specific implementationDavid Hu
Move NS RTOS related interface code to tf-m-test to decouple TF-M from NS specific implementation. The removed code includes OS wrapper headers and RTOS specific implementation. Export tfm_ns_interface_dispatch() to NS as API to integrate with TF-M NS interface. Add an example of tfm_ns_interface_dispatch() implementation. Change-Id: I9b331c32ac26551bfdbc4996eecd08efc7d7c2c3 Signed-off-by: David Hu <david.hu@arm.com>
2021-04-29Interface: Fix veneer function namingDavid Hu
Some veneer functions are named with "tfm_tfm_" prefix. It is confusing and unfriendly to NS integration. This patch unifies the prefix of all the veneer function as "tfm_" - Fix the duplicated "tfm_" prefixes by checking secure function prefix in tfm_veneer template. - Replace all the "tfm_tfm_" prefixes with "tfm_". Change-Id: Id658486f49f4a6f1f22fd3897be27865889474ae Signed-off-by: David Hu <david.hu@arm.com>
2021-04-28Unify to use ARRAY_SIZE in TF-M codesXinyu Zhang
ARRAY_SIZE(foo) is preferred over sizeof(foo)/sizeof(foo[0]). Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I6d95ceece2edc6267491923e282e28710b68ab8d
2021-04-21Tools: Improvements on static handle encodingMingyang Sun
Convert static handle index from [1, maximum] to [0, maximum-1] to be used directly as the tracking table index. Change-Id: I2acd4de1459c1652a4b2f45f437da1a91db1465e Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-03-22SPM: Implement version check for stateless serviceMingyang Sun
Encode the service version and stateless indicator into stateless handle, validate the stateless handle indicator, version and index before using. Change-Id: Id5f388f938a758803863958dfbb0c0011c2e1f04 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-03-22SPM: Update firmware framework versionMingyang Sun
Update firmware framework version to 1.1. Change-Id: I0bedf52478eb63a2394c00ca0517af4b213b1078 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-03-19FWU: Add the IPC model supportSherry Zhang
Change-Id: I555169f7bf9c6fa9ab5b5a1d71d196fe3fd11817 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-03-19FWU: Add Firmware Update partitionSherry Zhang
Firmware Update(FWU) partition provides the functionality of updating firmware images. This patch implemented the partition in Library mode. Change-Id: I736477549b055c64cd8106ad57c3ad7b1b2007ee Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-03-19Tool: Generate static handle for stateless serviceMingyang Sun
Parsing from partition manifest and generate static handle value for stateless services. - Validate number of stateless services - Static handle value auto allocation - Duplicate detection Change-Id: I8fdf79f5040caf1cbbdf42e52a4a405b36d88166 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-03-17Crypto: Upgrade Mbed TLS to 2.25Maulik Patel
Set the MBEDCRYPTO_VERSION to 2.25.0. First three patches in existing v2.24 already applied in v2.25 and hence removed. Replaced MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in all configuration and source as updated in v2.25 library. Update all headers of psa/include as per mbedtls-v2.25 excluding changes required to hide some implementation. Update id field in the client_key_attributes structure to psa_key_id_t. Update Copyright year to 2021! Removed patch 006 as not required in MbedTLS v2.25.0. Update references of handle to key as per MbedTLS api changes. Increase NUM_HANDLES to 32 to accommodate crypto api tests. Added corresponding tfm implementation of psa_purge_key(). Signed-off-by: Maulik Patel <maulik.patel@arm.com> Change-Id: I6a532da96735cf32996250c4a8733a8654c1f44e
2021-03-16SPM: Partial implementation of PSA interrupt control APIsKevin Peng
This patch implements two of the Secure Partition APIs for interrupt control defined by FF-M v1.1: - psa_irq_enable - psa_irq_disable Implement only these two for SLIH for the time being. Change-Id: Ia1103b2d70f1406e2ad0100d856f9e11568c2430 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-02-22Interface: Ensure veneer function result return in dispatchKevin Peng
The tfm_ns_interface_dispatch() function returns TFM_ERROR_GENERIC when mutex operations fails. However, this error code could be interrepted by the caller as another status code or even valid return. For example the psa_connect() of NS interface, it treats the value of TFM_ERROR_GENERIC a valid handle. And the psa_call() could treat TFM_ERROR_GENERIC as another status code of the RoT service. In both cases, the TFM_ERROR_GENERIC is translated incorrectly. The tfm_ns_interface_dispatch() should only return status code from the veneer function being called. Other unrecoverable errors should be considered as fatal error and should not return. Change-Id: Id4082a46cd866acaba85aa63d10cfe46d09b3044 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-02-07Partitions: Error code casting should only happen in Lib ModelKevin Peng
IPC model does not return tfm_status_e to Partition APIs. This patch limits the error code casting to Lib model code. Change-Id: Icaba5082f0661a142b107fdba02d23392483829e Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-02-05Dualcpu: Add a new NS mailbox working model with a dedicated threadDavid Hu
Support a new NS mailbox working model. When TFM_MULTI_CORE_NS_OS_MAILBOX_THREAD is selected, NS OS should allocate a dedicated NS mailbox thread to receive from requests from application threads and send mailbox messages to SPE. The new working model consists of the following features: - Define a request structure to collect paramters of application threads. - Pass request from application thread to the NS mailbox thread via RTOS message queue. - Assign application thread specific woken flag to enable threads to check woken status without SVC. - Remove the semaphores. When TFM_MULTI_CORE_NS_OS_MAILBOX_THREAD is disabled, the original NS mailbox working model will be selected. Also extract common parts from NS mailbox models. Change-Id: I8f2601c21ad112b10315748b13e5b09cd1f58b29 Signed-off-by: David Hu <david.hu@arm.com>
2021-02-05Dualcpu: Add RTOS message queue wrappersDavid Hu
Add RTOS message queue wrappers to support dual-cpu multiple PSA client calls. Change-Id: Ic1c2eefec7eb9434fe027fd4a2ed66b2a8711970 Signed-off-by: David Hu <david.hu@arm.com>
2021-01-26Tools: Naming refine: manifest -> partitionKevin Peng
The "manifest.manifest" in template is confusing. It should be "partition.manifest" instead. This patch does this change to make the templates much more easy to read and understand. Also updates the obsolete example code in the document. Change-Id: Iac0328f353267342187707c405eea57721209443 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-01-22SPM: Fix some compile warningsShawn Shan
- Fix the warning about implicit declaration of function 'tfm_hal_output_spm_log'. - Cast the argument to the same type. - Fix some comments warnings. Change-Id: I9ceee823696d769c71ed34345c14a16fd2fb5a2a Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-01-22Build: Improve NS mailbox config flag settingDavid Hu
Support a flag TFM_MULTI_CORE_NS_OS to control NS integration. When integrating TF-M with NS OS on dual-cpu platforms, select TFM_MULTI_CORE_NS_OS in NS build to enable NS OS support in NS mailbox. When integrating TF-M with NS bare metal environment, disable TFM_MULTI_CORE_NS_OS and NS mailbox relies on looping and requires no support from NS OS. TFM_MULTI_CORE_MULTI_CLIENT_CALL is removed. NS mailbox build can get rid of the dependency on the configuration of TFM_MULTI_CORE_MULTI_CLIENT_CALL in S mailbox build. NUM_MAILBOX_QUEUE_SLOT directly indicates whether platform and SPE supports multiple NS PSA Client calls. Change-Id: I937b2afdb88cccc22a20617d2ab36bcc1b939b05 Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Build: Improve the setting of number of mailbox queue slotsDavid Hu
Move configuration of number of mailbox queue slots from platform's device_cfg.h into a common header file tfm_mailbox_config.h. tfm_mailbox_config.h is automatically generated during build. The value of NUM_MAILBOX_QUEUE_SLOT is passed from build configuration and then set in tfm_mailbox_config.h. Change-Id: I9a3ac465b71b316accf6cd41cea80745eec8607c Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Move dual-cpu NS files into a dedicated folderDavid Hu
Gather all the dual-cpu NS .c files in a dedicated folder multi_core under interface/src. Put all the dual-cpu interface header files in a dedicated folder multi-core under interface/include. Change-Id: Ia6847eb03a663e66260690ad88addb1521f13fcd Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Simplify lock of local flags in NSPE mailboxDavid Hu
Use local lock to protect local flags in NSPE mailbox, instead of inter-core critical protection. It can decrease the time cost of both NSPE mailbox and SPE mailbox. Change-Id: I7b8124a107fe23e6f8e74929d6cb8fc27b80c503 Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Refine NS mailbox wake-up mechanismDavid Hu
Move the loop of going through replied mailbox messages in NS mailbox queue into the NS mailbox wake-up function, to simplify the implementation in platform mailbox IRQ handler. Change-Id: I6dfed2e4ac2cdbb05aedb2a570e9592b2e2b6670 Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Remove mailbox message handle from NS mailboxDavid Hu
It is unnecessary to export message handle mailbox_msg_handle_t to applications outside NS mailbox. - Remove message handles from NS mailbox APIs. NS applications can define own thread flags to manage mailbox wait/wake mechanism. - Remove message handles from NS mailbox reference implementation. Remove translation between handles and NS mailbox queue slot index as well. - Move mailbox_msg_handle_t definitions to SPE mailbox header file. Change-Id: Ic4bb5e5aebc29d0424ad2332af749f2bf59e8ebd Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Move NS mailbox thread management to RTOS specific fileDavid Hu
The NS mailbox thread management is NS RTOS specific. - Add a new tfm_ns_mailbox_rtos_api.c to collect all the NS mailbox APIs which rely on RTOS specific implementations. - Move those API implementations from platform to tfm_ns_mailbox_rtos_api.c. - Rename those APIs to replace HAL keyword with OS keyword, to indicate that their implementations are RTOS specific. Change-Id: Ic2885bc1676964719d1524b39d6518444610e1aa Signed-off-by: David Hu <david.hu@arm.com>
2021-01-22Dualcpu: Simplify NS mailbox interfaceDavid Hu
Export fewer NS mailbox APIs to save development and port cost. - Combine PSA client call tx, wait and rx APIs into a single PSA client call API. - Combine NS mailbox message handle fetch and owner task handle fetch APIs into a single reply handling API. - Combine multi-thread waiting routine and polling routine. - Simplify NS mailbox reference implementation with updated APIs. Change-Id: Ib0e72cf1e38805ff217bbdd1f6ff2a62df41263b Signed-off-by: David Hu <david.hu@arm.com>
2021-01-21SPRTL: Partition Metadata Pointer [Optional Feature]Summer Qin
Partition Metadata Pointer is used to point to the metadata inside one partition. This pointer is updated by SPM while scheduling and read by SPRTL. This feature is one configurable feature and can be enabled if SPRTL needs to support partition metadata-based APIs, such as partition private heap management. This pointer is put at a writeable area, with the name 'TFM_SP_META_PTR'. Configure 'TFM_SP_META_PTR' with the last MPU region to minimize the influence to PERIPHERAL regions. Change-Id: Iaae5ee8f25f0587c6812cc8f977cfa38f46ecd8c Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-01-06Build: Put CONFIG_TFM_ENABLE_MEMORY_PROTECT flag to platformMingyang Sun
The flag "CONFIG_TFM_ENABLE_MEMORY_PROTECT" is a platform-scope option, move it to platform_s target. Remove the isolation setup in library SPM code and reuse the one of SPM HAL, since they are doing the same things. Change-Id: I5766ddecc525ee2eda3f2e5989b31dd5c41fde6b Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-12-28Build: Skip building platform_ns when NS app is not selectedDavid Hu
Set EXCLUDE_FROM_ALL property in platform_ns target to skip building platform_ns target when NS app is disabled. Change-Id: I2e9c5122ec3253d510806d5cdf3d18ee3e4b1985 Signed-off-by: David Hu <david.hu@arm.com>
2020-12-28Build: Move psa_ns_api build to NS sideDavid Hu
Move NS interface source code build to NS side. NS interface build should be executed during NS build. Change-Id: I7ac3bbf1a9e975d8a9e2f4fb5cd6f367ff94cc9d Signed-off-by: David Hu <david.hu@arm.com>
2020-12-14Crypto: Align crypto interface for non-secureSummer Qin
Crypto interface for non-secure should not cover the secure feature availability. Remove the crypto module switches checking inside the interface sources. If the dedicated feature is not available in the secure system, let the secure system return an error code as the indicator. Change-Id: Idfc83718eefbc2fe8affa024b2a97e11d1b21f8a Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-12-10Platform: Add support to forward PSA msg in Musca-B1Mark Horvath
PSA RoT messages can be forwarded from the SSE-200 subsystem to the Secure Enclave in Musca-B1. Change-Id: Iab2c525cf41eae34585fb16a4b9bab941e6c7587 Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com> Signed-off-by: Mark Horvath <mark.horvath@arm.com>
2020-12-10PSA_proxy: Create first version of PSA proxy partitionMark Horvath
This implementation has some limitations, please check docs/reference/services/tfm_psa_proxy_integration_guide.rst for details. Change-Id: Ic1ce7aecfd8bb60b8fb87d5e64ffd186991b560b Signed-off-by: Mark Horvath <mark.horvath@arm.com>
2020-11-17Build: Enable CONFIG_TFM_ENABLE_MEMORY_PROTECT for PSA FF testMingyang Sun
PSA FF test requires CONFIG_TFM_ENABLE_MEMORY_PROTECT to be enabled, to execute the memory access check test. Change-Id: If853133217bebb136d422acfdbe209403c732dc5 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>