Age | Commit message (Collapse) | Author |
|
Create changelog document for 1.1 release and add it to the main
changelog document.
Add 1.1 release to readme.rst
Update version number in tfm_version.h
Update version number in Doxygen CMake files.
Change-Id: Icb81ab1e5994228772884c7a1dcb878533dcfa33
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
The definition of the 'tlv_len' field in the shared boot data entry
header differs in upstream MCUboot repo and in its TF-M fork.
In the upstream repo the 'tlv_len' only covers the length of the payload
but not the size of the entry header. But in the TF-M fork the 'tlv_len'
covers the size of entry header and payload together. This discrepancy
is distinguished during the shared boot data processing based on which
MCUboot version is used along with TF-M runtime.
Change-Id: I0cc4b2a2e6c53d125514b1da7e44be474abdd9e4
Signed-off-by: David Vincze <david.vincze@linaro.org>
|
|
Instance ID is computed every time when get_token API is called.
Modify this behaviour to compute only at the first time when get_token
API is called and store it in a static buffer.
Next time just read it from static buffer and include it to the token.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: I2f9ccb70aba5cf401fcd7c5c7fa7a9d358283631
|
|
Set up t_cose Short Circuit tagging flag if the associated flag is
set in Initial Attestation service.
Change-Id: I257fbad06f5feb396c43ffd7f838c33127116cd3
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Enable the token decoding process in symmetric key algorithm based
Initial Attestation for test.
In build type Debug, the symmetric IAK handle is fetched to verify
the tag of the generated token, in secure side.
Change-Id: I8e3175e5e3586ad80940d5ee9338f9dfc568a1b7
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Add a HAL API tfm_plat_get_symmetric_iak_id() to fetch kid from
platform.
Implement an example of this HAL API.
Add attest_get_symmetric_iak_id() to pass the kid value to token
generation of symmetric key algorithm based Initial Attestation.
Change-Id: I642f7a03f1738c8fe77f11fc2ae91652fc01df29
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Implement attest_token_start() and attest_token_finish() for
symmetric key algorithm based Initial Attestation.
attest_token_start() and attest_token_finish() call COSE_Mac0 APIs
from t_cose library.
Change-Id: Idb33f33a2f531a13aa217171fcd007d71f8164bb
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Calculate the Instance ID based on symmetric IAK when IAK raw data
is fetched.
Implement attest_add_instance_id_claim() to construct the Instance
ID claim for symmetric algorithm based Initial Attestation.
Change-Id: I4d5d3aa935ce08d2c5a6e9132274d36d9e28b78c
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Implement attest_register_initial_attest_key() to fetch and register a
symmetric Initial Attestation Key (IAK).
Add tfm_plat_get_symmetric_iak() to receive the key raw data from
platform.
Add attest_get_signing_key_handle() to get the key handle of the
initial attestation key for signing IAT.
Replace attest_get_initial_attestation_private_key_handle() with
attest_get_signing_key_handle().
Also add a binary symmetric IAK file for token verification in
other tools.
Change-Id: Id2e3647cc85abd0eacbf2a0e53b6d2cd927acaaf
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Install hex and elf files to the same location as the axf and bin files
Change-Id: I20a54560e733df875705f98b0ec3c3a1f5a01657
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
|
|
- Move 'spm_xxx.h' to 'spm' folder, they should belong to 'spm'.
- Fix and simplify inclusion of header file.
- Fix format and typo error.
Change-Id: I129c6626ddffbbdba0e7edc27e9307f0d6ea9b79
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
- Remove the 'tfm_spm_db.inc', use separate files, separate SPM
initialization functions for different models.
- Remove unused inclusion of header file 'spm_db.h'.
Change-Id: I7427eaee691a02c9b25579972902974ac9d32fd7
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
There are only IPC partitions under IPC model now. Enumerate from
the service list start directly instead of partition list.
Change-Id: I000cd0a06a75ee873462fd6fda271f19af950819
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Removed conditional on __GNUC__. This code needs to be compiled with all
toolchains.
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: I0a5d5213704e4cb2f1a905cefde7c0d53f1d3e4e
|
|
This patches renames SST(Secure STorage) to
PS(Protected Storage) for files, folders and any contents
in files to align with the PSA Storage API spec.
Change-Id: Icf991f59512875780c159f22737b521b3b2d4924
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
|
|
This patch cleanup the PSA Crypto interface headers files and
decouples it from TF-M build flag dependencies. The
`psa_key_attributes_t` struct definition previously depended
on various config options. The struct now only has fields
which can be set and read by the client. Hence the client
view of the structure is now defined separately in the
crypto_client_struct.h header.
The platform dependant definitions of the PSA Crypto types
are fixed and hence the crypto_platform.h header is removed
and the contents are moved to other PSA crypto headers.
The previous intermediate solution for hiding the type
differences between crypto server and client view via
`psa_client_core_key_attributes_t` is now removed.
Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
|
|
Change the absolute including into relative including
for core sources.
Change-Id: Ic5b47c149a3739ad5e79af8231e48dfc68074369
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Change the absolute including into relative including
for partition service sources.
Change-Id: I1cc2057e5965046242a9b70e01e937243cacfc7e
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Control checking for hard-coded claim values in the attestation suite
by introducing the 'ATTEST_CLAIM_VALUE_CHECK' flag. When set to 'ON',
the test will check if the claim values match the constant values found
in 'platform/ext/common/template/attest_hal.c'.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: I22ab1471609d6b931deaf97f31cb3a0dcd83fda0
|
|
This is the first patch to follow the first commit of source structure
document. The items under the 'secure_fw' folder are re-organized:
- Create/Move some folders/files to follow document.
- Rename some folders to foll, for example, 'secure_fw/services' to
'secure_fw/partitions'.
- Update affected files to make it work.
This is a big change, to make the structure meet the basic shape of
the structure document defined, and make it easier to be understood
for users. Staging changes are not applicable so they are combined
into one - and because it is not the final shape yet, so:
- Upcoming updates on the 'secure_fw' folder would follow up soon.
- Fine-tune about the 'source_structure.rst' would come, too.
Change-Id: I5c11175e0a4579cd9b42d3e3519dbffb87334d0b
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
The 'psa_handle_t' allocated inside SPM for working is a secure
memory, returning this value to clients exposes secure memory
information. Manipulate this psa_handle_t before returning to
clients in 'psa_connect' and covert it back at 'psa_call' and
'psa_close' entry for further working. This avoids exposing
secure memory to clients directly.
Change-Id: I08af9d016db518b52e31dc4153610267fccc7760
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
SPM function direct accesses internal handle type instance,
and expose 'psa_handle_t' to external. Distinguish the internal
and the external connection handle types.
Remove 'tfm_spm_get_service_by_handle' function since we can
directly get service with connection handle.
Remove 'tfm_spm_find_conn_handle_node' function.
Change-Id: I60b481e409f4165ec1bbde97c498ee17d74c5a29
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
- Separate the template for SPM_DB into two files, one for the library
model and another for the IPC model.
- Update the generated files and related sources.
Change-Id: If221fc5956c7caeaa20ec21810f75773654d0d3a
Signed-off-by: Shawn Shan <shawn.shan@arm.com>
|
|
Select MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA when
AES-CCM is selected.
Add emtpy wrappers of mbedtls_internal_aes_decrypt() and
mbedtls_aes_setkey_dec() to replace mbed-crypto implementation when
the MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA are
enabled in AES-CCM mode. It can decrease memory footprint.
Add description of tfm_mbedcrypto_alt.c in Crypto document.
Change-Id: I3b9071735bfd6bafea8189dfde153d6050aefe27
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Add a dedicated Mbed Crypto configuration file of TF-M Profile
Small.
Only AES CCM, SHA-256, HMAC are supported in the default Profile
Small configuration file.
Modify Crypto service CMakeLists.txt to allow the default config
file to be replaced by other config files.
Change-Id: Ief526e7637a2254be8d53ad34b4315c415a8d81a
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Remove the 'INDIVIDUAL_SW_COMPONENTS' feature, which has been
deprecated for a while. From now on, initial attestation service
will require SW components related claims to be CBOR encoded in
advance (build time or by bootloader). The initial attestation
service just copies the CBOR object from the shared memory area
and inserts it to the token, without applying any encoding on it.
Removes all mentions of 'INDIVIDUAL_SW_COMPONENTS' and
'ATTEST_BOOT_INTERFACE' from attestation, MCUBoot and CMake.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: I14a3a273d70ee1f94d18c78ae8a8b52a7d8f085b
|
|
When mbed-crypto is the only caller of ITS service, builds with
GNUARM fail since mbed-crypto persistent key cannot link to ITS
service.
Add an explicity link to ITS in TF-M Crypto target to fix the
GNUARM build issue.
Also switch the order of Crypto and ITS service in linking. Add a
note to recommend to add explicity link dependency for complex
dependency cases.
Change-Id: I5f0b2cd0af9812f66ab0374b9a1a719ebe675a4e
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Replace all 'tfm_bitcount' calling with 'tfm_is_one_bit_set'.
Change-Id: I6d7bc3d85f3cc31c7d0564a3f5104e4d60dc6597
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
In current Library model implementation, each secure function
includes the same inline entry point tfm_core_partition_request().
However, it is only required to make NS client check as inline.
The remaining steps in tfm_core_partition_request() increase the
memory footprint when they are also inlined in secure functions.
Extract checking NS client from tfm_core_partition_request() and
add an inline function tfm_core_is_ns_client().
Change tfm_core_partition_request() to a normal function called
by each secure function.
It can save several KB in code size in Library model.
Change-Id: I2b8d58d8daff22068cddbfa1145203ca92f305a4
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Migrate the Protected Storage (SST) partition from
PSA RoT to Application RoT, and configure the
flash peripherals for unpriviledge secure access.
Change-Id: I0306d432448e5cb551a0c3b3d05ecb7098ad4e54
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
|
|
This patch removes the const qualifier from API method
calls of the CRYPTO api.
Depending on toolchain, local const variables can be
in RO data or on the stack. The TF-M linker script places
the default RO section in privileged memory.
This means that the caller if it is in unprivileged mode,
cannot access this data for making the call to crypto service.
This issue was exposed when SST was moved to APRoT as part of
PSA L2 isolation. With this patch, the local variables are
placed on the corresponding stack, which is managed
by the Partition.
Change-Id: Ie0bb15ec0c0cbaa91178b9820484ac6c25d959fe
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
|
|
This patch introduces a new platform service exposing
the non-volatile counters. Secure partitions can use
this secure API to access the initialisation,
increment and read operations on the nv counters,
by setting "TFM_SP_PLATFORM_NV_COUNTER" as a dependency.
Change-Id: Ia564e24417dfd9bb95cc61634dbbea17caa5974c
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
|
|
A known issues is that secure gateway functions with attribute
cmse_nonsecure_entry may be cloned by GNUARM in build. The function
symbol genreted in clone may break the link.
This issue can be fixed by adding attribute noclone to secure
gateway functions in GNUARM. Since Armclang doesn't support noclone
attritbue, the current workaround is to add attribute noinline to
some secure gateway functions, instead of noclone, to achieve the
same effect.
This patch improves the workaround.
- Add attribute noclone to secure gatewary functions in GNUARM
- Remove noinline attribute in other compilers
- Apply this workaround to all secure gatewary functions
Change-Id: Ia29595f6f3b663f928c9507f1d744dae2377a357
Signed-off-by: David Hu <david.hu@arm.com>
|
|
- Move 'tfm_core_spm_request_handler' to spm module and rename it to
'tfm_spm_request_handler' since it is an SPM function.
- Remove un-used included headers from tfm_core.c and sort them in order.
Change-Id: I3e2aa9d247278ffc62a76cba4bf79c0e0dbd159b
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
This is a major type-mismatch cleanup and warnings elimination.
The IAR toolchain runs with more warnings enabled than ARMCLANG or
GNUARM, which has resulted in this effort.
This should make it easier to enable "pedantic" mode also for GNUARM.
There are still a few warnings about jumping past variable
initialization and falling off the end of non-void functions, but there
are comments in some of these parts that implies that this is done to
catch programming errors, like having case labels for all possible enum
values.
Reordered initializer in tfm_attestation_req_mngr.c to eliminate CI
warning.
Disabled "Pe940" warnings in CommonConfig.cmake to suppress warnings
about inline assembly functions declared to return value that doesn't
declare a return value in the __ASM() statement.
Disabled "Pe546" warnings to supress warnings about jumping over
unused initializers.
Fixed what appears to be a copy/paste bug in tfm_ss_core_test.c.
Removed unused variable "ret" in Driver_PPC.c for AN519 and AN521, to
make it similar to AN524.
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: I2b729c73e4b004cff6b0530cc1350fcf900e4272
|
|
These clobbers caused the IAR compiler to attempt to save register r0
in r4, without being able to restore r4 again for non optimized builds.
Remove these clobbers as r0 is a caller save register anyway.
I am discussing this issue with the compiler developers as it appears
to be a strange behavior.
This happens only for non optimized builds. Even low optimization
avoids clobbering this register.
Change-Id: Iddea203e3a8ce9c1748b90d51331e7bc746e02b4
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
|
|
- Added AN519, AN521, AN524, AN539 and SSE-200_AWS targets.
- Verified on: AN519, AN521, AN524, AN539, Musca A.
- SSE-200AWS builds but is untested due to lack of HW.
- Musca B1 and Musca S1 not yet supported due to lack of HW.
- All targets fails the NaN QCBOR tests due to the tests not
following the Arm ABI.
Change-Id: I422ed7a85e09f895d781309d17166b81be954943
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
|
|
- Added conditional compilation of subnormal float tests for M0+
with IAR, as the IAR toolchain does not handle this for these
targets.
- Successfully runs the supported regression tests, but fails the NaN
QCBOR tests due to the tests not following the Arm ABI.
- Verified on psoc64
Change-Id: I483507ad2843b6745e3c1c845c939c80d90aa19d
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
|
|
- This patch contains IAR specific changes to a few source files,
mostly #pragmas to allow calling external functions from inline.
- Startup code and linker scripts
- cmake files
- cmsis file for the IAR compiler
Other targets are added in later commits
There are still lots of warnings generated for non-standard C, which
I plan to address in later updates
- Cleaned out some dead definitions in the common linker script in
preparation for psoc64 integration.
- Made sure that .rodata from tfm_its_secure_api.o is placed in
TFM_UNPRIV_CODE, which otherwised caused a memory management fault
in test TFM_ITS_TEST_2023 when compiled without optimization.
- Added dummy initializers to tfm_secure_irq_handlers.inc.template to
avoid illegal empty arrays.
- Reworked the iovec_args_t struct handling in tfm_func_api.c, which
was causing runtime errors when compiled with optimization.
According to the compiler developers the old implemetation is
illegal, you are not allowed to use the address of a scalar as an
address outside of that scalar.
- Added conditional around ".syntax unified" in tfm_nspm_ipc.c.
- Added "template" attribute for the IAR linker script in
tfm_generated_file_list.yaml.
- Cleaned up some indentation and tab/space issues
Change-Id: I8599d461f62194bc734e472a28d7111ba3b5046a
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
|
|
Some of the functions are only used in library model,
use '#ifndef TFM_PSA_API' to include them.
Change-Id: Ia73925b4e97604efc285db51ec73c5d507003d40
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
- Move the library SPM APIs from 'core' to 'spm' folder, put them
into file 'spm_func.c'. Also move function declaration to the
'spm' header file.
- Change the API names with 'tfm_spm' prefix.
- Remove inclusion of some unused header files.
Change-Id: If7ec1347cbf0d6d19bcb74bbb84f48f15c18cec9
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
- APIs in 'tfm_svcalls.c' are actually part of SPM, so move them
to 'secure_fw/spm/spm_ipc.c', and rename SPM APIs with 'tfm_spm'
prefix.
- APIs in 'tfm_psa_client_call.c' are also a part of SPM, move
the whole file and header file to SPM, and add 'tfm_spm' prefix
to API names.
- Move API declaration into 'spm_api.h' header.
- Add static declaration to internal-used functions.
- Remove inclusion of some unused header files.
Change-Id: I90ff634987ce9e01ddb3a294b7f1f5f222792f8c
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Put IPC SVC handler subroutine together with core IPC SVC handler,
since they are both parts of core.
Change-Id: Iadd31be4642d09454c257f298e45de88be296e6b
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
|
|
Removes the fixed NS region number definition from TF-M. Refactors all
existing platforms to number SAU regions sequentially rather than use
fixed numbers.
Change-Id: I54536b0327b87c8aee933f4bbf99b5dac396f3c5
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Removes the tfm_core_memory_permission_check() API and all uses of it.
This API is no longer required as all necessary memory permission
checks are performed by the SPM on the iovec parameters before control
reaches the secure partition.
Change-Id: I6489328f508d0405272b598500a04d4336c8d2b3
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Adds support for the PSA Crypto persistent key APIs to the crypto
service by enabling and calling the Mbed Crypto implementations. Mbed
Crypto in turn calls ITS for persistent storage.
Change-Id: I0db6b1ced6030cae41322ae06214114cc9c84cb4
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Fix the check of the maximum value of PSA RoT lifecycle to
be compliant with definition: Lifecycle state is represented
by an integer that is divided to convey a major state[15:8]
and a minor state[7:0]. Major state is mandatory and defined
by PSA-SM. Minor state is optional and implementation defined.
Change-Id: Ie4ac823d7380a03d2ca4c515358e0a9fc30804f5
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
'tfm_nspm_configure_clients' is only used by library model.
Change-Id: I3ccfb293427c08475227d9550960322e21f6f68e
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Cleaned up #ifdef in secure_fw/services/tfm_spm_db.inc.template
Moved "signals" member to front of spm_partition_runtime_data_t.
The suggestion to move the aggregate types to the front turned
out to be hard to make work for both PSA and non-PSA configs.
Moved REGION_DECLARE macros to new include file,
platform/include/region.h.
Cleaned up type cast in core_test_api.c
Change-Id: I5dce1e7c019d4d7e4c14dc79be5ee2b855ad4f9e
Signed-off-by: Thomas Tornblom <thomas.tornblom@iar.com>
|
|
PSA_STATUS_T_SUCCESS doesn't exist. The function actually
returns PSA_SUCCESS.
Change-Id: I16bf63a7d9a8fb46b5748213a16ab4cf95c238ef
Signed-off-by: Chris Brand <chris.brand@cypress.com>
|