aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
AgeCommit message (Collapse)Author
2020-07-08Doc: Add changelog for 1.1 releaseMate Toth-Pal
Create changelog document for 1.1 release and add it to the main changelog document. Add 1.1 release to readme.rst Update version number in tfm_version.h Update version number in Doxygen CMake files. Change-Id: Icb81ab1e5994228772884c7a1dcb878533dcfa33 Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
2020-06-24Attest: Handle discrepancy in tlv_len definitionsDavid Vincze
The definition of the 'tlv_len' field in the shared boot data entry header differs in upstream MCUboot repo and in its TF-M fork. In the upstream repo the 'tlv_len' only covers the length of the payload but not the size of the entry header. But in the TF-M fork the 'tlv_len' covers the size of entry header and payload together. This discrepancy is distinguished during the shared boot data processing based on which MCUboot version is used along with TF-M runtime. Change-Id: I0cc4b2a2e6c53d125514b1da7e44be474abdd9e4 Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-06-22Attest: Calculate Instance ID only onceBalint Matyi
Instance ID is computed every time when get_token API is called. Modify this behaviour to compute only at the first time when get_token API is called and store it in a static buffer. Next time just read it from static buffer and include it to the token. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I2f9ccb70aba5cf401fcd7c5c7fa7a9d358283631
2020-06-22Attest: Enable Short Circuit option in symmetric Initial AttestationDavid Hu
Set up t_cose Short Circuit tagging flag if the associated flag is set in Initial Attestation service. Change-Id: I257fbad06f5feb396c43ffd7f838c33127116cd3 Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Test: Enable symmetric Initial Attestation decodingDavid Hu
Enable the token decoding process in symmetric key algorithm based Initial Attestation for test. In build type Debug, the symmetric IAK handle is fetched to verify the tag of the generated token, in secure side. Change-Id: I8e3175e5e3586ad80940d5ee9338f9dfc568a1b7 Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: Support kid parameter in COSE_Mac0 structure headerDavid Hu
Add a HAL API tfm_plat_get_symmetric_iak_id() to fetch kid from platform. Implement an example of this HAL API. Add attest_get_symmetric_iak_id() to pass the kid value to token generation of symmetric key algorithm based Initial Attestation. Change-Id: I642f7a03f1738c8fe77f11fc2ae91652fc01df29 Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: attest_token_start()/finish() for symmetric Initial AttestationDavid Hu
Implement attest_token_start() and attest_token_finish() for symmetric key algorithm based Initial Attestation. attest_token_start() and attest_token_finish() call COSE_Mac0 APIs from t_cose library. Change-Id: Idb33f33a2f531a13aa217171fcd007d71f8164bb Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: Create Instance ID in symmetric Initial AttestationDavid Hu
Calculate the Instance ID based on symmetric IAK when IAK raw data is fetched. Implement attest_add_instance_id_claim() to construct the Instance ID claim for symmetric algorithm based Initial Attestation. Change-Id: I4d5d3aa935ce08d2c5a6e9132274d36d9e28b78c Signed-off-by: David Hu <david.hu@arm.com>
2020-06-22Attest: Fetch symmetric Initial Attestation KeyDavid Hu
Implement attest_register_initial_attest_key() to fetch and register a symmetric Initial Attestation Key (IAK). Add tfm_plat_get_symmetric_iak() to receive the key raw data from platform. Add attest_get_signing_key_handle() to get the key handle of the initial attestation key for signing IAT. Replace attest_get_initial_attestation_private_key_handle() with attest_get_signing_key_handle(). Also add a binary symmetric IAK file for token verification in other tools. Change-Id: Id2e3647cc85abd0eacbf2a0e53b6d2cd927acaaf Signed-off-by: David Hu <david.hu@arm.com>
2020-06-19Build: Create hex and elf files of executablesØyvind Rønningstad
Install hex and elf files to the same location as the axf and bin files Change-Id: I20a54560e733df875705f98b0ec3c3a1f5a01657 Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-06-19Core: Move spm header files to 'spm' folderMingyang Sun
- Move 'spm_xxx.h' to 'spm' folder, they should belong to 'spm'. - Fix and simplify inclusion of header file. - Fix format and typo error. Change-Id: I129c6626ddffbbdba0e7edc27e9307f0d6ea9b79 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-19Core: Use separate '.inc' file and init functionMingyang Sun
- Remove the 'tfm_spm_db.inc', use separate files, separate SPM initialization functions for different models. - Remove unused inclusion of header file 'spm_db.h'. Change-Id: I7427eaee691a02c9b25579972902974ac9d32fd7 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-15Core: Simplify the service lookup procedureSummer Qin
There are only IPC partitions under IPC model now. Enumerate from the service list start directly instead of partition list. Change-Id: I000cd0a06a75ee873462fd6fda271f19af950819 Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-06-15Core: IAR fix for 94d424a5TTornblom
Removed conditional on __GNUC__. This code needs to be compiled with all toolchains. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I0a5d5213704e4cb2f1a905cefde7c0d53f1d3e4e
2020-06-12SST: Rename SST(Secure STorage) to PS(Protected Storage)Kevin Peng
This patches renames SST(Secure STorage) to PS(Protected Storage) for files, folders and any contents in files to align with the PSA Storage API spec. Change-Id: Icf991f59512875780c159f22737b521b3b2d4924 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2020-06-09crypto: decouple the PSA Crypto interface from TF-M flagsSoby Mathew
This patch cleanup the PSA Crypto interface headers files and decouples it from TF-M build flag dependencies. The `psa_key_attributes_t` struct definition previously depended on various config options. The struct now only has fields which can be set and read by the client. Hence the client view of the structure is now defined separately in the crypto_client_struct.h header. The platform dependant definitions of the PSA Crypto types are fixed and hence the crypto_platform.h header is removed and the contents are moved to other PSA crypto headers. The previous intermediate solution for hiding the type differences between crypto server and client view via `psa_client_core_key_attributes_t` is now removed. Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-06-08Core: Update the include statementMingyang Sun
Change the absolute including into relative including for core sources. Change-Id: Ic5b47c149a3739ad5e79af8231e48dfc68074369 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-08Service: Update the include statementsMingyang Sun
Change the absolute including into relative including for partition service sources. Change-Id: I1cc2057e5965046242a9b70e01e937243cacfc7e Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-06-04Test: Add attestation claim value check switchBalint Matyi
Control checking for hard-coded claim values in the attestation suite by introducing the 'ATTEST_CLAIM_VALUE_CHECK' flag. When set to 'ON', the test will check if the claim values match the constant values found in 'platform/ext/common/template/attest_hal.c'. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I22ab1471609d6b931deaf97f31cb3a0dcd83fda0
2020-06-03Build: Follow the 'source_structure.rst'Ken Liu
This is the first patch to follow the first commit of source structure document. The items under the 'secure_fw' folder are re-organized: - Create/Move some folders/files to follow document. - Rename some folders to foll, for example, 'secure_fw/services' to 'secure_fw/partitions'. - Update affected files to make it work. This is a big change, to make the structure meet the basic shape of the structure document defined, and make it easier to be understood for users. Staging changes are not applicable so they are combined into one - and because it is not the final shape yet, so: - Upcoming updates on the 'secure_fw' folder would follow up soon. - Fine-tune about the 'source_structure.rst' would come, too. Change-Id: I5c11175e0a4579cd9b42d3e3519dbffb87334d0b Signed-off-by: Ken Liu <ken.liu@arm.com>
2020-05-29Core: Manipulate clients connection handleSummer Qin
The 'psa_handle_t' allocated inside SPM for working is a secure memory, returning this value to clients exposes secure memory information. Manipulate this psa_handle_t before returning to clients in 'psa_connect' and covert it back at 'psa_call' and 'psa_close' entry for further working. This avoids exposing secure memory to clients directly. Change-Id: I08af9d016db518b52e31dc4153610267fccc7760 Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-05-29Core: Distinguish connection handle typesSummer Qin
SPM function direct accesses internal handle type instance, and expose 'psa_handle_t' to external. Distinguish the internal and the external connection handle types. Remove 'tfm_spm_get_service_by_handle' function since we can directly get service with connection handle. Remove 'tfm_spm_find_conn_handle_node' function. Change-Id: I60b481e409f4165ec1bbde97c498ee17d74c5a29 Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-05-29Core: Separate SPM_DB for library model and IPC modelShawn Shan
- Separate the template for SPM_DB into two files, one for the library model and another for the IPC model. - Update the generated files and related sources. Change-Id: If221fc5956c7caeaa20ec21810f75773654d0d3a Signed-off-by: Shawn Shan <shawn.shan@arm.com>
2020-05-28Crypto: Add alternatives of mbed-crypto implementationsDavid Hu
Select MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA when AES-CCM is selected. Add emtpy wrappers of mbedtls_internal_aes_decrypt() and mbedtls_aes_setkey_dec() to replace mbed-crypto implementation when the MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA are enabled in AES-CCM mode. It can decrease memory footprint. Add description of tfm_mbedcrypto_alt.c in Crypto document. Change-Id: I3b9071735bfd6bafea8189dfde153d6050aefe27 Signed-off-by: David Hu <david.hu@arm.com>
2020-05-28Crypto: Add a Mbed Crypto config file for TF-M Profile SmallDavid Hu
Add a dedicated Mbed Crypto configuration file of TF-M Profile Small. Only AES CCM, SHA-256, HMAC are supported in the default Profile Small configuration file. Modify Crypto service CMakeLists.txt to allow the default config file to be replaced by other config files. Change-Id: Ief526e7637a2254be8d53ad34b4315c415a8d81a Signed-off-by: David Hu <david.hu@arm.com>
2020-05-18Attest: Remove 'INDIVIDUAL_SW_COMPONENTS' supportBalint Matyi
Remove the 'INDIVIDUAL_SW_COMPONENTS' feature, which has been deprecated for a while. From now on, initial attestation service will require SW components related claims to be CBOR encoded in advance (build time or by bootloader). The initial attestation service just copies the CBOR object from the shared memory area and inserts it to the token, without applying any encoding on it. Removes all mentions of 'INDIVIDUAL_SW_COMPONENTS' and 'ATTEST_BOOT_INTERFACE' from attestation, MCUBoot and CMake. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: I14a3a273d70ee1f94d18c78ae8a8b52a7d8f085b
2020-05-11Crypto: Link persistent key to ITSDavid Hu
When mbed-crypto is the only caller of ITS service, builds with GNUARM fail since mbed-crypto persistent key cannot link to ITS service. Add an explicity link to ITS in TF-M Crypto target to fix the GNUARM build issue. Also switch the order of Crypto and ITS service in linking. Add a note to recommend to add explicity link dependency for complex dependency cases. Change-Id: I5f0b2cd0af9812f66ab0374b9a1a719ebe675a4e Signed-off-by: David Hu <david.hu@arm.com>
2020-05-09Core: Remove 'tfm_bitcount' referencingKen Liu
Replace all 'tfm_bitcount' calling with 'tfm_is_one_bit_set'. Change-Id: I6d7bc3d85f3cc31c7d0564a3f5104e4d60dc6597 Signed-off-by: Ken Liu <ken.liu@arm.com>
2020-05-07Core: Improve secure function entry point in Library modelDavid Hu
In current Library model implementation, each secure function includes the same inline entry point tfm_core_partition_request(). However, it is only required to make NS client check as inline. The remaining steps in tfm_core_partition_request() increase the memory footprint when they are also inlined in secure functions. Extract checking NS client from tfm_core_partition_request() and add an inline function tfm_core_is_ns_client(). Change tfm_core_partition_request() to a normal function called by each secure function. It can save several KB in code size in Library model. Change-Id: I2b8d58d8daff22068cddbfa1145203ca92f305a4 Signed-off-by: David Hu <david.hu@arm.com>
2020-05-04SST: Move the SST partition to Application Root Of TrustGalanakis, Minos
Migrate the Protected Storage (SST) partition from PSA RoT to Application RoT, and configure the flash peripherals for unpriviledge secure access. Change-Id: I0306d432448e5cb551a0c3b3d05ecb7098ad4e54 Signed-off-by: Raef Coles <raef.coles@arm.com> Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2020-05-04Crypto: Remove const qualifier from secure API calls.Minos Galanakis
This patch removes the const qualifier from API method calls of the CRYPTO api. Depending on toolchain, local const variables can be in RO data or on the stack. The TF-M linker script places the default RO section in privileged memory. This means that the caller if it is in unprivileged mode, cannot access this data for making the call to crypto service. This issue was exposed when SST was moved to APRoT as part of PSA L2 isolation. With this patch, the local variables are placed on the corresponding stack, which is managed by the Partition. Change-Id: Ie0bb15ec0c0cbaa91178b9820484ac6c25d959fe Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2020-05-04Platform: Added a Non-Volatile counters serviceGalanakis, Minos
This patch introduces a new platform service exposing the non-volatile counters. Secure partitions can use this secure API to access the initialisation, increment and read operations on the nv counters, by setting "TFM_SP_PLATFORM_NV_COUNTER" as a dependency. Change-Id: Ia564e24417dfd9bb95cc61634dbbea17caa5974c Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2020-04-30Core: Fix secure gateway function clone issue in GNUARMDavid Hu
A known issues is that secure gateway functions with attribute cmse_nonsecure_entry may be cloned by GNUARM in build. The function symbol genreted in clone may break the link. This issue can be fixed by adding attribute noclone to secure gateway functions in GNUARM. Since Armclang doesn't support noclone attritbue, the current workaround is to add attribute noinline to some secure gateway functions, instead of noclone, to achieve the same effect. This patch improves the workaround. - Add attribute noclone to secure gatewary functions in GNUARM - Remove noinline attribute in other compilers - Apply this workaround to all secure gatewary functions Change-Id: Ia29595f6f3b663f928c9507f1d744dae2377a357 Signed-off-by: David Hu <david.hu@arm.com>
2020-04-24Core: Refine tfm_core_spm_request_handler functionSummer Qin
- Move 'tfm_core_spm_request_handler' to spm module and rename it to 'tfm_spm_request_handler' since it is an SPM function. - Remove un-used included headers from tfm_core.c and sort them in order. Change-Id: I3e2aa9d247278ffc62a76cba4bf79c0e0dbd159b Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-04-23Build: Major warnings cleanupTTornblom
This is a major type-mismatch cleanup and warnings elimination. The IAR toolchain runs with more warnings enabled than ARMCLANG or GNUARM, which has resulted in this effort. This should make it easier to enable "pedantic" mode also for GNUARM. There are still a few warnings about jumping past variable initialization and falling off the end of non-void functions, but there are comments in some of these parts that implies that this is done to catch programming errors, like having case labels for all possible enum values. Reordered initializer in tfm_attestation_req_mngr.c to eliminate CI warning. Disabled "Pe940" warnings in CommonConfig.cmake to suppress warnings about inline assembly functions declared to return value that doesn't declare a return value in the __ASM() statement. Disabled "Pe546" warnings to supress warnings about jumping over unused initializers. Fixed what appears to be a copy/paste bug in tfm_ss_core_test.c. Removed unused variable "ret" in Driver_PPC.c for AN519 and AN521, to make it similar to AN524. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I2b729c73e4b004cff6b0530cc1350fcf900e4272
2020-04-23Build: Remove "r0" clobbers from naked assembly functionsTTornblom
These clobbers caused the IAR compiler to attempt to save register r0 in r4, without being able to restore r4 again for non optimized builds. Remove these clobbers as r0 is a caller save register anyway. I am discussing this issue with the compiler developers as it appears to be a strange behavior. This happens only for non optimized builds. Even low optimization avoids clobbering this register. Change-Id: Iddea203e3a8ce9c1748b90d51331e7bc746e02b4 Signed-off-by: TTornblom <thomas.tornblom@iar.com>
2020-04-23Build: Added more targets for IAR buildsTTornblom
- Added AN519, AN521, AN524, AN539 and SSE-200_AWS targets. - Verified on: AN519, AN521, AN524, AN539, Musca A. - SSE-200AWS builds but is untested due to lack of HW. - Musca B1 and Musca S1 not yet supported due to lack of HW. - All targets fails the NaN QCBOR tests due to the tests not following the Arm ABI. Change-Id: I422ed7a85e09f895d781309d17166b81be954943 Signed-off-by: TTornblom <thomas.tornblom@iar.com>
2020-04-23Build: Added support for IAR toolchain to psoc64TTornblom
- Added conditional compilation of subnormal float tests for M0+ with IAR, as the IAR toolchain does not handle this for these targets. - Successfully runs the supported regression tests, but fails the NaN QCBOR tests due to the tests not following the Arm ABI. - Verified on psoc64 Change-Id: I483507ad2843b6745e3c1c845c939c80d90aa19d Signed-off-by: TTornblom <thomas.tornblom@iar.com>
2020-04-23Build: IAR supportTTornblom
- This patch contains IAR specific changes to a few source files, mostly #pragmas to allow calling external functions from inline. - Startup code and linker scripts - cmake files - cmsis file for the IAR compiler Other targets are added in later commits There are still lots of warnings generated for non-standard C, which I plan to address in later updates - Cleaned out some dead definitions in the common linker script in preparation for psoc64 integration. - Made sure that .rodata from tfm_its_secure_api.o is placed in TFM_UNPRIV_CODE, which otherwised caused a memory management fault in test TFM_ITS_TEST_2023 when compiled without optimization. - Added dummy initializers to tfm_secure_irq_handlers.inc.template to avoid illegal empty arrays. - Reworked the iovec_args_t struct handling in tfm_func_api.c, which was causing runtime errors when compiled with optimization. According to the compiler developers the old implemetation is illegal, you are not allowed to use the address of a scalar as an address outside of that scalar. - Added conditional around ".syntax unified" in tfm_nspm_ipc.c. - Added "template" attribute for the IAR linker script in tfm_generated_file_list.yaml. - Cleaned up some indentation and tab/space issues Change-Id: I8599d461f62194bc734e472a28d7111ba3b5046a Signed-off-by: TTornblom <thomas.tornblom@iar.com>
2020-04-22Core: Sort out tfm_internal.hSummer Qin
Some of the functions are only used in library model, use '#ifndef TFM_PSA_API' to include them. Change-Id: Ia73925b4e97604efc285db51ec73c5d507003d40 Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-04-22Core: Move library model SPM code to 'spm' folderMingyang Sun
- Move the library SPM APIs from 'core' to 'spm' folder, put them into file 'spm_func.c'. Also move function declaration to the 'spm' header file. - Change the API names with 'tfm_spm' prefix. - Remove inclusion of some unused header files. Change-Id: If7ec1347cbf0d6d19bcb74bbb84f48f15c18cec9 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-04-22Core: Move IPC model SPM code to 'spm' folderMingyang Sun
- APIs in 'tfm_svcalls.c' are actually part of SPM, so move them to 'secure_fw/spm/spm_ipc.c', and rename SPM APIs with 'tfm_spm' prefix. - APIs in 'tfm_psa_client_call.c' are also a part of SPM, move the whole file and header file to SPM, and add 'tfm_spm' prefix to API names. - Move API declaration into 'spm_api.h' header. - Add static declaration to internal-used functions. - Remove inclusion of some unused header files. Change-Id: I90ff634987ce9e01ddb3a294b7f1f5f222792f8c Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-04-22Core: Put IPC SVC handler togetherMingyang Sun
Put IPC SVC handler subroutine together with core IPC SVC handler, since they are both parts of core. Change-Id: Iadd31be4642d09454c257f298e45de88be296e6b Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-04-20Core: Remove fixed NS region numbersJamie Fox
Removes the fixed NS region number definition from TF-M. Refactors all existing platforms to number SAU regions sequentially rather than use fixed numbers. Change-Id: I54536b0327b87c8aee933f4bbf99b5dac396f3c5 Signed-off-by: Jamie Fox <jamie.fox@arm.com>
2020-04-20Core: Remove memory permission check APIJamie Fox
Removes the tfm_core_memory_permission_check() API and all uses of it. This API is no longer required as all necessary memory permission checks are performed by the SPM on the iovec parameters before control reaches the secure partition. Change-Id: I6489328f508d0405272b598500a04d4336c8d2b3 Signed-off-by: Jamie Fox <jamie.fox@arm.com>
2020-04-20Crypto: Add support for persistent keysJamie Fox
Adds support for the PSA Crypto persistent key APIs to the crypto service by enabling and calling the Mbed Crypto implementations. Mbed Crypto in turn calls ITS for persistent storage. Change-Id: I0db6b1ced6030cae41322ae06214114cc9c84cb4 Signed-off-by: Jamie Fox <jamie.fox@arm.com>
2020-04-20Attest: Checks device lifecycle max valueTamas Ban
Fix the check of the maximum value of PSA RoT lifecycle to be compliant with definition: Lifecycle state is represented by an integer that is divided to convey a major state[15:8] and a minor state[7:0]. Major state is mandatory and defined by PSA-SM. Minor state is optional and implementation defined. Change-Id: Ie4ac823d7380a03d2ca4c515358e0a9fc30804f5 Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-04-20Core: Remove tfm_nspm_configure_clients from IPCSummer Qin
'tfm_nspm_configure_clients' is only used by library model. Change-Id: I3ccfb293427c08475227d9550960322e21f6f68e Signed-off-by: Summer Qin <summer.qin@arm.com>
2020-04-20Build: Update to IAR supportTTornblom
Cleaned up #ifdef in secure_fw/services/tfm_spm_db.inc.template Moved "signals" member to front of spm_partition_runtime_data_t. The suggestion to move the aggregate types to the front turned out to be hard to make work for both PSA and non-PSA configs. Moved REGION_DECLARE macros to new include file, platform/include/region.h. Cleaned up type cast in core_test_api.c Change-Id: I5dce1e7c019d4d7e4c14dc79be5ee2b855ad4f9e Signed-off-by: Thomas Tornblom <thomas.tornblom@iar.com>
2020-04-17AuditLog: Fix audit_core_init() documentationChris Brand
PSA_STATUS_T_SUCCESS doesn't exist. The function actually returns PSA_SUCCESS. Change-Id: I16bf63a7d9a8fb46b5748213a16ab4cf95c238ef Signed-off-by: Chris Brand <chris.brand@cypress.com>