path: root/secure_fw
AgeCommit message (Collapse)Author
5 daysCrypto: Add config checkSummer Qin
PLATFORM_DUMMY_NV_SEED and CRYPTO_HW_ACCELERATOR should not be disabled at the same time. Only one of them should be set to ON. Change-Id: I1c0c5b187734e3a49b0cea9a3562693bd1d0e11c Signed-off-by: Summer Qin <summer.qin@arm.com>
8 daysRevert "PS: Update non-static label implementation"Anton Komlev
This reverts commit e21144c46f540747947db361932613eb5d77f2bb. Reason for revert: Minimise changes in core during code freeze unless it is essential for the release. This PS must be applied immediately after release v1.4.0 Change-Id: I15f39c0a093c75841c051d015a9b9202db848fcd
8 daysPS: Update non-static label implementationDavid Hu
Define client ID and UID in the PS Crypto ref structure, to replace the static array. Therefore, it can prevent defining a static array with a fixed length of psa_storage_uid_t, whose size may actually vary. Change-Id: I1f9934638807725ae47f9a0eeaa339de89eeeaa4 Signed-off-by: David Hu <david.hu@arm.com>
10 daysCrypto: Use NV SEED as default entropy sourceSummer Qin
MBEDTLS_TEST_NULL_ENTROPY is removed from mbedtls 3.0.0. Change to use 'MBEDTLS_ENTROPY_NV_SEED' as the default entropy source if a platform doesn't generate entropy from hardware. Change-Id: If03c9dec3c6fb0d7bb98721963ac2142d43ed00d Signed-off-by: Summer Qin <summer.qin@arm.com>
10 daysCrypto: Fix handle_owner allocation issueSummer Qin
Source key and target key should be allocated in different handle_owner slot. Change-Id: Ia3052c24fb0dd4489bb2a12ac4611bc9f4a597b1 Signed-off-by: Summer Qin <summer.qin@arm.com>
10 daysCrypto: Add support for message signing operationSummer Qin
Add support for crypto message signing operation: -psa_sign_message() -psa_verify_message() Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I685d4c12c8c132ce4ce0c79542ad9143076f3600
10 daysCrypto: Add support for some cipher and mac functionsSummer Qin
Add support for 'psa_cipher_encrypt', 'psa_cipher_decrypt', 'psa_mac_compute' and 'psa_mac_verify' since mbedtls-3.0.0 has implemented them. Change-Id: Iec2c5799cd7e44a9f478bd1f36234bdc548a559e Signed-off-by: Summer Qin <summer.qin@arm.com>
10 daysCrypto: Upgrade mbedtls to v3.0.0Summer Qin
- Remove deprecated macros and functions - Enable SHA-224 cryptographic hash algorithm by 'define MBEDTLS_SHA224_C' - Enable SHA-384 cryptographic hash algorithm by 'define MBEDTLS_SHA384_C' - 'psa_cipher_encrypt' and 'psa_cipher_decrypt' is supported by mbedtls-3.0.0 - 'psa_mac_compute' and 'psa_mac_verify' is supported by mbedtls-3.0.0 - mbedtls-3.0.0 changes some internal mbedtls apis' name, mcuboot needs to align. Change-Id: Ia868c93deceee6c8042607acf35ce2f4c9c15e35 Signed-off-by: Summer Qin <summer.qin@arm.com>
10 daysCrypto: Align PSA Crypto API to 1.0 versionSummer Qin
Some functions and macros are deprecated in PSA Crypto spec 1.0. Align them with the spec definition. Change-Id: Icc2a8c6fe245873ea76b3e0a1bdf32a87fd016ad Signed-off-by: Summer Qin <summer.qin@arm.com>
10 daysPartitions: Add psa_wait when wake up in Idle PartitionKevin Peng
There could be the following case that SPE would stuck in Idle Partition: - The NSPE preemptes the Idle Partition - A Secure Interrupt then preempts the NSPE - The interrupt handling triggers scheduling. - But the NSPE was preempted, scheduling is skipped to avoid context mismatch between NSPE and SPE - Execution goes back from NSPE to SPE At this point, some events from the resumed Partition to trigger the scheduler again is expected, for example a psa_wait or psa_reply call. But the Idle Partition does nothing. So this patch adds a dummy psa_wait to fix this issue, using PSA_POLL to avoid the Idle Partition being set to "BLOCK" state. Change-Id: I69e79b25ba88eea40d18b1c7c29690bc1cadf242 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
10 daysSPM: Activate scheduler in psa_wait() if no signal assertedKevin Peng
psa_wait() should always activate scheduler if the expected signal is not asserted. Change-Id: I7b910320e7c473b30ef764fdf19f2a04195fa3b1 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
10 daysSPM: Add error check of NULL stateless serviceMingyang Sun
Add NULL service check after getting the stateless service to avoid NULL pointer reference. Change-Id: Ia409f7fe88191291b93c6effb1a956b88df2e78b Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
11 daysCrypto: Fix -Wint-conversion warningSummer Qin
Fix -Wint-conversion warning when assign NULL to 'key'. Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I41fe5423ffdbdeb9517696ed04d5bffdc7327dd8
11 daysFWU: Fix build error when MCUBOOT_ENC_IMAGES is enabledSherry Zhang
Change-Id: I7b6c1f90b90ce199194ffe37e572562f293333f8 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
12 daysprotected_storage: Enable non static key labelsGeorgios Vasilakis
-Adds non static key labels for the key derivation of the ps objects -The (Client id + UID) is used as the label -The ps_table still has a static label Author: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Change-Id: I52af6278586cdee83008d3c8c73b41faa62e584c
2021-07-16SPM: Fix GNUARM compiler warningMingyang Sun
Fix the warning of "'inline' is not at beginning of declaration". Change-Id: Ic6e3f5cb5b9d4d018765412949de32b51d4cc5d4 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-16SPM: Minor refinement of "load info" templateMingyang Sun
- Simplify the template a little. - Avoid declaring a 0-sized array if a partition does not have services. Change-Id: Id769ddc2283d9c4f9c0a92903baf70deeec112af Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-16Partitions: Change the crypto service in Proxy Partition to stateless.Shawn Shan
The TF-M crypto service has been changed to stateless while crypto service in Proxy Partition has not been changed. The crypto service in Proxy Partition is not working. This patch changes the crypto service in Proxy Partition to stateless. Change-Id: I42f22ce199283150f37bf4c48f0d4faadefa215b Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-07-16SPM: Fix irq template for cmsis func.Michel Jaouen
Without this fix, IAR is not building with DTFM_PSA_API=OFF Change-Id: Ifc7b271d88cc24a07dd442a3693745d91b6b0d73 Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2021-07-15SPM: Make boot data table only have enabled PartitionKevin Peng
The access policy table for boot data should only have enabled Partition. Change-Id: I125e980f265df3798e6bcee7be8b0e9aa545b652 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-15Build: Fix the t_cose and attestation test suites build errorshejia01
When build t_cose or attestation test suites, t_cose build failed when NS crypto tests is not enabled. Such a dependency is incorrect. This patch fixes t_cose build when symmetric attestation is enabled. Signed-off-by: Jianliang Shen <jianliang.shen@arm.com> Change-Id: I1b16edc5c62178a3a8c91e78db689e16ee586232
2021-07-14PS: Fix bug when encrypt/decrypt PS objectsSherry Zhang
In Protected Storage partition, the IV which is used for object encrypt/decrypto is protected by the PSA ITS service together with the object data. When calculating the size of the 'iv' field, byte alignment is out of consideration which leads decrypt failure when reading an encrypted object. Change-Id: I282152660bf4bddc4829b3ca2adb94143610d179 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-07-07SPM: Fix compiler warningMingyang Sun
If passing an address to the macro "UNI_LISI_INIT_HEAD(head)", the GNUARM compiler reports an warning: “warning: the address of 'x' will always evaluate as 'true'”. This patch is to eliminate this warning. Change-Id: If07b5ed45f9757a78dbb68e25f1334c0cc9ab7d3 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2021-07-07Tools: Deprecate the attribute 'tfm_partition_ipc'Shawn Shan
'tfm_partition_ipc' was introduced to distinguish if partitions support library model only. The FF-M v1.1 introduces a new SFN Model which is an alternative of IPC Model. This attribute becomes confusing to indicate the models. Made some changes to remove the attribute 'tfm_partition_ipc'. Change-Id: Ifba5778caf87bb716993db3dc19986bbde3653c3 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-07-05SPM: Library mode SPM processing optimisationsAntonio de Angelis
This patch moves the bulk of SPM processing in Library mode to request or return from a secure partition from Handler to Secure Privileged Thread mode. It also allows the SPM functions to be pre-empted by secure IRQs in order to reduce interrupts servicing latency. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Iadd96438514d3ffb62f4a60050460617a2b83846
2021-06-30SPM: Add First-Level Interrupt Handling implementationKevin Peng
Change-Id: I5cc6d63f9864c5ea35e7a5236a736799d727855e Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30Partition: Increase stack size of idle PartitionKevin Peng
This patch increases the stack size for GCC compiler. Change-Id: I53d31a41f12bc4d35d04cc43cbc576363a4ffef1 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30Revert optimisations related to preemptable SPM in Library modeAntonio de Angelis
This patch needs deeper testing on other platforms as the nightly regression discovers issues that the CI does not cover. Better revert it for the time being. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I4b9fa788740ccb5480cd5e934fedebea338941cf
2021-06-30SPM: Changes to Secure Partition API for FLIHKevin Peng
The patch includes the changes to Secure Partition API for FLIH defined by FF-M v1.1 alpha: - Adding psa_reset_signal() which is for FLIH signals - Limiting psa_eoi() to SLIH signals Change-Id: I6b99eb6df3013c898627a48fa98d41c0e7bc5888 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Ensure Thread arch context is updated when thread sleepsKevin Peng
When a Partition thread waits for events, the arch context(PSP) should be updated to the thread struct so that when it is woken up the return value can be set by referring to the PSP - tfm_core_thrd_set_retval. The PSP is updated in PendSV Handler. As PendSV has the lowest priority, it could be preempted by any interrupts. In interrupt handling, Partition Thread could be woken up while the PSP in thread struct has not been updated yet. This patch adds tfm_arch_get_ctx() function to get context value to ctx struct. And it is called wherever it is needed. This call is ensured to update the thread context as it's called in SVC Hander code. This patch also renames the tfm_arch_update_ctx to tfm_arch_set_ctx to match the new API and reflects what it does more properly. Change-Id: I66bed1f28b3d0243beb6a47d7bd6c41a5afdda0a Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Block calling certain SVC from FLIH FunctionsKevin Peng
FLIH Functions are not allowed to call certain SVC to avoid race conditions. Check SVC_Handler_IPC() for the list of the SVCs banned. When an FLIH Function is running, the Main Stack has contents in addition to the stack seals. This patch checks if Main Stack has extra contents and blocks calling those SVCs from FLIH Functions. Change-Id: Ifb10c3e31509624e0beaa99a84b3b84b2886a079 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Abstract isolation boundary setup codesKevin Peng
This patch abstracts isolation boundary changing codes for future use. Change-Id: I101f74a93148312745bcf1218ee2917db0ad229e Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Allow calling SVC from interrupt handlingKevin Peng
SVC in TF-M was originally designed for Secure Partitions that are running in Thread Mode. The new interrupt handling mode First-Level Interrupt Handling (FLIH) in FF-M v1.1 has the needs to call SVC. This patch removes the restriction of calling SVC from Thread Mode only. Change-Id: I52a8e7c388d65a8f440359bada188c7eb39b3b1d Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Add idle Partition for single core topologyKevin Peng
This patch adds an idle Partition. When all other Partitions are waiting for signals, this Partition will be scheduled and it simply waits for interrupts. Note: Multi-core topology has already the idle thread. Change-Id: I862eaccb33f4f119fc75a75cd25dc0ddc7869554 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Remove the IRQ priority in manifestKevin Peng
TF-M added a tfm_irq_priority attribute in the Partition manifest for SPM to set IRQ priorities so that IRQ can work correctly - TF-M requires external interrupt priorities must be higher than that of PendSV. However, a universal IRQ priority might not work on all platforms because different platforms have different number of configurable interrupt priorities. So the same value represents different priorities on different platforms. Besides, the attribute is not defined by FF-M. This patch removes the IRQ priority in manifest and in the HAL API as well so that platforms have the most flexibility to set priorities for IRQs based on their own cases. Note: the external interrupt priorities must be higher than PendSV. Change-Id: Id9e544a9afffcc7d019177cf29e51f32d1600504 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-30SPM: Add partition runtime region in the linkerKen Liu
- Add ZI region in the linker script for holding partition runtime and service runtime data, replacing the original runtime data arrays. - Organize the partition and service runtime data with linked list. - The logic for loading partitions and services is changed accordingly. Change-Id: I7ccfb5055cf62b7a3d185812af43084c767a98dd Signed-off-by: Ken Liu <Ken.Liu@arm.com> Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
2021-06-30SPM: Add logic for unidirectional linked listMingyang Sun
Add operations for unidirectional list: Initialize a head node, insert a node and iterate the list. Also change bi-list "next" and "prev" to "bnext" and "bprev" to avoid misuse between unidirectional list and bi-list operations. The unidirectional linked list is prepared for linking the partitions and linking the services. Change-Id: I7c230f14b8ae78942efd5b1e524f4a05df364f7d Signed-off-by: Ken Liu <ken.liu@arm.com> Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
2021-06-29SPM: Library mode request can be preemptedAntonio de Angelis
The SPM operations in Library mode related to a partition request should be pre-emptable in order to reduce the latency of IRQ servicing. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I17b42db84ebb004c3fb4823809e637a7a2e2bbff
2021-06-29SPM: Move SPM processing in Library mode to Secure Privileged ThreadAntonio de Angelis
This patch moves the bulk of SPM processing in Library mode to request or return from a secure partition from Handler to Secure Privileged Thread mode. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I95b61661daa3a8e865b468e91be9a512832607a2
2021-06-28Crypto: Add a config CRYPTO_KEY_ID_ENCODES_OWNERDavid Hu
Add a config CRYPTO_KEY_ID_ENCODES_OWNER to control whether client ID is encoded into PSA Crypto key ID. This config shall be aligned with underlying crypto library key ID encoding configuration. Change-Id: I3b6073a7c1b440e7de0f5889e8dc32416003e3b7 Signed-off-by: David Hu <david.hu@arm.com>
2021-06-25SPM: Library Mode: Avoid including Partition manifestsKevin Peng
The Library Model only needs the IRQ signals in Partition manifests. This patch moves those signal definitions into the handler template directly so that Partition manifest template does not need to comply with Library Mode anymore. Change-Id: Iae95a30b8576a81b5f84657b92036d42337ee726 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-25SPM: Avoid null ptr referenceRaymondNgun
Null ptr reference introduced in commit ef42f444063280f217cc4bcfc4fb43bfa4df8932 "SPM: Stateless services can be searched by sid" Change-Id: I8ef7e1945605b9ecbeaaa78fbf3179088183844b Signed-off-by: Raymond Ngun <raymond.ngun@infineon.com>
2021-06-24Crypto: Support key ID without encoding key owner IDDavid Hu
Enable dealing with Mbed TLS key ID without encoding key owner ID when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is deselected. Deselect MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in TF-M Profile Small. It is usually not enforced to isolate clients in non-secure or secure side in very simple usage scenario on platforms with ultra-constrainted resource. Also disable handle_owner[] if MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is deselected. Modify the crypto_key.c implementation accordingly. Change-Id: Ie890473126be62d9f07c618b757d3818dfc4f8dd Signed-off-by: David Hu <david.hu@arm.com>
2021-06-24Partitions: Fix minor header include issuesKevin Peng
tfm_veneers.h is used by Library Mode only. This patch fixes some include issue where tfm_veneer.h is included for both Mode. Change-Id: I87830222e7fec0098ed77f43006639dba3937a44 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-23SPM: Fix link error with SPMLOG_ERRMSGJimmy Brisson
In particular, the error is: ld: platform/ext/target/arm/mps3/an547/target_cfg.c:223: undefined reference to `SPMLOG_ERRMSG' And this happens because the macro SMPLOG_ERRMSG is not defined, so it is assumed to be an externally linked function, and the linker is unable to find it. This patch fixes the problem. Change-Id: Ie7115bc3e6f14e84bd21d9ec9f674cd043a0a4ba Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
2021-06-22SPM: Fix Privileged mode of PartitionsKevin Peng
In isolation level 1, all partitions run in privileged mode. This patch fixes the tfm_spm_partition_get_privileged_mode() function. Change-Id: I536174143bf51fdcdcbf77b2769f50eab4a8c86c Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-21SPM: Correct the PendSV priority valueKevin Peng
Priority boost for Secure IRQ is enabled in TF-M - NS IRQ priorities values are mapped to 0x80 - 0xFF (lower priority). So the lowest priority value for SPE is 0x80. It is not need to "-1" because exception preemption does not happen between exceptions with same priority values. The lowest priority exception is the PendSV in SPE. This patch fixes its priority value by removing the "-1". Change-Id: I1d340cda939f7785d684428bcbb54c7aea4445c4 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-17partitions: crypto: introduce option to disable RNG independent of key ↵Ioannis Glaropoulos
derivation We introduce a compile-time option to control whether to disable the API for tfm_crypto_generate_random, independent of the key derivation. In addition to that, the above API function is moved into its own source file. The change allows us to disable or enable the random number generation API function independent of whether we disable or enable the key derivation. This introduces some additional flexibility to the user, who can now enable the random number generation API while they can disable the key derivation API family. The change does not introduce behavioral changes. Change-Id: I7306caa38476ff1a67c918ddb9e5780e25cebd27 Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2021-06-17SPM: tfm_get_caller_client_id() optimisationAntonio de Angelis
Optimise tfm_get_caller_client_id() secure API for Library model in LEVEL 1. This reduces the number of SVC calls in a workload like the Regression test. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: If0ce614de2a1e37b4da0369661ab2e4c4c179b7c
2021-06-17SPM: Use SPMLOG_ERRMSG instead of ERROR_MSG macroAntonio de Angelis
The ERROR_MSG() macro is still used through the code although is not defined anymore. Use the SPMLOG_ERRMSG macro instead to provide error message prints. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: If23455e6f008b0ecc471579591c5d1e2e95cdccb