aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Hall <julian.hall@arm.com>2020-11-23 18:24:06 +0100
committerGyorgy Szing <Gyorgy.Szing@arm.com>2020-11-27 16:47:04 +0100
commit4061ed60d5327d4a2959a28e5bd8c65e19ca6d00 (patch)
tree4610d331f4d0e628e07cce33723bd59bfe28bf6d
parent72c3f04be724f1df015f0b65c8e48d2c18bcd54e (diff)
downloadtrusted-services-4061ed60d5327d4a2959a28e5bd8c65e19ca6d00.tar.gz
Add crypto deployment
Change-Id: I09a9948ac5047ed83104498ca19bac0931b2adc3 Signed-off-by: Julian Hall <julian.hall@arm.com>
-rw-r--r--deployments/crypto/opteesp/.gitignore1
-rw-r--r--deployments/crypto/opteesp/CMakeLists.txt127
-rw-r--r--deployments/crypto/opteesp/crypto_sp.c108
-rw-r--r--deployments/crypto/opteesp/crypto_sp.h18
-rw-r--r--deployments/crypto/opteesp/optee_sp_user_defines.h22
-rw-r--r--tools/b-test/test_data.yaml7
6 files changed, 281 insertions, 2 deletions
diff --git a/deployments/crypto/opteesp/.gitignore b/deployments/crypto/opteesp/.gitignore
new file mode 100644
index 0000000..378eac2
--- /dev/null
+++ b/deployments/crypto/opteesp/.gitignore
@@ -0,0 +1 @@
+build
diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt
new file mode 100644
index 0000000..2631c00
--- /dev/null
+++ b/deployments/crypto/opteesp/CMakeLists.txt
@@ -0,0 +1,127 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+cmake_minimum_required(VERSION 3.16)
+include(../../deployment.cmake REQUIRED)
+
+#-------------------------------------------------------------------------------
+# The CMakeLists.txt for building the crypto deployment for opteesp
+#
+# Builds the Crypto service provider for running in an SEL0 secure partition
+# hosted by OPTEE in the role of SPM.
+#-------------------------------------------------------------------------------
+include(${TS_ROOT}/environments/opteesp/env.cmake)
+project(trusted-services LANGUAGES C ASM)
+add_executable(crypto-sp)
+target_include_directories(crypto-sp PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
+set(SP_UUID "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0")
+
+
+# Include SP DEV KIT interface
+set(SP_DEV_KIT_INC_DIR ${CMAKE_CURRENT_LIST_DIR})
+list(APPEND CMAKE_MODULE_PATH "${TS_ROOT}/external/Spdevkit")
+find_package(Spdevkit REQUIRED)
+sp_dev_kit_configure_linking(TARGET crypto-sp DEFINES ARM64=1)
+target_link_libraries(crypto-sp PRIVATE ${SP_DEV_KIT_LIBRARIES})
+
+
+add_components(TARGET "crypto-sp"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/messaging/ffa/libsp"
+ "components/rpc/ffarpc/endpoint"
+ "components/rpc/ffarpc/caller/sp"
+ "components/rpc/common/caller"
+ "components/rpc/common/interface"
+ "components/rpc/dummy"
+ "components/service/common"
+ "components/service/common/serializer/protobuf"
+ "components/service/common/provider"
+ "components/service/crypto/provider/mbedcrypto"
+ "components/service/crypto/provider/mbedcrypto/entropy_source/mock"
+ "components/service/crypto/provider/serializer/protobuf"
+ "components/service/secure_storage/client/psa"
+ "protocols/rpc/common/packed-c"
+ "protocols/service/secure_storage/packed-c"
+ "protocols/service/crypto/protobuf"
+ "environments/opteesp"
+)
+
+target_sources(crypto-sp PRIVATE
+ crypto_sp.c
+)
+
+######################################################## Build protobuf files
+include(../../../external/nanopb/nanopb.cmake)
+target_link_libraries(crypto-sp PRIVATE nanopb::protobuf-nanopb-static)
+protobuf_generate_all(TGT "crypto-sp" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
+
+################################################################# mbedcrypto
+include(../../../external/mbed-crypto/mbedcrypto.cmake)
+target_link_libraries(crypto-sp PRIVATE mbedcrypto)
+
+if(CMAKE_CROSSCOMPILING)
+ target_link_libraries(crypto-sp PRIVATE stdc++ gcc m)
+endif()
+
+#################################################################
+
+target_compile_definitions(crypto-sp PRIVATE
+ ARM64=1
+)
+
+target_include_directories(crypto-sp PRIVATE
+ ${TS_ROOT}
+ ${TS_ROOT}/components
+ ${TS_ROOT}/deployments/crypto/opteesp
+)
+
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+ target_compile_options(crypto-sp PRIVATE
+ -fdiagnostics-show-option
+ -fpic
+ -gdwarf-2
+ -mstrict-align
+ -O0
+ -std=gnu99
+ )
+
+ # Options for GCC that control linking
+ target_link_options(crypto-sp PRIVATE
+ -e __sp_entry
+ -fno-lto
+ -nostdlib
+ -pie
+ -zmax-page-size=4096
+ )
+ # Options directly for LD, these are not understood by GCC
+ target_link_options(crypto-sp PRIVATE
+ -Wl,--as-needed
+ -Wl,--sort-section=alignment
+ # -Wl,--dynamic-list ${CMAKE_CURRENT_LIST_DIR}/dyn_list
+ )
+endif()
+
+compiler_generate_stripped_elf(TARGET crypto-sp NAME "${SP_UUID}.stripped.elf" RES STRIPPED_ELF)
+
+######################################## install
+if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
+ set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE)
+endif()
+#TODO: api headers
+install(TARGETS crypto-sp
+ PUBLIC_HEADER DESTINATION include
+ RUNTIME DESTINATION bin
+ )
+install(FILES ${STRIPPED_ELF} DESTINATION bin)
+
+get_property(_PROTO_FILES TARGET crypto-sp PROPERTY PROTOBUF_FILES)
+install(FILES ${_PROTO_FILES} DESTINATION lib/protobuf)
+
+
+set(EXPORT_SP_NAME "crypto")
+set(EXPORT_SP_UUID ${SP_UUID})
+include(${TS_ROOT}/environments/opteesp/ExportSp.cmake)
diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c
new file mode 100644
index 0000000..136c4a3
--- /dev/null
+++ b/deployments/crypto/opteesp/crypto_sp.c
@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: BSD-3-Clause
+/*
+ * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ */
+
+#include <rpc/ffarpc/caller/sp/ffarpc_caller.h>
+#include <rpc/ffarpc/endpoint/ffarpc_call_ep.h>
+#include <rpc/dummy/dummy_caller.h>
+#include <service/secure_storage/client/psa/its/its_client.h>
+#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
+#include <protocols/rpc/common/packed-c/status.h>
+#include <ffa_api.h>
+#include <sp_api.h>
+#include <sp_rxtx.h>
+#include <trace.h>
+
+
+#define SP_STORAGE_UUID_BYTES \
+ { 0x48, 0xef, 0x1e, 0xdc, 0x7a, 0xb1, 0xcf, 0x4c, \
+ 0xac, 0x8b, 0xdf, 0xcf, 0xf7, 0x71, 0x1b, 0x14, }
+
+uint16_t own_id = 0; /* !!Needs refactoring as parameter to ffarpc_caller_init */
+static const uint8_t storage_uuid[] = SP_STORAGE_UUID_BYTES;
+
+
+static int sp_init(uint16_t *own_sp_id);
+
+void __noreturn sp_main(struct ffa_init_info *init_info)
+{
+ struct mbed_crypto_provider crypto_provider;
+ struct ffa_call_ep ffarpc_call_ep;
+ struct call_ep *crypto_ep;
+ struct ffarpc_caller ffarpc_caller;
+ struct dummy_caller dummy_caller;
+ struct rpc_caller *storage_caller;
+ struct ffa_direct_msg req_msg;
+ uint16_t storage_sp_ids[1];
+
+ /* Boot */
+ (void) init_info;
+
+ if (sp_init(&own_id) != 0) goto fatal_error;
+
+ /* Establish RPC session with secure storage SP */
+ storage_caller = ffarpc_caller_init(&ffarpc_caller);
+
+ if (!ffarpc_caller_discover(storage_uuid, storage_sp_ids, sizeof(storage_sp_ids)/sizeof(uint16_t)) ||
+ ffarpc_caller_open(&ffarpc_caller, storage_sp_ids[0])) {
+ /*
+ * Failed to establish session. To allow the crypto service
+ * to still be initialized, albeit with no persistent storage,
+ * initialise a dummy_caller that will safely
+ * handle rpc requests but will report an error.
+ */
+ storage_caller = dummy_caller_init(&dummy_caller,
+ TS_RPC_CALL_ACCEPTED, PSA_ERROR_STORAGE_FAILURE);
+ }
+
+ /* Initialize the crypto service */
+ crypto_ep = mbed_crypto_provider_init(&crypto_provider, storage_caller);
+ ffa_call_ep_init(&ffarpc_call_ep, crypto_ep);
+
+ /* End of boot phase */
+ ffa_msg_wait(&req_msg);
+
+ while (1) {
+ if (req_msg.function_id == FFA_MSG_SEND_DIRECT_REQ_32) {
+
+ struct ffa_direct_msg resp_msg;
+
+ ffa_call_ep_receive(&ffarpc_call_ep, &req_msg, &resp_msg);
+
+ ffa_msg_send_direct_resp(req_msg.destination_id,
+ req_msg.source_id, resp_msg.args[0], resp_msg.args[1],
+ resp_msg.args[2], resp_msg.args[3], resp_msg.args[4],
+ &req_msg);
+ }
+ }
+
+fatal_error:
+ /* SP is not viable */
+ EMSG("Crypto SP error");
+ while (1) {}
+}
+
+void sp_interrupt_handler(uint32_t interrupt_id)
+{
+ (void)interrupt_id;
+}
+
+static int sp_init(uint16_t *own_sp_id)
+{
+ int status = -1;
+ ffa_result ffa_res;
+ sp_result sp_res;
+ static uint8_t tx_buffer[4096] __aligned(4096);
+ static uint8_t rx_buffer[4096] __aligned(4096);
+
+ sp_res = sp_rxtx_buffer_map(tx_buffer, rx_buffer, sizeof(rx_buffer));
+ if (sp_res == SP_RESULT_OK) {
+ ffa_res = ffa_id_get(own_sp_id);
+ if (ffa_res == FFA_OK) {
+ status = 0;
+ }
+ }
+
+ return status;
+}
diff --git a/deployments/crypto/opteesp/crypto_sp.h b/deployments/crypto/opteesp/crypto_sp.h
new file mode 100644
index 0000000..73aae18
--- /dev/null
+++ b/deployments/crypto/opteesp/crypto_sp.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CRYPTO_SP_H
+#define CRYPTO_SP_H
+
+#define CRYPTO_SP_UUID \
+ {0xd9df52d5, 0x16a2, 0x4bb2, \
+ {0x9a, 0xa4, 0xd2, 0x6d, 0x3b, 0x84, 0xe8, 0xc0}}
+
+#define CRYPTO_SP_UUID_BYTES \
+ {0xd9, 0xdf, 0x52, 0xd5, 0x16, 0xa2, 0x4b, 0xb2, \
+ 0x9a, 0xa4, 0xd2, 0x6d, 0x3b, 0x84, 0xe8, 0xc0}
+
+#endif /* CRYPTO_SP_H */
diff --git a/deployments/crypto/opteesp/optee_sp_user_defines.h b/deployments/crypto/opteesp/optee_sp_user_defines.h
new file mode 100644
index 0000000..88e1adc
--- /dev/null
+++ b/deployments/crypto/opteesp/optee_sp_user_defines.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SP_HEADER_DEFINES_H
+#define SP_HEADER_DEFINES_H
+
+/* To get UUID definition */
+#include "crypto_sp.h"
+
+#define OPTEE_SP_UUID CRYPTO_SP_UUID
+#define OPTEE_SP_FLAGS 0
+
+/* Provisioned stack size */
+#define OPTEE_SP_STACK_SIZE (64 * 1024)
+
+/* Provisioned heap size */
+#define OPTEE_SP_HEAP_SIZE (480 * 1024)
+
+#endif /* SP_HEADER_DEFINES_H */
diff --git a/tools/b-test/test_data.yaml b/tools/b-test/test_data.yaml
index 22ccc86..53824ef 100644
--- a/tools/b-test/test_data.yaml
+++ b/tools/b-test/test_data.yaml
@@ -16,13 +16,11 @@ data:
os_id : "GNU/Linux"
params:
- "-GUnix Makefiles"
- - "-DSP_DEV_KIT_DIR=$SP_DEV_KIT_DIR"
- name: "libts-pc-linux"
src: "$TS_ROOT/deployments/libts/linux-pc"
os_id : "GNU/Linux"
params:
- "-GUnix Makefiles"
- - "-DSP_DEV_KIT_DIR=$SP_DEV_KIT_DIR"
- name: "secure-storage-optee-arm"
src: "$TS_ROOT/deployments/secure-storage/opteesp"
params:
@@ -34,3 +32,8 @@ data:
params:
- "-GUnix Makefiles"
- "-DSP_DEV_KIT_DIR=$SP_DEV_KIT_DIR"
+ - name: "crypto-optee-arm"
+ src: "$TS_ROOT/deployments/crypto/opteesp"
+ params:
+ - "-GUnix Makefiles"
+ - "-DSP_DEV_KIT_DIR=$SP_DEV_KIT_DIR"